./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2899132727 <...> Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. execve("./syz-executor2899132727", ["./syz-executor2899132727"], 0x7ffe03bb7a40 /* 10 vars */) = 0 brk(NULL) = 0x55555d962000 brk(0x55555d962e00) = 0x55555d962e00 arch_prctl(ARCH_SET_FS, 0x55555d962480) = 0 set_tid_address(0x55555d962750) = 5867 set_robust_list(0x55555d962760, 24) = 0 rseq(0x55555d962da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2899132727", 4096) = 28 getrandom("\x5c\x67\xe4\x77\x0d\x88\x20\x4c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d962e00 brk(0x55555d983e00) = 0x55555d983e00 brk(0x55555d984000) = 0x55555d984000 mprotect(0x7f3cdbffd000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55555d962750) = 5868 [pid 5867] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC [pid 5868] set_robust_list(0x55555d962760, 24 [pid 5867] <... openat resumed>) = 3 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] write(3, "10000000000", 11) = 11 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "20", 2) = 2 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "0", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "0", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "100", 3) = 3 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "0", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "0", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "7 4 1 3", 7) = 7 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "0", 1) = 1 [pid 5867] close(3) = 0 [pid 5867] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "5868", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] kill(5868, SIGKILL) = 0 [pid 5868] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5868, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5867}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5867}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f3cdbf38120, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f3cdbf38120, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x55555d962750) = 5871 [pid 5871] set_robust_list(0x55555d962760, 24) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] mkdir("./syzkaller.Qo9TpD", 0700./strace-static-x86_64: Process 5872 attached [pid 5867] <... clone resumed>, child_tidptr=0x55555d962750) = 5872 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] set_robust_list(0x55555d962760, 24) = 0 [pid 5871] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5873 attached [pid 5872] mkdir("./syzkaller.1xcNXk", 0700 [pid 5871] chmod("./syzkaller.Qo9TpD", 0777 [pid 5867] <... clone resumed>, child_tidptr=0x55555d962750) = 5873 [pid 5873] set_robust_list(0x55555d962760, 24 [pid 5871] <... chmod resumed>) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... mkdir resumed>) = 0 [pid 5871] chdir("./syzkaller.Qo9TpD" [pid 5873] mkdir("./syzkaller.XJSvK7", 0700) = 0 ./strace-static-x86_64: Process 5874 attached [pid 5873] chmod("./syzkaller.XJSvK7", 0777 [pid 5872] chmod("./syzkaller.1xcNXk", 0777 [pid 5871] <... chdir resumed>) = 0 [pid 5874] set_robust_list(0x55555d962760, 24 [pid 5867] <... clone resumed>, child_tidptr=0x55555d962750) = 5874 [pid 5873] <... chmod resumed>) = 0 [pid 5872] <... chmod resumed>) = 0 [pid 5871] mkdir("./0", 0777 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5872] chdir("./syzkaller.1xcNXk" [pid 5874] mkdir("./syzkaller.e45Itp", 0700 [pid 5872] <... chdir resumed>) = 0 [pid 5873] chdir("./syzkaller.XJSvK7") = 0 [pid 5873] mkdir("./0", 0777 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] <... mkdir resumed>) = 0 [pid 5872] mkdir("./0", 0777 [pid 5871] <... mkdir resumed>) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5875 attached [pid 5874] <... mkdir resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... openat resumed>) = 3 [pid 5867] <... clone resumed>, child_tidptr=0x55555d962750) = 5875 [pid 5871] <... openat resumed>) = 3 [pid 5875] set_robust_list(0x55555d962760, 24 [pid 5874] chmod("./syzkaller.e45Itp", 0777 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] <... set_robust_list resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5875] mkdir("./syzkaller.3nW1wE", 0700 [pid 5874] <... chmod resumed>) = 0 [pid 5873] ioctl(3, LOOP_CLR_FD [pid 5872] <... openat resumed>) = 3 [pid 5871] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5873] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5874] chdir("./syzkaller.e45Itp") = 0 [pid 5875] <... mkdir resumed>) = 0 [pid 5874] mkdir("./0", 0777./strace-static-x86_64: Process 5876 attached [pid 5871] close(3 [pid 5867] <... clone resumed>, child_tidptr=0x55555d962750) = 5876 [pid 5875] chmod("./syzkaller.3nW1wE", 0777 [pid 5876] set_robust_list(0x55555d962760, 24 [pid 5874] <... mkdir resumed>) = 0 [pid 5873] close(3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5871] <... close resumed>) = 0 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5875] <... chmod resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5872] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5876] mkdir("./syzkaller.Pj7TEL", 0700 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] chdir("./syzkaller.3nW1wE" [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] <... chdir resumed>) = 0 [pid 5875] mkdir("./0", 0777) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 5877 ./strace-static-x86_64: Process 5878 attached ./strace-static-x86_64: Process 5877 attached [pid 5876] <... mkdir resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5874] <... openat resumed>) = 3 [pid 5872] close(3 [pid 5878] set_robust_list(0x55555d962760, 24 [pid 5877] set_robust_list(0x55555d962760, 24 [pid 5876] chmod("./syzkaller.Pj7TEL", 0777 [pid 5875] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 5878 [pid 5872] <... close resumed>) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5875] ioctl(3, LOOP_CLR_FD [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5878] chdir("./0" [pid 5877] chdir("./0" [pid 5876] <... chmod resumed>) = 0 [pid 5875] close(3 [pid 5874] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5878] <... chdir resumed>) = 0 [pid 5876] chdir("./syzkaller.Pj7TEL" [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5875] <... close resumed>) = 0 [pid 5876] <... chdir resumed>) = 0 [pid 5874] close(3 [pid 5875] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached [pid 5878] <... prctl resumed>) = 0 [pid 5877] <... chdir resumed>) = 0 [pid 5879] set_robust_list(0x55555d962760, 24./strace-static-x86_64: Process 5880 attached ) = 0 [pid 5878] setpgid(0, 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5876] mkdir("./0", 0777 [pid 5874] <... close resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 5879 [pid 5880] set_robust_list(0x55555d962760, 24 [pid 5879] chdir("./0" [pid 5878] <... setpgid resumed>) = 0 [pid 5877] <... prctl resumed>) = 0 [pid 5876] <... mkdir resumed>) = 0 [pid 5875] <... clone resumed>, child_tidptr=0x55555d962750) = 5880 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] <... chdir resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 5878] <... openat resumed>) = 3 [pid 5877] setpgid(0, 0 [pid 5880] chdir("./0") = 0 [pid 5878] write(3, "1000", 4 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] <... write resumed>) = 4 [pid 5880] <... prctl resumed>) = 0 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5876] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5878] <... symlink resumed>) = 0 [pid 5876] <... openat resumed>) = 3 [pid 5880] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5881 attached [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5878] write(1, "executing program\n", 18 [pid 5876] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5881] set_robust_list(0x55555d962760, 24 [pid 5880] <... openat resumed>) = 3 [pid 5879] setpgid(0, 0 [pid 5878] <... write resumed>) = 18 [pid 5877] <... setpgid resumed>) = 0 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] write(3, "1000", 4 [pid 5879] <... setpgid resumed>) = 0 [pid 5878] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] close(3 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 5881 [pid 5881] chdir("./0" [pid 5880] <... write resumed>) = 4 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5878] <... futex resumed>) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5876] <... close resumed>) = 0 [pid 5880] close(3) = 0 [pid 5879] <... openat resumed>) = 3 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5876] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] symlink("/dev/binderfs", "./binderfs" [pid 5879] write(3, "1000", 4 [pid 5878] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5877] <... openat resumed>) = 3 [pid 5881] <... chdir resumed>) = 0 [pid 5880] <... symlink resumed>) = 0 [pid 5879] <... write resumed>) = 4 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5877] write(3, "1000", 4 [pid 5879] close(3 [pid 5877] <... write resumed>) = 4 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] close(3 [pid 5879] <... close resumed>) = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5877] <... close resumed>) = 0 [pid 5881] <... prctl resumed>) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5877] symlink("/dev/binderfs", "./binderfs" [pid 5881] setpgid(0, 0 [pid 5880] write(1, "executing program\n", 18 [pid 5879] <... symlink resumed>) = 0 [pid 5878] <... mmap resumed>) = 0x7f3cdbf05000 ./strace-static-x86_64: Process 5882 attached [pid 5881] <... setpgid resumed>) = 0 executing program executing program executing program [pid 5879] write(1, "executing program\n", 18 [pid 5877] <... symlink resumed>) = 0 [pid 5879] <... write resumed>) = 18 [pid 5877] write(1, "executing program\n", 18 [pid 5882] set_robust_list(0x55555d962760, 24 [pid 5879] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5877] <... write resumed>) = 18 [pid 5882] chdir("./0" [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5880] <... write resumed>) = 18 [pid 5879] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5878] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5877] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... clone resumed>, child_tidptr=0x55555d962750) = 5882 [pid 5879] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5877] <... futex resumed>) = 0 [pid 5879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5877] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5877] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5880] <... futex resumed>) = 0 [pid 5878] <... mprotect resumed>) = 0 [pid 5880] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5879] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5880] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5879] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5879] <... mprotect resumed>) = 0 [pid 5882] <... chdir resumed>) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5883 attached [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5881] write(3, "1000", 4 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5877] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5883] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5882] <... prctl resumed>) = 0 [pid 5881] <... write resumed>) = 4 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5879] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5878] <... clone3 resumed> => {parent_tid=[5883]}, 88) = 5883 [pid 5877] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5883] <... rseq resumed>) = 0 [pid 5882] setpgid(0, 0 [pid 5881] close(3 [pid 5880] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5884 attached [pid 5883] set_robust_list(0x7f3cdbf259a0, 24 [pid 5882] <... setpgid resumed>) = 0 [pid 5881] <... close resumed>) = 0 [pid 5880] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5884] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5883] <... set_robust_list resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5880] <... mprotect resumed>) = 0 [pid 5879] <... clone3 resumed> => {parent_tid=[5884]}, 88) = 5884 [pid 5878] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5884] <... rseq resumed>) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5878] <... futex resumed>) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 5885 attached [pid 5884] set_robust_list(0x7f3cdbf259a0, 24 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... openat resumed>) = 3 [pid 5881] <... symlink resumed>) = 0 [pid 5880] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] memfd_create("syzkaller", 0 [pid 5882] write(3, "1000", 4 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... clone3 resumed> => {parent_tid=[5885]}, 88) = 5885 [pid 5885] <... rseq resumed>) = 0 executing program [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] write(1, "executing program\n", 18./strace-static-x86_64: Process 5886 attached [pid 5885] set_robust_list(0x7f3cdbf259a0, 24 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] <... memfd_create resumed>) = 3 [pid 5882] <... write resumed>) = 4 [pid 5881] <... write resumed>) = 18 [pid 5879] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5885] <... set_robust_list resumed>) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] close(3 [pid 5881] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5879] <... futex resumed>) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... rseq resumed>) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... memfd_create resumed>) = 3 [pid 5883] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5882] <... close resumed>) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] set_robust_list(0x7f3cdbf259a0, 24 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5881] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5884] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5881] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5880] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] memfd_create("syzkaller", 0 [pid 5881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5877] <... futex resumed>) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... symlink resumed>) = 0 [pid 5886] memfd_create("syzkaller", 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] <... futex resumed>) = 0 executing program [pid 5877] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] write(1, "executing program\n", 18 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5880] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] <... memfd_create resumed>) = 3 [pid 5882] <... write resumed>) = 18 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5882] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5882] <... futex resumed>) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5882] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5881] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5881] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[5887]}, 88) = 5887 [pid 5882] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5887 attached [pid 5881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5887] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5887] <... rseq resumed>) = 0 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] set_robust_list(0x7f3cdbf259a0, 24 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5882] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... mprotect resumed>) = 0 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5882] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[5888]}, 88) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5888] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] <... futex resumed>) = 0 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5883] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5884] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5886] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5885] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5887] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5888] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5884] <... write resumed>) = 16777216 [pid 5884] munmap(0x7f3cd3a00000, 138412032 [pid 5886] <... write resumed>) = 16777216 [pid 5886] munmap(0x7f3cd3a00000, 138412032 [pid 5883] <... write resumed>) = 16777216 [pid 5883] munmap(0x7f3cd3a00000, 138412032 [pid 5885] <... write resumed>) = 16777216 [pid 5885] munmap(0x7f3cd3a00000, 138412032 [pid 5884] <... munmap resumed>) = 0 [pid 5886] <... munmap resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5886] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5883] <... munmap resumed>) = 0 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5884] <... ioctl resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5884] close(3 [pid 5883] <... openat resumed>) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5884] <... close resumed>) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file1", 0777) = 0 [pid 5887] <... write resumed>) = 16777216 [pid 5886] <... ioctl resumed>) = 0 [pid 5885] <... munmap resumed>) = 0 [pid 5884] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5883] <... ioctl resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 192.078784][ T5884] loop1: detected capacity change from 0 to 32768 [ 192.098407][ T5886] loop4: detected capacity change from 0 to 32768 [ 192.112085][ T5883] loop2: detected capacity change from 0 to 32768 [pid 5886] close(3 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5883] close(3 [pid 5887] munmap(0x7f3cd3a00000, 138412032 [pid 5888] <... write resumed>) = 16777216 [pid 5886] <... close resumed>) = 0 [pid 5883] <... close resumed>) = 0 [pid 5886] close(4 [pid 5888] munmap(0x7f3cd3a00000, 138412032 [pid 5886] <... close resumed>) = 0 [pid 5886] mkdir("./file1", 0777 [pid 5883] close(4 [pid 5886] <... mkdir resumed>) = 0 [pid 5883] <... close resumed>) = 0 [pid 5883] mkdir("./file1", 0777) = 0 [pid 5883] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5886] mount("/dev/loop4", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file1", 0777) = 0 [pid 5887] <... munmap resumed>) = 0 [ 192.131374][ T5884] XFS: noikeep mount option is deprecated. [ 192.143105][ T5885] loop0: detected capacity change from 0 to 32768 [ 192.156257][ T5883] XFS: noikeep mount option is deprecated. [ 192.163721][ T5886] XFS: noikeep mount option is deprecated. [pid 5885] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5887] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5888] <... munmap resumed>) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3 [pid 5887] <... ioctl resumed>) = 0 [ 192.198814][ T5885] XFS: noikeep mount option is deprecated. [ 192.224679][ T5887] loop3: detected capacity change from 0 to 32768 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./file1", 0777) = 0 [pid 5887] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5888] <... ioctl resumed>) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [ 192.271100][ T5888] loop5: detected capacity change from 0 to 32768 [ 192.279458][ T5884] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 192.294365][ T5887] XFS: noikeep mount option is deprecated. [ 192.312654][ T5883] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5888] mkdir("./file1", 0777) = 0 [ 192.359933][ T5885] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 192.384203][ T5888] XFS: noikeep mount option is deprecated. [ 192.400375][ T5886] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 192.432384][ T5883] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 192.490926][ T5887] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 192.493646][ T5884] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 192.521545][ T5883] XFS (loop2): Starting recovery (logdev: internal) [ 192.575431][ T5888] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 192.614270][ T5886] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 192.633301][ T5884] XFS (loop1): Starting recovery (logdev: internal) [ 192.657136][ T5885] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 192.672391][ T5883] XFS (loop2): Ending recovery (logdev: internal) [pid 5888] mount("/dev/loop5", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5883] <... mount resumed>) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file1") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5878] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... mount resumed>) = 0 [ 192.686333][ T5884] XFS (loop1): Ending recovery (logdev: internal) [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file1") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5883] <... openat resumed>) = 4 [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5883] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5883] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [pid 5883] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5879] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [ 192.744794][ T5885] XFS (loop0): Starting recovery (logdev: internal) [ 192.762938][ T5886] XFS (loop4): Starting recovery (logdev: internal) [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5879] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 4 [pid 5884] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5879] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] <... pwritev2 resumed>) = 65007 [pid 5883] <... pwritev2 resumed>) = 65007 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5884] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... mmap resumed>) = 0x7f3cdbee4000 [pid 5883] <... futex resumed>) = 0 [pid 5878] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 5883] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... mprotect resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [ 192.785063][ T5887] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5879] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 5940 attached [pid 5884] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5940] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5878] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] <... rseq resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] set_robust_list(0x7f3cdbf049a0, 24 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 192.851920][ T5884] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 192.874732][ T5888] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 192.889781][ T5885] XFS (loop0): Ending recovery (logdev: internal) [pid 5878] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5878] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5885] <... mount resumed>) = 0 [pid 5879] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 5885] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5879] <... mprotect resumed>) = 0 [pid 5885] <... openat resumed>) = 3 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5885] chdir("./file1" [pid 5879] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[5941]}, 88) = 5941 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... chdir resumed>) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5879] <... futex resumed>) = 0 [pid 5885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5885] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [ 192.896150][ T5940] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 192.916156][ T5886] XFS (loop4): Ending recovery (logdev: internal) [ 192.926393][ T5887] XFS (loop3): Starting recovery (logdev: internal) [ 192.935132][ T5884] XFS (loop1): Unmount and run xfs_repair [pid 5877] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... mount resumed>) = 0 [pid 5878] <... futex resumed>) = 1 [pid 5886] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5878] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... openat resumed>) = 3 [pid 5886] chdir("./file1") = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5886] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 192.947419][ T5940] XFS (loop2): Unmount and run xfs_repair [pid 5880] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5880] <... futex resumed>) = 0 [pid 5940] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5885] <... openat resumed>) = 4 [pid 5880] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5940] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... openat resumed>) = 4 [pid 5886] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5885] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5886] <... pwritev2 resumed>) = 65007 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5886] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5877] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5886] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [ 192.972833][ T5941] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 192.988863][ T5883] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 193.000938][ T5887] XFS (loop3): Ending recovery (logdev: internal) [pid 5886] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5880] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... mount resumed>) = 0 [pid 5887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file1") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 193.022609][ T5886] XFS (loop4): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 193.044725][ T5883] CPU: 1 UID: 0 PID: 5883 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 193.044760][ T5883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 5887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5887] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5887] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5881] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 193.044775][ T5883] Call Trace: [ 193.044785][ T5883] [ 193.044796][ T5883] dump_stack_lvl+0x189/0x250 [ 193.044836][ T5883] ? __pfx__xfs_alert_tag+0x10/0x10 [ 193.044875][ T5883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.044918][ T5883] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 193.044966][ T5883] xfs_corruption_error+0x122/0x170 [ 193.045007][ T5883] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.045042][ T5883] xfs_alloc_fixup_trees+0x95e/0xd20 [ 193.045071][ T5883] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 5880] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5881] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[5942]}, 88) = 5942 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... pwritev2 resumed>) = 65007 [pid 5887] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5941] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.045113][ T5883] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 193.045143][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045173][ T5883] ? rcu_is_watching+0x15/0xb0 [ 193.045204][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045232][ T5883] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 193.045264][ T5883] ? rcu_is_watching+0x15/0xb0 [ 193.045305][ T5883] xfs_alloc_cur_finish+0xd3/0x4b0 [ 193.045336][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045367][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5941] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5881] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 193.045411][ T5883] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 193.045470][ T5883] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 193.045501][ T5883] ? xfs_group_grab+0x28/0x480 [ 193.045539][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045567][ T5883] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 193.045601][ T5883] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 193.045649][ T5883] xfs_alloc_vextent_start_ag+0x388/0x850 [ 193.045689][ T5883] xfs_bmapi_allocate+0x188e/0x2e00 [pid 5881] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5881] <... futex resumed>) = 1 [pid 5887] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5881] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... lsetxattr resumed>) = 0 [pid 5887] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... futex resumed>) = 0 [pid 5879] exit_group(0 [pid 5877] <... futex resumed>) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5879] <... exit_group resumed>) = ? [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5877] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[5943]}, 88) = 5943 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5877] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5943 attached ./strace-static-x86_64: Process 5942 attached [pid 5941] <... futex resumed>) = ? [pid 5886] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... pwritev2 resumed>) = 65007 [pid 5884] <... futex resumed>) = ? [pid 5880] <... mmap resumed>) = 0x7f3cdbee4000 [pid 5888] <... mount resumed>) = 0 [ 193.045757][ T5883] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 193.045791][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045844][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045873][ T5883] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 193.045908][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.045937][ T5883] ? xfs_iext_prev+0x35a/0x370 [ 193.045977][ T5883] ? xfs_iext_get_extent+0x1bb/0x370 [ 193.046009][ T5883] xfs_bmapi_write+0x7df/0x1260 [ 193.046072][ T5883] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 5943] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5942] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5941] +++ exited with 0 +++ [pid 5888] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5886] <... futex resumed>) = 0 [pid 5885] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] +++ exited with 0 +++ [pid 5880] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 5879] +++ exited with 0 +++ [pid 5943] <... rseq resumed>) = 0 [pid 5942] <... rseq resumed>) = 0 [pid 5888] <... openat resumed>) = 3 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- [pid 5943] set_robust_list(0x7f3cdbf049a0, 24 [pid 5942] set_robust_list(0x7f3cdbf049a0, 24 [pid 5886] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] <... futex resumed>) = 0 [pid 5880] <... mprotect resumed>) = 0 [pid 5885] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5888] chdir("./file1" [pid 5880] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] <... chdir resumed>) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5943] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5942] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] <... clone3 resumed> => {parent_tid=[5944]}, 88) = 5944 [pid 5877] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5944 attached [pid 5943] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5885] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 1 [ 193.046155][ T5883] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 193.046198][ T5883] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 193.046230][ T5883] ? kasan_save_track+0x4f/0x80 [ 193.046257][ T5883] ? kasan_save_track+0x3e/0x80 [ 193.046282][ T5883] ? kasan_save_free_info+0x46/0x50 [ 193.046320][ T5883] ? kmem_cache_free+0x18f/0x400 [ 193.046350][ T5883] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.046376][ T5883] ? xfs_trans_roll+0x130/0x450 [ 193.046400][ T5883] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 5872] newfstatat(3, "", [pid 5888] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] getdents64(3, [pid 5944] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5943] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5882] <... futex resumed>) = 0 [pid 5880] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... rseq resumed>) = 0 [pid 5882] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] set_robust_list(0x7f3cdbf049a0, 24 [pid 5882] <... futex resumed>) = 0 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5882] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5944] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5883] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5942] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5881] exit_group(0 [pid 5878] exit_group(0 [pid 5883] <... futex resumed>) = ? [pid 5881] <... exit_group resumed>) = ? [pid 5878] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5872] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 193.046442][ T5883] xfs_attr_set_iter+0x2d4/0x4b70 [ 193.046477][ T5883] ? filename_setxattr+0x274/0x600 [ 193.046510][ T5883] ? path_setxattrat+0x364/0x3a0 [ 193.046532][ T5883] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 193.046585][ T5883] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 193.046644][ T5883] ? kasan_quarantine_put+0xdd/0x220 [ 193.046671][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.046700][ T5883] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.046760][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.046795][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5880] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = ? [pid 5940] <... futex resumed>) = ? [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5887] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5942] +++ exited with 0 +++ [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5882] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5882] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[5945]}, 88) = 5945 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... openat resumed>) = 4 [pid 5888] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.046823][ T5883] ? kmem_cache_free+0x18f/0x400 [ 193.046851][ T5883] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.046883][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.046918][ T5883] ? __xfs_trans_commit+0x4c7/0xbd0 [ 193.046963][ T5883] xfs_attr_finish_item+0xed/0x320 [ 193.047004][ T5883] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 193.047042][ T5883] xfs_defer_finish_one+0x5c8/0xcf0 [ 193.047104][ T5883] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 193.047156][ T5883] xfs_defer_finish_noroll+0x910/0x12d0 [pid 5888] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5940] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ [pid 5885] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5881] +++ exited with 0 +++ [pid 5878] +++ exited with 0 +++ [pid 5885] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 1 [pid 5885] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5945 attached [pid 5945] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5888] <... futex resumed>) = 0 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=50 /* 0.50 s */} --- [pid 5945] <... rseq resumed>) = 0 [pid 5888] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5877] exit_group(0 [pid 5945] set_robust_list(0x7f3cdbf049a0, 24 [pid 5885] <... futex resumed>) = ? [pid 5877] <... exit_group resumed>) = ? [pid 5885] +++ exited with 0 +++ [ 193.047197][ T5883] ? xfs_trans_commit+0x10b/0x1c0 [ 193.047230][ T5883] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 193.047265][ T5883] ? inode_set_ctime_current+0x740/0xb40 [ 193.047315][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.047344][ T5883] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 193.047386][ T5883] xfs_trans_commit+0x10b/0x1c0 [ 193.047413][ T5883] ? __pfx_xfs_trans_commit+0x10/0x10 [ 193.047445][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.047473][ T5883] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] <... futex resumed>) = ? [pid 5944] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5943] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ [pid 5874] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5880] exit_group(0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = 0 [pid 5944] <... futex resumed>) = ? [pid 5882] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... exit_group resumed>) = ? [pid 5874] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] +++ exited with 0 +++ [pid 5882] <... futex resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5873] <... openat resumed>) = 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] newfstatat(3, "", [pid 5872] newfstatat(AT_FDCWD, "./0/file1", [pid 5882] <... mmap resumed>) = 0x7f3cdbec3000 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 193.047516][ T5883] xfs_attr_set+0xdc6/0x1210 [ 193.047565][ T5883] ? __pfx_xfs_attr_set+0x10/0x10 [ 193.047600][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.047628][ T5883] ? __lock_acquire+0xab9/0xd20 [ 193.047664][ T5883] ? xfs_da_hashname+0x59d/0x740 [ 193.047697][ T5883] ? do_raw_spin_lock+0x121/0x290 [ 193.047740][ T5883] ? xfs_attr_change+0x2ac/0x390 [ 193.047775][ T5883] xfs_xattr_set+0x14d/0x250 [ 193.047808][ T5883] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.047853][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] newfstatat(3, "", [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE [pid 5874] getdents64(3, [pid 5872] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... mprotect resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5873] getdents64(3, [pid 5872] newfstatat(4, "", [pid 5871] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] getdents64(4, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} [pid 5874] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(4, [pid 5871] <... openat resumed>) = 3 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./0/file1") = 0 [pid 5871] newfstatat(3, "", [pid 5882] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5872] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5882] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5872] unlink("./0/binderfs" [pid 5882] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... unlink resumed>) = 0 [pid 5871] getdents64(3, [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 193.047881][ T5883] ? evm_protect_xattr+0x4d4/0xa90 [ 193.047916][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.047943][ T5883] ? rcu_is_watching+0x15/0xb0 [ 193.047978][ T5883] ? __pfx_evm_protect_xattr+0x10/0x10 [ 193.048005][ T5883] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.048031][ T5883] __vfs_setxattr+0x43c/0x480 [ 193.048079][ T5883] __vfs_setxattr_noperm+0x12d/0x660 [ 193.048124][ T5883] vfs_setxattr+0x16b/0x2f0 [ 193.048167][ T5883] ? __pfx_vfs_setxattr+0x10/0x10 [pid 5872] close(3) = 0 [pid 5872] rmdir("./0") = 0 [pid 5872] mkdir("./1", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(3 [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 193.048198][ T5883] ? mnt_get_write_access+0x223/0x2a0 [ 193.048229][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.048264][ T5883] filename_setxattr+0x274/0x600 [ 193.048312][ T5883] ? __pfx_filename_setxattr+0x10/0x10 [ 193.048352][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.048380][ T5883] ? getname_flags+0x1e5/0x540 [ 193.048423][ T5883] path_setxattrat+0x364/0x3a0 [ 193.048461][ T5883] ? __pfx_path_setxattrat+0x10/0x10 [ 193.048529][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.048559][ T5883] ? rcu_is_watching+0x15/0xb0 [ 193.048596][ T5883] __x64_sys_lsetxattr+0xbf/0xe0 [ 193.048639][ T5883] do_syscall_64+0xfa/0x3b0 [ 193.048663][ T5883] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.048703][ T5883] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.048727][ T5883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.048756][ T5883] ? exc_page_fault+0x9f/0xf0 [ 193.048797][ T5883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.048821][ T5883] RIP: 0033:0x7f3cdbf794f9 [pid 5886] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ ./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053) = 0 [pid 5946] set_robust_list(0x7f3cdbee39a0, 24) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 193.048843][ T5883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.048863][ T5883] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 193.048889][ T5883] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 193.048916][ T5883] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 193.048934][ T5883] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 193.048951][ T5883] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 193.048967][ T5883] R13: 0000000000000006 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 193.049007][ T5883] [ 193.049420][ T5941] CPU: 0 UID: 0 PID: 5941 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 193.049451][ T5941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.049465][ T5941] Call Trace: [ 193.049474][ T5941] [ 193.049484][ T5941] dump_stack_lvl+0x189/0x250 [ 193.049517][ T5941] ? __pfx__xfs_alert_tag+0x10/0x10 [ 193.049553][ T5941] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.049588][ T5941] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 193.049635][ T5941] xfs_corruption_error+0x122/0x170 [ 193.049684][ T5941] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.049719][ T5941] xfs_alloc_fixup_trees+0x95e/0xd20 [ 193.049748][ T5941] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.049789][ T5941] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 193.049819][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.049847][ T5941] ? rcu_is_watching+0x15/0xb0 [pid 5946] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- ./strace-static-x86_64: Process 5947 attached [pid 5875] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] set_robust_list(0x55555d962760, 24 [pid 5875] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 5947 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5947] chdir("./1" [pid 5875] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] <... chdir resumed>) = 0 [pid 5875] <... openat resumed>) = 3 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0 [pid 5875] newfstatat(3, "", [pid 5947] <... setpgid resumed>) = 0 [pid 5875] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 193.049876][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.049903][ T5941] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 193.049934][ T5941] ? rcu_is_watching+0x15/0xb0 [ 193.049974][ T5941] xfs_alloc_cur_finish+0xd3/0x4b0 [ 193.050003][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050033][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050067][ T5941] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 193.050125][ T5941] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 193.050154][ T5941] ? xfs_group_grab+0x28/0x480 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4 [pid 5875] getdents64(3, [pid 5947] <... write resumed>) = 4 [pid 5947] close(3 [pid 5875] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5947] <... close resumed>) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs" [pid 5875] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5947] <... symlink resumed>) = 0 executing program [pid 5947] write(1, "executing program\n", 18) = 18 [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 193.050190][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050218][ T5941] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 193.050251][ T5941] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 193.050299][ T5941] xfs_alloc_vextent_start_ag+0x388/0x850 [ 193.050338][ T5941] xfs_bmapi_allocate+0x188e/0x2e00 [ 193.050403][ T5941] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 193.050436][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050487][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050514][ T5941] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 5947] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[5948]}, 88) = 5948 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5947] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5948 attached [pid 5948] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5948] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 193.050537][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.050565][ T5941] ? xfs_iext_prev+0x35a/0x370 [ 193.050602][ T5941] ? xfs_iext_get_extent+0x1bb/0x370 [ 193.050633][ T5941] xfs_bmapi_write+0x7df/0x1260 [ 193.050703][ T5941] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 193.050784][ T5941] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 193.050825][ T5941] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 193.050855][ T5941] ? kasan_save_track+0x4f/0x80 [ 193.050880][ T5941] ? kasan_save_track+0x3e/0x80 [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5882] exit_group(0) = ? [ 193.050904][ T5941] ? kasan_save_free_info+0x46/0x50 [ 193.050941][ T5941] ? kmem_cache_free+0x18f/0x400 [ 193.050969][ T5941] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.050992][ T5941] ? xfs_trans_roll+0x130/0x450 [ 193.051016][ T5941] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 193.051055][ T5941] xfs_attr_set_iter+0x2d4/0x4b70 [ 193.051089][ T5941] ? filename_setxattr+0x274/0x600 [ 193.051121][ T5941] ? path_setxattrat+0x364/0x3a0 [ 193.051142][ T5941] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 193.051195][ T5941] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 193.051252][ T5941] ? kasan_quarantine_put+0xdd/0x220 [ 193.051277][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.051305][ T5941] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.051344][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.051378][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.051406][ T5941] ? kmem_cache_free+0x18f/0x400 [ 193.051433][ T5941] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.051464][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.051493][ T5941] ? __xfs_trans_commit+0x4c7/0xbd0 [ 193.051537][ T5941] xfs_attr_finish_item+0xed/0x320 [ 193.051577][ T5941] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 193.051614][ T5941] xfs_defer_finish_one+0x5c8/0xcf0 [ 193.051680][ T5941] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 193.051730][ T5941] xfs_defer_finish_noroll+0x910/0x12d0 [ 193.051770][ T5941] ? xfs_trans_commit+0x10b/0x1c0 [ 193.051802][ T5941] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 193.051835][ T5941] ? inode_set_ctime_current+0x740/0xb40 [ 193.051884][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.051912][ T5941] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 193.051952][ T5941] xfs_trans_commit+0x10b/0x1c0 [ 193.051978][ T5941] ? __pfx_xfs_trans_commit+0x10/0x10 [ 193.052010][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052038][ T5941] ? xfs_trans_log_inode+0x12c/0x1a0 [ 193.052078][ T5941] xfs_attr_set+0xdc6/0x1210 [ 193.052128][ T5941] ? __pfx_xfs_attr_set+0x10/0x10 [ 193.052162][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052190][ T5941] ? __lock_acquire+0xab9/0xd20 [ 193.052226][ T5941] ? xfs_da_hashname+0x59d/0x740 [ 193.052258][ T5941] ? do_raw_spin_lock+0x121/0x290 [ 193.052301][ T5941] ? xfs_attr_change+0x2ac/0x390 [ 193.052336][ T5941] xfs_xattr_set+0x14d/0x250 [ 193.052368][ T5941] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.052414][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052442][ T5941] ? evm_protect_xattr+0x4d4/0xa90 [ 193.052468][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052497][ T5941] ? rcu_is_watching+0x15/0xb0 [ 193.052530][ T5941] ? __pfx_evm_protect_xattr+0x10/0x10 [ 193.052558][ T5941] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.052585][ T5941] __vfs_setxattr+0x43c/0x480 [ 193.052633][ T5941] __vfs_setxattr_noperm+0x12d/0x660 [ 193.052681][ T5941] vfs_setxattr+0x16b/0x2f0 [ 193.052723][ T5941] ? __pfx_vfs_setxattr+0x10/0x10 [ 193.052753][ T5941] ? mnt_get_write_access+0x223/0x2a0 [ 193.052783][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052817][ T5941] filename_setxattr+0x274/0x600 [ 193.052864][ T5941] ? __pfx_filename_setxattr+0x10/0x10 [ 193.052902][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.052930][ T5941] ? getname_flags+0x1e5/0x540 [ 193.052972][ T5941] path_setxattrat+0x364/0x3a0 [ 193.053009][ T5941] ? __pfx_path_setxattrat+0x10/0x10 [ 193.053075][ T5941] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.053103][ T5941] ? rcu_is_watching+0x15/0xb0 [ 193.053139][ T5941] __x64_sys_lsetxattr+0xbf/0xe0 [ 193.053180][ T5941] do_syscall_64+0xfa/0x3b0 [ 193.053206][ T5941] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.053229][ T5941] ? __switch_to_asm+0x39/0x70 [ 193.053266][ T5941] ? __switch_to_asm+0x33/0x70 [pid 5948] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 193.053303][ T5941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.053327][ T5941] RIP: 0033:0x7f3cdbf794f9 [ 193.053348][ T5941] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.053367][ T5941] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 193.053392][ T5941] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 193.053410][ T5941] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 5948] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 193.053427][ T5941] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 193.053443][ T5941] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 193.053459][ T5941] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 193.053499][ T5941] [ 193.053509][ T5941] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 193.084529][ T5888] XFS (loop5): Starting recovery (logdev: internal) [ 193.091001][ T5886] XFS (loop4): Unmount and run xfs_repair [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./file1", 0777) = 0 [ 193.126893][ T5883] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 193.167823][ T5941] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 193.167894][ T5941] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 193.253994][ T5888] XFS (loop5): Ending recovery (logdev: internal) [ 193.258045][ T5883] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 193.295315][ T5943] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 193.295374][ T5943] XFS (loop0): Unmount and run xfs_repair [ 193.297970][ T5942] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 193.303418][ T5883] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 193.318842][ T5885] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 193.322981][ T5942] XFS (loop3): Unmount and run xfs_repair [ 193.327592][ T5885] CPU: 0 UID: 0 PID: 5885 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 193.327624][ T5885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.327639][ T5885] Call Trace: [ 193.327657][ T5885] [ 193.327667][ T5885] dump_stack_lvl+0x189/0x250 [ 193.327703][ T5885] ? __pfx__xfs_alert_tag+0x10/0x10 [ 193.327742][ T5885] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 5948] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5888] <... open resumed>) = ? [ 193.327778][ T5885] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 193.327828][ T5885] xfs_corruption_error+0x122/0x170 [ 193.327868][ T5885] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.327904][ T5885] xfs_alloc_fixup_trees+0x95e/0xd20 [ 193.327933][ T5885] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.327976][ T5885] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 193.328008][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328037][ T5885] ? rcu_is_watching+0x15/0xb0 [pid 5888] +++ exited with 0 +++ [ 193.328068][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328097][ T5885] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 193.328129][ T5885] ? rcu_is_watching+0x15/0xb0 [ 193.328170][ T5885] xfs_alloc_cur_finish+0xd3/0x4b0 [ 193.328200][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328231][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328266][ T5885] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 193.328326][ T5885] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 193.328356][ T5885] ? xfs_group_grab+0x28/0x480 [ 193.328394][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328422][ T5885] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 193.328457][ T5885] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 193.328507][ T5885] xfs_alloc_vextent_start_ag+0x388/0x850 [ 193.328548][ T5885] xfs_bmapi_allocate+0x188e/0x2e00 [ 193.328614][ T5885] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 193.328652][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328704][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328732][ T5885] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./0/file1") = 0 [pid 5873] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./0/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./0") = 0 [pid 5873] mkdir("./1", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 193.328755][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.328786][ T5885] ? xfs_iext_prev+0x35a/0x370 [ 193.328825][ T5885] ? xfs_iext_get_extent+0x1bb/0x370 [ 193.328856][ T5885] xfs_bmapi_write+0x7df/0x1260 [ 193.328918][ T5885] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 193.328999][ T5885] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 193.329042][ T5885] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 193.329072][ T5885] ? kasan_save_track+0x4f/0x80 [ 193.329098][ T5885] ? kasan_save_track+0x3e/0x80 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./0/file1") = 0 [pid 5874] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./0/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [ 193.329123][ T5885] ? kasan_save_free_info+0x46/0x50 [ 193.329160][ T5885] ? kmem_cache_free+0x18f/0x400 [ 193.329189][ T5885] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.329213][ T5885] ? xfs_trans_roll+0x130/0x450 [ 193.329237][ T5885] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 193.329277][ T5885] xfs_attr_set_iter+0x2d4/0x4b70 [ 193.329312][ T5885] ? filename_setxattr+0x274/0x600 [ 193.329345][ T5885] ? path_setxattrat+0x364/0x3a0 [ 193.329366][ T5885] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 193.329420][ T5885] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 5874] rmdir("./0") = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] mkdir("./1", 0777 [pid 5871] close(4 [pid 5874] <... mkdir resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./0/file1") = 0 [pid 5871] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./0/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./0") = 0 [pid 5871] mkdir("./1", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] <... openat resumed>) = 3 [pid 5874] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5874] ioctl(3, LOOP_CLR_FD [pid 5871] <... ioctl resumed>) = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5871] close(3 [ 193.329478][ T5885] ? kasan_quarantine_put+0xdd/0x220 [ 193.329505][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.329533][ T5885] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.329574][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.329608][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.329636][ T5885] ? kmem_cache_free+0x18f/0x400 [ 193.329672][ T5885] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.329704][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.329731][ T5885] ? __xfs_trans_commit+0x4c7/0xbd0 [ 193.329775][ T5885] xfs_attr_finish_item+0xed/0x320 [ 193.329815][ T5885] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 193.329852][ T5885] xfs_defer_finish_one+0x5c8/0xcf0 [ 193.329913][ T5885] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 193.329963][ T5885] xfs_defer_finish_noroll+0x910/0x12d0 [ 193.330003][ T5885] ? xfs_trans_commit+0x10b/0x1c0 [ 193.330035][ T5885] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 193.330068][ T5885] ? inode_set_ctime_current+0x740/0xb40 [ 193.330116][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.330144][ T5885] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 193.330184][ T5885] xfs_trans_commit+0x10b/0x1c0 [ 193.330210][ T5885] ? __pfx_xfs_trans_commit+0x10/0x10 [ 193.330243][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.330271][ T5885] ? xfs_trans_log_inode+0x12c/0x1a0 [ 193.330311][ T5885] xfs_attr_set+0xdc6/0x1210 [ 193.330361][ T5885] ? __pfx_xfs_attr_set+0x10/0x10 [ 193.330394][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.330422][ T5885] ? __lock_acquire+0xab9/0xd20 [ 193.330459][ T5885] ? xfs_da_hashname+0x59d/0x740 [ 193.330491][ T5885] ? do_raw_spin_lock+0x121/0x290 [ 193.330534][ T5885] ? xfs_attr_change+0x2ac/0x390 [ 193.330568][ T5885] xfs_xattr_set+0x14d/0x250 [ 193.330600][ T5885] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.330651][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.330678][ T5885] ? evm_protect_xattr+0x4d4/0xa90 [ 193.330705][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.330732][ T5885] ? rcu_is_watching+0x15/0xb0 [ 193.330766][ T5885] ? __pfx_evm_protect_xattr+0x10/0x10 [ 193.330794][ T5885] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.330821][ T5885] __vfs_setxattr+0x43c/0x480 [ 193.330871][ T5885] __vfs_setxattr_noperm+0x12d/0x660 [ 193.330914][ T5885] vfs_setxattr+0x16b/0x2f0 [ 193.330956][ T5885] ? __pfx_vfs_setxattr+0x10/0x10 [ 193.330986][ T5885] ? mnt_get_write_access+0x223/0x2a0 [ 193.331016][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.331051][ T5885] filename_setxattr+0x274/0x600 [ 193.331098][ T5885] ? __pfx_filename_setxattr+0x10/0x10 [ 193.331137][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.331165][ T5885] ? getname_flags+0x1e5/0x540 [ 193.331206][ T5885] path_setxattrat+0x364/0x3a0 [ 193.331244][ T5885] ? __pfx_path_setxattrat+0x10/0x10 [ 193.331311][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.331339][ T5885] ? rcu_is_watching+0x15/0xb0 [ 193.331375][ T5885] __x64_sys_lsetxattr+0xbf/0xe0 [ 193.331416][ T5885] do_syscall_64+0xfa/0x3b0 [ 193.331440][ T5885] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.331478][ T5885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.331501][ T5885] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.331529][ T5885] ? exc_page_fault+0x9f/0xf0 [ 193.331570][ T5885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.331594][ T5885] RIP: 0033:0x7f3cdbf794f9 [ 193.331616][ T5885] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.331635][ T5885] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 193.331665][ T5885] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 193.331683][ T5885] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 193.331701][ T5885] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 193.331716][ T5885] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 193.331733][ T5885] R13: 0000000000000006 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 193.331772][ T5885] [ 193.331782][ T5885] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 5874] close(3 [pid 5875] <... umount2 resumed>) = 0 [pid 5875] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5875] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5875] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5875] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5875] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5875] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5875] close(4) = 0 [pid 5875] rmdir("./0/file1") = 0 [pid 5875] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5875] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] unlink("./0/binderfs") = 0 [pid 5875] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5875] close(3) = 0 [pid 5875] rmdir("./0") = 0 [pid 5875] mkdir("./1", 0777) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5875] ioctl(3, LOOP_CLR_FD) = 0 [ 193.358594][ T5944] XFS (loop4): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 193.361117][ T5885] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 193.364781][ T5944] CPU: 1 UID: 0 PID: 5944 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 193.364811][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.364826][ T5944] Call Trace: [ 193.364836][ T5944] [ 193.364847][ T5944] dump_stack_lvl+0x189/0x250 [ 193.364879][ T5944] ? __pfx__xfs_alert_tag+0x10/0x10 [ 193.364917][ T5944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.364952][ T5944] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 193.365000][ T5944] xfs_corruption_error+0x122/0x170 [ 193.365039][ T5944] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.365073][ T5944] xfs_alloc_fixup_trees+0x95e/0xd20 [ 193.365103][ T5944] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 193.365144][ T5944] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 193.365175][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365204][ T5944] ? rcu_is_watching+0x15/0xb0 [ 193.365234][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365262][ T5944] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 193.365294][ T5944] ? rcu_is_watching+0x15/0xb0 [ 193.365333][ T5944] xfs_alloc_cur_finish+0xd3/0x4b0 [ 193.365362][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365393][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365427][ T5944] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 193.365486][ T5944] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 193.365516][ T5944] ? xfs_group_grab+0x28/0x480 [ 193.365553][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365581][ T5944] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 193.365614][ T5944] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 193.365670][ T5944] xfs_alloc_vextent_start_ag+0x388/0x850 [ 193.365710][ T5944] xfs_bmapi_allocate+0x188e/0x2e00 [ 193.365775][ T5944] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 193.365808][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365860][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365887][ T5944] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 193.365911][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.365938][ T5944] ? xfs_iext_prev+0x35a/0x370 [ 193.365977][ T5944] ? xfs_iext_get_extent+0x1bb/0x370 [ 193.366008][ T5944] xfs_bmapi_write+0x7df/0x1260 [ 193.366069][ T5944] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 193.366151][ T5944] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 193.366193][ T5944] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 193.366223][ T5944] ? kasan_save_track+0x4f/0x80 [ 193.366249][ T5944] ? kasan_save_track+0x3e/0x80 [ 193.366274][ T5944] ? kasan_save_free_info+0x46/0x50 [ 193.366311][ T5944] ? kmem_cache_free+0x18f/0x400 [ 193.366339][ T5944] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.366364][ T5944] ? xfs_trans_roll+0x130/0x450 [ 193.366388][ T5944] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 193.366428][ T5944] xfs_attr_set_iter+0x2d4/0x4b70 [ 193.366462][ T5944] ? filename_setxattr+0x274/0x600 [ 193.366496][ T5944] ? path_setxattrat+0x364/0x3a0 [ 193.366518][ T5944] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 193.366570][ T5944] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 193.366635][ T5944] ? kasan_quarantine_put+0xdd/0x220 [ 193.366661][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.366688][ T5944] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.366729][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.366763][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.366791][ T5944] ? kmem_cache_free+0x18f/0x400 [ 193.366822][ T5944] ? __xfs_trans_commit+0x3e0/0xbd0 [ 193.366853][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.366880][ T5944] ? __xfs_trans_commit+0x4c7/0xbd0 [ 193.366924][ T5944] xfs_attr_finish_item+0xed/0x320 [ 193.366963][ T5944] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 193.367000][ T5944] xfs_defer_finish_one+0x5c8/0xcf0 [ 193.367061][ T5944] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 193.367111][ T5944] xfs_defer_finish_noroll+0x910/0x12d0 [ 193.367150][ T5944] ? xfs_trans_commit+0x10b/0x1c0 [ 193.367182][ T5944] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 193.367215][ T5944] ? inode_set_ctime_current+0x740/0xb40 [ 193.367263][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.367290][ T5944] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 193.367331][ T5944] xfs_trans_commit+0x10b/0x1c0 [ 193.367357][ T5944] ? __pfx_xfs_trans_commit+0x10/0x10 [ 193.367389][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.367417][ T5944] ? xfs_trans_log_inode+0x12c/0x1a0 [ 193.367457][ T5944] xfs_attr_set+0xdc6/0x1210 [ 193.367506][ T5944] ? __pfx_xfs_attr_set+0x10/0x10 [ 193.367539][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.367567][ T5944] ? __lock_acquire+0xab9/0xd20 [pid 5875] close(3) = 0 [pid 5874] <... close resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5875] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5960 attached , child_tidptr=0x55555d962750) = 5960 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 193.367604][ T5944] ? xfs_da_hashname+0x59d/0x740 [ 193.367650][ T5944] ? do_raw_spin_lock+0x121/0x290 [ 193.367693][ T5944] ? xfs_attr_change+0x2ac/0x390 [ 193.367728][ T5944] xfs_xattr_set+0x14d/0x250 [ 193.367760][ T5944] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.367805][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.367833][ T5944] ? evm_protect_xattr+0x4d4/0xa90 [ 193.367859][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.367886][ T5944] ? rcu_is_watching+0x15/0xb0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5960] set_robust_list(0x55555d962760, 24) = 0 [pid 5960] chdir("./1" [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 5962 ./strace-static-x86_64: Process 5963 attached [pid 5960] <... chdir resumed>) = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 5963 [pid 5960] setpgid(0, 0 [pid 5963] set_robust_list(0x55555d962760, 24 [pid 5960] <... setpgid resumed>) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5963] chdir("./1") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5960] <... openat resumed>) = 3 [pid 5963] <... prctl resumed>) = 0 [pid 5960] write(3, "1000", 4 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 5961 [pid 5963] setpgid(0, 0 [pid 5960] <... write resumed>) = 4 [pid 5963] <... setpgid resumed>) = 0 [pid 5960] close(3 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5960] <... close resumed>) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5963] <... openat resumed>) = 3 [pid 5960] write(1, "executing program\n", 18 [pid 5963] write(3, "1000", 4executing program [pid 5960] <... write resumed>) = 18 [pid 5963] <... write resumed>) = 4 [pid 5963] close(3 [pid 5960] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... close resumed>) = 0 [pid 5960] <... futex resumed>) = 0 [pid 5960] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [ 193.367920][ T5944] ? __pfx_evm_protect_xattr+0x10/0x10 [ 193.367948][ T5944] ? __pfx_xfs_xattr_set+0x10/0x10 [ 193.367975][ T5944] __vfs_setxattr+0x43c/0x480 [ 193.368025][ T5944] __vfs_setxattr_noperm+0x12d/0x660 [ 193.368069][ T5944] vfs_setxattr+0x16b/0x2f0 [ 193.368110][ T5944] ? __pfx_vfs_setxattr+0x10/0x10 [ 193.368140][ T5944] ? mnt_get_write_access+0x223/0x2a0 [ 193.368170][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.368204][ T5944] filename_setxattr+0x274/0x600 [ 193.368252][ T5944] ? __pfx_filename_setxattr+0x10/0x10 [pid 5963] symlink("/dev/binderfs", "./binderfs" [pid 5960] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5963] <... symlink resumed>) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 executing program [pid 5960] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5963] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5963] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5960] <... mprotect resumed>) = 0 [pid 5960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 5964 attached [pid 5963] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5960] <... clone3 resumed> => {parent_tid=[5964]}, 88) = 5964 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] <... rseq resumed>) = 0 [pid 5963] <... clone3 resumed> => {parent_tid=[5965]}, 88) = 5965 [pid 5960] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] set_robust_list(0x7f3cdbf259a0, 24 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] <... futex resumed>) = 0 [pid 5964] <... set_robust_list resumed>) = 0 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... futex resumed>) = 0 [pid 5964] memfd_create("syzkaller", 0 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] <... memfd_create resumed>) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 193.368290][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.368318][ T5944] ? getname_flags+0x1e5/0x540 [ 193.368359][ T5944] path_setxattrat+0x364/0x3a0 [ 193.368396][ T5944] ? __pfx_path_setxattrat+0x10/0x10 [ 193.368463][ T5944] ? srso_alias_return_thunk+0x5/0xfbef5 [ 193.368490][ T5944] ? rcu_is_watching+0x15/0xb0 [ 193.368526][ T5944] __x64_sys_lsetxattr+0xbf/0xe0 [ 193.368567][ T5944] do_syscall_64+0xfa/0x3b0 [ 193.368594][ T5944] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.368617][ T5944] ? __switch_to_asm+0x39/0x70 executing program ./strace-static-x86_64: Process 5961 attached [pid 5961] set_robust_list(0x55555d962760, 24) = 0 [pid 5961] chdir("./1") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] write(1, "executing program\n", 18) = 18 [pid 5961] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5961] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 193.368655][ T5944] ? __switch_to_asm+0x33/0x70 [ 193.368693][ T5944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.368717][ T5944] RIP: 0033:0x7f3cdbf794f9 [ 193.368739][ T5944] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.368758][ T5944] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 193.368783][ T5944] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[5966]}, 88) = 5966 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5961] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5966 attached [pid 5961] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5966] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] memfd_create("syzkaller", 0) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 193.368801][ T5944] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 193.368819][ T5944] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 193.368835][ T5944] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 193.368851][ T5944] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 193.368890][ T5944] [ 193.375922][ T5944] XFS (loop4): Corruption detected. Unmount and run xfs_repair [ 193.376373][ T5885] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 193.436794][ T5944] XFS (loop4): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 193.463187][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 193.479090][ T5888] XFS (loop5): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 193.481020][ T5944] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 193.487668][ T5888] XFS (loop5): Unmount and run xfs_repair executing program ./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x55555d962760, 24) = 0 [pid 5962] chdir("./1") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5962] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 194.389428][ T5948] loop1: detected capacity change from 0 to 32768 [ 194.396070][ T5888] XFS (loop5): First 128 bytes of corrupted metadata buffer: [ 194.449893][ T5948] XFS: noikeep mount option is deprecated. [ 194.577913][ T5948] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.581072][ T5888] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 194.589073][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[5967]}, 88) = 5967 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 194.592794][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.621160][ T5888] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 194.621190][ T5888] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 194.621211][ T5888] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 194.621231][ T5888] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 194.621252][ T5888] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5965] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 194.621272][ T5888] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 194.621292][ T5888] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 194.621448][ T5888] XFS (loop5): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [ 194.633033][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.646161][ T5875] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5876] kill(-5882, SIGKILL) = 0 [pid 5876] kill(5882, SIGKILL) = 0 ./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5967] set_robust_list(0x7f3cdbf259a0, 24) = 0 [ 194.667682][ T5874] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair. [ 194.711966][ T5948] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 196.193556][ T5948] XFS (loop1): Starting recovery (logdev: internal) [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5948] <... mount resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./file1") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] <... futex resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... openat resumed>) = 4 [pid 5948] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5947] <... futex resumed>) = 0 [ 196.269341][ T5948] XFS (loop1): Ending recovery (logdev: internal) [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... pwritev2 resumed>) = 65007 [pid 5948] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] <... futex resumed>) = 0 [pid 5966] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5948] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5947] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5948] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 196.367853][ T5948] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 196.396866][ T5948] XFS (loop1): Unmount and run xfs_repair [pid 5948] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5947] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5876] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5876] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5876] getdents64(3, 0x55555d9637f0 /* 2 entries */, 32768) = 48 [pid 5876] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5876] close(3) = 0 [ 196.448813][ T5948] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 196.498258][ T5948] CPU: 0 UID: 0 PID: 5948 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 196.498296][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.498312][ T5948] Call Trace: [ 196.498322][ T5948] [ 196.498332][ T5948] dump_stack_lvl+0x189/0x250 [ 196.498372][ T5948] ? __pfx__xfs_alert_tag+0x10/0x10 [ 196.498410][ T5948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.498442][ T5948] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 196.498486][ T5948] xfs_corruption_error+0x122/0x170 [ 196.498525][ T5948] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 196.498567][ T5948] xfs_alloc_fixup_trees+0x95e/0xd20 [ 196.498594][ T5948] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 196.498633][ T5948] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 196.498664][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.498691][ T5948] ? rcu_is_watching+0x15/0xb0 [ 196.498721][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.498748][ T5948] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 196.498780][ T5948] ? rcu_is_watching+0x15/0xb0 [ 196.498822][ T5948] xfs_alloc_cur_finish+0xd3/0x4b0 [ 196.498853][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.498885][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.498920][ T5948] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 196.498991][ T5948] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 196.499022][ T5948] ? xfs_group_grab+0x28/0x480 [ 196.499061][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.499090][ T5948] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 196.499125][ T5948] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 196.499176][ T5948] xfs_alloc_vextent_start_ag+0x388/0x850 [ 196.499217][ T5948] xfs_bmapi_allocate+0x188e/0x2e00 [ 196.499286][ T5948] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 196.499321][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.499375][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.499405][ T5948] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 196.499429][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.499457][ T5948] ? xfs_iext_prev+0x35a/0x370 [ 196.499498][ T5948] ? xfs_iext_get_extent+0x1bb/0x370 [ 196.499530][ T5948] xfs_bmapi_write+0x7df/0x1260 [ 196.499594][ T5948] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 196.499677][ T5948] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 196.499722][ T5948] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 196.499753][ T5948] ? kasan_save_track+0x4f/0x80 [ 196.499780][ T5948] ? kasan_save_track+0x3e/0x80 [ 196.499806][ T5948] ? kasan_save_free_info+0x46/0x50 [ 196.499845][ T5948] ? kmem_cache_free+0x18f/0x400 [ 196.499875][ T5948] ? __xfs_trans_commit+0x3e0/0xbd0 [ 196.499902][ T5948] ? xfs_trans_roll+0x130/0x450 [ 196.499926][ T5948] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 196.499969][ T5948] xfs_attr_set_iter+0x2d4/0x4b70 [ 196.500019][ T5948] ? filename_setxattr+0x274/0x600 [ 196.500053][ T5948] ? path_setxattrat+0x364/0x3a0 [ 196.500075][ T5948] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 196.500130][ T5948] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 196.500191][ T5948] ? kasan_quarantine_put+0xdd/0x220 [ 196.500217][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5965] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5967] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5966] <... write resumed>) = 16777216 [ 196.500247][ T5948] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.500289][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.500326][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.500355][ T5948] ? kmem_cache_free+0x18f/0x400 [ 196.500384][ T5948] ? __xfs_trans_commit+0x3e0/0xbd0 [ 196.500417][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.500445][ T5948] ? __xfs_trans_commit+0x4c7/0xbd0 [ 196.500491][ T5948] xfs_attr_finish_item+0xed/0x320 [ 196.500534][ T5948] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 5966] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 196.500573][ T5948] xfs_defer_finish_one+0x5c8/0xcf0 [ 196.500667][ T5948] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 196.500719][ T5948] xfs_defer_finish_noroll+0x910/0x12d0 [ 196.500759][ T5948] ? xfs_trans_commit+0x10b/0x1c0 [ 196.500791][ T5948] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 196.500826][ T5948] ? inode_set_ctime_current+0x740/0xb40 [ 196.500876][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.500905][ T5948] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 196.500946][ T5948] xfs_trans_commit+0x10b/0x1c0 [pid 5966] ioctl(4, LOOP_SET_FD, 3 [pid 5964] <... write resumed>) = 16777216 [ 196.500973][ T5948] ? __pfx_xfs_trans_commit+0x10/0x10 [ 196.501014][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501043][ T5948] ? xfs_trans_log_inode+0x12c/0x1a0 [ 196.501084][ T5948] xfs_attr_set+0xdc6/0x1210 [ 196.501136][ T5948] ? __pfx_xfs_attr_set+0x10/0x10 [ 196.501170][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501198][ T5948] ? __lock_acquire+0xab9/0xd20 [ 196.501235][ T5948] ? xfs_da_hashname+0x59d/0x740 [ 196.501268][ T5948] ? do_raw_spin_lock+0x121/0x290 [ 196.501313][ T5948] ? xfs_attr_change+0x2ac/0x390 [pid 5964] munmap(0x7f3cd3a00000, 138412032 [pid 5947] exit_group(0) = ? [pid 5964] <... munmap resumed>) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 196.501349][ T5948] xfs_xattr_set+0x14d/0x250 [ 196.501382][ T5948] ? __pfx_xfs_xattr_set+0x10/0x10 [ 196.501428][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501457][ T5948] ? evm_protect_xattr+0x4d4/0xa90 [ 196.501484][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501513][ T5948] ? rcu_is_watching+0x15/0xb0 [ 196.501548][ T5948] ? __pfx_evm_protect_xattr+0x10/0x10 [ 196.501577][ T5948] ? __pfx_xfs_xattr_set+0x10/0x10 [ 196.501606][ T5948] __vfs_setxattr+0x43c/0x480 [ 196.501657][ T5948] __vfs_setxattr_noperm+0x12d/0x660 [ 196.501703][ T5948] vfs_setxattr+0x16b/0x2f0 [ 196.501745][ T5948] ? __pfx_vfs_setxattr+0x10/0x10 [ 196.501776][ T5948] ? mnt_get_write_access+0x223/0x2a0 [ 196.501808][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501843][ T5948] filename_setxattr+0x274/0x600 [ 196.501893][ T5948] ? __pfx_filename_setxattr+0x10/0x10 [ 196.501933][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.501962][ T5948] ? getname_flags+0x1e5/0x540 [ 196.502016][ T5948] path_setxattrat+0x364/0x3a0 [ 196.502055][ T5948] ? __pfx_path_setxattrat+0x10/0x10 [ 196.502123][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.502152][ T5948] ? rcu_is_watching+0x15/0xb0 [ 196.502189][ T5948] __x64_sys_lsetxattr+0xbf/0xe0 [ 196.502231][ T5948] do_syscall_64+0xfa/0x3b0 [ 196.502256][ T5948] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.502296][ T5948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.502320][ T5948] ? srso_alias_return_thunk+0x5/0xfbef5 [ 196.502349][ T5948] ? exc_page_fault+0x9f/0xf0 [ 196.502391][ T5948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 5964] ioctl(4, LOOP_SET_FD, 3 [pid 5966] <... ioctl resumed>) = 0 [pid 5965] <... write resumed>) = 16777216 [ 196.502415][ T5948] RIP: 0033:0x7f3cdbf794f9 [ 196.502437][ T5948] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 196.502458][ T5948] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 196.502483][ T5948] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 196.502502][ T5948] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 196.502519][ T5948] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 196.502535][ T5948] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 196.502551][ T5948] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 196.502591][ T5948] [ 196.626956][ T5948] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 196.892873][ T5966] loop2: detected capacity change from 0 to 32768 [ 197.012263][ T5964] loop4: detected capacity change from 0 to 32768 [pid 5966] close(3 [pid 5965] munmap(0x7f3cd3a00000, 138412032 [pid 5966] <... close resumed>) = 0 [pid 5966] close(4) = 0 [pid 5966] mkdir("./file1", 0777) = 0 [pid 5948] <... lsetxattr resumed>) = ? [ 197.200339][ T5948] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 197.224312][ T5948] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [pid 5966] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5948] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=203 /* 2.03 s */} --- [pid 5872] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5964] <... ioctl resumed>) = 0 [pid 5872] newfstatat(3, "", [pid 5964] close(3) = 0 [pid 5964] close(4 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5965] <... munmap resumed>) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 197.259376][ T5966] XFS: noikeep mount option is deprecated. [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5964] <... close resumed>) = 0 [pid 5964] mkdir("./file1", 0777) = 0 [pid 5964] mount("/dev/loop4", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5965] <... ioctl resumed>) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [ 197.302883][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.316563][ T5965] loop3: detected capacity change from 0 to 32768 [ 197.332612][ T5964] XFS: noikeep mount option is deprecated. [pid 5965] mkdir("./file1", 0777) = 0 [pid 5965] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./1/file1") = 0 [pid 5872] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./1/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./1") = 0 [pid 5872] mkdir("./2", 0777) = 0 [ 197.388182][ T5965] XFS: noikeep mount option is deprecated. [ 197.407954][ T5966] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 197.472893][ T5965] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.525328][ T5964] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.544634][ T5966] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3 [pid 5967] <... write resumed>) = 16777216 [pid 5967] munmap(0x7f3cd3a00000, 138412032 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 5994 ./strace-static-x86_64: Process 5994 attached [pid 5994] set_robust_list(0x55555d962760, 24) = 0 [ 197.678084][ T5965] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 197.711408][ T5966] XFS (loop2): Starting recovery (logdev: internal) [pid 5994] chdir("./2") = 0 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5994] setpgid(0, 0) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5994] write(3, "1000", 4) = 4 [pid 5994] close(3) = 0 [pid 5994] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5994] write(1, "executing program\n", 18) = 18 [pid 5994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5994] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 197.755428][ T5964] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 197.769549][ T5965] XFS (loop3): Starting recovery (logdev: internal) [pid 5967] <... munmap resumed>) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5995 attached [pid 5995] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5994] <... clone3 resumed> => {parent_tid=[5995]}, 88) = 5995 [pid 5967] <... openat resumed>) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5995] <... rseq resumed>) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... mount resumed>) = 0 [pid 5965] <... mount resumed>) = 0 [pid 5995] set_robust_list(0x7f3cdbf259a0, 24 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5995] <... set_robust_list resumed>) = 0 [pid 5994] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... openat resumed>) = 3 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] <... futex resumed>) = 0 [pid 5966] chdir("./file1" [pid 5965] <... openat resumed>) = 3 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] <... chdir resumed>) = 0 [pid 5965] chdir("./file1" [pid 5995] memfd_create("syzkaller", 0 [pid 5967] <... ioctl resumed>) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5965] <... chdir resumed>) = 0 [pid 5967] close(3 [pid 5995] <... memfd_create resumed>) = 3 [pid 5967] <... close resumed>) = 0 [pid 5966] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5965] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5967] close(4 [pid 5966] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5966] <... futex resumed>) = 1 [pid 5965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5961] <... futex resumed>) = 0 [pid 5966] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] <... futex resumed>) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = 0 [pid 5967] <... close resumed>) = 0 [pid 5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5965] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5963] <... futex resumed>) = 0 [ 197.806787][ T5966] XFS (loop2): Ending recovery (logdev: internal) [ 197.815912][ T5964] XFS (loop4): Starting recovery (logdev: internal) [ 197.825334][ T5965] XFS (loop3): Ending recovery (logdev: internal) [ 197.830756][ T5967] loop0: detected capacity change from 0 to 32768 [pid 5961] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] mkdir("./file1", 0777 [pid 5965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... mkdir resumed>) = 0 [pid 5967] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5965] <... openat resumed>) = 4 [pid 5966] <... openat resumed>) = 4 [pid 5965] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 1 [pid 5966] <... futex resumed>) = 1 [pid 5965] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... futex resumed>) = 0 [pid 5961] <... futex resumed>) = 0 [pid 5963] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 1 [pid 5961] <... futex resumed>) = 1 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 0 [pid 5966] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5965] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [ 197.856770][ T5967] XFS: noikeep mount option is deprecated. [pid 5965] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5966] <... pwritev2 resumed>) = 65007 [pid 5961] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5961] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5961] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5966] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... clone3 resumed> => {parent_tid=[6001]}, 88) = 6001 [pid 5965] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5961] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 197.894496][ T5965] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 197.918959][ T5964] XFS (loop4): Ending recovery (logdev: internal) [ 197.930581][ T5965] XFS (loop3): Unmount and run xfs_repair [pid 5965] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6001 attached [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5963] <... futex resumed>) = 1 [pid 5963] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6001] <... rseq resumed>) = 0 [pid 6001] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6001] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5964] <... mount resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] <... futex resumed>) = 0 [pid 5964] chdir("./file1" [pid 5965] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5964] <... chdir resumed>) = 0 [ 197.945744][ T5967] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 197.958273][ T6001] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5964] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5964] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 0 [pid 5964] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5963] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5961] <... futex resumed>) = 1 [pid 5960] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5961] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... openat resumed>) = 4 [pid 5964] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = 1 [pid 5960] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 197.989412][ T5965] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 198.010031][ T6001] XFS (loop2): Unmount and run xfs_repair [pid 5964] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6001] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6001] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5960] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 198.023411][ T5965] CPU: 0 UID: 0 PID: 5965 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 198.023446][ T5965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.023461][ T5965] Call Trace: [ 198.023471][ T5965] [ 198.023481][ T5965] dump_stack_lvl+0x189/0x250 [ 198.023519][ T5965] ? __pfx__xfs_alert_tag+0x10/0x10 [ 198.023559][ T5965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.023594][ T5965] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 198.023643][ T5965] xfs_corruption_error+0x122/0x170 [ 198.023691][ T5965] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 5960] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5960] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6006 attached [pid 6006] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5960] <... clone3 resumed> => {parent_tid=[6006]}, 88) = 6006 [pid 6006] <... rseq resumed>) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] set_robust_list(0x7f3cdbf049a0, 24 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] <... set_robust_list resumed>) = 0 [pid 5960] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] <... futex resumed>) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 198.023727][ T5965] xfs_alloc_fixup_trees+0x95e/0xd20 [ 198.023756][ T5965] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 198.023799][ T5965] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 198.023830][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.023860][ T5965] ? rcu_is_watching+0x15/0xb0 [ 198.023891][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.023919][ T5965] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 198.023951][ T5965] ? rcu_is_watching+0x15/0xb0 [ 198.023991][ T5965] xfs_alloc_cur_finish+0xd3/0x4b0 [ 198.024022][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024052][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024086][ T5965] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 198.024146][ T5965] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 198.024175][ T5965] ? xfs_group_grab+0x28/0x480 [ 198.024213][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024241][ T5965] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 198.024275][ T5965] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 198.024324][ T5965] xfs_alloc_vextent_start_ag+0x388/0x850 [ 198.024364][ T5965] xfs_bmapi_allocate+0x188e/0x2e00 [ 198.024430][ T5965] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 198.024464][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024516][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024544][ T5965] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 198.024568][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.024596][ T5965] ? xfs_iext_prev+0x35a/0x370 [ 198.024635][ T5965] ? xfs_iext_get_extent+0x1bb/0x370 [pid 6006] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5960] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5960] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbec3000 [pid 5960] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} => {parent_tid=[6007]}, 88) = 6007 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5960] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6007 attached [pid 6007] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053) = 0 [ 198.024673][ T5965] xfs_bmapi_write+0x7df/0x1260 [ 198.024734][ T5965] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 198.024816][ T5965] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 198.024858][ T5965] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 198.024889][ T5965] ? kasan_save_track+0x4f/0x80 [ 198.024915][ T5965] ? kasan_save_track+0x3e/0x80 [ 198.024940][ T5965] ? kasan_save_free_info+0x46/0x50 [ 198.024978][ T5965] ? kmem_cache_free+0x18f/0x400 [ 198.025006][ T5965] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.025031][ T5965] ? xfs_trans_roll+0x130/0x450 [pid 6007] set_robust_list(0x7f3cdbee39a0, 24 [pid 5995] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5965] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5960] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6007] <... set_robust_list resumed>) = 0 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 198.025055][ T5965] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 198.025096][ T5965] xfs_attr_set_iter+0x2d4/0x4b70 [ 198.025131][ T5965] ? filename_setxattr+0x274/0x600 [ 198.025165][ T5965] ? path_setxattrat+0x364/0x3a0 [ 198.025186][ T5965] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 198.025239][ T5965] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 198.025298][ T5965] ? kasan_quarantine_put+0xdd/0x220 [ 198.025324][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.025352][ T5965] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6007] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5965] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] exit_group(0) = ? [pid 5966] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5966] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] exit_group(0) = ? [pid 6001] <... futex resumed>) = ? [pid 5966] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ [pid 5961] +++ exited with 0 +++ [pid 5967] <... mount resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./file1") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5967] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 198.025393][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.025427][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.025455][ T5965] ? kmem_cache_free+0x18f/0x400 [ 198.025483][ T5965] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.025515][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.025543][ T5965] ? __xfs_trans_commit+0x4c7/0xbd0 [ 198.025587][ T5965] xfs_attr_finish_item+0xed/0x320 [ 198.025628][ T5965] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 198.025670][ T5965] xfs_defer_finish_one+0x5c8/0xcf0 [pid 5967] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=51 /* 0.51 s */} --- [pid 5873] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 198.025732][ T5965] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 198.025783][ T5965] xfs_defer_finish_noroll+0x910/0x12d0 [ 198.025823][ T5965] ? xfs_trans_commit+0x10b/0x1c0 [ 198.025855][ T5965] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 198.025889][ T5965] ? inode_set_ctime_current+0x740/0xb40 [ 198.025937][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.025966][ T5965] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 198.026006][ T5965] xfs_trans_commit+0x10b/0x1c0 [pid 5873] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5967] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 4 [pid 5967] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5967] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5967] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... pwritev2 resumed>) = 65007 [pid 5967] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040) = -1 EUCLEAN (Structure needs cleaning) [pid 5967] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5967] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [ 198.026033][ T5965] ? __pfx_xfs_trans_commit+0x10/0x10 [ 198.026065][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.026093][ T5965] ? xfs_trans_log_inode+0x12c/0x1a0 [ 198.026134][ T5965] xfs_attr_set+0xdc6/0x1210 [ 198.026184][ T5965] ? __pfx_xfs_attr_set+0x10/0x10 [ 198.026219][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.026247][ T5965] ? __lock_acquire+0xab9/0xd20 [ 198.026283][ T5965] ? xfs_da_hashname+0x59d/0x740 [ 198.026316][ T5965] ? do_raw_spin_lock+0x121/0x290 [pid 5967] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5962] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = ? [ 198.026360][ T5965] ? xfs_attr_change+0x2ac/0x390 [ 198.026395][ T5965] xfs_xattr_set+0x14d/0x250 [ 198.026427][ T5965] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.026473][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.026501][ T5965] ? evm_protect_xattr+0x4d4/0xa90 [ 198.026528][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.026556][ T5965] ? rcu_is_watching+0x15/0xb0 [ 198.026591][ T5965] ? __pfx_evm_protect_xattr+0x10/0x10 [ 198.026621][ T5965] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.026649][ T5965] __vfs_setxattr+0x43c/0x480 [pid 5965] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ [pid 5962] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=50 /* 0.50 s */} --- [pid 5874] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 198.026703][ T5965] __vfs_setxattr_noperm+0x12d/0x660 [ 198.026748][ T5965] vfs_setxattr+0x16b/0x2f0 [ 198.026791][ T5965] ? __pfx_vfs_setxattr+0x10/0x10 [ 198.026826][ T5965] ? mnt_get_write_access+0x223/0x2a0 [ 198.026857][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.026892][ T5965] filename_setxattr+0x274/0x600 [ 198.026940][ T5965] ? __pfx_filename_setxattr+0x10/0x10 [ 198.026979][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.027007][ T5965] ? getname_flags+0x1e5/0x540 [ 198.027049][ T5965] path_setxattrat+0x364/0x3a0 [ 198.027086][ T5965] ? __pfx_path_setxattrat+0x10/0x10 [ 198.027153][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.027181][ T5965] ? rcu_is_watching+0x15/0xb0 [ 198.027218][ T5965] __x64_sys_lsetxattr+0xbf/0xe0 [ 198.027260][ T5965] do_syscall_64+0xfa/0x3b0 [ 198.027284][ T5965] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.027323][ T5965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.027346][ T5965] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.027375][ T5965] ? exc_page_fault+0x9f/0xf0 [pid 5874] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5960] exit_group(0) = ? [ 198.027416][ T5965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.027440][ T5965] RIP: 0033:0x7f3cdbf794f9 [ 198.027462][ T5965] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 198.027482][ T5965] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 198.027507][ T5965] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./1/file1") = 0 [pid 5873] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./1/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 198.027526][ T5965] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 198.027544][ T5965] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 198.027560][ T5965] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 198.027577][ T5965] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 198.027617][ T5965] [ 198.036436][ T5967] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 198.088698][ T5966] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 198.089663][ T5965] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 198.096042][ T5966] CPU: 0 UID: 0 PID: 5966 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 198.096073][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.096088][ T5966] Call Trace: [ 198.096098][ T5966] [ 198.096108][ T5966] dump_stack_lvl+0x189/0x250 [ 198.096147][ T5966] ? __pfx__xfs_alert_tag+0x10/0x10 [ 198.096185][ T5966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.096219][ T5966] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 198.096267][ T5966] xfs_corruption_error+0x122/0x170 [ 198.096306][ T5966] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 198.096340][ T5966] xfs_alloc_fixup_trees+0x95e/0xd20 [ 198.096369][ T5966] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 198.096411][ T5966] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 198.096441][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] close(3) = 0 [pid 5873] rmdir("./1") = 0 [pid 5873] mkdir("./2", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 5967] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5967] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] exit_group(0) = ? [pid 5967] <... futex resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=52 /* 0.52 s */} --- [pid 5871] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 198.096469][ T5966] ? rcu_is_watching+0x15/0xb0 [ 198.096499][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.096526][ T5966] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 198.096557][ T5966] ? rcu_is_watching+0x15/0xb0 [ 198.096597][ T5966] xfs_alloc_cur_finish+0xd3/0x4b0 [ 198.096626][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.096661][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.096695][ T5966] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 198.096752][ T5966] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 198.096781][ T5966] ? xfs_group_grab+0x28/0x480 [ 198.096818][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.096845][ T5966] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 198.096878][ T5966] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 198.096925][ T5966] xfs_alloc_vextent_start_ag+0x388/0x850 [ 198.096964][ T5966] xfs_bmapi_allocate+0x188e/0x2e00 [ 198.097029][ T5966] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 198.097061][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.097111][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.097139][ T5966] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 198.097165][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.097192][ T5966] ? xfs_iext_prev+0x35a/0x370 [ 198.097230][ T5966] ? xfs_iext_get_extent+0x1bb/0x370 [ 198.097261][ T5966] xfs_bmapi_write+0x7df/0x1260 [ 198.097321][ T5966] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 198.097400][ T5966] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 198.097441][ T5966] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 198.097471][ T5966] ? kasan_save_track+0x4f/0x80 [pid 5871] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5995] <... write resumed>) = 16777216 [ 198.097496][ T5966] ? kasan_save_track+0x3e/0x80 [ 198.097520][ T5966] ? kasan_save_free_info+0x46/0x50 [ 198.097557][ T5966] ? kmem_cache_free+0x18f/0x400 [ 198.097585][ T5966] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.097609][ T5966] ? xfs_trans_roll+0x130/0x450 [ 198.097632][ T5966] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 198.097676][ T5966] xfs_attr_set_iter+0x2d4/0x4b70 [ 198.097710][ T5966] ? filename_setxattr+0x274/0x600 [pid 5995] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5873] <... close resumed>) = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 198.097743][ T5966] ? path_setxattrat+0x364/0x3a0 [ 198.097764][ T5966] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 198.097816][ T5966] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 198.097873][ T5966] ? kasan_quarantine_put+0xdd/0x220 [ 198.097898][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.097925][ T5966] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.097966][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.097999][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.098027][ T5966] ? kmem_cache_free+0x18f/0x400 [pid 5995] ioctl(4, LOOP_SET_FD, 3 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5995] <... ioctl resumed>) = 0 [pid 5995] close(3) = 0 [pid 5995] close(4) = 0 [pid 5995] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 6008 attached [ 198.098054][ T5966] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.098085][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.098112][ T5966] ? __xfs_trans_commit+0x4c7/0xbd0 [ 198.098155][ T5966] xfs_attr_finish_item+0xed/0x320 [ 198.098195][ T5966] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 198.098232][ T5966] xfs_defer_finish_one+0x5c8/0xcf0 [ 198.098292][ T5966] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 198.098341][ T5966] xfs_defer_finish_noroll+0x910/0x12d0 [ 198.098380][ T5966] ? xfs_trans_commit+0x10b/0x1c0 [pid 5995] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6008] set_robust_list(0x55555d962760, 24 [pid 6006] <... open resumed>) = ? [pid 6008] <... set_robust_list resumed>) = 0 [pid 6006] +++ exited with 0 +++ [pid 6008] chdir("./2") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5964] <... pwritev2 resumed>) = ? [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6008 [pid 5964] +++ exited with 0 +++ [ 198.098411][ T5966] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 198.098444][ T5966] ? inode_set_ctime_current+0x740/0xb40 [ 198.098491][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.098518][ T5966] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 198.098559][ T5966] xfs_trans_commit+0x10b/0x1c0 [ 198.098584][ T5966] ? __pfx_xfs_trans_commit+0x10/0x10 [ 198.098616][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.098643][ T5966] ? xfs_trans_log_inode+0x12c/0x1a0 [ 198.098687][ T5966] xfs_attr_set+0xdc6/0x1210 [ 198.098736][ T5966] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6008] <... prctl resumed>) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6008] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6008] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6009 attached => {parent_tid=[6009]}, 88) = 6009 [pid 6009] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6009] <... rseq resumed>) = 0 [pid 6009] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 198.098769][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.098799][ T5966] ? __lock_acquire+0xab9/0xd20 [ 198.098836][ T5966] ? xfs_da_hashname+0x59d/0x740 [ 198.098866][ T5966] ? do_raw_spin_lock+0x121/0x290 [ 198.098909][ T5966] ? xfs_attr_change+0x2ac/0x390 [ 198.098942][ T5966] xfs_xattr_set+0x14d/0x250 [ 198.098974][ T5966] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.099018][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.099045][ T5966] ? evm_protect_xattr+0x4d4/0xa90 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 198.099071][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.099098][ T5966] ? rcu_is_watching+0x15/0xb0 [ 198.099131][ T5966] ? __pfx_evm_protect_xattr+0x10/0x10 [ 198.099158][ T5966] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.099185][ T5966] __vfs_setxattr+0x43c/0x480 [ 198.099234][ T5966] __vfs_setxattr_noperm+0x12d/0x660 [ 198.099276][ T5966] vfs_setxattr+0x16b/0x2f0 [ 198.099317][ T5966] ? __pfx_vfs_setxattr+0x10/0x10 [ 198.099347][ T5966] ? mnt_get_write_access+0x223/0x2a0 [ 198.099377][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.099410][ T5966] filename_setxattr+0x274/0x600 [ 198.099457][ T5966] ? __pfx_filename_setxattr+0x10/0x10 [ 198.099494][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.099521][ T5966] ? getname_flags+0x1e5/0x540 [ 198.099563][ T5966] path_setxattrat+0x364/0x3a0 [ 198.099599][ T5966] ? __pfx_path_setxattrat+0x10/0x10 [ 198.099670][ T5966] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.099698][ T5966] ? rcu_is_watching+0x15/0xb0 [ 198.099734][ T5966] __x64_sys_lsetxattr+0xbf/0xe0 [ 198.099774][ T5966] do_syscall_64+0xfa/0x3b0 [ 198.099801][ T5966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.099824][ T5966] ? asm_common_interrupt+0x26/0x40 [ 198.099854][ T5966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.099877][ T5966] RIP: 0033:0x7f3cdbf794f9 [ 198.099898][ T5966] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 198.099916][ T5966] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 198.099942][ T5966] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 198.099963][ T5966] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 198.099980][ T5966] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 198.099995][ T5966] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 198.100012][ T5966] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 198.100051][ T5966] [ 198.129525][ T5966] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 198.174511][ T5967] XFS (loop0): Starting recovery (logdev: internal) [ 198.176034][ T6006] XFS (loop4): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 198.252059][ T5965] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 198.254065][ T6006] XFS (loop4): Unmount and run xfs_repair [ 198.259046][ T5965] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 198.291004][ T5966] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 198.307725][ T6006] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 198.331751][ T5967] XFS (loop0): Ending recovery (logdev: internal) [ 198.356895][ T6006] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 198.367531][ T5966] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 198.464039][ T5967] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 198.464102][ T5967] XFS (loop0): Unmount and run xfs_repair [ 198.469973][ T5967] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 198.477428][ T6006] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 198.491475][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 198.495089][ T6006] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 198.538020][ T5967] CPU: 0 UID: 0 PID: 5967 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 198.538055][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.538069][ T5967] Call Trace: [ 198.538079][ T5967] [ 198.538089][ T5967] dump_stack_lvl+0x189/0x250 [ 198.538126][ T5967] ? __pfx__xfs_alert_tag+0x10/0x10 [ 198.538164][ T5967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.538199][ T5967] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 198.538248][ T5967] xfs_corruption_error+0x122/0x170 [ 198.538287][ T5967] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 198.538322][ T5967] xfs_alloc_fixup_trees+0x95e/0xd20 [ 198.538351][ T5967] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 198.538393][ T5967] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 198.538423][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.538452][ T5967] ? rcu_is_watching+0x15/0xb0 [ 198.538482][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.538510][ T5967] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 198.538541][ T5967] ? rcu_is_watching+0x15/0xb0 [ 198.538581][ T5967] xfs_alloc_cur_finish+0xd3/0x4b0 [ 198.538610][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.538640][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.538674][ T5967] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 198.538733][ T5967] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 198.538762][ T5967] ? xfs_group_grab+0x28/0x480 [ 198.538798][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.538826][ T5967] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 198.538859][ T5967] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 198.538914][ T5967] xfs_alloc_vextent_start_ag+0x388/0x850 [ 198.538954][ T5967] xfs_bmapi_allocate+0x188e/0x2e00 [ 198.539019][ T5967] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 198.539052][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.539103][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.539131][ T5967] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 198.539154][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.539182][ T5967] ? xfs_iext_prev+0x35a/0x370 [ 198.539220][ T5967] ? xfs_iext_get_extent+0x1bb/0x370 [ 198.539251][ T5967] xfs_bmapi_write+0x7df/0x1260 [ 198.539311][ T5967] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 198.539392][ T5967] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 198.539434][ T5967] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 198.539464][ T5967] ? kasan_save_track+0x4f/0x80 [ 198.539489][ T5967] ? kasan_save_track+0x3e/0x80 [ 198.539514][ T5967] ? kasan_save_free_info+0x46/0x50 [ 198.539550][ T5967] ? kmem_cache_free+0x18f/0x400 [ 198.539580][ T5967] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.539605][ T5967] ? xfs_trans_roll+0x130/0x450 [ 198.539629][ T5967] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 198.539669][ T5967] xfs_attr_set_iter+0x2d4/0x4b70 [ 198.539703][ T5967] ? filename_setxattr+0x274/0x600 [ 198.539736][ T5967] ? path_setxattrat+0x364/0x3a0 [ 198.539758][ T5967] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 198.539811][ T5967] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 198.539869][ T5967] ? kasan_quarantine_put+0xdd/0x220 [pid 6009] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 6009] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 198.539895][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.539927][ T5967] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.539968][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540002][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540030][ T5967] ? kmem_cache_free+0x18f/0x400 [ 198.540058][ T5967] ? __xfs_trans_commit+0x3e0/0xbd0 [ 198.540090][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540118][ T5967] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 6009] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./1/file1") = 0 [pid 5871] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./1/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./1") = 0 [pid 5871] mkdir("./2", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 198.540162][ T5967] xfs_attr_finish_item+0xed/0x320 [ 198.540202][ T5967] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 198.540240][ T5967] xfs_defer_finish_one+0x5c8/0xcf0 [ 198.540302][ T5967] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 198.540352][ T5967] xfs_defer_finish_noroll+0x910/0x12d0 [ 198.540391][ T5967] ? xfs_trans_commit+0x10b/0x1c0 [ 198.540424][ T5967] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 198.540458][ T5967] ? inode_set_ctime_current+0x740/0xb40 [ 198.540506][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540533][ T5967] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 198.540574][ T5967] xfs_trans_commit+0x10b/0x1c0 [ 198.540600][ T5967] ? __pfx_xfs_trans_commit+0x10/0x10 [ 198.540633][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540681][ T5967] ? xfs_trans_log_inode+0x12c/0x1a0 [ 198.540721][ T5967] xfs_attr_set+0xdc6/0x1210 [ 198.540771][ T5967] ? __pfx_xfs_attr_set+0x10/0x10 [ 198.540805][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.540833][ T5967] ? __lock_acquire+0xab9/0xd20 [ 198.540870][ T5967] ? xfs_da_hashname+0x59d/0x740 [ 198.540906][ T5967] ? do_raw_spin_lock+0x121/0x290 [ 198.540950][ T5967] ? xfs_attr_change+0x2ac/0x390 [ 198.540985][ T5967] xfs_xattr_set+0x14d/0x250 [ 198.541017][ T5967] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.541062][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541090][ T5967] ? evm_protect_xattr+0x4d4/0xa90 [ 198.541117][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541145][ T5967] ? rcu_is_watching+0x15/0xb0 [ 198.541179][ T5967] ? __pfx_evm_protect_xattr+0x10/0x10 [ 198.541207][ T5967] ? __pfx_xfs_xattr_set+0x10/0x10 [ 198.541235][ T5967] __vfs_setxattr+0x43c/0x480 [ 198.541285][ T5967] __vfs_setxattr_noperm+0x12d/0x660 [ 198.541329][ T5967] vfs_setxattr+0x16b/0x2f0 [ 198.541371][ T5967] ? __pfx_vfs_setxattr+0x10/0x10 [ 198.541401][ T5967] ? mnt_get_write_access+0x223/0x2a0 [ 198.541432][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541466][ T5967] filename_setxattr+0x274/0x600 [pid 5871] close(3) = 0 [ 198.541514][ T5967] ? __pfx_filename_setxattr+0x10/0x10 [ 198.541552][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541580][ T5967] ? getname_flags+0x1e5/0x540 [ 198.541622][ T5967] path_setxattrat+0x364/0x3a0 [ 198.541659][ T5967] ? __pfx_path_setxattrat+0x10/0x10 [ 198.541727][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541755][ T5967] ? rcu_is_watching+0x15/0xb0 [ 198.541792][ T5967] __x64_sys_lsetxattr+0xbf/0xe0 [ 198.541833][ T5967] do_syscall_64+0xfa/0x3b0 [ 198.541857][ T5967] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6014 [ 198.541895][ T5967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.541922][ T5967] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.541950][ T5967] ? exc_page_fault+0x9f/0xf0 [ 198.541991][ T5967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.542015][ T5967] RIP: 0033:0x7f3cdbf794f9 [ 198.542039][ T5967] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 198.542059][ T5967] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 198.542085][ T5967] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 198.542104][ T5967] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 198.542121][ T5967] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 198.542137][ T5967] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 198.542153][ T5967] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 198.542193][ T5967] ./strace-static-x86_64: Process 6014 attached [ 198.542203][ T5967] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 198.553970][ T6006] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 198.678761][ T5967] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 198.683558][ T6006] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 198.693419][ T5967] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 6014] set_robust_list(0x55555d962760, 24) = 0 [pid 6014] chdir("./2") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6014] write(1, "executing program\n", 18) = 18 [pid 6014] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6014] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6015 attached => {parent_tid=[6015]}, 88) = 6015 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6014] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6014] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6015] <... rseq resumed>) = 0 [pid 6015] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 198.703236][ T6006] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 199.017389][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.022716][ T6006] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 199.027933][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.036020][ T6006] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 199.085374][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 199.091890][ T6006] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [ 199.097171][ T5995] loop1: detected capacity change from 0 to 32768 [ 199.099072][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 199.136096][ T5995] XFS: noikeep mount option is deprecated. [ 199.785089][ T6009] loop2: detected capacity change from 0 to 32768 [pid 6009] <... ioctl resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 6009] close(3 [pid 5874] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6009] <... close resumed>) = 0 [pid 5874] newfstatat(AT_FDCWD, "./1/file1", [pid 6009] close(4) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6009] mkdir("./file1", 0777 [pid 5874] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6009] <... mkdir resumed>) = 0 [pid 5874] newfstatat(4, "", [ 200.453455][ T5995] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6009] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./1/file1") = 0 [pid 5874] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./1/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./1") = 0 [pid 5874] mkdir("./2", 0777 [pid 6015] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... mkdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 200.497161][ T6009] XFS: noikeep mount option is deprecated. [ 200.533405][ T5995] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 200.570446][ T5995] XFS (loop1): Starting recovery (logdev: internal) [ 200.592049][ T6009] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] close(3 [pid 5995] <... mount resumed>) = 0 [pid 5995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5995] chdir("./file1") = 0 [ 200.664664][ T5995] XFS (loop1): Ending recovery (logdev: internal) [pid 5995] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5994] <... futex resumed>) = 0 [pid 5995] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5994] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] kill(-5960, SIGKILL) = 0 [pid 5875] kill(5960, SIGKILL) = 0 [pid 5995] <... openat resumed>) = 4 [pid 5995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5994] <... futex resumed>) = 1 [pid 5995] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5994] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... pwritev2 resumed>) = 65007 [pid 5995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5994] <... futex resumed>) = 0 [pid 5995] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 200.777886][ T6009] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 200.811023][ T5995] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5994] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5994] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 5994] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6028 attached => {parent_tid=[6028]}, 88) = 6028 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] <... rseq resumed>) = 0 [pid 5994] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] set_robust_list(0x7f3cdbf049a0, 24 [pid 5994] <... futex resumed>) = 0 [pid 5994] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... set_robust_list resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 200.835643][ T6009] XFS (loop2): Starting recovery (logdev: internal) [ 200.847906][ T5995] XFS (loop1): Unmount and run xfs_repair [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6029 ./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x55555d962760, 24) = 0 [pid 6029] chdir("./2") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5994] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6029] <... openat resumed>) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [ 200.880078][ T6028] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 200.904808][ T6009] XFS (loop2): Ending recovery (logdev: internal) [pid 6029] write(1, "executing program\n", 18executing program ) = 18 [pid 6029] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6029] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6030 attached => {parent_tid=[6030]}, 88) = 6030 [pid 6030] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] <... rseq resumed>) = 0 [pid 6030] set_robust_list(0x7f3cdbf259a0, 24 [pid 6029] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... set_robust_list resumed>) = 0 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 200.916874][ T6028] CPU: 0 UID: 0 PID: 6028 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 200.916908][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.916922][ T6028] Call Trace: [ 200.916932][ T6028] [ 200.916942][ T6028] dump_stack_lvl+0x189/0x250 [ 200.916978][ T6028] ? __pfx__xfs_alert_tag+0x10/0x10 [ 200.917015][ T6028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.917049][ T6028] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 200.917097][ T6028] xfs_corruption_error+0x122/0x170 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 200.917136][ T6028] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 200.917172][ T6028] xfs_alloc_fixup_trees+0x95e/0xd20 [ 200.917201][ T6028] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 200.917243][ T6028] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 200.917272][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917301][ T6028] ? rcu_is_watching+0x15/0xb0 [ 200.917332][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917360][ T6028] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 200.917391][ T6028] ? rcu_is_watching+0x15/0xb0 [ 200.917429][ T6028] xfs_alloc_cur_finish+0xd3/0x4b0 [ 200.917459][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917489][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917523][ T6028] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 200.917582][ T6028] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 200.917612][ T6028] ? xfs_group_grab+0x28/0x480 [ 200.917649][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917677][ T6028] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 200.917711][ T6028] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 200.917768][ T6028] xfs_alloc_vextent_start_ag+0x388/0x850 [ 200.917809][ T6028] xfs_bmapi_allocate+0x188e/0x2e00 [ 200.917875][ T6028] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 200.917907][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917958][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.917986][ T6028] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 200.918009][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.918035][ T6028] ? xfs_iext_prev+0x35a/0x370 [ 200.918073][ T6028] ? xfs_iext_get_extent+0x1bb/0x370 [ 200.918102][ T6028] xfs_bmapi_write+0x7df/0x1260 [ 200.918164][ T6028] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 200.918244][ T6028] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 200.918287][ T6028] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 200.918318][ T6028] ? kasan_save_track+0x4f/0x80 [ 200.918343][ T6028] ? kasan_save_track+0x3e/0x80 [ 200.918368][ T6028] ? kasan_save_free_info+0x46/0x50 [ 200.918410][ T6028] ? kmem_cache_free+0x18f/0x400 [ 200.918439][ T6028] ? __xfs_trans_commit+0x3e0/0xbd0 [ 200.918465][ T6028] ? xfs_trans_roll+0x130/0x450 [pid 6030] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6015] <... write resumed>) = 16777216 [pid 6009] <... mount resumed>) = 0 [pid 6009] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file1" [pid 6015] munmap(0x7f3cd3a00000, 138412032 [pid 6009] <... chdir resumed>) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6009] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] <... futex resumed>) = 0 [ 200.918489][ T6028] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 200.918530][ T6028] xfs_attr_set_iter+0x2d4/0x4b70 [ 200.918567][ T6028] ? filename_setxattr+0x274/0x600 [ 200.918602][ T6028] ? path_setxattrat+0x364/0x3a0 [ 200.918622][ T6028] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 200.918671][ T6028] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 200.918726][ T6028] ? kasan_quarantine_put+0xdd/0x220 [ 200.918762][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.918794][ T6028] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6009] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6008] <... futex resumed>) = 0 [pid 6009] <... openat resumed>) = 4 [pid 6008] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6008] <... futex resumed>) = 0 [pid 6009] <... pwritev2 resumed>) = 65007 [pid 6008] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [ 200.918832][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.918865][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.918892][ T6028] ? kmem_cache_free+0x18f/0x400 [ 200.918919][ T6028] ? __xfs_trans_commit+0x3e0/0xbd0 [ 200.918950][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.918977][ T6028] ? __xfs_trans_commit+0x4c7/0xbd0 [ 200.919022][ T6028] xfs_attr_finish_item+0xed/0x320 [ 200.919062][ T6028] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 200.919098][ T6028] xfs_defer_finish_one+0x5c8/0xcf0 [ 200.919159][ T6028] ? __pfx_xfs_defer_finish_one+0x10/0x10 [pid 6008] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6008] <... futex resumed>) = 0 [ 200.919208][ T6028] xfs_defer_finish_noroll+0x910/0x12d0 [ 200.919247][ T6028] ? xfs_trans_commit+0x10b/0x1c0 [ 200.919280][ T6028] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 200.919313][ T6028] ? inode_set_ctime_current+0x740/0xb40 [ 200.919360][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.919387][ T6028] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 200.919427][ T6028] xfs_trans_commit+0x10b/0x1c0 [ 200.919453][ T6028] ? __pfx_xfs_trans_commit+0x10/0x10 [ 200.919486][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6008] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6008] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6031]}, 88) = 6031 ./strace-static-x86_64: Process 6031 attached [pid 6009] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6031] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 200.919513][ T6028] ? xfs_trans_log_inode+0x12c/0x1a0 [ 200.919554][ T6028] xfs_attr_set+0xdc6/0x1210 [ 200.919605][ T6028] ? __pfx_xfs_attr_set+0x10/0x10 [ 200.919635][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.919660][ T6028] ? __lock_acquire+0xab9/0xd20 [ 200.919698][ T6028] ? xfs_da_hashname+0x59d/0x740 [ 200.919731][ T6028] ? do_raw_spin_lock+0x121/0x290 [ 200.919787][ T6028] ? xfs_attr_change+0x2ac/0x390 [ 200.919823][ T6028] xfs_xattr_set+0x14d/0x250 [ 200.919856][ T6028] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6031] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 200.919903][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.919932][ T6028] ? evm_protect_xattr+0x4d4/0xa90 [ 200.919959][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.919988][ T6028] ? rcu_is_watching+0x15/0xb0 [ 200.920023][ T6028] ? __pfx_evm_protect_xattr+0x10/0x10 [ 200.920051][ T6028] ? __pfx_xfs_xattr_set+0x10/0x10 [ 200.920079][ T6028] __vfs_setxattr+0x43c/0x480 [ 200.920130][ T6028] __vfs_setxattr_noperm+0x12d/0x660 [ 200.920175][ T6028] vfs_setxattr+0x16b/0x2f0 [ 200.920218][ T6028] ? __pfx_vfs_setxattr+0x10/0x10 [ 200.920248][ T6028] ? mnt_get_write_access+0x223/0x2a0 [ 200.920278][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.920311][ T6028] filename_setxattr+0x274/0x600 [ 200.920360][ T6028] ? __pfx_filename_setxattr+0x10/0x10 [ 200.920400][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.920429][ T6028] ? getname_flags+0x1e5/0x540 [ 200.920471][ T6028] path_setxattrat+0x364/0x3a0 [ 200.920510][ T6028] ? __pfx_path_setxattrat+0x10/0x10 [ 200.920579][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6015] <... munmap resumed>) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 200.920618][ T6028] __x64_sys_lsetxattr+0xbf/0xe0 [ 200.920688][ T6028] do_syscall_64+0xfa/0x3b0 [ 200.920713][ T6028] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.920760][ T6028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.920783][ T6028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.920810][ T6028] ? exc_page_fault+0x9f/0xf0 [ 200.920851][ T6028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.920875][ T6028] RIP: 0033:0x7f3cdbf794f9 [ 200.920897][ T6028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 200.920917][ T6028] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 200.920945][ T6028] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 200.920963][ T6028] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 200.920981][ T6028] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 6015] ioctl(4, LOOP_SET_FD, 3 [pid 5875] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 200.920997][ T6028] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 200.921014][ T6028] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 200.921054][ T6028] [ 200.922000][ T6028] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 201.254832][ T6009] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 201.288728][ T6028] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 5875] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5875] getdents64(3, 0x55555d9637f0 /* 2 entries */, 32768) = 48 [pid 5875] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5875] close(3) = 0 [pid 5994] exit_group(0 [pid 5995] <... futex resumed>) = ? [pid 5994] <... exit_group resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 6030] <... write resumed>) = 16777216 [ 201.341695][ T6009] XFS (loop2): Unmount and run xfs_repair [ 201.472853][ T6031] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 201.495794][ T6015] loop0: detected capacity change from 0 to 32768 [ 201.526919][ T6031] CPU: 1 UID: 0 PID: 6031 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 201.526955][ T6031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.526970][ T6031] Call Trace: [pid 6015] <... ioctl resumed>) = 0 [pid 6030] munmap(0x7f3cd3a00000, 138412032 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [pid 6015] mkdir("./file1", 0777) = 0 [ 201.526980][ T6031] [ 201.526991][ T6031] dump_stack_lvl+0x189/0x250 [ 201.527027][ T6031] ? __pfx__xfs_alert_tag+0x10/0x10 [ 201.527066][ T6031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.527101][ T6031] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 201.527149][ T6031] xfs_corruption_error+0x122/0x170 [ 201.527189][ T6031] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 201.527225][ T6031] xfs_alloc_fixup_trees+0x95e/0xd20 [ 201.527254][ T6031] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 201.527296][ T6031] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 201.527327][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.527356][ T6031] ? rcu_is_watching+0x15/0xb0 [ 201.527387][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.527414][ T6031] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 201.527446][ T6031] ? rcu_is_watching+0x15/0xb0 [ 201.527486][ T6031] xfs_alloc_cur_finish+0xd3/0x4b0 [ 201.527516][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.527546][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.527580][ T6031] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6015] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6030] <... munmap resumed>) = 0 [pid 6028] <... lsetxattr resumed>) = ? [ 201.527639][ T6031] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 201.527668][ T6031] ? xfs_group_grab+0x28/0x480 [ 201.527712][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.527740][ T6031] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 201.527774][ T6031] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 201.527823][ T6031] xfs_alloc_vextent_start_ag+0x388/0x850 [ 201.527863][ T6031] xfs_bmapi_allocate+0x188e/0x2e00 [ 201.527929][ T6031] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 201.527962][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6030] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6028] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ [pid 6030] <... openat resumed>) = 4 [ 201.528013][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.528041][ T6031] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 201.528065][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.528092][ T6031] ? xfs_iext_prev+0x35a/0x370 [ 201.528130][ T6031] ? xfs_iext_get_extent+0x1bb/0x370 [ 201.528162][ T6031] xfs_bmapi_write+0x7df/0x1260 [ 201.528223][ T6031] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 201.528304][ T6031] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 201.528346][ T6031] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [pid 6030] ioctl(4, LOOP_SET_FD, 3 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=174 /* 1.74 s */} --- [pid 5872] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 201.528376][ T6031] ? kasan_save_track+0x4f/0x80 [ 201.528402][ T6031] ? kasan_save_track+0x3e/0x80 [ 201.528426][ T6031] ? kasan_save_free_info+0x46/0x50 [ 201.528463][ T6031] ? kmem_cache_free+0x18f/0x400 [ 201.528492][ T6031] ? __xfs_trans_commit+0x3e0/0xbd0 [ 201.528516][ T6031] ? xfs_trans_roll+0x130/0x450 [ 201.528540][ T6031] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 201.528580][ T6031] xfs_attr_set_iter+0x2d4/0x4b70 [ 201.528615][ T6031] ? filename_setxattr+0x274/0x600 [pid 5872] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6030] <... ioctl resumed>) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./file1", 0777) = 0 [ 201.528648][ T6031] ? path_setxattrat+0x364/0x3a0 [ 201.528674][ T6031] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 201.528727][ T6031] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 201.528788][ T6031] ? kasan_quarantine_put+0xdd/0x220 [ 201.528813][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.528841][ T6031] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.528881][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.528915][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.528943][ T6031] ? kmem_cache_free+0x18f/0x400 [ 201.528970][ T6031] ? __xfs_trans_commit+0x3e0/0xbd0 [ 201.529002][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.529029][ T6031] ? __xfs_trans_commit+0x4c7/0xbd0 [ 201.529073][ T6031] xfs_attr_finish_item+0xed/0x320 [ 201.529113][ T6031] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 201.529150][ T6031] xfs_defer_finish_one+0x5c8/0xcf0 [ 201.529211][ T6031] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 201.529260][ T6031] xfs_defer_finish_noroll+0x910/0x12d0 [ 201.529299][ T6031] ? xfs_trans_commit+0x10b/0x1c0 [ 201.529331][ T6031] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 6030] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6031] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6031] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] exit_group(0) = ? [pid 6031] <... futex resumed>) = ? [pid 6031] +++ exited with 0 +++ [pid 6009] <... futex resumed>) = ? [pid 6009] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=115 /* 1.15 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 201.529364][ T6031] ? inode_set_ctime_current+0x740/0xb40 [ 201.529412][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.529439][ T6031] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 201.529479][ T6031] xfs_trans_commit+0x10b/0x1c0 [ 201.529506][ T6031] ? __pfx_xfs_trans_commit+0x10/0x10 [ 201.529538][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.529565][ T6031] ? xfs_trans_log_inode+0x12c/0x1a0 [ 201.529606][ T6031] xfs_attr_set+0xdc6/0x1210 [ 201.529655][ T6031] ? __pfx_xfs_attr_set+0x10/0x10 [ 201.529695][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.529723][ T6031] ? __lock_acquire+0xab9/0xd20 [ 201.529759][ T6031] ? xfs_da_hashname+0x59d/0x740 [ 201.529791][ T6031] ? do_raw_spin_lock+0x121/0x290 [ 201.529834][ T6031] ? xfs_attr_change+0x2ac/0x390 [ 201.529868][ T6031] xfs_xattr_set+0x14d/0x250 [ 201.529901][ T6031] ? __pfx_xfs_xattr_set+0x10/0x10 [ 201.529945][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.529973][ T6031] ? evm_protect_xattr+0x4d4/0xa90 [ 201.530000][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.530027][ T6031] ? rcu_is_watching+0x15/0xb0 [ 201.530061][ T6031] ? __pfx_evm_protect_xattr+0x10/0x10 [ 201.530089][ T6031] ? __pfx_xfs_xattr_set+0x10/0x10 [ 201.530116][ T6031] __vfs_setxattr+0x43c/0x480 [ 201.530166][ T6031] __vfs_setxattr_noperm+0x12d/0x660 [ 201.530210][ T6031] vfs_setxattr+0x16b/0x2f0 [ 201.530252][ T6031] ? __pfx_vfs_setxattr+0x10/0x10 [ 201.530282][ T6031] ? mnt_get_write_access+0x223/0x2a0 [ 201.530312][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.530345][ T6031] filename_setxattr+0x274/0x600 [ 201.530393][ T6031] ? __pfx_filename_setxattr+0x10/0x10 [ 201.530431][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.530458][ T6031] ? getname_flags+0x1e5/0x540 [ 201.530500][ T6031] path_setxattrat+0x364/0x3a0 [ 201.530537][ T6031] ? __pfx_path_setxattrat+0x10/0x10 [ 201.530604][ T6031] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.530632][ T6031] ? rcu_is_watching+0x15/0xb0 [ 201.530668][ T6031] __x64_sys_lsetxattr+0xbf/0xe0 [ 201.530715][ T6031] do_syscall_64+0xfa/0x3b0 [ 201.530742][ T6031] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.530765][ T6031] ? __switch_to_asm+0x39/0x70 [ 201.530797][ T6031] ? __switch_to_asm+0x33/0x70 [ 201.530835][ T6031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.530859][ T6031] RIP: 0033:0x7f3cdbf794f9 [ 201.530881][ T6031] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 201.530901][ T6031] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 201.530926][ T6031] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 201.530945][ T6031] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 201.530962][ T6031] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 201.530978][ T6031] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 201.530994][ T6031] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 201.531033][ T6031] [pid 5873] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./2/file1") = 0 [pid 5872] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./2/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./2") = 0 [pid 5872] mkdir("./3", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 201.531043][ T6031] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 201.544896][ T6028] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 201.722928][ T6015] XFS: noikeep mount option is deprecated. [ 201.829482][ T6031] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 201.878703][ T6030] loop3: detected capacity change from 0 to 32768 [ 201.890965][ T6031] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 201.945704][ T6030] XFS: noikeep mount option is deprecated. [ 202.072799][ T6015] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 202.077663][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 202.128324][ T6030] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 202.138050][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 202.157969][ T6015] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3 [pid 6015] <... mount resumed>) = 0 [pid 6015] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] <... mount resumed>) = 0 [pid 5873] <... umount2 resumed>) = 0 [pid 6030] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6015] chdir("./file1") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6015] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6014] <... futex resumed>) = 0 [pid 5873] getdents64(4, [pid 6014] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6015] <... futex resumed>) = 0 [pid 6014] <... futex resumed>) = 1 [pid 5873] getdents64(4, [pid 6015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6014] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6030] <... openat resumed>) = 3 [pid 5873] close(4) = 0 [pid 5873] rmdir("./2/file1") = 0 [pid 5873] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./2/binderfs", [pid 6030] chdir("./file1" [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./2/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./2") = 0 [pid 6030] <... chdir resumed>) = 0 [pid 5873] mkdir("./3", 0777 [pid 6030] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] <... mkdir resumed>) = 0 [ 202.194948][ T6030] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 202.209586][ T6015] XFS (loop0): Starting recovery (logdev: internal) [ 202.241766][ T6030] XFS (loop3): Starting recovery (logdev: internal) [ 202.257515][ T6015] XFS (loop0): Ending recovery (logdev: internal) [ 202.339461][ T6030] XFS (loop3): Ending recovery (logdev: internal) [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 6030] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6015] <... openat resumed>) = 4 [pid 6015] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6015] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6014] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... futex resumed>) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... openat resumed>) = 4 [pid 6030] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... pwritev2 resumed>) = 65007 [pid 6015] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040) = -1 EUCLEAN (Structure needs cleaning) [pid 6029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6029] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... pwritev2 resumed>) = 65007 [pid 6029] <... futex resumed>) = 0 [pid 6014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6014] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6014] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6048 attached [pid 6030] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6015] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... clone3 resumed> => {parent_tid=[6048]}, 88) = 6048 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6015] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 0 [pid 6029] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6030] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] <... mprotect resumed>) = 0 [pid 6014] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6048] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 6048] <... rseq resumed>) = 0 [pid 6029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6049 attached [ 202.562803][ T6015] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 202.599326][ T6015] XFS (loop0): Unmount and run xfs_repair => {parent_tid=[6049]}, 88) = 6049 [pid 6048] set_robust_list(0x7f3cdbf049a0, 24 [pid 6049] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6048] <... set_robust_list resumed>) = 0 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6029] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] <... rseq resumed>) = 0 [pid 6049] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6049] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6029] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6050 attached [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6050 [pid 6050] set_robust_list(0x55555d962760, 24 [pid 6049] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6049] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... futex resumed>) = 0 [ 202.635312][ T6049] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 202.654713][ T6049] XFS (loop3): Unmount and run xfs_repair [ 202.659216][ T6048] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 202.677333][ T6048] CPU: 1 UID: 0 PID: 6048 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 202.677371][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.677387][ T6048] Call Trace: [ 202.677397][ T6048] [ 202.677408][ T6048] dump_stack_lvl+0x189/0x250 [ 202.677448][ T6048] ? __pfx__xfs_alert_tag+0x10/0x10 [ 202.677488][ T6048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.677525][ T6048] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 202.677576][ T6048] xfs_corruption_error+0x122/0x170 [ 202.677618][ T6048] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 202.677655][ T6048] xfs_alloc_fixup_trees+0x95e/0xd20 [ 202.677684][ T6048] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 202.677728][ T6048] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 202.677759][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.677789][ T6048] ? rcu_is_watching+0x15/0xb0 [ 202.677821][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.677850][ T6048] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 202.677884][ T6048] ? rcu_is_watching+0x15/0xb0 [ 202.677930][ T6048] xfs_alloc_cur_finish+0xd3/0x4b0 [ 202.677961][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.677994][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.678029][ T6048] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 202.678089][ T6048] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 202.678119][ T6048] ? xfs_group_grab+0x28/0x480 [ 202.678158][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.678189][ T6048] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 202.678224][ T6048] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 202.678275][ T6048] xfs_alloc_vextent_start_ag+0x388/0x850 [ 202.678320][ T6048] xfs_bmapi_allocate+0x188e/0x2e00 [ 202.678389][ T6048] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 202.678425][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.678480][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.678510][ T6048] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 202.678535][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.678565][ T6048] ? xfs_iext_prev+0x35a/0x370 [ 202.678605][ T6048] ? xfs_iext_get_extent+0x1bb/0x370 [ 202.678637][ T6048] xfs_bmapi_write+0x7df/0x1260 [ 202.678700][ T6048] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 202.678783][ T6048] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 202.678827][ T6048] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 202.678858][ T6048] ? kasan_save_track+0x4f/0x80 [ 202.678885][ T6048] ? kasan_save_track+0x3e/0x80 [ 202.678911][ T6048] ? kasan_save_free_info+0x46/0x50 [ 202.678955][ T6048] ? kmem_cache_free+0x18f/0x400 [ 202.678985][ T6048] ? __xfs_trans_commit+0x3e0/0xbd0 [ 202.679011][ T6048] ? xfs_trans_roll+0x130/0x450 [ 202.679037][ T6048] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 202.679079][ T6048] xfs_attr_set_iter+0x2d4/0x4b70 [ 202.679116][ T6048] ? filename_setxattr+0x274/0x600 [ 202.679152][ T6048] ? path_setxattrat+0x364/0x3a0 [ 202.679175][ T6048] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 202.679231][ T6048] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 202.679291][ T6048] ? kasan_quarantine_put+0xdd/0x220 [ 202.679318][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.679347][ T6048] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.679390][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.679426][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.679455][ T6048] ? kmem_cache_free+0x18f/0x400 [ 202.679484][ T6048] ? __xfs_trans_commit+0x3e0/0xbd0 [ 202.679517][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.679546][ T6048] ? __xfs_trans_commit+0x4c7/0xbd0 [ 202.679591][ T6048] xfs_attr_finish_item+0xed/0x320 [ 202.679635][ T6048] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 202.679675][ T6048] xfs_defer_finish_one+0x5c8/0xcf0 [ 202.679740][ T6048] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 202.679793][ T6048] xfs_defer_finish_noroll+0x910/0x12d0 [ 202.679836][ T6048] ? xfs_trans_commit+0x10b/0x1c0 [ 202.679870][ T6048] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 202.679905][ T6048] ? inode_set_ctime_current+0x740/0xb40 [ 202.679970][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.679999][ T6048] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 202.680042][ T6048] xfs_trans_commit+0x10b/0x1c0 [ 202.680069][ T6048] ? __pfx_xfs_trans_commit+0x10/0x10 [ 202.680102][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.680131][ T6048] ? xfs_trans_log_inode+0x12c/0x1a0 [ 202.680174][ T6048] xfs_attr_set+0xdc6/0x1210 [ 202.680227][ T6048] ? __pfx_xfs_attr_set+0x10/0x10 [ 202.680263][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.680293][ T6048] ? __lock_acquire+0xab9/0xd20 [ 202.680332][ T6048] ? xfs_da_hashname+0x59d/0x740 [ 202.680366][ T6048] ? do_raw_spin_lock+0x121/0x290 [ 202.680411][ T6048] ? xfs_attr_change+0x2ac/0x390 [ 202.680448][ T6048] xfs_xattr_set+0x14d/0x250 [ 202.680481][ T6048] ? __pfx_xfs_xattr_set+0x10/0x10 [ 202.680528][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.680557][ T6048] ? evm_protect_xattr+0x4d4/0xa90 [ 202.680585][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.680614][ T6048] ? rcu_is_watching+0x15/0xb0 [ 202.680678][ T6048] ? __pfx_evm_protect_xattr+0x10/0x10 [ 202.680707][ T6048] ? __pfx_xfs_xattr_set+0x10/0x10 [ 202.680736][ T6048] __vfs_setxattr+0x43c/0x480 [ 202.680788][ T6048] __vfs_setxattr_noperm+0x12d/0x660 [ 202.680834][ T6048] vfs_setxattr+0x16b/0x2f0 [ 202.680878][ T6048] ? __pfx_vfs_setxattr+0x10/0x10 [ 202.680911][ T6048] ? mnt_get_write_access+0x223/0x2a0 [ 202.680950][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.680987][ T6048] filename_setxattr+0x274/0x600 [ 202.681037][ T6048] ? __pfx_filename_setxattr+0x10/0x10 [ 202.681079][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.681109][ T6048] ? getname_flags+0x1e5/0x540 [ 202.681153][ T6048] path_setxattrat+0x364/0x3a0 [ 202.681192][ T6048] ? __pfx_path_setxattrat+0x10/0x10 [ 202.681261][ T6048] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.681290][ T6048] ? rcu_is_watching+0x15/0xb0 [ 202.681330][ T6048] __x64_sys_lsetxattr+0xbf/0xe0 [ 202.681373][ T6048] do_syscall_64+0xfa/0x3b0 [ 202.681402][ T6048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.681427][ T6048] ? __switch_to_asm+0x39/0x70 [ 202.681462][ T6048] ? __switch_to_asm+0x33/0x70 [ 202.681502][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.681528][ T6048] RIP: 0033:0x7f3cdbf794f9 [ 202.681551][ T6048] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 202.681572][ T6048] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 202.681599][ T6048] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 202.681618][ T6048] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 202.681637][ T6048] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 202.681653][ T6048] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 202.681670][ T6048] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 202.681711][ T6048] [ 203.353294][ T6048] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 203.354274][ T6030] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 203.375226][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 203.375264][ T6030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.375280][ T6030] Call Trace: [ 203.375290][ T6030] [ 203.375300][ T6030] dump_stack_lvl+0x189/0x250 [ 203.375339][ T6030] ? __pfx__xfs_alert_tag+0x10/0x10 [ 203.375379][ T6030] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.375416][ T6030] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 203.375470][ T6030] xfs_corruption_error+0x122/0x170 [ 203.375513][ T6030] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 203.375550][ T6030] xfs_alloc_fixup_trees+0x95e/0xd20 [ 203.375581][ T6030] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 203.375627][ T6030] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 203.375659][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.375690][ T6030] ? rcu_is_watching+0x15/0xb0 [ 203.375722][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.375752][ T6030] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 203.375786][ T6030] ? rcu_is_watching+0x15/0xb0 [ 203.375828][ T6030] xfs_alloc_cur_finish+0xd3/0x4b0 [ 203.375859][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.375890][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.375932][ T6030] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 203.375993][ T6030] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 203.376023][ T6030] ? xfs_group_grab+0x28/0x480 [ 203.376064][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.376093][ T6030] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 203.376128][ T6030] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 203.376178][ T6030] xfs_alloc_vextent_start_ag+0x388/0x850 [ 203.376219][ T6030] xfs_bmapi_allocate+0x188e/0x2e00 [ 203.376290][ T6030] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 203.376325][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.376378][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.376407][ T6030] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 203.376431][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.376461][ T6030] ? xfs_iext_prev+0x35a/0x370 [ 203.376505][ T6030] ? xfs_iext_get_extent+0x1bb/0x370 [ 203.376538][ T6030] xfs_bmapi_write+0x7df/0x1260 [ 203.376602][ T6030] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 203.376685][ T6030] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 203.376730][ T6030] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 203.376762][ T6030] ? kasan_save_track+0x4f/0x80 [ 203.376789][ T6030] ? kasan_save_track+0x3e/0x80 [ 203.376818][ T6030] ? kasan_save_free_info+0x46/0x50 [ 203.376856][ T6030] ? kmem_cache_free+0x18f/0x400 [ 203.376885][ T6030] ? __xfs_trans_commit+0x3e0/0xbd0 [ 203.377017][ T6030] ? xfs_trans_roll+0x130/0x450 [ 203.377044][ T6030] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 203.377087][ T6030] xfs_attr_set_iter+0x2d4/0x4b70 [ 203.377123][ T6030] ? filename_setxattr+0x274/0x600 [ 203.377158][ T6030] ? path_setxattrat+0x364/0x3a0 [ 203.377180][ T6030] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 203.377235][ T6030] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 203.377295][ T6030] ? kasan_quarantine_put+0xdd/0x220 [ 203.377322][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.377352][ T6030] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.377395][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.377430][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.377459][ T6030] ? kmem_cache_free+0x18f/0x400 [ 203.377488][ T6030] ? __xfs_trans_commit+0x3e0/0xbd0 [ 203.377526][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.377555][ T6030] ? __xfs_trans_commit+0x4c7/0xbd0 [ 203.377602][ T6030] xfs_attr_finish_item+0xed/0x320 [ 203.377646][ T6030] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 203.377693][ T6030] xfs_defer_finish_one+0x5c8/0xcf0 [ 203.377757][ T6030] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 203.377809][ T6030] xfs_defer_finish_noroll+0x910/0x12d0 [ 203.377851][ T6030] ? xfs_trans_commit+0x10b/0x1c0 [ 203.377884][ T6030] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 203.377919][ T6030] ? inode_set_ctime_current+0x740/0xb40 [ 203.377969][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.377998][ T6030] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 203.378040][ T6030] xfs_trans_commit+0x10b/0x1c0 [ 203.378068][ T6030] ? __pfx_xfs_trans_commit+0x10/0x10 [ 203.378101][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.378130][ T6030] ? xfs_trans_log_inode+0x12c/0x1a0 [ 203.378172][ T6030] xfs_attr_set+0xdc6/0x1210 [ 203.378223][ T6030] ? __pfx_xfs_attr_set+0x10/0x10 [ 203.378258][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.378286][ T6030] ? __lock_acquire+0xab9/0xd20 [ 203.378324][ T6030] ? xfs_da_hashname+0x59d/0x740 [ 203.378356][ T6030] ? do_raw_spin_lock+0x121/0x290 [ 203.378401][ T6030] ? xfs_attr_change+0x2ac/0x390 [ 203.378441][ T6030] xfs_xattr_set+0x14d/0x250 [ 203.378475][ T6030] ? __pfx_xfs_xattr_set+0x10/0x10 [ 203.378523][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.378552][ T6030] ? evm_protect_xattr+0x4d4/0xa90 [ 203.378580][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.378610][ T6030] ? rcu_is_watching+0x15/0xb0 [ 203.378646][ T6030] ? __pfx_evm_protect_xattr+0x10/0x10 [ 203.378682][ T6030] ? __pfx_xfs_xattr_set+0x10/0x10 [ 203.378712][ T6030] __vfs_setxattr+0x43c/0x480 [ 203.378764][ T6030] __vfs_setxattr_noperm+0x12d/0x660 [ 203.378809][ T6030] vfs_setxattr+0x16b/0x2f0 [ 203.378853][ T6030] ? __pfx_vfs_setxattr+0x10/0x10 [ 203.378884][ T6030] ? mnt_get_write_access+0x223/0x2a0 [ 203.378915][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.378950][ T6030] filename_setxattr+0x274/0x600 [ 203.378999][ T6030] ? __pfx_filename_setxattr+0x10/0x10 [ 203.379040][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.379069][ T6030] ? getname_flags+0x1e5/0x540 [ 203.379112][ T6030] path_setxattrat+0x364/0x3a0 [ 203.379150][ T6030] ? __pfx_path_setxattrat+0x10/0x10 [ 203.379219][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.379247][ T6030] ? rcu_is_watching+0x15/0xb0 [ 203.379285][ T6030] __x64_sys_lsetxattr+0xbf/0xe0 [ 203.379327][ T6030] do_syscall_64+0xfa/0x3b0 [ 203.379352][ T6030] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.379392][ T6030] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.379416][ T6030] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.379445][ T6030] ? exc_page_fault+0x9f/0xf0 [ 203.379488][ T6030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.379513][ T6030] RIP: 0033:0x7f3cdbf794f9 [ 203.379537][ T6030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 203.379558][ T6030] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 203.379585][ T6030] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 203.379604][ T6030] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 203.379624][ T6030] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 203.379640][ T6030] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc executing program [pid 6050] <... set_robust_list resumed>) = 0 [pid 6030] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6050] chdir("./3") = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6050] write(1, "executing program\n", 18) = 18 [pid 6050] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6050] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 6051 attached [pid 6050] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6051] set_robust_list(0x55555d962760, 24 [pid 6050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6051] <... set_robust_list resumed>) = 0 [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6051] chdir("./3" [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6051] <... chdir resumed>) = 0 [pid 6050] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6050] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] <... prctl resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3 [pid 6050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6051] <... close resumed>) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs" [pid 6050] <... clone3 resumed> => {parent_tid=[6052]}, 88) = 6052 executing program ./strace-static-x86_64: Process 6052 attached [pid 6051] <... symlink resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6051 [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6051] write(1, "executing program\n", 18) = 18 [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6051] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6053]}, 88) = 6053 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 203.379657][ T6030] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 203.379706][ T6030] [ 204.053501][ T6048] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 204.077983][ T6048] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 6053 attached [pid 6048] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6053] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6052] <... rseq resumed>) = 0 [pid 6048] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] set_robust_list(0x7f3cdbf259a0, 24 [pid 6048] <... futex resumed>) = 0 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6048] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6053] memfd_create("syzkaller", 0) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6052] set_robust_list(0x7f3cdbf259a0, 24 [pid 6030] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6052] <... set_robust_list resumed>) = 0 [pid 6014] exit_group(0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... futex resumed>) = ? [pid 6014] <... exit_group resumed>) = ? [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 204.086363][ T6030] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 204.095355][ T6030] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 204.113422][ T6030] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 6053] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6048] <... futex resumed>) = ? [pid 6030] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] +++ exited with 0 +++ [pid 6029] exit_group(0 [pid 6052] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6049] <... futex resumed>) = ? [pid 6048] +++ exited with 0 +++ [pid 6030] <... futex resumed>) = ? [pid 6029] <... exit_group resumed>) = ? [pid 6014] +++ exited with 0 +++ [pid 6049] +++ exited with 0 +++ [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=72 /* 0.72 s */} --- [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=77 /* 0.77 s */} --- [pid 5871] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, [pid 6052] <... write resumed>) = 16777216 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 204.404339][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 204.421064][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./2/file1") = 0 [pid 5871] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./2/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./2") = 0 [pid 5871] mkdir("./3", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 204.446602][ T6052] loop1: detected capacity change from 0 to 32768 [pid 5871] close(3 [pid 6052] <... ioctl resumed>) = 0 [pid 6052] close(3) = 0 [pid 6052] close(4 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] <... close resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", [pid 6052] mkdir("./file1", 0777 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./2/file1") = 0 [pid 5874] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./2/binderfs") = 0 [pid 6052] <... mkdir resumed>) = 0 [pid 5874] getdents64(3, [pid 6052] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./2") = 0 [pid 5874] mkdir("./3", 0777) = 0 [pid 6053] <... write resumed>) = 16777216 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6053] munmap(0x7f3cd3a00000, 138412032 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 6053] <... munmap resumed>) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 204.535095][ T6052] XFS: noikeep mount option is deprecated. [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./file1", 0777) = 0 [ 204.590027][ T6053] loop2: detected capacity change from 0 to 32768 [ 204.606289][ T6053] XFS: noikeep mount option is deprecated. [pid 6053] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6064 ./strace-static-x86_64: Process 6064 attached [pid 6064] set_robust_list(0x55555d962760, 24) = 0 [pid 6064] chdir("./3") = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6064] setpgid(0, 0) = 0 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6064] write(3, "1000", 4) = 4 [pid 6064] close(3) = 0 [ 204.743552][ T6053] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 204.760185][ T6052] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6064] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6064] write(1, "executing program\n", 18) = 18 [pid 6064] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6064] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6070 attached [pid 6070] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6064] <... clone3 resumed> => {parent_tid=[6070]}, 88) = 6070 [pid 6070] <... rseq resumed>) = 0 [pid 6070] set_robust_list(0x7f3cdbf259a0, 24 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] <... set_robust_list resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] memfd_create("syzkaller", 0 [pid 6064] <... futex resumed>) = 0 [pid 6070] <... memfd_create resumed>) = 3 [pid 6064] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x55555d962750) = 6072 [pid 6072] set_robust_list(0x55555d962760, 24) = 0 [pid 6072] chdir("./3") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6072] write(1, "executing program\n", 18) = 18 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6072] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6073 attached => {parent_tid=[6073]}, 88) = 6073 [pid 6073] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6073] <... rseq resumed>) = 0 [pid 6072] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] set_robust_list(0x7f3cdbf259a0, 24 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... set_robust_list resumed>) = 0 [ 204.903051][ T6053] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 204.951543][ T6052] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 204.988184][ T6053] XFS (loop2): Starting recovery (logdev: internal) [pid 6053] <... mount resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./file1") = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6053] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6053] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... openat resumed>) = 4 [ 205.025645][ T6052] XFS (loop1): Starting recovery (logdev: internal) [ 205.045877][ T6053] XFS (loop2): Ending recovery (logdev: internal) [pid 6053] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6053] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6051] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... mount resumed>) = 0 [pid 6053] <... pwritev2 resumed>) = 65007 [pid 6052] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6053] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... openat resumed>) = 3 [pid 6053] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] chdir("./file1") = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6051] <... futex resumed>) = 1 [pid 6052] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... futex resumed>) = 0 [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 205.078581][ T6052] XFS (loop1): Ending recovery (logdev: internal) [ 205.113164][ T6053] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6053] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6052] <... openat resumed>) = 4 [pid 6052] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6052] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6050] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6052] <... pwritev2 resumed>) = 65007 [pid 6053] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = 1 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = 0 [pid 6053] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6052] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = 0 [pid 6052] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6051] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 205.135455][ T6053] XFS (loop2): Unmount and run xfs_repair [ 205.154325][ T6053] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 205.169141][ T6052] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6070] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 205.181384][ T6053] CPU: 0 UID: 0 PID: 6053 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 205.181427][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.181444][ T6053] Call Trace: [ 205.181454][ T6053] [ 205.181465][ T6053] dump_stack_lvl+0x189/0x250 [ 205.181502][ T6053] ? __pfx__xfs_alert_tag+0x10/0x10 [ 205.181540][ T6053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.181575][ T6053] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 205.181626][ T6053] xfs_corruption_error+0x122/0x170 [ 205.181666][ T6053] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 205.181712][ T6053] xfs_alloc_fixup_trees+0x95e/0xd20 [ 205.181742][ T6053] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 205.181785][ T6053] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 205.181816][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.181846][ T6053] ? rcu_is_watching+0x15/0xb0 [ 205.181878][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.181906][ T6053] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6073] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 205.181939][ T6053] ? rcu_is_watching+0x15/0xb0 [ 205.181979][ T6053] xfs_alloc_cur_finish+0xd3/0x4b0 [ 205.182010][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182041][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182076][ T6053] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 205.182136][ T6053] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 205.182166][ T6053] ? xfs_group_grab+0x28/0x480 [ 205.182204][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182232][ T6053] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 205.182267][ T6053] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 205.182317][ T6053] xfs_alloc_vextent_start_ag+0x388/0x850 [ 205.182358][ T6053] xfs_bmapi_allocate+0x188e/0x2e00 [ 205.182426][ T6053] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 205.182460][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182512][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182541][ T6053] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 205.182565][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.182593][ T6053] ? xfs_iext_prev+0x35a/0x370 [ 205.182632][ T6053] ? xfs_iext_get_extent+0x1bb/0x370 [ 205.182664][ T6053] xfs_bmapi_write+0x7df/0x1260 [ 205.182733][ T6053] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 205.182816][ T6053] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 205.182859][ T6053] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 205.182890][ T6053] ? kasan_save_track+0x4f/0x80 [ 205.182916][ T6053] ? kasan_save_track+0x3e/0x80 [ 205.182942][ T6053] ? kasan_save_free_info+0x46/0x50 [ 205.182979][ T6053] ? kmem_cache_free+0x18f/0x400 [ 205.183009][ T6053] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 6050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6050] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6050] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6053] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6050] <... mprotect resumed>) = 0 [pid 6053] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6053] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6051] exit_group(0 [pid 6050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6053] <... futex resumed>) = ? [pid 6051] <... exit_group resumed>) = ? [pid 6053] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ [pid 6050] <... clone3 resumed> => {parent_tid=[6074]}, 88) = 6074 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 205.183034][ T6053] ? xfs_trans_roll+0x130/0x450 [ 205.183058][ T6053] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 205.183099][ T6053] xfs_attr_set_iter+0x2d4/0x4b70 [ 205.183135][ T6053] ? filename_setxattr+0x274/0x600 [ 205.183169][ T6053] ? path_setxattrat+0x364/0x3a0 [ 205.183191][ T6053] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 205.183245][ T6053] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 205.183305][ T6053] ? kasan_quarantine_put+0xdd/0x220 [pid 5873] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 205.183331][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.183359][ T6053] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.183400][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.183435][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.183464][ T6053] ? kmem_cache_free+0x18f/0x400 [ 205.183492][ T6053] ? __xfs_trans_commit+0x3e0/0xbd0 [ 205.183524][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.183553][ T6053] ? __xfs_trans_commit+0x4c7/0xbd0 [ 205.183598][ T6053] xfs_attr_finish_item+0xed/0x320 [ 205.183640][ T6053] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 205.183679][ T6053] xfs_defer_finish_one+0x5c8/0xcf0 [ 205.183749][ T6053] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 205.183801][ T6053] xfs_defer_finish_noroll+0x910/0x12d0 [ 205.183842][ T6053] ? xfs_trans_commit+0x10b/0x1c0 [ 205.183875][ T6053] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 205.183909][ T6053] ? inode_set_ctime_current+0x740/0xb40 [ 205.183959][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.183987][ T6053] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 205.184029][ T6053] xfs_trans_commit+0x10b/0x1c0 [ 205.184056][ T6053] ? __pfx_xfs_trans_commit+0x10/0x10 [ 205.184090][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.184118][ T6053] ? xfs_trans_log_inode+0x12c/0x1a0 [ 205.184160][ T6053] xfs_attr_set+0xdc6/0x1210 [ 205.184211][ T6053] ? __pfx_xfs_attr_set+0x10/0x10 [ 205.184246][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.184275][ T6053] ? __lock_acquire+0xab9/0xd20 [ 205.184312][ T6053] ? xfs_da_hashname+0x59d/0x740 [ 205.184346][ T6053] ? do_raw_spin_lock+0x121/0x290 [ 205.184391][ T6053] ? xfs_attr_change+0x2ac/0x390 [ 205.184426][ T6053] xfs_xattr_set+0x14d/0x250 [ 205.184460][ T6053] ? __pfx_xfs_xattr_set+0x10/0x10 [ 205.184507][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.184536][ T6053] ? evm_protect_xattr+0x4d4/0xa90 [ 205.184563][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.184592][ T6053] ? rcu_is_watching+0x15/0xb0 [ 205.184626][ T6053] ? __pfx_evm_protect_xattr+0x10/0x10 [ 205.184655][ T6053] ? __pfx_xfs_xattr_set+0x10/0x10 [ 205.184683][ T6053] __vfs_setxattr+0x43c/0x480 [pid 6050] exit_group(0) = ? [pid 6070] <... write resumed>) = 16777216 [ 205.184742][ T6053] __vfs_setxattr_noperm+0x12d/0x660 [ 205.184788][ T6053] vfs_setxattr+0x16b/0x2f0 [ 205.184832][ T6053] ? __pfx_vfs_setxattr+0x10/0x10 [ 205.184863][ T6053] ? mnt_get_write_access+0x223/0x2a0 [ 205.184894][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.184929][ T6053] filename_setxattr+0x274/0x600 [ 205.184978][ T6053] ? __pfx_filename_setxattr+0x10/0x10 [ 205.185018][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.185047][ T6053] ? getname_flags+0x1e5/0x540 [ 205.185090][ T6053] path_setxattrat+0x364/0x3a0 [ 205.185129][ T6053] ? __pfx_path_setxattrat+0x10/0x10 [ 205.185198][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.185227][ T6053] ? rcu_is_watching+0x15/0xb0 [ 205.185265][ T6053] __x64_sys_lsetxattr+0xbf/0xe0 [ 205.185307][ T6053] do_syscall_64+0xfa/0x3b0 [ 205.185332][ T6053] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.185371][ T6053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.185395][ T6053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 205.185424][ T6053] ? exc_page_fault+0x9f/0xf0 [pid 6070] munmap(0x7f3cd3a00000, 138412032) = 0 ./strace-static-x86_64: Process 6074 attached [pid 6074] +++ exited with 0 +++ [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3 [ 205.185466][ T6053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.185491][ T6053] RIP: 0033:0x7f3cdbf794f9 [ 205.185514][ T6053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 205.185534][ T6053] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 205.185560][ T6053] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [pid 6073] <... write resumed>) = 16777216 [pid 6052] <... open resumed>) = ? [pid 6073] munmap(0x7f3cd3a00000, 138412032 [pid 6070] <... ioctl resumed>) = 0 [pid 6052] +++ exited with 0 +++ [pid 6050] +++ exited with 0 +++ [pid 6070] close(3) = 0 [pid 6070] close(4 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=92 /* 0.92 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 205.185579][ T6053] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 205.185598][ T6053] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 205.185614][ T6053] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 205.185631][ T6053] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 205.185672][ T6053] [ 205.185683][ T6053] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 205.210019][ T6052] XFS (loop1): Unmount and run xfs_repair [pid 5872] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6070] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] mkdir("./file1", 0777 [pid 5872] <... openat resumed>) = 3 [pid 6070] <... mkdir resumed>) = 0 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6070] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] getdents64(3, [pid 6073] <... munmap resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6073] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3 [ 205.453448][ T6053] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 205.453524][ T6053] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 205.804857][ T6070] loop0: detected capacity change from 0 to 32768 [ 205.848409][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 205.892466][ T6070] XFS: noikeep mount option is deprecated. [ 205.926179][ T6073] loop3: detected capacity change from 0 to 32768 [pid 5872] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6073] <... ioctl resumed>) = 0 [pid 6073] close(3) = 0 [pid 6073] close(4) = 0 [pid 6073] mkdir("./file1", 0777) = 0 [ 205.944482][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 205.960528][ T6073] XFS: noikeep mount option is deprecated. [ 205.979541][ T5872] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [pid 6073] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./3/file1") = 0 [pid 5872] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./3/binderfs" [pid 5873] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... unlink resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] getdents64(3, [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] getdents64(4, [pid 5872] close(3 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] <... close resumed>) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] rmdir("./3" [ 206.010747][ T6070] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 206.039538][ T6073] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] close(4 [pid 5872] <... rmdir resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5873] rmdir("./3/file1") = 0 [pid 5872] mkdir("./4", 0777 [pid 5873] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... mkdir resumed>) = 0 [pid 5873] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./3/binderfs" [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... unlink resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./3") = 0 [pid 5873] mkdir("./4", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 206.135327][ T6073] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 206.191013][ T6070] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 206.244779][ T6073] XFS (loop3): Starting recovery (logdev: internal) [ 206.270376][ T6070] XFS (loop0): Starting recovery (logdev: internal) [pid 5873] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6070] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6091 attached [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6091 [pid 6091] set_robust_list(0x55555d962760, 24) = 0 [pid 6091] chdir("./4" [pid 6070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6091] <... chdir resumed>) = 0 [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6073] <... mount resumed>) = 0 [pid 6070] <... openat resumed>) = 3 [pid 6070] chdir("./file1" [pid 6073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6073] <... openat resumed>) = 3 [pid 6070] <... chdir resumed>) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs" [pid 6073] chdir("./file1" [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6091] <... symlink resumed>) = 0 [pid 6073] <... chdir resumed>) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6070] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6073] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6070] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 1 [pid 6091] write(1, "executing program\n", 18 [pid 6073] <... futex resumed>) = 1 [pid 6072] <... futex resumed>) = 0 [ 206.341624][ T6070] XFS (loop0): Ending recovery (logdev: internal) [ 206.348726][ T6073] XFS (loop3): Ending recovery (logdev: internal) executing program [pid 6070] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] <... futex resumed>) = 0 [pid 6091] <... write resumed>) = 18 [pid 6073] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6072] <... futex resumed>) = 0 [pid 6091] <... futex resumed>) = 0 [pid 6073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 1 [pid 6091] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6073] <... openat resumed>) = 4 [pid 6070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6064] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6073] <... futex resumed>) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6070] <... openat resumed>) = 4 [pid 6091] <... mprotect resumed>) = 0 [pid 6073] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6072] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6073] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6064] <... futex resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6070] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6064] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6091] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] <... rseq resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] set_robust_list(0x7f3cdbf259a0, 24 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6092] memfd_create("syzkaller", 0 [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6092] <... memfd_create resumed>) = 3 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6070] <... pwritev2 resumed>) = 65007 [pid 6070] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... pwritev2 resumed>) = 65007 [pid 6073] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6072] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6073] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6064] <... futex resumed>) = 1 [pid 6070] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6064] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6093 ./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x55555d962760, 24) = 0 [pid 6093] chdir("./4") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 206.451619][ T6073] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 206.466010][ T6070] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 206.480428][ T6073] XFS (loop3): Unmount and run xfs_repair [ 206.486437][ T6070] XFS (loop0): Unmount and run xfs_repair executing program [pid 6093] write(3, "1000", 4 [pid 6073] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6093] <... write resumed>) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs" [pid 6073] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 1 [pid 6093] <... symlink resumed>) = 0 [pid 6073] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6093] write(1, "executing program\n", 18) = 18 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6070] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6064] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6070] <... futex resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6070] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6064] <... clone3 resumed> => {parent_tid=[6094]}, 88) = 6094 ./strace-static-x86_64: Process 6094 attached [pid 6093] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] <... mprotect resumed>) = 0 [pid 6064] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6064] <... futex resumed>) = 0 [pid 6094] <... rseq resumed>) = 0 [pid 6064] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6094] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6094] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6095 attached NULL, 8) = 0 [pid 6094] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6093] <... clone3 resumed> => {parent_tid=[6095]}, 88) = 6095 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6093] <... futex resumed>) = 0 [pid 6095] <... rseq resumed>) = 0 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6095] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6095] memfd_create("syzkaller", 0) = 3 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 206.507642][ T6073] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 206.535206][ T6094] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 206.538651][ T6073] CPU: 1 UID: 0 PID: 6073 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 206.538684][ T6073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.538701][ T6073] Call Trace: [ 206.538712][ T6073] [ 206.538723][ T6073] dump_stack_lvl+0x189/0x250 [ 206.538760][ T6073] ? __pfx__xfs_alert_tag+0x10/0x10 [ 206.538808][ T6073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.538845][ T6073] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 206.538895][ T6073] xfs_corruption_error+0x122/0x170 [ 206.538937][ T6073] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 206.538973][ T6073] xfs_alloc_fixup_trees+0x95e/0xd20 [ 206.539003][ T6073] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 206.539047][ T6073] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 206.539079][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539109][ T6073] ? rcu_is_watching+0x15/0xb0 [ 206.539141][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539170][ T6073] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 206.539203][ T6073] ? rcu_is_watching+0x15/0xb0 [pid 6072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 206.539245][ T6073] xfs_alloc_cur_finish+0xd3/0x4b0 [ 206.539276][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539307][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539343][ T6073] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 206.539404][ T6073] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 206.539435][ T6073] ? xfs_group_grab+0x28/0x480 [ 206.539473][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539502][ T6073] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 206.539537][ T6073] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 206.539589][ T6073] xfs_alloc_vextent_start_ag+0x388/0x850 [ 206.539630][ T6073] xfs_bmapi_allocate+0x188e/0x2e00 [ 206.539698][ T6073] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 206.539732][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539791][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539820][ T6073] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 206.539845][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.539873][ T6073] ? xfs_iext_prev+0x35a/0x370 [ 206.539913][ T6073] ? xfs_iext_get_extent+0x1bb/0x370 [ 206.539946][ T6073] xfs_bmapi_write+0x7df/0x1260 [ 206.540009][ T6073] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 206.540094][ T6073] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 206.540137][ T6073] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 206.540168][ T6073] ? kasan_save_track+0x4f/0x80 [ 206.540196][ T6073] ? kasan_save_track+0x3e/0x80 [ 206.540221][ T6073] ? kasan_save_free_info+0x46/0x50 [ 206.540260][ T6073] ? kmem_cache_free+0x18f/0x400 [ 206.540289][ T6073] ? __xfs_trans_commit+0x3e0/0xbd0 [ 206.540315][ T6073] ? xfs_trans_roll+0x130/0x450 [ 206.540339][ T6073] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 206.540381][ T6073] xfs_attr_set_iter+0x2d4/0x4b70 [ 206.540417][ T6073] ? filename_setxattr+0x274/0x600 [ 206.540451][ T6073] ? path_setxattrat+0x364/0x3a0 [ 206.540474][ T6073] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 206.540529][ T6073] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 206.540589][ T6073] ? kasan_quarantine_put+0xdd/0x220 [ 206.540616][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.540645][ T6073] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.540715][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.540750][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.540785][ T6073] ? kmem_cache_free+0x18f/0x400 [ 206.540813][ T6073] ? __xfs_trans_commit+0x3e0/0xbd0 [ 206.540846][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.540875][ T6073] ? __xfs_trans_commit+0x4c7/0xbd0 [ 206.540921][ T6073] xfs_attr_finish_item+0xed/0x320 [ 206.540963][ T6073] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 206.541001][ T6073] xfs_defer_finish_one+0x5c8/0xcf0 [ 206.541065][ T6073] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 206.541117][ T6073] xfs_defer_finish_noroll+0x910/0x12d0 [ 206.541158][ T6073] ? xfs_trans_commit+0x10b/0x1c0 [ 206.541192][ T6073] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 206.541227][ T6073] ? inode_set_ctime_current+0x740/0xb40 [ 206.541277][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.541306][ T6073] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 206.541348][ T6073] xfs_trans_commit+0x10b/0x1c0 [ 206.541375][ T6073] ? __pfx_xfs_trans_commit+0x10/0x10 [ 206.541409][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6092] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 206.541438][ T6073] ? xfs_trans_log_inode+0x12c/0x1a0 [ 206.541480][ T6073] xfs_attr_set+0xdc6/0x1210 [ 206.541532][ T6073] ? __pfx_xfs_attr_set+0x10/0x10 [ 206.541567][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.541596][ T6073] ? __lock_acquire+0xab9/0xd20 [ 206.541634][ T6073] ? xfs_da_hashname+0x59d/0x740 [ 206.541668][ T6073] ? do_raw_spin_lock+0x121/0x290 [ 206.541713][ T6073] ? xfs_attr_change+0x2ac/0x390 [ 206.541749][ T6073] xfs_xattr_set+0x14d/0x250 [ 206.541789][ T6073] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6095] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6073] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6073] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] exit_group(0) = ? [ 206.541836][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.541865][ T6073] ? evm_protect_xattr+0x4d4/0xa90 [ 206.541893][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.541922][ T6073] ? rcu_is_watching+0x15/0xb0 [ 206.541957][ T6073] ? __pfx_evm_protect_xattr+0x10/0x10 [ 206.541986][ T6073] ? __pfx_xfs_xattr_set+0x10/0x10 [ 206.542015][ T6073] __vfs_setxattr+0x43c/0x480 [ 206.542066][ T6073] __vfs_setxattr_noperm+0x12d/0x660 [ 206.542112][ T6073] vfs_setxattr+0x16b/0x2f0 [pid 6073] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=64 /* 0.64 s */} --- [pid 5874] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 206.542156][ T6073] ? __pfx_vfs_setxattr+0x10/0x10 [ 206.542188][ T6073] ? mnt_get_write_access+0x223/0x2a0 [ 206.542219][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.542255][ T6073] filename_setxattr+0x274/0x600 [ 206.542304][ T6073] ? __pfx_filename_setxattr+0x10/0x10 [ 206.542345][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.542374][ T6073] ? getname_flags+0x1e5/0x540 [ 206.542417][ T6073] path_setxattrat+0x364/0x3a0 [ 206.542455][ T6073] ? __pfx_path_setxattrat+0x10/0x10 [ 206.542525][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.542554][ T6073] ? rcu_is_watching+0x15/0xb0 [ 206.542592][ T6073] __x64_sys_lsetxattr+0xbf/0xe0 [ 206.542635][ T6073] do_syscall_64+0xfa/0x3b0 [ 206.542659][ T6073] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.542699][ T6073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.542723][ T6073] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.542752][ T6073] ? exc_page_fault+0x9f/0xf0 [ 206.542802][ T6073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.542827][ T6073] RIP: 0033:0x7f3cdbf794f9 [ 206.542850][ T6073] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 206.542870][ T6073] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 206.542897][ T6073] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 206.542916][ T6073] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 206.542935][ T6073] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 206.542952][ T6073] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 206.542969][ T6073] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 206.543010][ T6073] [ 206.543020][ T6073] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 206.580993][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 206.581027][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.581043][ T6094] Call Trace: [pid 5874] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6095] <... write resumed>) = 16777216 [ 206.581053][ T6094] [ 206.581064][ T6094] dump_stack_lvl+0x189/0x250 [ 206.581103][ T6094] ? __pfx__xfs_alert_tag+0x10/0x10 [ 206.581143][ T6094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.581179][ T6094] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 206.581230][ T6094] xfs_corruption_error+0x122/0x170 [ 206.581271][ T6094] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 206.581307][ T6094] xfs_alloc_fixup_trees+0x95e/0xd20 [ 206.581337][ T6094] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 206.581381][ T6094] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 6095] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6092] <... write resumed>) = 16777216 [pid 6095] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6092] munmap(0x7f3cd3a00000, 138412032 [pid 6095] <... openat resumed>) = 4 [ 206.581413][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.581443][ T6094] ? rcu_is_watching+0x15/0xb0 [ 206.581474][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.581503][ T6094] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 206.581536][ T6094] ? rcu_is_watching+0x15/0xb0 [ 206.581577][ T6094] xfs_alloc_cur_finish+0xd3/0x4b0 [ 206.581607][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.581639][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.581674][ T6094] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6095] ioctl(4, LOOP_SET_FD, 3 [pid 6094] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6092] <... munmap resumed>) = 0 [pid 6094] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6064] exit_group(0 [pid 6094] <... futex resumed>) = ? [pid 6092] <... openat resumed>) = 4 [pid 6064] <... exit_group resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6092] ioctl(4, LOOP_SET_FD, 3 [pid 6070] <... futex resumed>) = ? [pid 6092] <... ioctl resumed>) = 0 [pid 6092] close(3) = 0 [pid 6092] close(4) = 0 [pid 6092] mkdir("./file1", 0777) = 0 [ 206.581735][ T6094] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 206.581766][ T6094] ? xfs_group_grab+0x28/0x480 [ 206.581804][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.581833][ T6094] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 206.581868][ T6094] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 206.581918][ T6094] xfs_alloc_vextent_start_ag+0x388/0x850 [ 206.581964][ T6094] xfs_bmapi_allocate+0x188e/0x2e00 [ 206.582033][ T6094] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 206.582067][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6092] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6095] <... ioctl resumed>) = 0 [pid 6070] +++ exited with 0 +++ [pid 6064] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=104 /* 1.04 s */} --- [pid 5871] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6095] close(3) = 0 [pid 6095] close(4) = 0 [pid 6095] mkdir("./file1", 0777) = 0 [ 206.582120][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.582149][ T6094] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 206.582173][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.582202][ T6094] ? xfs_iext_prev+0x35a/0x370 [ 206.582242][ T6094] ? xfs_iext_get_extent+0x1bb/0x370 [ 206.582275][ T6094] xfs_bmapi_write+0x7df/0x1260 [ 206.582338][ T6094] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 206.582422][ T6094] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 206.582465][ T6094] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 206.582497][ T6094] ? kasan_save_track+0x4f/0x80 [ 206.582523][ T6094] ? kasan_save_track+0x3e/0x80 [ 206.582549][ T6094] ? kasan_save_free_info+0x46/0x50 [ 206.582587][ T6094] ? kmem_cache_free+0x18f/0x400 [ 206.582617][ T6094] ? __xfs_trans_commit+0x3e0/0xbd0 [ 206.582642][ T6094] ? xfs_trans_roll+0x130/0x450 [ 206.582667][ T6094] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 206.582707][ T6094] xfs_attr_set_iter+0x2d4/0x4b70 [ 206.582743][ T6094] ? filename_setxattr+0x274/0x600 [ 206.582777][ T6094] ? path_setxattrat+0x364/0x3a0 [ 206.582800][ T6094] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 206.582855][ T6094] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 206.582915][ T6094] ? kasan_quarantine_put+0xdd/0x220 [ 206.582951][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.582980][ T6094] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.583022][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583058][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583087][ T6094] ? kmem_cache_free+0x18f/0x400 [ 206.583115][ T6094] ? __xfs_trans_commit+0x3e0/0xbd0 [ 206.583147][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583176][ T6094] ? __xfs_trans_commit+0x4c7/0xbd0 [ 206.583222][ T6094] xfs_attr_finish_item+0xed/0x320 [ 206.583264][ T6094] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 206.583303][ T6094] xfs_defer_finish_one+0x5c8/0xcf0 [ 206.583367][ T6094] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 206.583419][ T6094] xfs_defer_finish_noroll+0x910/0x12d0 [ 206.583460][ T6094] ? xfs_trans_commit+0x10b/0x1c0 [ 206.583494][ T6094] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 206.583528][ T6094] ? inode_set_ctime_current+0x740/0xb40 [ 206.583578][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583607][ T6094] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 206.583649][ T6094] xfs_trans_commit+0x10b/0x1c0 [ 206.583676][ T6094] ? __pfx_xfs_trans_commit+0x10/0x10 [ 206.583710][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583739][ T6094] ? xfs_trans_log_inode+0x12c/0x1a0 [ 206.583781][ T6094] xfs_attr_set+0xdc6/0x1210 [ 206.583832][ T6094] ? __pfx_xfs_attr_set+0x10/0x10 [ 206.583867][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.583896][ T6094] ? __lock_acquire+0xab9/0xd20 [ 206.583944][ T6094] ? xfs_da_hashname+0x59d/0x740 [ 206.583977][ T6094] ? do_raw_spin_lock+0x121/0x290 [ 206.584022][ T6094] ? xfs_attr_change+0x2ac/0x390 [ 206.584058][ T6094] xfs_xattr_set+0x14d/0x250 [ 206.584092][ T6094] ? __pfx_xfs_xattr_set+0x10/0x10 [ 206.584139][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.584168][ T6094] ? evm_protect_xattr+0x4d4/0xa90 [ 206.584196][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.584225][ T6094] ? rcu_is_watching+0x15/0xb0 [ 206.584260][ T6094] ? __pfx_evm_protect_xattr+0x10/0x10 [ 206.584289][ T6094] ? __pfx_xfs_xattr_set+0x10/0x10 [ 206.584317][ T6094] __vfs_setxattr+0x43c/0x480 [ 206.584369][ T6094] __vfs_setxattr_noperm+0x12d/0x660 [ 206.584414][ T6094] vfs_setxattr+0x16b/0x2f0 [ 206.584458][ T6094] ? __pfx_vfs_setxattr+0x10/0x10 [ 206.584489][ T6094] ? mnt_get_write_access+0x223/0x2a0 [ 206.584521][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.584556][ T6094] filename_setxattr+0x274/0x600 [ 206.584605][ T6094] ? __pfx_filename_setxattr+0x10/0x10 [ 206.584645][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.584674][ T6094] ? getname_flags+0x1e5/0x540 [ 206.584717][ T6094] path_setxattrat+0x364/0x3a0 [ 206.584756][ T6094] ? __pfx_path_setxattrat+0x10/0x10 [ 206.584825][ T6094] ? srso_alias_return_thunk+0x5/0xfbef5 [ 206.584854][ T6094] ? rcu_is_watching+0x15/0xb0 [ 206.584892][ T6094] __x64_sys_lsetxattr+0xbf/0xe0 [ 206.584945][ T6094] do_syscall_64+0xfa/0x3b0 [ 206.584974][ T6094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.584998][ T6094] ? __switch_to_asm+0x39/0x70 [ 206.585032][ T6094] ? __switch_to_asm+0x33/0x70 [ 206.585072][ T6094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.585097][ T6094] RIP: 0033:0x7f3cdbf794f9 [ 206.585120][ T6094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 206.585141][ T6094] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 206.585167][ T6094] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 206.585184][ T6094] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 206.585203][ T6094] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 206.585219][ T6094] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 206.585236][ T6094] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 206.585276][ T6094] [ 206.585287][ T6094] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 206.676096][ T6073] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 206.726797][ T6094] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 206.810815][ T6073] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 6095] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 206.926926][ T6094] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 207.341454][ T6095] loop2: detected capacity change from 0 to 32768 [ 207.376584][ T6092] loop1: detected capacity change from 0 to 32768 [ 207.380921][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 207.387641][ T6092] XFS: noikeep mount option is deprecated. [ 207.427288][ T6095] XFS: noikeep mount option is deprecated. [ 207.948187][ T6092] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./3/file1") = 0 [pid 5874] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./3/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./3") = 0 [pid 5874] mkdir("./4", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 207.950658][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 208.005960][ T6092] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 208.042836][ T6095] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./3/file1") = 0 [pid 5871] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./3/binderfs") = 0 [ 208.069453][ T6092] XFS (loop1): Starting recovery (logdev: internal) [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./3") = 0 [pid 5871] mkdir("./4", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6092] <... mount resumed>) = 0 [pid 6092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 208.123037][ T6092] XFS (loop1): Ending recovery (logdev: internal) [pid 6092] chdir("./file1") = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... futex resumed>) = 0 [ 208.182547][ T6095] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6092] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6092] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 208.265185][ T6095] XFS (loop2): Starting recovery (logdev: internal) [pid 6092] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6112 attached [pid 6092] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6112 [pid 6112] set_robust_list(0x55555d962760, 24) = 0 [pid 6092] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] chdir("./4" [pid 6092] <... futex resumed>) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... chdir resumed>) = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6091] <... futex resumed>) = 0 [pid 6112] <... prctl resumed>) = 0 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] setpgid(0, 0 [pid 6092] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6112] <... setpgid resumed>) = 0 [ 208.309003][ T6092] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 208.330420][ T6092] XFS (loop1): Unmount and run xfs_repair [ 208.346127][ T6092] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6095] <... mount resumed>) = 0 [pid 6095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6095] chdir("./file1") = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6095] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 208.362591][ T6095] XFS (loop2): Ending recovery (logdev: internal) [ 208.362952][ T6092] CPU: 1 UID: 0 PID: 6092 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 208.362984][ T6092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.363001][ T6092] Call Trace: [ 208.363011][ T6092] [ 208.363021][ T6092] dump_stack_lvl+0x189/0x250 [ 208.363066][ T6092] ? __pfx__xfs_alert_tag+0x10/0x10 [ 208.363106][ T6092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.363143][ T6092] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 208.363192][ T6092] xfs_corruption_error+0x122/0x170 [ 208.363233][ T6092] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 208.363269][ T6092] xfs_alloc_fixup_trees+0x95e/0xd20 [ 208.363300][ T6092] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 208.363342][ T6092] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 208.363374][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.363404][ T6092] ? rcu_is_watching+0x15/0xb0 [ 208.363436][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6112] write(3, "1000", 4 [pid 6093] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6112] <... write resumed>) = 4 [pid 6093] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] close(3 [pid 6095] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [ 208.363465][ T6092] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 208.363497][ T6092] ? rcu_is_watching+0x15/0xb0 [ 208.363538][ T6092] xfs_alloc_cur_finish+0xd3/0x4b0 [ 208.363568][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.363599][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.363635][ T6092] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 208.363695][ T6092] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 208.363725][ T6092] ? xfs_group_grab+0x28/0x480 [ 208.363763][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6112] <... close resumed>) = 0 [pid 6095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] symlink("/dev/binderfs", "./binderfs" [pid 6095] <... openat resumed>) = 4 [pid 6112] <... symlink resumed>) = 0 [pid 6095] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] write(1, "executing program\n", 18executing program [pid 6095] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6112] <... write resumed>) = 18 [pid 6095] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 0 [pid 6095] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6095] <... pwritev2 resumed>) = 65007 [pid 6112] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6095] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6095] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6113 [pid 6112] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6095] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6113 attached [pid 6112] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6113] set_robust_list(0x55555d962760, 24) = 0 [pid 6113] chdir("./4") = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6113] setpgid(0, 0) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3) = 0 executing program [pid 6113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] write(1, "executing program\n", 18) = 18 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 208.363792][ T6092] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 208.363827][ T6092] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 208.363877][ T6092] xfs_alloc_vextent_start_ag+0x388/0x850 [ 208.363917][ T6092] xfs_bmapi_allocate+0x188e/0x2e00 [ 208.363985][ T6092] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 208.364019][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.364076][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.364105][ T6092] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 6113] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6114]}, 88) = 6114 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6113] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6114 attached [pid 6112] <... mprotect resumed>) = 0 [pid 6095] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6114] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6095] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... rseq resumed>) = 0 [pid 6112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6095] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6114] set_robust_list(0x7f3cdbf259a0, 24 [pid 6112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6095] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6093] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... set_robust_list resumed>) = 0 [pid 6093] <... futex resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6112] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6093] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] memfd_create("syzkaller", 0 [pid 6112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] <... memfd_create resumed>) = 3 [pid 6112] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6115 attached [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6092] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6115] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6092] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... rseq resumed>) = 0 [pid 6092] <... futex resumed>) = 0 [pid 6115] set_robust_list(0x7f3cdbf259a0, 24 [pid 6092] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6115] <... set_robust_list resumed>) = 0 [pid 6091] exit_group(0 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] <... futex resumed>) = ? [pid 6091] <... exit_group resumed>) = ? [ 208.364130][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.364158][ T6092] ? xfs_iext_prev+0x35a/0x370 [ 208.364198][ T6092] ? xfs_iext_get_extent+0x1bb/0x370 [ 208.364229][ T6092] xfs_bmapi_write+0x7df/0x1260 [ 208.364292][ T6092] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 208.364375][ T6092] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 208.364417][ T6092] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 208.364449][ T6092] ? kasan_save_track+0x4f/0x80 [ 208.364476][ T6092] ? kasan_save_track+0x3e/0x80 [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] +++ exited with 0 +++ [pid 6091] +++ exited with 0 +++ [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6112] <... futex resumed>) = 0 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=69 /* 0.69 s */} --- [pid 6114] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 208.364501][ T6092] ? kasan_save_free_info+0x46/0x50 [ 208.364539][ T6092] ? kmem_cache_free+0x18f/0x400 [ 208.364569][ T6092] ? __xfs_trans_commit+0x3e0/0xbd0 [ 208.364594][ T6092] ? xfs_trans_roll+0x130/0x450 [ 208.364619][ T6092] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 208.364660][ T6092] xfs_attr_set_iter+0x2d4/0x4b70 [ 208.364697][ T6092] ? filename_setxattr+0x274/0x600 [ 208.364731][ T6092] ? path_setxattrat+0x364/0x3a0 [ 208.364754][ T6092] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 208.364808][ T6092] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 208.364869][ T6092] ? kasan_quarantine_put+0xdd/0x220 [ 208.364896][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.364925][ T6092] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.364967][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.365003][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.365038][ T6092] ? kmem_cache_free+0x18f/0x400 [ 208.365066][ T6092] ? __xfs_trans_commit+0x3e0/0xbd0 [ 208.365099][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 208.365128][ T6092] ? __xfs_trans_commit+0x4c7/0xbd0 [ 208.365174][ T6092] xfs_attr_finish_item+0xed/0x320 [ 208.365215][ T6092] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 208.365254][ T6092] xfs_defer_finish_one+0x5c8/0xcf0 [ 208.365318][ T6092] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 208.365369][ T6092] xfs_defer_finish_noroll+0x910/0x12d0 [ 208.365411][ T6092] ? xfs_trans_commit+0x10b/0x1c0 [ 208.365444][ T6092] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 208.365479][ T6092] ? inode_set_ctime_current+0x740/0xb40 [ 208.365529][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.365558][ T6092] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 208.365600][ T6092] xfs_trans_commit+0x10b/0x1c0 [ 208.365628][ T6092] ? __pfx_xfs_trans_commit+0x10/0x10 [ 208.365662][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.365690][ T6092] ? xfs_trans_log_inode+0x12c/0x1a0 [ 208.365732][ T6092] xfs_attr_set+0xdc6/0x1210 [ 208.365783][ T6092] ? __pfx_xfs_attr_set+0x10/0x10 [ 208.365818][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.365847][ T6092] ? __lock_acquire+0xab9/0xd20 [ 208.365885][ T6092] ? xfs_da_hashname+0x59d/0x740 [ 208.365918][ T6092] ? do_raw_spin_lock+0x121/0x290 [ 208.365964][ T6092] ? xfs_attr_change+0x2ac/0x390 [ 208.366000][ T6092] xfs_xattr_set+0x14d/0x250 [ 208.366040][ T6092] ? __pfx_xfs_xattr_set+0x10/0x10 [ 208.366087][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.366116][ T6092] ? evm_protect_xattr+0x4d4/0xa90 [ 208.366144][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.366173][ T6092] ? rcu_is_watching+0x15/0xb0 [ 208.366209][ T6092] ? __pfx_evm_protect_xattr+0x10/0x10 [ 208.366238][ T6092] ? __pfx_xfs_xattr_set+0x10/0x10 [ 208.366267][ T6092] __vfs_setxattr+0x43c/0x480 [ 208.366318][ T6092] __vfs_setxattr_noperm+0x12d/0x660 [ 208.366364][ T6092] vfs_setxattr+0x16b/0x2f0 [ 208.366407][ T6092] ? __pfx_vfs_setxattr+0x10/0x10 [ 208.366438][ T6092] ? mnt_get_write_access+0x223/0x2a0 [ 208.366469][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.366505][ T6092] filename_setxattr+0x274/0x600 [ 208.366554][ T6092] ? __pfx_filename_setxattr+0x10/0x10 [ 208.366594][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.366623][ T6092] ? getname_flags+0x1e5/0x540 [ 208.366666][ T6092] path_setxattrat+0x364/0x3a0 [ 208.366704][ T6092] ? __pfx_path_setxattrat+0x10/0x10 [ 208.366774][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.366807][ T6092] ? rcu_is_watching+0x15/0xb0 [ 208.366844][ T6092] __x64_sys_lsetxattr+0xbf/0xe0 [ 208.366887][ T6092] do_syscall_64+0xfa/0x3b0 [ 208.366913][ T6092] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.366953][ T6092] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6115] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 208.366977][ T6092] ? srso_alias_return_thunk+0x5/0xfbef5 [ 208.367007][ T6092] ? exc_page_fault+0x9f/0xf0 [ 208.367054][ T6092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.367078][ T6092] RIP: 0033:0x7f3cdbf794f9 [ 208.367101][ T6092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 208.367122][ T6092] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 208.367149][ T6092] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 208.367169][ T6092] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 208.367188][ T6092] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 208.367205][ T6092] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 208.367222][ T6092] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 208.367264][ T6092] [ 208.368594][ T6092] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 208.546774][ T6095] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 208.568238][ T6092] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 208.572192][ T6095] XFS (loop2): Unmount and run xfs_repair [ 208.575676][ T6092] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 208.589570][ T6095] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 209.119720][ T6095] CPU: 0 UID: 0 PID: 6095 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 209.119756][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.119773][ T6095] Call Trace: [ 209.119784][ T6095] [ 209.119795][ T6095] dump_stack_lvl+0x189/0x250 [ 209.119833][ T6095] ? __pfx__xfs_alert_tag+0x10/0x10 [ 209.119880][ T6095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.119917][ T6095] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 209.119967][ T6095] xfs_corruption_error+0x122/0x170 [ 209.120007][ T6095] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 209.120050][ T6095] xfs_alloc_fixup_trees+0x95e/0xd20 [ 209.120080][ T6095] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 209.120121][ T6095] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 209.120152][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.120183][ T6095] ? rcu_is_watching+0x15/0xb0 [ 209.120214][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6114] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6093] exit_group(0) = ? [ 209.120243][ T6095] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 209.120277][ T6095] ? rcu_is_watching+0x15/0xb0 [ 209.120318][ T6095] xfs_alloc_cur_finish+0xd3/0x4b0 [ 209.120350][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.120382][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.120418][ T6095] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 209.120479][ T6095] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 209.120510][ T6095] ? xfs_group_grab+0x28/0x480 [ 209.120551][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.120576][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 209.120580][ T6095] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 209.120615][ T6095] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 209.120662][ T6095] xfs_alloc_vextent_start_ag+0x388/0x850 [ 209.120735][ T6095] xfs_bmapi_allocate+0x188e/0x2e00 [ 209.120804][ T6095] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 209.120839][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.120986][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.121015][ T6095] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 6115] <... write resumed>) = 16777216 [ 209.121048][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.121077][ T6095] ? xfs_iext_prev+0x35a/0x370 [ 209.121117][ T6095] ? xfs_iext_get_extent+0x1bb/0x370 [ 209.121149][ T6095] xfs_bmapi_write+0x7df/0x1260 [ 209.121213][ T6095] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 209.121297][ T6095] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 209.121340][ T6095] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 209.121371][ T6095] ? kasan_save_track+0x4f/0x80 [ 209.121397][ T6095] ? kasan_save_track+0x3e/0x80 [ 209.121422][ T6095] ? kasan_save_free_info+0x46/0x50 [ 209.121460][ T6095] ? kmem_cache_free+0x18f/0x400 [ 209.121490][ T6095] ? __xfs_trans_commit+0x3e0/0xbd0 [ 209.121515][ T6095] ? xfs_trans_roll+0x130/0x450 [ 209.121539][ T6095] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 209.121581][ T6095] xfs_attr_set_iter+0x2d4/0x4b70 [ 209.121616][ T6095] ? filename_setxattr+0x274/0x600 [ 209.121650][ T6095] ? path_setxattrat+0x364/0x3a0 [ 209.121672][ T6095] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 209.121726][ T6095] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 6115] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = 0 [ 209.121785][ T6095] ? kasan_quarantine_put+0xdd/0x220 [ 209.121819][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.121847][ T6095] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.121890][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.121925][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.121953][ T6095] ? kmem_cache_free+0x18f/0x400 [ 209.121982][ T6095] ? __xfs_trans_commit+0x3e0/0xbd0 [ 209.122014][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.122052][ T6095] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 6115] <... ioctl resumed>) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 5872] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6115] mkdir("./file1", 0777 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6115] <... mkdir resumed>) = 0 [ 209.122097][ T6095] xfs_attr_finish_item+0xed/0x320 [ 209.122140][ T6095] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 209.122179][ T6095] xfs_defer_finish_one+0x5c8/0xcf0 [ 209.122243][ T6095] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 209.122294][ T6095] xfs_defer_finish_noroll+0x910/0x12d0 [ 209.122336][ T6095] ? xfs_trans_commit+0x10b/0x1c0 [ 209.122370][ T6095] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 209.122405][ T6095] ? inode_set_ctime_current+0x740/0xb40 [ 209.122454][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] newfstatat(AT_FDCWD, "./4/file1", [pid 6115] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6114] <... write resumed>) = 16777216 [pid 5872] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6114] munmap(0x7f3cd3a00000, 138412032 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 209.122483][ T6095] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 209.122525][ T6095] xfs_trans_commit+0x10b/0x1c0 [ 209.122553][ T6095] ? __pfx_xfs_trans_commit+0x10/0x10 [ 209.122586][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.122615][ T6095] ? xfs_trans_log_inode+0x12c/0x1a0 [ 209.122657][ T6095] xfs_attr_set+0xdc6/0x1210 [ 209.122708][ T6095] ? __pfx_xfs_attr_set+0x10/0x10 [ 209.122743][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.122772][ T6095] ? __lock_acquire+0xab9/0xd20 [ 209.122810][ T6095] ? xfs_da_hashname+0x59d/0x740 [ 209.122844][ T6095] ? do_raw_spin_lock+0x121/0x290 [ 209.122888][ T6095] ? xfs_attr_change+0x2ac/0x390 [ 209.122924][ T6095] xfs_xattr_set+0x14d/0x250 [ 209.122958][ T6095] ? __pfx_xfs_xattr_set+0x10/0x10 [ 209.123005][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.123039][ T6095] ? evm_protect_xattr+0x4d4/0xa90 [ 209.123067][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.123096][ T6095] ? rcu_is_watching+0x15/0xb0 [ 209.123132][ T6095] ? __pfx_evm_protect_xattr+0x10/0x10 [ 209.123161][ T6095] ? __pfx_xfs_xattr_set+0x10/0x10 [ 209.123190][ T6095] __vfs_setxattr+0x43c/0x480 [ 209.123241][ T6095] __vfs_setxattr_noperm+0x12d/0x660 [ 209.123287][ T6095] vfs_setxattr+0x16b/0x2f0 [ 209.123330][ T6095] ? __pfx_vfs_setxattr+0x10/0x10 [ 209.123362][ T6095] ? mnt_get_write_access+0x223/0x2a0 [ 209.123393][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.123429][ T6095] filename_setxattr+0x274/0x600 [ 209.123479][ T6095] ? __pfx_filename_setxattr+0x10/0x10 [ 209.123519][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.123548][ T6095] ? getname_flags+0x1e5/0x540 [ 209.123591][ T6095] path_setxattrat+0x364/0x3a0 [ 209.123629][ T6095] ? __pfx_path_setxattrat+0x10/0x10 [ 209.123699][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.123727][ T6095] ? rcu_is_watching+0x15/0xb0 [ 209.123765][ T6095] __x64_sys_lsetxattr+0xbf/0xe0 [ 209.123807][ T6095] do_syscall_64+0xfa/0x3b0 [ 209.123832][ T6095] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.123872][ T6095] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.123896][ T6095] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6114] <... munmap resumed>) = 0 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./4/file1") = 0 [pid 5872] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./4/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./4") = 0 [pid 5872] mkdir("./5", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3 [pid 6095] <... lsetxattr resumed>) = ? [ 209.123924][ T6095] ? exc_page_fault+0x9f/0xf0 [ 209.123967][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.123991][ T6095] RIP: 0033:0x7f3cdbf794f9 [ 209.124016][ T6095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 209.124044][ T6095] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 6095] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=203 /* 2.03 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 209.124070][ T6095] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 209.124090][ T6095] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 209.124109][ T6095] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 209.124126][ T6095] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 209.124144][ T6095] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 209.124185][ T6095] [ 209.124444][ T6095] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 209.423592][ T6115] loop3: detected capacity change from 0 to 32768 [ 209.440788][ T6095] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 209.501223][ T6115] XFS: noikeep mount option is deprecated. [ 209.506461][ T6095] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 209.731930][ T6114] loop0: detected capacity change from 0 to 32768 [ 209.873594][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6114] <... ioctl resumed>) = 0 [pid 6114] close(3) = 0 [pid 6114] close(4) = 0 [pid 6114] mkdir("./file1", 0777) = 0 [pid 6114] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./4/file1") = 0 [pid 5873] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6124 [ 209.923520][ T6115] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 209.930489][ T6114] XFS: noikeep mount option is deprecated. [pid 5873] unlink("./4/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./4"./strace-static-x86_64: Process 6124 attached ) = 0 [pid 5873] mkdir("./5", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 6124] set_robust_list(0x55555d962760, 24) = 0 [pid 6124] chdir("./5") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6124] write(1, "executing program\n", 18) = 18 [pid 6124] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6124] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6125 attached [pid 6125] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6124] <... clone3 resumed> => {parent_tid=[6125]}, 88) = 6125 [pid 6125] <... rseq resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6125] set_robust_list(0x7f3cdbf259a0, 24 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6124] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] <... futex resumed>) = 0 [pid 6125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6125] memfd_create("syzkaller", 0) = 3 [ 210.005710][ T6115] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 210.090312][ T6114] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 210.109022][ T6115] XFS (loop3): Starting recovery (logdev: internal) [pid 6115] <... mount resumed>) = 0 [pid 6115] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./file1") = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 210.145868][ T6115] XFS (loop3): Ending recovery (logdev: internal) [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6115] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6115] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] <... futex resumed>) = 0 [pid 6115] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... pwritev2 resumed>) = 65007 [pid 6115] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6115] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] <... futex resumed>) = 0 [pid 6115] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6115] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [ 210.223542][ T6115] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 210.246922][ T6115] XFS (loop3): Unmount and run xfs_repair [pid 6115] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 210.270475][ T6115] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 210.307347][ T6114] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 210.332332][ T6115] CPU: 1 UID: 0 PID: 6115 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 210.332374][ T6115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.332391][ T6115] Call Trace: [ 210.332401][ T6115] [ 210.332413][ T6115] dump_stack_lvl+0x189/0x250 [ 210.332454][ T6115] ? __pfx__xfs_alert_tag+0x10/0x10 [ 210.332495][ T6115] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.332532][ T6115] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 6125] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5873] <... close resumed>) = 0 [ 210.332584][ T6115] xfs_corruption_error+0x122/0x170 [ 210.332626][ T6115] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 210.332663][ T6115] xfs_alloc_fixup_trees+0x95e/0xd20 [ 210.332694][ T6115] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 210.332738][ T6115] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 210.332771][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.332802][ T6115] ? rcu_is_watching+0x15/0xb0 [ 210.332835][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.332865][ T6115] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 210.332898][ T6115] ? rcu_is_watching+0x15/0xb0 [ 210.332951][ T6115] xfs_alloc_cur_finish+0xd3/0x4b0 [ 210.332984][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333016][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333052][ T6115] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 210.333115][ T6115] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 210.333146][ T6115] ? xfs_group_grab+0x28/0x480 [ 210.333189][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333218][ T6115] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 210.333254][ T6115] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 210.333306][ T6115] xfs_alloc_vextent_start_ag+0x388/0x850 [ 210.333348][ T6115] xfs_bmapi_allocate+0x188e/0x2e00 [ 210.333420][ T6115] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 210.333456][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333510][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333539][ T6115] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 210.333564][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.333594][ T6115] ? xfs_iext_prev+0x35a/0x370 [ 210.333639][ T6115] ? xfs_iext_get_extent+0x1bb/0x370 [ 210.333672][ T6115] xfs_bmapi_write+0x7df/0x1260 [ 210.333736][ T6115] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 210.333822][ T6115] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 210.333866][ T6115] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 210.333898][ T6115] ? kasan_save_track+0x4f/0x80 [ 210.333925][ T6115] ? kasan_save_track+0x3e/0x80 [ 210.333957][ T6115] ? kasan_save_free_info+0x46/0x50 [ 210.333998][ T6115] ? kmem_cache_free+0x18f/0x400 [ 210.334030][ T6115] ? __xfs_trans_commit+0x3e0/0xbd0 [ 210.334057][ T6115] ? xfs_trans_roll+0x130/0x450 [ 210.334082][ T6115] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 210.334129][ T6115] xfs_attr_set_iter+0x2d4/0x4b70 [ 210.334167][ T6115] ? filename_setxattr+0x274/0x600 [ 210.334203][ T6115] ? path_setxattrat+0x364/0x3a0 [ 210.334227][ T6115] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 210.334282][ T6115] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 210.334343][ T6115] ? kasan_quarantine_put+0xdd/0x220 [ 210.334370][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.334401][ T6115] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.334449][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.334485][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.334516][ T6115] ? kmem_cache_free+0x18f/0x400 [ 210.334545][ T6115] ? __xfs_trans_commit+0x3e0/0xbd0 [ 210.334578][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.334608][ T6115] ? __xfs_trans_commit+0x4c7/0xbd0 [ 210.334654][ T6115] xfs_attr_finish_item+0xed/0x320 [ 210.334700][ T6115] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 210.334740][ T6115] xfs_defer_finish_one+0x5c8/0xcf0 [ 210.334806][ T6115] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 210.334858][ T6115] xfs_defer_finish_noroll+0x910/0x12d0 [ 210.334901][ T6115] ? xfs_trans_commit+0x10b/0x1c0 [ 210.334941][ T6115] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 210.334977][ T6115] ? inode_set_ctime_current+0x740/0xb40 [ 210.335031][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.335060][ T6115] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 210.335104][ T6115] xfs_trans_commit+0x10b/0x1c0 [ 210.335132][ T6115] ? __pfx_xfs_trans_commit+0x10/0x10 [ 210.335167][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.335198][ T6115] ? xfs_trans_log_inode+0x12c/0x1a0 [ 210.335242][ T6115] xfs_attr_set+0xdc6/0x1210 [ 210.335296][ T6115] ? __pfx_xfs_attr_set+0x10/0x10 [ 210.335332][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.335361][ T6115] ? __lock_acquire+0xab9/0xd20 [ 210.335402][ T6115] ? xfs_da_hashname+0x59d/0x740 [ 210.335436][ T6115] ? do_raw_spin_lock+0x121/0x290 [ 210.335482][ T6115] ? xfs_attr_change+0x2ac/0x390 [ 210.335518][ T6115] xfs_xattr_set+0x14d/0x250 [ 210.335553][ T6115] ? __pfx_xfs_xattr_set+0x10/0x10 [ 210.335601][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.335631][ T6115] ? evm_protect_xattr+0x4d4/0xa90 [ 210.335659][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.335689][ T6115] ? rcu_is_watching+0x15/0xb0 [ 210.335724][ T6115] ? __pfx_evm_protect_xattr+0x10/0x10 [ 210.335754][ T6115] ? __pfx_xfs_xattr_set+0x10/0x10 [ 210.335783][ T6115] __vfs_setxattr+0x43c/0x480 [ 210.335836][ T6115] __vfs_setxattr_noperm+0x12d/0x660 [ 210.335883][ T6115] vfs_setxattr+0x16b/0x2f0 [ 210.335927][ T6115] ? __pfx_vfs_setxattr+0x10/0x10 [ 210.335963][ T6115] ? mnt_get_write_access+0x223/0x2a0 [ 210.335996][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.336032][ T6115] filename_setxattr+0x274/0x600 [ 210.336082][ T6115] ? __pfx_filename_setxattr+0x10/0x10 [ 210.336124][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.336153][ T6115] ? getname_flags+0x1e5/0x540 [ 210.336198][ T6115] path_setxattrat+0x364/0x3a0 [ 210.336237][ T6115] ? __pfx_path_setxattrat+0x10/0x10 [ 210.336306][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.336336][ T6115] ? rcu_is_watching+0x15/0xb0 [ 210.336375][ T6115] __x64_sys_lsetxattr+0xbf/0xe0 [ 210.336418][ T6115] do_syscall_64+0xfa/0x3b0 [ 210.336444][ T6115] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.336484][ T6115] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.336509][ T6115] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.336538][ T6115] ? exc_page_fault+0x9f/0xf0 [ 210.336582][ T6115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.336607][ T6115] RIP: 0033:0x7f3cdbf794f9 [ 210.336630][ T6115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 210.336653][ T6115] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 210.336680][ T6115] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 210.336700][ T6115] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 210.336719][ T6115] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached [pid 6134] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6134 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6134] chdir("./5") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6134] write(1, "executing program\n", 18) = 18 [pid 6134] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6134] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6135 attached => {parent_tid=[6135]}, 88) = 6135 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6134] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] <... rseq resumed>) = 0 [pid 6135] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 210.336736][ T6115] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 210.336753][ T6115] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 210.336795][ T6115] [ 211.007864][ T6115] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 211.120664][ T6115] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 211.145856][ T6114] XFS (loop0): Starting recovery (logdev: internal) [pid 6125] <... write resumed>) = 16777216 [pid 6125] munmap(0x7f3cd3a00000, 138412032 [pid 6114] <... mount resumed>) = 0 [pid 6125] <... munmap resumed>) = 0 [pid 6115] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6125] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6125] <... openat resumed>) = 4 [pid 6115] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [ 211.169517][ T6115] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 211.191230][ T6114] XFS (loop0): Ending recovery (logdev: internal) [pid 6125] ioctl(4, LOOP_SET_FD, 3 [pid 6114] <... openat resumed>) = 3 [pid 6125] <... ioctl resumed>) = 0 [pid 6115] <... futex resumed>) = 0 [pid 6125] close(3 [pid 6114] chdir("./file1" [pid 6125] <... close resumed>) = 0 [pid 6115] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] exit_group(0 [pid 6125] close(4 [pid 6114] <... chdir resumed>) = 0 [pid 6112] <... exit_group resumed>) = ? [pid 6125] <... close resumed>) = 0 [pid 6115] <... futex resumed>) = ? [pid 6125] mkdir("./file1", 0777 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6125] <... mkdir resumed>) = 0 [pid 6115] +++ exited with 0 +++ [pid 6112] +++ exited with 0 +++ [pid 6125] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6114] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=49 /* 0.49 s */} --- [pid 6114] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [ 211.223772][ T6125] loop1: detected capacity change from 0 to 32768 [ 211.256252][ T6125] XFS: noikeep mount option is deprecated. [pid 6113] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... openat resumed>) = 4 [pid 6113] <... futex resumed>) = 0 [pid 6114] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 0 [pid 6113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6114] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6114] <... pwritev2 resumed>) = 65007 [pid 6114] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... openat resumed>) = 3 [pid 6114] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [pid 5874] newfstatat(3, "", [pid 6114] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 5874] getdents64(3, [pid 6114] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6135] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6114] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6114] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [ 211.275017][ T6125] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 211.299318][ T6114] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 211.311031][ T6114] XFS (loop0): Unmount and run xfs_repair [ 211.311718][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 211.331864][ T6114] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 211.345232][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 211.345270][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.345286][ T6114] Call Trace: [ 211.345297][ T6114] [ 211.345308][ T6114] dump_stack_lvl+0x189/0x250 [ 211.345346][ T6114] ? __pfx__xfs_alert_tag+0x10/0x10 [ 211.345387][ T6114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.345424][ T6114] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 211.345474][ T6114] xfs_corruption_error+0x122/0x170 [ 211.345516][ T6114] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 211.345553][ T6114] xfs_alloc_fixup_trees+0x95e/0xd20 [ 211.345584][ T6114] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 211.345627][ T6114] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 211.345659][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.345698][ T6114] ? rcu_is_watching+0x15/0xb0 [ 211.345731][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.345761][ T6114] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 211.345795][ T6114] ? rcu_is_watching+0x15/0xb0 [ 211.345836][ T6114] xfs_alloc_cur_finish+0xd3/0x4b0 [ 211.345868][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.345900][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.345936][ T6114] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 211.345998][ T6114] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 211.346029][ T6114] ? xfs_group_grab+0x28/0x480 [ 211.346068][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.346097][ T6114] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 211.346133][ T6114] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 211.346185][ T6114] xfs_alloc_vextent_start_ag+0x388/0x850 [ 211.346227][ T6114] xfs_bmapi_allocate+0x188e/0x2e00 [ 211.346295][ T6114] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 211.346329][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.346383][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.346413][ T6114] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 211.346438][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.346467][ T6114] ? xfs_iext_prev+0x35a/0x370 [ 211.346508][ T6114] ? xfs_iext_get_extent+0x1bb/0x370 [ 211.346541][ T6114] xfs_bmapi_write+0x7df/0x1260 [ 211.346604][ T6114] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 211.346698][ T6114] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 211.346742][ T6114] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 211.346775][ T6114] ? kasan_save_track+0x4f/0x80 [ 211.346807][ T6114] ? kasan_save_track+0x3e/0x80 [ 211.346832][ T6114] ? kasan_save_free_info+0x46/0x50 [ 211.346872][ T6114] ? kmem_cache_free+0x18f/0x400 [ 211.346901][ T6114] ? __xfs_trans_commit+0x3e0/0xbd0 [ 211.346927][ T6114] ? xfs_trans_roll+0x130/0x450 [ 211.346951][ T6114] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 211.346993][ T6114] xfs_attr_set_iter+0x2d4/0x4b70 [ 211.347029][ T6114] ? filename_setxattr+0x274/0x600 [ 211.347065][ T6114] ? path_setxattrat+0x364/0x3a0 [ 211.347087][ T6114] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 211.347141][ T6114] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 211.347200][ T6114] ? kasan_quarantine_put+0xdd/0x220 [ 211.347227][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.347256][ T6114] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.347298][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.347334][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.347363][ T6114] ? kmem_cache_free+0x18f/0x400 [ 211.347393][ T6114] ? __xfs_trans_commit+0x3e0/0xbd0 [ 211.347424][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.347453][ T6114] ? __xfs_trans_commit+0x4c7/0xbd0 [ 211.347499][ T6114] xfs_attr_finish_item+0xed/0x320 [ 211.347540][ T6114] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 211.347578][ T6114] xfs_defer_finish_one+0x5c8/0xcf0 [ 211.347641][ T6114] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 211.347704][ T6114] xfs_defer_finish_noroll+0x910/0x12d0 [ 211.347746][ T6114] ? xfs_trans_commit+0x10b/0x1c0 [ 211.347778][ T6114] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 211.347814][ T6114] ? inode_set_ctime_current+0x740/0xb40 [ 211.347863][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.347891][ T6114] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 211.347932][ T6114] xfs_trans_commit+0x10b/0x1c0 [ 211.347959][ T6114] ? __pfx_xfs_trans_commit+0x10/0x10 [ 211.347996][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348025][ T6114] ? xfs_trans_log_inode+0x12c/0x1a0 [ 211.348068][ T6114] xfs_attr_set+0xdc6/0x1210 [ 211.348119][ T6114] ? __pfx_xfs_attr_set+0x10/0x10 [ 211.348153][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348180][ T6114] ? __lock_acquire+0xab9/0xd20 [ 211.348218][ T6114] ? xfs_da_hashname+0x59d/0x740 [ 211.348252][ T6114] ? do_raw_spin_lock+0x121/0x290 [ 211.348296][ T6114] ? xfs_attr_change+0x2ac/0x390 [ 211.348333][ T6114] xfs_xattr_set+0x14d/0x250 [ 211.348367][ T6114] ? __pfx_xfs_xattr_set+0x10/0x10 [ 211.348415][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348445][ T6114] ? evm_protect_xattr+0x4d4/0xa90 [ 211.348472][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348502][ T6114] ? rcu_is_watching+0x15/0xb0 [ 211.348538][ T6114] ? __pfx_evm_protect_xattr+0x10/0x10 [ 211.348568][ T6114] ? __pfx_xfs_xattr_set+0x10/0x10 [ 211.348597][ T6114] __vfs_setxattr+0x43c/0x480 [ 211.348650][ T6114] __vfs_setxattr_noperm+0x12d/0x660 [ 211.348707][ T6114] vfs_setxattr+0x16b/0x2f0 [ 211.348754][ T6114] ? __pfx_vfs_setxattr+0x10/0x10 [ 211.348787][ T6114] ? mnt_get_write_access+0x223/0x2a0 [ 211.348820][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348857][ T6114] filename_setxattr+0x274/0x600 [ 211.348908][ T6114] ? __pfx_filename_setxattr+0x10/0x10 [ 211.348950][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.348980][ T6114] ? getname_flags+0x1e5/0x540 [ 211.349024][ T6114] path_setxattrat+0x364/0x3a0 [ 211.349064][ T6114] ? __pfx_path_setxattrat+0x10/0x10 [ 211.349136][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.349167][ T6114] ? rcu_is_watching+0x15/0xb0 [ 211.349207][ T6114] __x64_sys_lsetxattr+0xbf/0xe0 [ 211.349250][ T6114] do_syscall_64+0xfa/0x3b0 [ 211.349276][ T6114] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.349318][ T6114] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.349344][ T6114] ? srso_alias_return_thunk+0x5/0xfbef5 [ 211.349374][ T6114] ? exc_page_fault+0x9f/0xf0 [ 211.349419][ T6114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.349444][ T6114] RIP: 0033:0x7f3cdbf794f9 [ 211.349469][ T6114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 211.349493][ T6114] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 211.349521][ T6114] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 211.349541][ T6114] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 211.349561][ T6114] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 211.349579][ T6114] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 211.349597][ T6114] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 211.349639][ T6114] [ 212.020009][ T6114] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 6113] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 6113] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6114] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] exit_group(0 [pid 6114] <... futex resumed>) = ? [pid 6113] <... exit_group resumed>) = ? [pid 6114] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=56 /* 0.56 s */} --- [pid 5871] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 212.029893][ T6114] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 212.046092][ T6114] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 5871] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... openat resumed>) = 4 [pid 5871] newfstatat(AT_FDCWD, "./4/file1", [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] getdents64(4, [ 212.082417][ T6125] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 212.101528][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] getdents64(4, [pid 5871] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5874] close(4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./4/file1") = 0 [pid 5871] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] <... close resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] rmdir("./4/file1" [pid 5871] unlink("./4/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./4") = 0 [pid 5871] mkdir("./5", 0777) = 0 [pid 5874] <... rmdir resumed>) = 0 [pid 5874] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5871] close(3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./4/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./4") = 0 [pid 5874] mkdir("./5", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 212.199665][ T6125] XFS (loop1): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 6135] <... write resumed>) = 16777216 [ 212.315810][ T6125] XFS (loop1): Ending recovery (logdev: internal) [pid 6135] munmap(0x7f3cd3a00000, 138412032 [pid 6125] <... mount resumed>) = 0 [pid 6125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6125] chdir("./file1") = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6125] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 0 [pid 6124] <... futex resumed>) = 1 [pid 6125] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6124] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 4 [pid 6125] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... close resumed>) = 0 [pid 6125] <... futex resumed>) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6135] <... munmap resumed>) = 0 [pid 6125] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6144 [pid 6125] <... futex resumed>) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6135] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6144 attached [pid 6144] set_robust_list(0x55555d962760, 24) = 0 [pid 6144] chdir("./5") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6144] write(3, "1000", 4 [pid 6135] <... ioctl resumed>) = 0 [pid 6124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6144] <... write resumed>) = 4 [pid 6124] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] close(3 [pid 6124] <... futex resumed>) = 0 [pid 6144] <... close resumed>) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6144] symlink("/dev/binderfs", "./binderfs" [pid 6124] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6144] <... symlink resumed>) = 0 [pid 6124] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6144] write(1, "executing program\n", 18 [pid 6124] <... mprotect resumed>) = 0 [pid 6144] <... write resumed>) = 18 [ 212.451661][ T6125] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 212.467960][ T6135] loop2: detected capacity change from 0 to 32768 [pid 6135] close(3 [pid 6144] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6144] <... futex resumed>) = 0 [pid 6135] <... close resumed>) = 0 [pid 6124] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6144] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6135] close(4 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6144] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6135] <... close resumed>) = 0 [pid 6144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6135] mkdir("./file1", 0777 [pid 6124] <... clone3 resumed> => {parent_tid=[6145]}, 88) = 6145 ./strace-static-x86_64: Process 6145 attached [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] <... mkdir resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6124] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... mprotect resumed>) = 0 [pid 6124] <... futex resumed>) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6124] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6146 attached => {parent_tid=[6146]}, 88) = 6146 [pid 6135] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6146] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6145] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... close resumed>) = 0 [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] <... rseq resumed>) = 0 [pid 6144] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6146] <... rseq resumed>) = 0 [pid 6146] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] set_robust_list(0x7f3cdbf049a0, 24 [pid 6146] memfd_create("syzkaller", 0) = 3 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6145] <... set_robust_list resumed>) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6125] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6147 [pid 6145] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6125] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x55555d962760, 24) = 0 [pid 6125] <... futex resumed>) = 0 [ 212.531247][ T6125] XFS (loop1): Unmount and run xfs_repair [ 212.540421][ T6135] XFS: noikeep mount option is deprecated. [pid 6147] chdir("./5") = 0 [pid 6125] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 executing program [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] write(1, "executing program\n", 18) = 18 [pid 6147] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6147] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6152]}, 88) = 6152 ./strace-static-x86_64: Process 6152 attached [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6147] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6152] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6152] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6152] memfd_create("syzkaller", 0) = 3 [ 212.574448][ T6145] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 212.642724][ T6145] CPU: 0 UID: 0 PID: 6145 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 212.642765][ T6145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.642782][ T6145] Call Trace: [ 212.642791][ T6145] [ 212.642803][ T6145] dump_stack_lvl+0x189/0x250 [ 212.642842][ T6145] ? __pfx__xfs_alert_tag+0x10/0x10 [ 212.642883][ T6145] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.642920][ T6145] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 212.642982][ T6145] xfs_corruption_error+0x122/0x170 [ 212.643024][ T6145] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 212.643060][ T6145] xfs_alloc_fixup_trees+0x95e/0xd20 [ 212.643091][ T6145] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 212.643135][ T6145] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 212.643167][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643198][ T6145] ? rcu_is_watching+0x15/0xb0 [ 212.643230][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643259][ T6145] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 212.643293][ T6145] ? rcu_is_watching+0x15/0xb0 [ 212.643334][ T6145] xfs_alloc_cur_finish+0xd3/0x4b0 [ 212.643365][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643397][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643437][ T6145] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 212.643499][ T6145] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 212.643530][ T6145] ? xfs_group_grab+0x28/0x480 [ 212.643568][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643598][ T6145] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 6152] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 212.643633][ T6145] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 212.643684][ T6145] xfs_alloc_vextent_start_ag+0x388/0x850 [ 212.643725][ T6145] xfs_bmapi_allocate+0x188e/0x2e00 [ 212.643794][ T6145] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 212.643829][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643882][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643912][ T6145] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 212.643936][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.643974][ T6145] ? xfs_iext_prev+0x35a/0x370 [ 212.644014][ T6145] ? xfs_iext_get_extent+0x1bb/0x370 [ 212.644047][ T6145] xfs_bmapi_write+0x7df/0x1260 [ 212.644111][ T6145] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 212.644195][ T6145] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 212.644239][ T6145] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 212.644272][ T6145] ? kasan_save_track+0x4f/0x80 [ 212.644298][ T6145] ? kasan_save_track+0x3e/0x80 [ 212.644324][ T6145] ? kasan_save_free_info+0x46/0x50 [ 212.644364][ T6145] ? kmem_cache_free+0x18f/0x400 [ 212.644393][ T6145] ? __xfs_trans_commit+0x3e0/0xbd0 [ 212.644420][ T6145] ? xfs_trans_roll+0x130/0x450 [ 212.644445][ T6145] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 212.644486][ T6145] xfs_attr_set_iter+0x2d4/0x4b70 [ 212.644523][ T6145] ? filename_setxattr+0x274/0x600 [ 212.644558][ T6145] ? path_setxattrat+0x364/0x3a0 [ 212.644581][ T6145] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 212.644637][ T6145] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 212.644698][ T6145] ? kasan_quarantine_put+0xdd/0x220 [ 212.644725][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.644755][ T6145] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.644797][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.644833][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.644863][ T6145] ? kmem_cache_free+0x18f/0x400 [ 212.644892][ T6145] ? __xfs_trans_commit+0x3e0/0xbd0 [ 212.644925][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.644954][ T6145] ? __xfs_trans_commit+0x4c7/0xbd0 [ 212.645006][ T6145] xfs_attr_finish_item+0xed/0x320 [ 212.645049][ T6145] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 212.645088][ T6145] xfs_defer_finish_one+0x5c8/0xcf0 [ 212.645152][ T6145] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 212.645205][ T6145] xfs_defer_finish_noroll+0x910/0x12d0 [ 212.645246][ T6145] ? xfs_trans_commit+0x10b/0x1c0 [ 212.645279][ T6145] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 212.645315][ T6145] ? inode_set_ctime_current+0x740/0xb40 [ 212.645365][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.645395][ T6145] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 212.645437][ T6145] xfs_trans_commit+0x10b/0x1c0 [ 212.645464][ T6145] ? __pfx_xfs_trans_commit+0x10/0x10 [ 212.645498][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.645527][ T6145] ? xfs_trans_log_inode+0x12c/0x1a0 [ 212.645570][ T6145] xfs_attr_set+0xdc6/0x1210 [ 212.645621][ T6145] ? __pfx_xfs_attr_set+0x10/0x10 [ 212.645657][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.645687][ T6145] ? __lock_acquire+0xab9/0xd20 [ 212.645725][ T6145] ? xfs_da_hashname+0x59d/0x740 [ 212.645758][ T6145] ? do_raw_spin_lock+0x121/0x290 [ 212.645803][ T6145] ? xfs_attr_change+0x2ac/0x390 [ 212.645839][ T6145] xfs_xattr_set+0x14d/0x250 [ 212.645873][ T6145] ? __pfx_xfs_xattr_set+0x10/0x10 [ 212.645920][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.645949][ T6145] ? evm_protect_xattr+0x4d4/0xa90 [ 212.645983][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.646013][ T6145] ? rcu_is_watching+0x15/0xb0 [ 212.646048][ T6145] ? __pfx_evm_protect_xattr+0x10/0x10 [ 212.646078][ T6145] ? __pfx_xfs_xattr_set+0x10/0x10 [ 212.646107][ T6145] __vfs_setxattr+0x43c/0x480 [ 212.646158][ T6145] __vfs_setxattr_noperm+0x12d/0x660 [ 212.646205][ T6145] vfs_setxattr+0x16b/0x2f0 [ 212.646248][ T6145] ? __pfx_vfs_setxattr+0x10/0x10 [ 212.646280][ T6145] ? mnt_get_write_access+0x223/0x2a0 [ 212.646312][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.646348][ T6145] filename_setxattr+0x274/0x600 [ 212.646398][ T6145] ? __pfx_filename_setxattr+0x10/0x10 [ 212.646439][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.646468][ T6145] ? getname_flags+0x1e5/0x540 [ 212.646511][ T6145] path_setxattrat+0x364/0x3a0 [ 212.646550][ T6145] ? __pfx_path_setxattrat+0x10/0x10 [ 212.646620][ T6145] ? srso_alias_return_thunk+0x5/0xfbef5 [ 212.646648][ T6145] ? rcu_is_watching+0x15/0xb0 [ 212.646687][ T6145] __x64_sys_lsetxattr+0xbf/0xe0 [ 212.646731][ T6145] do_syscall_64+0xfa/0x3b0 [ 212.646759][ T6145] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.646784][ T6145] ? __switch_to_asm+0x39/0x70 [ 212.646818][ T6145] ? __switch_to_asm+0x33/0x70 [ 212.646856][ T6145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.646880][ T6145] RIP: 0033:0x7f3cdbf794f9 [pid 6146] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6124] exit_group(0) = ? [pid 6125] <... futex resumed>) = ? [pid 6125] +++ exited with 0 +++ [ 212.646905][ T6145] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 212.646928][ T6145] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 212.646956][ T6145] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 212.646981][ T6145] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 212.647000][ T6145] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 212.647017][ T6145] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 212.647035][ T6145] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 212.647076][ T6145] [ 212.797235][ T6135] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 212.824995][ T6145] XFS (loop1): Corruption detected. Unmount and run xfs_repair [pid 6145] <... lsetxattr resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ [pid 6152] <... write resumed>) = 16777216 [pid 6146] <... write resumed>) = 16777216 [pid 6152] munmap(0x7f3cd3a00000, 138412032 [pid 6146] munmap(0x7f3cd3a00000, 138412032 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=91 /* 0.91 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 213.335687][ T6145] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 213.352256][ T6145] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 213.386041][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6146] <... munmap resumed>) = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6146] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = 0 [pid 6152] <... munmap resumed>) = 0 [pid 6146] <... ioctl resumed>) = 0 [pid 5872] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6152] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6146] close(3 [pid 6152] <... openat resumed>) = 4 [pid 6146] <... close resumed>) = 0 [pid 6146] close(4 [pid 5872] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6146] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6146] mkdir("./file1", 0777 [pid 5872] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 213.411399][ T6146] loop3: detected capacity change from 0 to 32768 [ 213.435143][ T6152] loop0: detected capacity change from 0 to 32768 [pid 6152] ioctl(4, LOOP_SET_FD, 3 [pid 6146] <... mkdir resumed>) = 0 [pid 6152] <... ioctl resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 6152] close(3 [pid 6146] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] newfstatat(4, "", [pid 6152] <... close resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6152] close(4 [pid 5872] getdents64(4, [pid 6152] <... close resumed>) = 0 [pid 6152] mkdir("./file1", 0777 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6152] <... mkdir resumed>) = 0 [pid 5872] getdents64(4, [pid 6152] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./5/file1") = 0 [pid 5872] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./5/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [ 213.467709][ T6146] XFS: noikeep mount option is deprecated. [ 213.477272][ T6152] XFS: noikeep mount option is deprecated. [ 213.477973][ T6135] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] rmdir("./5") = 0 [pid 5872] mkdir("./6", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 213.514845][ T6135] XFS (loop2): Starting recovery (logdev: internal) [pid 5872] close(3 [pid 6135] <... mount resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 213.563972][ T6146] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 213.576706][ T6135] XFS (loop2): Ending recovery (logdev: internal) [ 213.586419][ T6152] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6135] chdir("./file1") = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6135] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6134] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... openat resumed>) = 4 [pid 6135] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6134] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... pwritev2 resumed>) = 65007 [pid 6134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6134] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6134] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6135] <... futex resumed>) = 0 [pid 6134] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6135] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6173]}, 88) = 6173 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6173 attached ) = 0 [pid 6173] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6134] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] <... rseq resumed>) = 0 [pid 6173] set_robust_list(0x7f3cdbf049a0, 24) = 0 [ 213.705396][ T6146] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 213.739456][ T6152] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6173] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6134] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6134] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [ 213.766497][ T6173] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 213.788782][ T6146] XFS (loop3): Starting recovery (logdev: internal) [ 213.799191][ T6152] XFS (loop0): Starting recovery (logdev: internal) [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6173] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6173] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6174 attached [ 213.815506][ T6173] XFS (loop2): Unmount and run xfs_repair [ 213.823842][ T6135] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 213.825633][ T6146] XFS (loop3): Ending recovery (logdev: internal) [ 213.848226][ T6135] CPU: 1 UID: 0 PID: 6135 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 6173] <... futex resumed>) = 0 [pid 6146] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6174 [pid 6174] set_robust_list(0x55555d962760, 24) = 0 [pid 6174] chdir("./6") = 0 [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6174] setpgid(0, 0) = 0 [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6174] write(3, "1000", 4) = 4 [pid 6174] close(3) = 0 [pid 6174] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6174] write(1, "executing program\n", 18) = 18 [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6174] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6175]}, 88) = 6175 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 213.848263][ T6135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.848280][ T6135] Call Trace: [ 213.848291][ T6135] [ 213.848301][ T6135] dump_stack_lvl+0x189/0x250 [ 213.848344][ T6135] ? __pfx__xfs_alert_tag+0x10/0x10 [ 213.848383][ T6135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.848420][ T6135] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 213.848469][ T6135] xfs_corruption_error+0x122/0x170 [pid 6174] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] <... mount resumed>) = 0 [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6152] chdir("./file1") = 0 [pid 6152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6152] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6152] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] <... openat resumed>) = 4 [pid 6152] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] <... futex resumed>) = 1 [pid 6152] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 ./strace-static-x86_64: Process 6175 attached [pid 6173] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... openat resumed>) = 3 [pid 6175] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6152] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] chdir("./file1" [pid 6175] <... rseq resumed>) = 0 [pid 6152] <... futex resumed>) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6146] <... chdir resumed>) = 0 [pid 6175] set_robust_list(0x7f3cdbf259a0, 24 [pid 6152] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6147] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6175] <... set_robust_list resumed>) = 0 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 213.848510][ T6135] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 213.848546][ T6135] xfs_alloc_fixup_trees+0x95e/0xd20 [ 213.848577][ T6135] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 213.848620][ T6135] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 213.848651][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.848682][ T6135] ? rcu_is_watching+0x15/0xb0 [ 213.848723][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.848753][ T6135] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 213.848790][ T6135] ? rcu_is_watching+0x15/0xb0 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6147] <... futex resumed>) = 0 [pid 6146] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6135] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6135] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.848833][ T6135] xfs_alloc_cur_finish+0xd3/0x4b0 [ 213.848866][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.848898][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.848934][ T6135] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 213.849000][ T6135] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 213.849032][ T6135] ? xfs_group_grab+0x28/0x480 [ 213.849071][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.849101][ T6135] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 213.849137][ T6135] xfs_alloc_vextent_iterate_ags+0x640/0x940 [pid 6135] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] exit_group(0) = ? [pid 6146] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = ? [pid 6135] +++ exited with 0 +++ [ 213.849189][ T6135] xfs_alloc_vextent_start_ag+0x388/0x850 [ 213.849232][ T6135] xfs_bmapi_allocate+0x188e/0x2e00 [ 213.849307][ T6135] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 213.849342][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.849396][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.849427][ T6135] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 213.849452][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.849482][ T6135] ? xfs_iext_prev+0x35a/0x370 [ 213.849522][ T6135] ? xfs_iext_get_extent+0x1bb/0x370 [pid 6147] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6147] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6176]}, 88) = 6176 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6147] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6176 attached [pid 6147] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6176] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 213.849553][ T6135] xfs_bmapi_write+0x7df/0x1260 [ 213.849621][ T6135] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 213.849715][ T6135] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 213.849761][ T6135] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 213.849794][ T6135] ? kasan_save_track+0x4f/0x80 [ 213.849822][ T6135] ? kasan_save_track+0x3e/0x80 [ 213.849848][ T6135] ? kasan_save_free_info+0x46/0x50 [ 213.849888][ T6135] ? kmem_cache_free+0x18f/0x400 [ 213.849920][ T6135] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 6176] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6175] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6173] <... futex resumed>) = ? [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6144] <... futex resumed>) = 1 [pid 6146] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6144] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... openat resumed>) = 4 [pid 6146] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6146] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6146] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6144] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 213.849948][ T6135] ? xfs_trans_roll+0x130/0x450 [ 213.849973][ T6135] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 213.850017][ T6135] xfs_attr_set_iter+0x2d4/0x4b70 [ 213.850054][ T6135] ? filename_setxattr+0x274/0x600 [ 213.850090][ T6135] ? path_setxattrat+0x364/0x3a0 [ 213.850114][ T6135] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 213.850171][ T6135] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 213.850232][ T6135] ? kasan_quarantine_put+0xdd/0x220 [ 213.850259][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.850289][ T6135] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6173] +++ exited with 0 +++ [pid 6146] <... pwritev2 resumed>) = 65007 [pid 6134] +++ exited with 0 +++ [pid 6146] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6152] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=49 /* 0.49 s */} --- [pid 5873] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6152] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.850332][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.850369][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.850399][ T6135] ? kmem_cache_free+0x18f/0x400 [ 213.850428][ T6135] ? __xfs_trans_commit+0x3e0/0xbd0 [ 213.850462][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.850492][ T6135] ? __xfs_trans_commit+0x4c7/0xbd0 [ 213.850539][ T6135] xfs_attr_finish_item+0xed/0x320 [ 213.850582][ T6135] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 213.850622][ T6135] xfs_defer_finish_one+0x5c8/0xcf0 [ 213.850687][ T6135] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 213.850747][ T6135] xfs_defer_finish_noroll+0x910/0x12d0 [ 213.850790][ T6135] ? xfs_trans_commit+0x10b/0x1c0 [ 213.850825][ T6135] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 213.850861][ T6135] ? inode_set_ctime_current+0x740/0xb40 [ 213.850913][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.850943][ T6135] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 213.850986][ T6135] xfs_trans_commit+0x10b/0x1c0 [ 213.851014][ T6135] ? __pfx_xfs_trans_commit+0x10/0x10 [ 213.851048][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.851077][ T6135] ? xfs_trans_log_inode+0x12c/0x1a0 [ 213.851119][ T6135] xfs_attr_set+0xdc6/0x1210 [ 213.851176][ T6135] ? __pfx_xfs_attr_set+0x10/0x10 [ 213.851213][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.851243][ T6135] ? __lock_acquire+0xab9/0xd20 [ 213.851283][ T6135] ? xfs_da_hashname+0x59d/0x740 [ 213.851318][ T6135] ? do_raw_spin_lock+0x121/0x290 [ 213.851362][ T6135] ? xfs_attr_change+0x2ac/0x390 [ 213.851399][ T6135] xfs_xattr_set+0x14d/0x250 [pid 6152] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6144] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6144] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6177]}, 88) = 6177 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6177 attached [pid 6177] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6177] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6177] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6146] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6146] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 213.851433][ T6135] ? __pfx_xfs_xattr_set+0x10/0x10 [ 213.851481][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.851511][ T6135] ? evm_protect_xattr+0x4d4/0xa90 [ 213.851540][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.851569][ T6135] ? rcu_is_watching+0x15/0xb0 [ 213.851604][ T6135] ? __pfx_evm_protect_xattr+0x10/0x10 [ 213.851633][ T6135] ? __pfx_xfs_xattr_set+0x10/0x10 [ 213.851662][ T6135] __vfs_setxattr+0x43c/0x480 [ 213.851720][ T6135] __vfs_setxattr_noperm+0x12d/0x660 [ 213.851766][ T6135] vfs_setxattr+0x16b/0x2f0 [ 213.851810][ T6135] ? __pfx_vfs_setxattr+0x10/0x10 [ 213.851841][ T6135] ? mnt_get_write_access+0x223/0x2a0 [ 213.851873][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.851909][ T6135] filename_setxattr+0x274/0x600 [ 213.851959][ T6135] ? __pfx_filename_setxattr+0x10/0x10 [ 213.852000][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.852030][ T6135] ? getname_flags+0x1e5/0x540 [ 213.852073][ T6135] path_setxattrat+0x364/0x3a0 [ 213.852112][ T6135] ? __pfx_path_setxattrat+0x10/0x10 [ 213.852182][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.852213][ T6135] ? rcu_is_watching+0x15/0xb0 [ 213.852247][ T6135] __x64_sys_lsetxattr+0xbf/0xe0 [ 213.852286][ T6135] do_syscall_64+0xfa/0x3b0 [ 213.852308][ T6135] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.852347][ T6135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.852371][ T6135] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.852400][ T6135] ? exc_page_fault+0x9f/0xf0 [ 213.852443][ T6135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.852468][ T6135] RIP: 0033:0x7f3cdbf794f9 [ 213.852491][ T6135] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 213.852513][ T6135] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 213.852541][ T6135] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 213.852561][ T6135] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6175] <... write resumed>) = 16777216 [pid 6175] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 213.852581][ T6135] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 213.852597][ T6135] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 213.852615][ T6135] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 213.852657][ T6135] [ 213.852913][ T6152] XFS (loop0): Ending recovery (logdev: internal) [ 213.853997][ T6135] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 213.953706][ T6152] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 213.961828][ T6135] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 213.967174][ T6152] XFS (loop0): Unmount and run xfs_repair [ 213.982083][ T6135] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 214.163765][ T6146] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 214.289372][ T6176] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 214.293183][ T6146] XFS (loop3): Unmount and run xfs_repair [ 214.298242][ T6176] CPU: 0 UID: 0 PID: 6176 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 214.298276][ T6176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.298292][ T6176] Call Trace: [ 214.298303][ T6176] [ 214.298314][ T6176] dump_stack_lvl+0x189/0x250 [ 214.298351][ T6176] ? __pfx__xfs_alert_tag+0x10/0x10 [ 214.298392][ T6176] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.298428][ T6176] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 214.298478][ T6176] xfs_corruption_error+0x122/0x170 [ 214.298520][ T6176] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 214.298556][ T6176] xfs_alloc_fixup_trees+0x95e/0xd20 [ 214.298586][ T6176] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 214.298630][ T6176] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 214.298662][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.298691][ T6176] ? rcu_is_watching+0x15/0xb0 [ 214.298732][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6175] ioctl(4, LOOP_SET_FD, 3 [pid 6176] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6176] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] exit_group(0 [pid 6176] <... futex resumed>) = ? [pid 6152] <... futex resumed>) = ? [pid 6147] <... exit_group resumed>) = ? [pid 6176] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=75 /* 0.75 s */} --- [pid 5871] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 214.298762][ T6176] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 214.298798][ T6176] ? rcu_is_watching+0x15/0xb0 [ 214.298840][ T6176] xfs_alloc_cur_finish+0xd3/0x4b0 [ 214.298870][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.298901][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.298937][ T6176] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 214.298997][ T6176] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 214.299027][ T6176] ? xfs_group_grab+0x28/0x480 [ 214.299065][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.299094][ T6176] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 214.299129][ T6176] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 214.299179][ T6176] xfs_alloc_vextent_start_ag+0x388/0x850 [ 214.299220][ T6176] xfs_bmapi_allocate+0x188e/0x2e00 [ 214.299288][ T6176] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 214.299322][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.299374][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.299403][ T6176] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 5871] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6144] exit_group(0) = ? [ 214.299427][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.299456][ T6176] ? xfs_iext_prev+0x35a/0x370 [ 214.299495][ T6176] ? xfs_iext_get_extent+0x1bb/0x370 [ 214.299528][ T6176] xfs_bmapi_write+0x7df/0x1260 [ 214.299590][ T6176] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 214.299673][ T6176] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 214.299722][ T6176] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 214.299754][ T6176] ? kasan_save_track+0x4f/0x80 [ 214.299782][ T6176] ? kasan_save_track+0x3e/0x80 [ 214.299807][ T6176] ? kasan_save_free_info+0x46/0x50 [ 214.299846][ T6176] ? kmem_cache_free+0x18f/0x400 [ 214.299875][ T6176] ? __xfs_trans_commit+0x3e0/0xbd0 [ 214.299901][ T6176] ? xfs_trans_roll+0x130/0x450 [ 214.299926][ T6176] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 214.299967][ T6176] xfs_attr_set_iter+0x2d4/0x4b70 [ 214.300003][ T6176] ? filename_setxattr+0x274/0x600 [ 214.300037][ T6176] ? path_setxattrat+0x364/0x3a0 [ 214.300060][ T6176] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 214.300114][ T6176] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 6146] <... futex resumed>) = ? [pid 6146] +++ exited with 0 +++ [ 214.300174][ T6176] ? kasan_quarantine_put+0xdd/0x220 [ 214.300201][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.300230][ T6176] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.300272][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.300308][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.300337][ T6176] ? kmem_cache_free+0x18f/0x400 [ 214.300366][ T6176] ? __xfs_trans_commit+0x3e0/0xbd0 [ 214.300398][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.300427][ T6176] ? __xfs_trans_commit+0x4c7/0xbd0 [ 214.300472][ T6176] xfs_attr_finish_item+0xed/0x320 [ 214.300514][ T6176] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 214.300552][ T6176] xfs_defer_finish_one+0x5c8/0xcf0 [ 214.300615][ T6176] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 214.300667][ T6176] xfs_defer_finish_noroll+0x910/0x12d0 [ 214.300742][ T6176] ? xfs_trans_commit+0x10b/0x1c0 [ 214.300776][ T6176] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 214.300811][ T6176] ? inode_set_ctime_current+0x740/0xb40 [ 214.300861][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.300889][ T6176] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 214.300931][ T6176] xfs_trans_commit+0x10b/0x1c0 [ 214.300958][ T6176] ? __pfx_xfs_trans_commit+0x10/0x10 [ 214.300991][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.301020][ T6176] ? xfs_trans_log_inode+0x12c/0x1a0 [ 214.301062][ T6176] xfs_attr_set+0xdc6/0x1210 [ 214.301112][ T6176] ? __pfx_xfs_attr_set+0x10/0x10 [ 214.301147][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.301176][ T6176] ? __lock_acquire+0xab9/0xd20 [ 214.301214][ T6176] ? xfs_da_hashname+0x59d/0x740 [pid 6175] <... ioctl resumed>) = 0 [pid 6175] close(3) = 0 [pid 6175] close(4) = 0 [pid 6175] mkdir("./file1", 0777) = 0 [ 214.301247][ T6176] ? do_raw_spin_lock+0x121/0x290 [ 214.301291][ T6176] ? xfs_attr_change+0x2ac/0x390 [ 214.301326][ T6176] xfs_xattr_set+0x14d/0x250 [ 214.301360][ T6176] ? __pfx_xfs_xattr_set+0x10/0x10 [ 214.301407][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.301435][ T6176] ? evm_protect_xattr+0x4d4/0xa90 [ 214.301463][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.301492][ T6176] ? rcu_is_watching+0x15/0xb0 [ 214.301526][ T6176] ? __pfx_evm_protect_xattr+0x10/0x10 [pid 6175] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./5/file1") = 0 [pid 5873] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 214.301556][ T6176] ? __pfx_xfs_xattr_set+0x10/0x10 [ 214.301584][ T6176] __vfs_setxattr+0x43c/0x480 [ 214.301635][ T6176] __vfs_setxattr_noperm+0x12d/0x660 [ 214.301680][ T6176] vfs_setxattr+0x16b/0x2f0 [ 214.301729][ T6176] ? __pfx_vfs_setxattr+0x10/0x10 [ 214.301760][ T6176] ? mnt_get_write_access+0x223/0x2a0 [ 214.301791][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.301826][ T6176] filename_setxattr+0x274/0x600 [ 214.301874][ T6176] ? __pfx_filename_setxattr+0x10/0x10 [ 214.301914][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./5/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./5") = 0 [pid 5873] mkdir("./6", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 214.301943][ T6176] ? getname_flags+0x1e5/0x540 [ 214.301985][ T6176] path_setxattrat+0x364/0x3a0 [ 214.302023][ T6176] ? __pfx_path_setxattrat+0x10/0x10 [ 214.302092][ T6176] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.302121][ T6176] ? rcu_is_watching+0x15/0xb0 [ 214.302158][ T6176] __x64_sys_lsetxattr+0xbf/0xe0 [ 214.302200][ T6176] do_syscall_64+0xfa/0x3b0 [ 214.302228][ T6176] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.302252][ T6176] ? __switch_to_asm+0x39/0x70 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 214.302286][ T6176] ? __switch_to_asm+0x33/0x70 [ 214.302325][ T6176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.302350][ T6176] RIP: 0033:0x7f3cdbf794f9 [ 214.302372][ T6176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 214.302394][ T6176] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 214.302421][ T6176] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 214.302440][ T6176] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 214.302459][ T6176] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 214.302475][ T6176] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 214.302492][ T6176] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 214.302533][ T6176] [ 214.302543][ T6176] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 214.396939][ T6177] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 214.514785][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 214.570945][ T6175] loop1: detected capacity change from 0 to 32768 [ 214.663072][ T6176] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 214.668094][ T6177] CPU: 1 UID: 0 PID: 6177 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 214.668126][ T6177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.668143][ T6177] Call Trace: [ 214.668153][ T6177] [ 214.668164][ T6177] dump_stack_lvl+0x189/0x250 [ 214.668200][ T6177] ? __pfx__xfs_alert_tag+0x10/0x10 [ 214.668239][ T6177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.668276][ T6177] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 214.668325][ T6177] xfs_corruption_error+0x122/0x170 [ 214.668365][ T6177] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 214.668401][ T6177] xfs_alloc_fixup_trees+0x95e/0xd20 [ 214.668431][ T6177] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 214.668474][ T6177] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 214.668505][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.668536][ T6177] ? rcu_is_watching+0x15/0xb0 [ 214.668567][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.668596][ T6177] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 214.668628][ T6177] ? rcu_is_watching+0x15/0xb0 [ 214.668670][ T6177] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6181 [ 214.668701][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.668731][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.668767][ T6177] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 214.668837][ T6177] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 214.668867][ T6177] ? xfs_group_grab+0x28/0x480 [ 214.668905][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.668934][ T6177] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 214.668968][ T6177] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 214.669022][ T6177] xfs_alloc_vextent_start_ag+0x388/0x850 ./strace-static-x86_64: Process 6181 attached [pid 6181] set_robust_list(0x55555d962760, 24) = 0 [pid 6181] chdir("./6") = 0 [ 214.669064][ T6177] xfs_bmapi_allocate+0x188e/0x2e00 [ 214.669132][ T6177] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 214.669165][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.669218][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.669247][ T6177] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 214.669271][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.669300][ T6177] ? xfs_iext_prev+0x35a/0x370 [ 214.669339][ T6177] ? xfs_iext_get_extent+0x1bb/0x370 [ 214.669371][ T6177] xfs_bmapi_write+0x7df/0x1260 [pid 6181] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6177] <... lsetxattr resumed>) = ? [pid 6181] <... prctl resumed>) = 0 [pid 6181] setpgid(0, 0) = 0 [pid 6181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6181] write(3, "1000", 4) = 4 [pid 6181] close(3) = 0 [pid 6181] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6181] write(1, "executing program\n", 18) = 18 [pid 6181] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6181] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6184]}, 88) = 6184 [pid 6181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6181] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6177] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=149 /* 1.49 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6184 attached ) = 0 [pid 6184] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6184] set_robust_list(0x7f3cdbf259a0, 24 [pid 5874] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6184] <... set_robust_list resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6184] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... openat resumed>) = 3 [pid 6184] memfd_create("syzkaller", 0 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 214.669433][ T6177] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 214.669517][ T6177] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 214.669559][ T6177] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 214.669591][ T6177] ? kasan_save_track+0x4f/0x80 [ 214.669617][ T6177] ? kasan_save_track+0x3e/0x80 [ 214.669642][ T6177] ? kasan_save_free_info+0x46/0x50 [ 214.669680][ T6177] ? kmem_cache_free+0x18f/0x400 [ 214.669709][ T6177] ? __xfs_trans_commit+0x3e0/0xbd0 [ 214.669735][ T6177] ? xfs_trans_roll+0x130/0x450 [pid 5874] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6184] <... memfd_create resumed>) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 214.669759][ T6177] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 214.669806][ T6177] xfs_attr_set_iter+0x2d4/0x4b70 [ 214.669842][ T6177] ? filename_setxattr+0x274/0x600 [ 214.669876][ T6177] ? path_setxattrat+0x364/0x3a0 [ 214.669898][ T6177] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 214.669953][ T6177] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 214.670012][ T6177] ? kasan_quarantine_put+0xdd/0x220 [ 214.670038][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670066][ T6177] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.670108][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670144][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670172][ T6177] ? kmem_cache_free+0x18f/0x400 [ 214.670201][ T6177] ? __xfs_trans_commit+0x3e0/0xbd0 [ 214.670233][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670262][ T6177] ? __xfs_trans_commit+0x4c7/0xbd0 [ 214.670307][ T6177] xfs_attr_finish_item+0xed/0x320 [ 214.670349][ T6177] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 214.670387][ T6177] xfs_defer_finish_one+0x5c8/0xcf0 [ 214.670450][ T6177] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 214.670501][ T6177] xfs_defer_finish_noroll+0x910/0x12d0 [ 214.670541][ T6177] ? xfs_trans_commit+0x10b/0x1c0 [ 214.670574][ T6177] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 214.670609][ T6177] ? inode_set_ctime_current+0x740/0xb40 [ 214.670658][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670686][ T6177] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 214.670727][ T6177] xfs_trans_commit+0x10b/0x1c0 [ 214.670754][ T6177] ? __pfx_xfs_trans_commit+0x10/0x10 [ 214.670794][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670823][ T6177] ? xfs_trans_log_inode+0x12c/0x1a0 [ 214.670864][ T6177] xfs_attr_set+0xdc6/0x1210 [ 214.670915][ T6177] ? __pfx_xfs_attr_set+0x10/0x10 [ 214.670949][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.670977][ T6177] ? __lock_acquire+0xab9/0xd20 [ 214.671015][ T6177] ? xfs_da_hashname+0x59d/0x740 [ 214.671047][ T6177] ? do_raw_spin_lock+0x121/0x290 [ 214.671091][ T6177] ? xfs_attr_change+0x2ac/0x390 [ 214.671126][ T6177] xfs_xattr_set+0x14d/0x250 [ 214.671159][ T6177] ? __pfx_xfs_xattr_set+0x10/0x10 [ 214.671205][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.671234][ T6177] ? evm_protect_xattr+0x4d4/0xa90 [ 214.671261][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.671289][ T6177] ? rcu_is_watching+0x15/0xb0 [ 214.671324][ T6177] ? __pfx_evm_protect_xattr+0x10/0x10 [ 214.671353][ T6177] ? __pfx_xfs_xattr_set+0x10/0x10 [ 214.671381][ T6177] __vfs_setxattr+0x43c/0x480 [ 214.671431][ T6177] __vfs_setxattr_noperm+0x12d/0x660 [ 214.671476][ T6177] vfs_setxattr+0x16b/0x2f0 [ 214.671519][ T6177] ? __pfx_vfs_setxattr+0x10/0x10 [ 214.671550][ T6177] ? mnt_get_write_access+0x223/0x2a0 [ 214.671580][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.671616][ T6177] filename_setxattr+0x274/0x600 [ 214.671666][ T6177] ? __pfx_filename_setxattr+0x10/0x10 [ 214.671705][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.671734][ T6177] ? getname_flags+0x1e5/0x540 [ 214.671783][ T6177] path_setxattrat+0x364/0x3a0 [ 214.671820][ T6177] ? __pfx_path_setxattrat+0x10/0x10 [ 214.671889][ T6177] ? srso_alias_return_thunk+0x5/0xfbef5 [ 214.671917][ T6177] ? rcu_is_watching+0x15/0xb0 [ 214.671955][ T6177] __x64_sys_lsetxattr+0xbf/0xe0 [ 214.671996][ T6177] do_syscall_64+0xfa/0x3b0 [ 214.672024][ T6177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.672048][ T6177] ? __switch_to_asm+0x39/0x70 [ 214.672081][ T6177] ? __switch_to_asm+0x33/0x70 [ 214.672120][ T6177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.672144][ T6177] RIP: 0033:0x7f3cdbf794f9 [ 214.672166][ T6177] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 214.672188][ T6177] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 214.672214][ T6177] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 214.672233][ T6177] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6184] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 6184] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 214.672252][ T6177] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 214.672269][ T6177] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 214.672286][ T6177] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 214.672326][ T6177] [ 214.672602][ T6177] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 214.677649][ T6176] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] close(4) = 0 [pid 6184] mkdir("./file1", 0777) = 0 [ 214.702445][ T6177] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 215.125283][ T6175] XFS: noikeep mount option is deprecated. [ 215.128771][ T6177] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 215.566113][ T6175] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.577977][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 215.637913][ T6175] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6184] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6175] <... mount resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [ 215.672415][ T6175] XFS (loop1): Starting recovery (logdev: internal) [ 216.092602][ T6184] loop2: detected capacity change from 0 to 32768 [ 216.124069][ T6184] XFS: noikeep mount option is deprecated. [ 216.151933][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 216.162384][ T6175] XFS (loop1): Ending recovery (logdev: internal) [pid 6175] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] getdents64(4, [pid 6175] chdir("./file1" [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6175] <... chdir resumed>) = 0 [pid 5871] close(4 [pid 6175] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 6175] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6175] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6175] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] rmdir("./5/file1" [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 5874] <... umount2 resumed>) = 0 [pid 6175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... openat resumed>) = 4 [pid 5874] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6175] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6175] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] newfstatat(AT_FDCWD, "./5/file1", [pid 5871] newfstatat(AT_FDCWD, "./5/binderfs", [pid 6175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6175] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6174] <... futex resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] unlink("./5/binderfs" [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... unlink resumed>) = 0 [pid 5874] <... openat resumed>) = 4 [pid 5871] getdents64(3, [pid 5874] newfstatat(4, "", [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(3 [pid 5874] getdents64(4, [pid 5871] <... close resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] rmdir("./5") = 0 [ 216.203739][ T6184] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6175] <... pwritev2 resumed>) = 65007 [pid 5874] getdents64(4, [pid 5871] mkdir("./6", 0777 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6175] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 5874] close(4 [pid 6174] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6174] <... futex resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] rmdir("./5/file1" [pid 5871] <... mkdir resumed>) = 0 [pid 5874] <... rmdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5874] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] close(3 [pid 6175] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] unlink("./5/binderfs" [pid 6175] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... unlink resumed>) = 0 [pid 6175] <... futex resumed>) = 0 [pid 6175] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 216.265039][ T6175] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 216.279557][ T6175] XFS (loop1): Unmount and run xfs_repair [pid 6174] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] getdents64(3, [pid 6175] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./5") = 0 [pid 5874] mkdir("./6", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 216.340663][ T6175] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 216.360468][ T6175] CPU: 1 UID: 0 PID: 6175 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 216.360511][ T6175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.360528][ T6175] Call Trace: [ 216.360538][ T6175] [ 216.360549][ T6175] dump_stack_lvl+0x189/0x250 [ 216.360592][ T6175] ? __pfx__xfs_alert_tag+0x10/0x10 [ 216.360633][ T6175] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.360670][ T6175] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 216.360756][ T6175] xfs_corruption_error+0x122/0x170 [ 216.360800][ T6175] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 216.360838][ T6175] xfs_alloc_fixup_trees+0x95e/0xd20 [ 216.360870][ T6175] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 216.360915][ T6175] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 216.360946][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.360975][ T6184] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 216.360985][ T6175] ? rcu_is_watching+0x15/0xb0 [ 216.361016][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361041][ T6175] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 216.361072][ T6175] ? rcu_is_watching+0x15/0xb0 [ 216.361113][ T6175] xfs_alloc_cur_finish+0xd3/0x4b0 [ 216.361145][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] close(3 [pid 6174] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 216.361174][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361210][ T6175] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 216.361271][ T6175] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 216.361302][ T6175] ? xfs_group_grab+0x28/0x480 [ 216.361340][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361368][ T6175] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 216.361404][ T6175] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 216.361454][ T6175] xfs_alloc_vextent_start_ag+0x388/0x850 [ 216.361495][ T6175] xfs_bmapi_allocate+0x188e/0x2e00 [ 216.361563][ T6175] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 216.361597][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361650][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361679][ T6175] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 216.361703][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.361732][ T6175] ? xfs_iext_prev+0x35a/0x370 [ 216.361771][ T6175] ? xfs_iext_get_extent+0x1bb/0x370 [ 216.361804][ T6175] xfs_bmapi_write+0x7df/0x1260 [ 216.361867][ T6175] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 216.361949][ T6175] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 216.361999][ T6175] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 216.362031][ T6175] ? kasan_save_track+0x4f/0x80 [ 216.362057][ T6175] ? kasan_save_track+0x3e/0x80 [ 216.362083][ T6175] ? kasan_save_free_info+0x46/0x50 [ 216.362121][ T6175] ? kmem_cache_free+0x18f/0x400 [ 216.362151][ T6175] ? __xfs_trans_commit+0x3e0/0xbd0 [ 216.362177][ T6175] ? xfs_trans_roll+0x130/0x450 [ 216.362201][ T6175] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 216.362243][ T6175] xfs_attr_set_iter+0x2d4/0x4b70 [ 216.362278][ T6175] ? filename_setxattr+0x274/0x600 [ 216.362313][ T6175] ? path_setxattrat+0x364/0x3a0 [ 216.362335][ T6175] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 216.362390][ T6175] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 216.362450][ T6175] ? kasan_quarantine_put+0xdd/0x220 [ 216.362476][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.362505][ T6175] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.362547][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.362582][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.362611][ T6175] ? kmem_cache_free+0x18f/0x400 [ 216.362639][ T6175] ? __xfs_trans_commit+0x3e0/0xbd0 [ 216.362672][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.362701][ T6175] ? __xfs_trans_commit+0x4c7/0xbd0 [ 216.362745][ T6175] xfs_attr_finish_item+0xed/0x320 [ 216.362788][ T6175] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 216.362827][ T6175] xfs_defer_finish_one+0x5c8/0xcf0 [ 216.362892][ T6175] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 216.362944][ T6175] xfs_defer_finish_noroll+0x910/0x12d0 [ 216.362992][ T6175] ? xfs_trans_commit+0x10b/0x1c0 [ 216.363024][ T6175] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 216.363060][ T6175] ? inode_set_ctime_current+0x740/0xb40 [ 216.363111][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.363140][ T6175] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 216.363181][ T6175] xfs_trans_commit+0x10b/0x1c0 [ 216.363209][ T6175] ? __pfx_xfs_trans_commit+0x10/0x10 [ 216.363243][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.363272][ T6175] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 216.363314][ T6175] xfs_attr_set+0xdc6/0x1210 [ 216.363366][ T6175] ? __pfx_xfs_attr_set+0x10/0x10 [ 216.363401][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.363431][ T6175] ? __lock_acquire+0xab9/0xd20 [ 216.363470][ T6175] ? xfs_da_hashname+0x59d/0x740 [ 216.363503][ T6175] ? do_raw_spin_lock+0x121/0x290 [ 216.363548][ T6175] ? xfs_attr_change+0x2ac/0x390 [ 216.363584][ T6175] xfs_xattr_set+0x14d/0x250 [ 216.363618][ T6175] ? __pfx_xfs_xattr_set+0x10/0x10 [ 216.363665][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.363694][ T6175] ? evm_protect_xattr+0x4d4/0xa90 [ 216.363721][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.363751][ T6175] ? rcu_is_watching+0x15/0xb0 [ 216.363786][ T6175] ? __pfx_evm_protect_xattr+0x10/0x10 [ 216.363815][ T6175] ? __pfx_xfs_xattr_set+0x10/0x10 [ 216.363844][ T6175] __vfs_setxattr+0x43c/0x480 [ 216.363895][ T6175] __vfs_setxattr_noperm+0x12d/0x660 [ 216.363941][ T6175] vfs_setxattr+0x16b/0x2f0 [ 216.363990][ T6175] ? __pfx_vfs_setxattr+0x10/0x10 [ 216.364021][ T6175] ? mnt_get_write_access+0x223/0x2a0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program executing program ./strace-static-x86_64: Process 6197 attached ./strace-static-x86_64: Process 6196 attached [pid 6184] <... mount resumed>) = 0 [pid 6197] set_robust_list(0x55555d962760, 24 [pid 6196] set_robust_list(0x55555d962760, 24 [pid 6184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6197] <... set_robust_list resumed>) = 0 [pid 6196] <... set_robust_list resumed>) = 0 [pid 6184] <... openat resumed>) = 3 [pid 6197] chdir("./6" [pid 6196] chdir("./6" [pid 6197] <... chdir resumed>) = 0 [pid 6196] <... chdir resumed>) = 0 [pid 6184] chdir("./file1" [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6184] <... chdir resumed>) = 0 [pid 6197] <... prctl resumed>) = 0 [pid 6196] <... prctl resumed>) = 0 [pid 6197] setpgid(0, 0 [pid 6196] setpgid(0, 0 [pid 6184] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6197] <... setpgid resumed>) = 0 [pid 6196] <... setpgid resumed>) = 0 [pid 6184] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6197] <... openat resumed>) = 3 [pid 6196] <... openat resumed>) = 3 [pid 6197] write(3, "1000", 4 [pid 6196] write(3, "1000", 4 [pid 6184] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... write resumed>) = 4 [pid 6196] <... write resumed>) = 4 [pid 6184] <... futex resumed>) = 1 [pid 6197] close(3 [pid 6196] close(3 [pid 6184] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] <... close resumed>) = 0 [pid 6196] <... close resumed>) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs" [pid 6196] symlink("/dev/binderfs", "./binderfs" [pid 6197] <... symlink resumed>) = 0 [pid 6196] <... symlink resumed>) = 0 [pid 6181] <... futex resumed>) = 0 [pid 6197] write(1, "executing program\n", 18) = 18 [pid 6197] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6197] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6181] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6198 attached [pid 6198] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6197] <... clone3 resumed> => {parent_tid=[6198]}, 88) = 6198 [pid 6184] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6198] <... rseq resumed>) = 0 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6181] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] set_robust_list(0x7f3cdbf259a0, 24 [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] <... openat resumed>) = 4 [pid 6198] <... set_robust_list resumed>) = 0 [pid 6197] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] <... futex resumed>) = 0 [pid 6196] write(1, "executing program\n", 18 [pid 6184] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6197] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6196] <... write resumed>) = 18 [pid 6184] <... futex resumed>) = 1 [pid 6181] <... futex resumed>) = 0 [pid 6198] memfd_create("syzkaller", 0 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6181] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... memfd_create resumed>) = 3 [pid 6196] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6181] <... futex resumed>) = 0 [pid 6198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6196] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6184] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6181] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6196] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6184] <... pwritev2 resumed>) = 65007 [pid 6196] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6184] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6184] <... futex resumed>) = 1 [pid 6181] <... futex resumed>) = 0 [pid 6196] <... mprotect resumed>) = 0 [pid 6184] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6181] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6181] <... futex resumed>) = 0 [pid 6196] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6184] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6181] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 216.364053][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.364088][ T6175] filename_setxattr+0x274/0x600 [ 216.364138][ T6175] ? __pfx_filename_setxattr+0x10/0x10 [ 216.364179][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.364208][ T6175] ? getname_flags+0x1e5/0x540 [ 216.364251][ T6175] path_setxattrat+0x364/0x3a0 [ 216.364289][ T6175] ? __pfx_path_setxattrat+0x10/0x10 [ 216.364359][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.364388][ T6175] ? rcu_is_watching+0x15/0xb0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6175] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6197 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6196 [pid 6181] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6181] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6181] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6175] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6175] <... futex resumed>) = 0 [pid 6175] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] exit_group(0 [pid 6181] <... clone3 resumed> => {parent_tid=[6199]}, 88) = 6199 [pid 6175] <... futex resumed>) = ? [pid 6174] <... exit_group resumed>) = ? [pid 6181] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] +++ exited with 0 +++ [pid 6174] +++ exited with 0 +++ [pid 6181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6181] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 216.364426][ T6175] __x64_sys_lsetxattr+0xbf/0xe0 [ 216.364469][ T6175] do_syscall_64+0xfa/0x3b0 [ 216.364495][ T6175] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.364535][ T6175] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.364559][ T6175] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.364588][ T6175] ? exc_page_fault+0x9f/0xf0 [ 216.364631][ T6175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.364656][ T6175] RIP: 0033:0x7f3cdbf794f9 [pid 6181] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216./strace-static-x86_64: Process 6200 attached ./strace-static-x86_64: Process 6199 attached [pid 6181] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6174, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=128 /* 1.28 s */} --- [pid 6200] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6200] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 216.364680][ T6175] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 216.364702][ T6175] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 216.364729][ T6175] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 216.364748][ T6175] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 216.364767][ T6175] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 216.364784][ T6175] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6199] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6196] <... clone3 resumed> => {parent_tid=[6200]}, 88) = 6200 [pid 6199] <... rseq resumed>) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], [pid 6199] set_robust_list(0x7f3cdbf049a0, 24 [pid 6196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6199] <... set_robust_list resumed>) = 0 [pid 6196] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = 0 [pid 6199] rt_sigprocmask(SIG_SETMASK, [], [pid 6196] <... futex resumed>) = 1 [pid 6200] memfd_create("syzkaller", 0 [pid 6199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6200] <... memfd_create resumed>) = 3 [pid 6199] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6200] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 216.364802][ T6175] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 216.364844][ T6175] [ 216.365006][ T6175] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 216.438087][ T6184] XFS (loop2): Starting recovery (logdev: internal) [ 216.568253][ T6175] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 216.731598][ T6184] XFS (loop2): Ending recovery (logdev: internal) [pid 5872] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6184] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6184] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 216.816031][ T6175] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 216.888728][ T6184] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 217.110825][ T6184] XFS (loop2): Unmount and run xfs_repair [ 217.118383][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 217.129775][ T6199] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 217.174188][ T6199] CPU: 1 UID: 0 PID: 6199 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 217.174228][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.174244][ T6199] Call Trace: [ 217.174254][ T6199] [ 217.174266][ T6199] dump_stack_lvl+0x189/0x250 [ 217.174305][ T6199] ? __pfx__xfs_alert_tag+0x10/0x10 [ 217.174345][ T6199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.174387][ T6199] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 6184] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 217.174438][ T6199] xfs_corruption_error+0x122/0x170 [ 217.174478][ T6199] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 217.174514][ T6199] xfs_alloc_fixup_trees+0x95e/0xd20 [ 217.174543][ T6199] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 217.174586][ T6199] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 217.174618][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.174647][ T6199] ? rcu_is_watching+0x15/0xb0 [ 217.174679][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.174707][ T6199] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 217.174756][ T6199] ? rcu_is_watching+0x15/0xb0 [ 217.174797][ T6199] xfs_alloc_cur_finish+0xd3/0x4b0 [ 217.174828][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.174859][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.174896][ T6199] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 217.174958][ T6199] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 217.174988][ T6199] ? xfs_group_grab+0x28/0x480 [ 217.175028][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.175057][ T6199] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 217.175093][ T6199] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 217.175143][ T6199] xfs_alloc_vextent_start_ag+0x388/0x850 [ 217.175184][ T6199] xfs_bmapi_allocate+0x188e/0x2e00 [ 217.175251][ T6199] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 217.175285][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.175337][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.175366][ T6199] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 217.175390][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.175419][ T6199] ? xfs_iext_prev+0x35a/0x370 [ 217.175458][ T6199] ? xfs_iext_get_extent+0x1bb/0x370 [ 217.175490][ T6199] xfs_bmapi_write+0x7df/0x1260 [ 217.175552][ T6199] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 217.175635][ T6199] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 217.175677][ T6199] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 217.175708][ T6199] ? kasan_save_track+0x4f/0x80 [ 217.175741][ T6199] ? kasan_save_track+0x3e/0x80 [ 217.175766][ T6199] ? kasan_save_free_info+0x46/0x50 [ 217.175805][ T6199] ? kmem_cache_free+0x18f/0x400 [ 217.175835][ T6199] ? __xfs_trans_commit+0x3e0/0xbd0 [ 217.175860][ T6199] ? xfs_trans_roll+0x130/0x450 [ 217.175885][ T6199] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 217.175927][ T6199] xfs_attr_set_iter+0x2d4/0x4b70 [ 217.175963][ T6199] ? filename_setxattr+0x274/0x600 [ 217.175997][ T6199] ? path_setxattrat+0x364/0x3a0 [ 217.176019][ T6199] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 217.176074][ T6199] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 217.176134][ T6199] ? kasan_quarantine_put+0xdd/0x220 [ 217.176162][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176192][ T6199] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.176235][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176271][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176301][ T6199] ? kmem_cache_free+0x18f/0x400 [ 217.176331][ T6199] ? __xfs_trans_commit+0x3e0/0xbd0 [ 217.176364][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176393][ T6199] ? __xfs_trans_commit+0x4c7/0xbd0 [ 217.176439][ T6199] xfs_attr_finish_item+0xed/0x320 [ 217.176481][ T6199] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 217.176520][ T6199] xfs_defer_finish_one+0x5c8/0xcf0 [ 217.176582][ T6199] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 217.176634][ T6199] xfs_defer_finish_noroll+0x910/0x12d0 [ 217.176675][ T6199] ? xfs_trans_commit+0x10b/0x1c0 [ 217.176708][ T6199] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 217.176752][ T6199] ? inode_set_ctime_current+0x740/0xb40 [ 217.176805][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176835][ T6199] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 217.176876][ T6199] xfs_trans_commit+0x10b/0x1c0 [ 217.176904][ T6199] ? __pfx_xfs_trans_commit+0x10/0x10 [ 217.176938][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.176966][ T6199] ? xfs_trans_log_inode+0x12c/0x1a0 [ 217.177009][ T6199] xfs_attr_set+0xdc6/0x1210 [ 217.177061][ T6199] ? __pfx_xfs_attr_set+0x10/0x10 [ 217.177096][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.177125][ T6199] ? __lock_acquire+0xab9/0xd20 [ 217.177163][ T6199] ? xfs_da_hashname+0x59d/0x740 [ 217.177196][ T6199] ? do_raw_spin_lock+0x121/0x290 [ 217.177241][ T6199] ? xfs_attr_change+0x2ac/0x390 [ 217.177276][ T6199] xfs_xattr_set+0x14d/0x250 [ 217.177310][ T6199] ? __pfx_xfs_xattr_set+0x10/0x10 [ 217.177357][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.177385][ T6199] ? evm_protect_xattr+0x4d4/0xa90 [ 217.177414][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.177443][ T6199] ? rcu_is_watching+0x15/0xb0 [ 217.177479][ T6199] ? __pfx_evm_protect_xattr+0x10/0x10 [ 217.177509][ T6199] ? __pfx_xfs_xattr_set+0x10/0x10 [ 217.177539][ T6199] __vfs_setxattr+0x43c/0x480 [ 217.177591][ T6199] __vfs_setxattr_noperm+0x12d/0x660 [ 217.177638][ T6199] vfs_setxattr+0x16b/0x2f0 [ 217.177682][ T6199] ? __pfx_vfs_setxattr+0x10/0x10 [ 217.177714][ T6199] ? mnt_get_write_access+0x223/0x2a0 [ 217.177754][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.177789][ T6199] filename_setxattr+0x274/0x600 [ 217.177839][ T6199] ? __pfx_filename_setxattr+0x10/0x10 [ 217.177879][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.177908][ T6199] ? getname_flags+0x1e5/0x540 [ 217.177951][ T6199] path_setxattrat+0x364/0x3a0 [ 217.177989][ T6199] ? __pfx_path_setxattrat+0x10/0x10 [ 217.178057][ T6199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 217.178087][ T6199] ? rcu_is_watching+0x15/0xb0 [ 217.178125][ T6199] __x64_sys_lsetxattr+0xbf/0xe0 [ 217.178167][ T6199] do_syscall_64+0xfa/0x3b0 [ 217.178196][ T6199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.178220][ T6199] ? __switch_to_asm+0x39/0x70 [ 217.178254][ T6199] ? __switch_to_asm+0x33/0x70 [ 217.178294][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.178319][ T6199] RIP: 0033:0x7f3cdbf794f9 [ 217.178342][ T6199] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 217.178364][ T6199] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 217.178391][ T6199] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 217.178410][ T6199] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 217.178429][ T6199] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 217.178446][ T6199] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 217.178463][ T6199] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 217.178503][ T6199] [ 217.850613][ T6199] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 217.861324][ T6199] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 6200] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6199] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6199] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] exit_group(0 [pid 6184] <... futex resumed>) = ? [pid 6181] <... exit_group resumed>) = ? [pid 6199] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [pid 6181] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6181, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=89 /* 0.89 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 217.879552][ T6199] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [pid 5873] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6198] <... write resumed>) = 16777216 [pid 6198] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6198] <... openat resumed>) = 4 [pid 6198] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 217.971373][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [ 218.020381][ T6198] loop3: detected capacity change from 0 to 32768 [pid 5872] getdents64(4, [pid 6198] <... ioctl resumed>) = 0 [pid 5873] <... umount2 resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6198] close(3 [pid 5873] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4 [pid 6198] <... close resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... close resumed>) = 0 [pid 6198] close(4 [pid 5873] newfstatat(AT_FDCWD, "./6/file1", [pid 5872] rmdir("./6/file1" [pid 6198] <... close resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6198] mkdir("./file1", 0777 [pid 5873] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./6/binderfs", [pid 6198] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6198] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] unlink("./6/binderfs") = 0 [pid 5872] getdents64(3, [pid 5873] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] <... openat resumed>) = 4 [pid 5872] close(3 [pid 5873] newfstatat(4, "", [pid 5872] <... close resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] rmdir("./6" [pid 5873] getdents64(4, [pid 5872] <... rmdir resumed>) = 0 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] mkdir("./7", 0777 [pid 5873] getdents64(4, [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 218.095759][ T6198] XFS: noikeep mount option is deprecated. [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 5873] close(4) = 0 [pid 5873] rmdir("./6/file1") = 0 [pid 5873] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./6/binderfs") = 0 [pid 6200] <... write resumed>) = 16777216 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./6") = 0 [pid 5873] mkdir("./7", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [ 218.186190][ T6198] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6200] munmap(0x7f3cd3a00000, 138412032 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6209 attached [pid 6200] <... munmap resumed>) = 0 [ 218.298262][ T6198] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6209] set_robust_list(0x55555d962760, 24 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6209 [pid 6209] <... set_robust_list resumed>) = 0 [pid 6200] <... openat resumed>) = 4 [pid 6209] chdir("./7" [pid 6200] ioctl(4, LOOP_SET_FD, 3 [pid 6209] <... chdir resumed>) = 0 [pid 6209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6209] setpgid(0, 0) = 0 [pid 6209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6209] write(3, "1000", 4) = 4 [pid 6209] close(3) = 0 [pid 6209] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6209] write(1, "executing program\n", 18) = 18 [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] <... ioctl resumed>) = 0 [pid 6209] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6200] close(3 [pid 6209] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6200] <... close resumed>) = 0 [pid 6209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6200] close(4 [pid 6209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6200] <... close resumed>) = 0 [pid 6209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6200] mkdir("./file1", 0777 [pid 6209] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6200] <... mkdir resumed>) = 0 [pid 6209] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 218.363987][ T6200] loop0: detected capacity change from 0 to 32768 [ 218.387953][ T6198] XFS (loop3): Starting recovery (logdev: internal) [pid 6200] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5873] <... close resumed>) = 0 [pid 6209] <... clone3 resumed> => {parent_tid=[6210]}, 88) = 6210 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6209] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6210 attached [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6210] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6210] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6210] memfd_create("syzkaller", 0) = 3 [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 ./strace-static-x86_64: Process 6212 attached [pid 6212] set_robust_list(0x55555d962760, 24) = 0 [pid 6212] chdir("./7" [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6212 [pid 6212] <... chdir resumed>) = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [ 218.418023][ T6200] XFS: noikeep mount option is deprecated. [pid 6212] close(3) = 0 [pid 6212] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6212] write(1, "executing program\n", 18) = 18 [pid 6212] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6212] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6216 attached [pid 6216] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6212] <... clone3 resumed> => {parent_tid=[6216]}, 88) = 6216 [pid 6216] <... rseq resumed>) = 0 [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 6216] set_robust_list(0x7f3cdbf259a0, 24 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6216] <... set_robust_list resumed>) = 0 [pid 6212] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6212] <... futex resumed>) = 0 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6216] memfd_create("syzkaller", 0) = 3 [pid 6216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6198] <... mount resumed>) = 0 [pid 6198] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6198] chdir("./file1") = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6198] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6210] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6198] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6197] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... openat resumed>) = 4 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... futex resumed>) = 0 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6197] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... pwritev2 resumed>) = 65007 [pid 6198] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... futex resumed>) = 0 [pid 6197] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.501601][ T6198] XFS (loop3): Ending recovery (logdev: internal) [ 218.520872][ T6200] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6197] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... futex resumed>) = 1 [ 218.585121][ T6198] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 218.622901][ T6198] XFS (loop3): Unmount and run xfs_repair [pid 6198] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6197] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6197] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6197] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6198] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] <... clone3 resumed> => {parent_tid=[6221]}, 88) = 6221 [pid 6198] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6197] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6221 attached [pid 6221] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6221] set_robust_list(0x7f3cdbf049a0, 24) = 0 [ 218.627558][ T6200] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6221] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6197] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 218.690354][ T6200] XFS (loop0): Starting recovery (logdev: internal) [ 218.715309][ T6221] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 218.747898][ T6221] CPU: 1 UID: 0 PID: 6221 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 218.747938][ T6221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.747955][ T6221] Call Trace: [ 218.747965][ T6221] [ 218.747976][ T6221] dump_stack_lvl+0x189/0x250 [ 218.748014][ T6221] ? __pfx__xfs_alert_tag+0x10/0x10 [ 218.748053][ T6221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.748088][ T6221] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 218.748139][ T6221] xfs_corruption_error+0x122/0x170 [ 218.748184][ T6221] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 218.748220][ T6221] xfs_alloc_fixup_trees+0x95e/0xd20 [ 218.748251][ T6221] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 218.748293][ T6221] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 218.748326][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.748358][ T6221] ? rcu_is_watching+0x15/0xb0 [ 218.748390][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.748420][ T6221] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 218.748453][ T6221] ? rcu_is_watching+0x15/0xb0 [ 218.748495][ T6221] xfs_alloc_cur_finish+0xd3/0x4b0 [ 218.748526][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.748558][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.748593][ T6221] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 218.748654][ T6221] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 218.748685][ T6221] ? xfs_group_grab+0x28/0x480 [ 218.748723][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.748753][ T6221] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 218.748803][ T6221] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 218.748854][ T6221] xfs_alloc_vextent_start_ag+0x388/0x850 [ 218.748896][ T6221] xfs_bmapi_allocate+0x188e/0x2e00 [ 218.748965][ T6221] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 218.748999][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.749052][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.749081][ T6221] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 218.749106][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.749135][ T6221] ? xfs_iext_prev+0x35a/0x370 [ 218.749176][ T6221] ? xfs_iext_get_extent+0x1bb/0x370 [ 218.749209][ T6221] xfs_bmapi_write+0x7df/0x1260 [ 218.749271][ T6221] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 218.749355][ T6221] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 218.749398][ T6221] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 218.749430][ T6221] ? kasan_save_track+0x4f/0x80 [ 218.749458][ T6221] ? kasan_save_track+0x3e/0x80 [ 218.749483][ T6221] ? kasan_save_free_info+0x46/0x50 [ 218.749522][ T6221] ? kmem_cache_free+0x18f/0x400 [ 218.749553][ T6221] ? __xfs_trans_commit+0x3e0/0xbd0 [ 218.749580][ T6221] ? xfs_trans_roll+0x130/0x450 [ 218.749605][ T6221] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 218.749647][ T6221] xfs_attr_set_iter+0x2d4/0x4b70 [ 218.749684][ T6221] ? filename_setxattr+0x274/0x600 [ 218.749719][ T6221] ? path_setxattrat+0x364/0x3a0 [ 218.749741][ T6221] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 218.749802][ T6221] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 218.749863][ T6221] ? kasan_quarantine_put+0xdd/0x220 [ 218.749890][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6216] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 6210] <... write resumed>) = 16777216 [pid 6216] munmap(0x7f3cd3a00000, 138412032 [ 218.749919][ T6221] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.749962][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.749998][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.750026][ T6221] ? kmem_cache_free+0x18f/0x400 [ 218.750055][ T6221] ? __xfs_trans_commit+0x3e0/0xbd0 [ 218.750087][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.750117][ T6221] ? __xfs_trans_commit+0x4c7/0xbd0 [ 218.750161][ T6221] xfs_attr_finish_item+0xed/0x320 [ 218.750202][ T6221] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 218.750240][ T6221] xfs_defer_finish_one+0x5c8/0xcf0 [ 218.750303][ T6221] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 218.750355][ T6221] xfs_defer_finish_noroll+0x910/0x12d0 [ 218.750396][ T6221] ? xfs_trans_commit+0x10b/0x1c0 [ 218.750429][ T6221] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 218.750465][ T6221] ? inode_set_ctime_current+0x740/0xb40 [ 218.750515][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.750544][ T6221] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 218.750585][ T6221] xfs_trans_commit+0x10b/0x1c0 [pid 6210] munmap(0x7f3cd3a00000, 138412032 [pid 6216] <... munmap resumed>) = 0 [pid 6210] <... munmap resumed>) = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6210] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6216] <... openat resumed>) = 4 [pid 6210] <... openat resumed>) = 4 [pid 6216] ioctl(4, LOOP_SET_FD, 3 [pid 6210] ioctl(4, LOOP_SET_FD, 3 [pid 6200] <... mount resumed>) = 0 [pid 6200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6221] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6216] <... ioctl resumed>) = 0 [pid 6200] <... openat resumed>) = 3 [pid 6221] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [ 218.750613][ T6221] ? __pfx_xfs_trans_commit+0x10/0x10 [ 218.750647][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.750676][ T6221] ? xfs_trans_log_inode+0x12c/0x1a0 [ 218.750719][ T6221] xfs_attr_set+0xdc6/0x1210 [ 218.750769][ T6221] ? __pfx_xfs_attr_set+0x10/0x10 [ 218.750814][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.750844][ T6221] ? __lock_acquire+0xab9/0xd20 [ 218.750882][ T6221] ? xfs_da_hashname+0x59d/0x740 [ 218.750916][ T6221] ? do_raw_spin_lock+0x121/0x290 [ 218.750961][ T6221] ? xfs_attr_change+0x2ac/0x390 [pid 6216] close(3 [pid 6221] <... futex resumed>) = 0 [pid 6216] <... close resumed>) = 0 [pid 6197] exit_group(0 [pid 6216] close(4) = 0 [pid 6197] <... exit_group resumed>) = ? [pid 6221] +++ exited with 0 +++ [pid 6216] mkdir("./file1", 0777) = 0 [ 218.750997][ T6221] xfs_xattr_set+0x14d/0x250 [ 218.751031][ T6221] ? __pfx_xfs_xattr_set+0x10/0x10 [ 218.751335][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.751366][ T6221] ? evm_protect_xattr+0x4d4/0xa90 [ 218.751393][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.751420][ T6221] ? rcu_is_watching+0x15/0xb0 [ 218.751456][ T6221] ? __pfx_evm_protect_xattr+0x10/0x10 [ 218.751483][ T6221] ? __pfx_xfs_xattr_set+0x10/0x10 [ 218.751510][ T6221] __vfs_setxattr+0x43c/0x480 [ 218.751560][ T6221] __vfs_setxattr_noperm+0x12d/0x660 [ 218.751605][ T6221] vfs_setxattr+0x16b/0x2f0 [ 218.751649][ T6221] ? __pfx_vfs_setxattr+0x10/0x10 [ 218.751681][ T6221] ? mnt_get_write_access+0x223/0x2a0 [ 218.751737][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.751774][ T6221] filename_setxattr+0x274/0x600 [ 218.751826][ T6221] ? __pfx_filename_setxattr+0x10/0x10 [ 218.751866][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.751895][ T6221] ? getname_flags+0x1e5/0x540 [ 218.751940][ T6221] path_setxattrat+0x364/0x3a0 [ 218.751979][ T6221] ? __pfx_path_setxattrat+0x10/0x10 [ 218.752048][ T6221] ? srso_alias_return_thunk+0x5/0xfbef5 [ 218.752078][ T6221] ? rcu_is_watching+0x15/0xb0 [ 218.752117][ T6221] __x64_sys_lsetxattr+0xbf/0xe0 [ 218.752159][ T6221] do_syscall_64+0xfa/0x3b0 [ 218.752190][ T6221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.752214][ T6221] ? asm_common_interrupt+0x26/0x40 [ 218.752246][ T6221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.752271][ T6221] RIP: 0033:0x7f3cdbf794f9 [pid 6216] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6210] <... ioctl resumed>) = 0 [pid 6200] chdir("./file1" [pid 6198] <... futex resumed>) = ? [pid 6200] <... chdir resumed>) = 0 [pid 6198] +++ exited with 0 +++ [pid 6197] +++ exited with 0 +++ [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- [pid 6200] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6210] close(3 [pid 5874] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6210] <... close resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 6210] close(4 [pid 5874] newfstatat(3, "", [pid 6210] <... close resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6210] mkdir("./file1", 0777 [pid 5874] getdents64(3, [pid 6210] <... mkdir resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 218.752304][ T6221] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 218.752326][ T6221] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 218.752354][ T6221] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 218.752374][ T6221] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 218.752393][ T6221] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 6210] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6196] <... futex resumed>) = 0 [ 218.752409][ T6221] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 218.752426][ T6221] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 218.752467][ T6221] [ 218.753493][ T6221] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 218.893646][ T6200] XFS (loop0): Ending recovery (logdev: internal) [ 219.139479][ T6221] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 6196] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] <... futex resumed>) = 0 [pid 6200] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... openat resumed>) = 4 [pid 6200] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] <... futex resumed>) = 0 [pid 6196] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] <... futex resumed>) = 0 [pid 6200] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... pwritev2 resumed>) = 65007 [pid 6200] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6200] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6200] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6200] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 219.166501][ T6216] loop2: detected capacity change from 0 to 32768 [ 219.170774][ T6221] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 219.192265][ T6210] loop1: detected capacity change from 0 to 32768 [ 219.223141][ T6216] XFS: noikeep mount option is deprecated. [ 219.265634][ T6210] XFS: noikeep mount option is deprecated. [ 219.400340][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 219.499336][ T6200] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 219.499403][ T6200] XFS (loop0): Unmount and run xfs_repair [ 219.504248][ T6200] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 219.535513][ T6200] CPU: 0 UID: 0 PID: 6200 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 219.535552][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.535569][ T6200] Call Trace: [ 219.535579][ T6200] [ 219.535590][ T6200] dump_stack_lvl+0x189/0x250 [ 219.535628][ T6200] ? __pfx__xfs_alert_tag+0x10/0x10 [ 219.535669][ T6200] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.535706][ T6200] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 219.535757][ T6200] xfs_corruption_error+0x122/0x170 [ 219.535799][ T6200] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 219.535835][ T6200] xfs_alloc_fixup_trees+0x95e/0xd20 [ 219.535866][ T6200] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 219.535911][ T6200] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 219.535944][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.535982][ T6200] ? rcu_is_watching+0x15/0xb0 [ 219.536014][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536044][ T6200] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 219.536079][ T6200] ? rcu_is_watching+0x15/0xb0 [ 219.536120][ T6200] xfs_alloc_cur_finish+0xd3/0x4b0 [ 219.536152][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536184][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536220][ T6200] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 219.536281][ T6200] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 219.536313][ T6200] ? xfs_group_grab+0x28/0x480 [ 219.536353][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536383][ T6200] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 219.536419][ T6200] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 219.536469][ T6200] xfs_alloc_vextent_start_ag+0x388/0x850 [ 219.536512][ T6200] xfs_bmapi_allocate+0x188e/0x2e00 [ 219.536582][ T6200] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 219.536617][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536671][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536700][ T6200] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 219.536725][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.536756][ T6200] ? xfs_iext_prev+0x35a/0x370 [ 219.536802][ T6200] ? xfs_iext_get_extent+0x1bb/0x370 [ 219.536835][ T6200] xfs_bmapi_write+0x7df/0x1260 [ 219.536898][ T6200] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 219.536990][ T6200] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 219.537033][ T6200] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 219.537065][ T6200] ? kasan_save_track+0x4f/0x80 [ 219.537092][ T6200] ? kasan_save_track+0x3e/0x80 [ 219.537117][ T6200] ? kasan_save_free_info+0x46/0x50 [ 219.537156][ T6200] ? kmem_cache_free+0x18f/0x400 [ 219.537187][ T6200] ? __xfs_trans_commit+0x3e0/0xbd0 [ 219.537213][ T6200] ? xfs_trans_roll+0x130/0x450 [ 219.537237][ T6200] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 219.537279][ T6200] xfs_attr_set_iter+0x2d4/0x4b70 [ 219.537317][ T6200] ? filename_setxattr+0x274/0x600 [ 219.537352][ T6200] ? path_setxattrat+0x364/0x3a0 [ 219.537375][ T6200] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 219.537431][ T6200] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 219.537493][ T6200] ? kasan_quarantine_put+0xdd/0x220 [ 219.537521][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.537551][ T6200] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.537594][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.537629][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.537658][ T6200] ? kmem_cache_free+0x18f/0x400 [pid 6196] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 219.537687][ T6200] ? __xfs_trans_commit+0x3e0/0xbd0 [ 219.537721][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.537750][ T6200] ? __xfs_trans_commit+0x4c7/0xbd0 [ 219.537797][ T6200] xfs_attr_finish_item+0xed/0x320 [ 219.537840][ T6200] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 219.537880][ T6200] xfs_defer_finish_one+0x5c8/0xcf0 [ 219.537944][ T6200] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 219.538005][ T6200] xfs_defer_finish_noroll+0x910/0x12d0 [ 219.538049][ T6200] ? xfs_trans_commit+0x10b/0x1c0 [ 219.538083][ T6200] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 219.538119][ T6200] ? inode_set_ctime_current+0x740/0xb40 [ 219.538170][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.538200][ T6200] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 219.538243][ T6200] xfs_trans_commit+0x10b/0x1c0 [ 219.538271][ T6200] ? __pfx_xfs_trans_commit+0x10/0x10 [ 219.538305][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.538334][ T6200] ? xfs_trans_log_inode+0x12c/0x1a0 [ 219.538378][ T6200] xfs_attr_set+0xdc6/0x1210 [ 219.538431][ T6200] ? __pfx_xfs_attr_set+0x10/0x10 [ 219.538468][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.538499][ T6200] ? __lock_acquire+0xab9/0xd20 [ 219.538537][ T6200] ? xfs_da_hashname+0x59d/0x740 [ 219.538572][ T6200] ? do_raw_spin_lock+0x121/0x290 [ 219.538618][ T6200] ? xfs_attr_change+0x2ac/0x390 [ 219.538655][ T6200] xfs_xattr_set+0x14d/0x250 [ 219.538690][ T6200] ? __pfx_xfs_xattr_set+0x10/0x10 [ 219.538738][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.538768][ T6200] ? evm_protect_xattr+0x4d4/0xa90 [ 219.538797][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.538826][ T6200] ? rcu_is_watching+0x15/0xb0 [ 219.538862][ T6200] ? __pfx_evm_protect_xattr+0x10/0x10 [ 219.538893][ T6200] ? __pfx_xfs_xattr_set+0x10/0x10 [ 219.538922][ T6200] __vfs_setxattr+0x43c/0x480 [ 219.538984][ T6200] __vfs_setxattr_noperm+0x12d/0x660 [ 219.539030][ T6200] vfs_setxattr+0x16b/0x2f0 [ 219.539074][ T6200] ? __pfx_vfs_setxattr+0x10/0x10 [ 219.539106][ T6200] ? mnt_get_write_access+0x223/0x2a0 [pid 6200] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 219.539138][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.539175][ T6200] filename_setxattr+0x274/0x600 [ 219.539224][ T6200] ? __pfx_filename_setxattr+0x10/0x10 [ 219.539265][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.539296][ T6200] ? getname_flags+0x1e5/0x540 [ 219.539340][ T6200] path_setxattrat+0x364/0x3a0 [ 219.539379][ T6200] ? __pfx_path_setxattrat+0x10/0x10 [ 219.539450][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.539479][ T6200] ? rcu_is_watching+0x15/0xb0 [ 219.539519][ T6200] __x64_sys_lsetxattr+0xbf/0xe0 [pid 5874] <... umount2 resumed>) = 0 [pid 6200] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6196] exit_group(0 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6200] <... futex resumed>) = ? [pid 6196] <... exit_group resumed>) = ? [pid 5874] close(4 [pid 6200] +++ exited with 0 +++ [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./6/file1") = 0 [pid 5874] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6196] +++ exited with 0 +++ [pid 5874] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./6/binderfs" [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=88 /* 0.88 s */} --- [pid 5874] <... unlink resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5874] getdents64(3, [pid 5871] <... restart_syscall resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./6" [pid 5871] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] <... rmdir resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 5874] mkdir("./7", 0777 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... mkdir resumed>) = 0 [ 219.539563][ T6200] do_syscall_64+0xfa/0x3b0 [ 219.539589][ T6200] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.539631][ T6200] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.539655][ T6200] ? srso_alias_return_thunk+0x5/0xfbef5 [ 219.539684][ T6200] ? exc_page_fault+0x9f/0xf0 [ 219.539727][ T6200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.539752][ T6200] RIP: 0033:0x7f3cdbf794f9 [pid 5871] getdents64(3, [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] <... openat resumed>) = 3 [pid 5871] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 219.539775][ T6200] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 219.539797][ T6200] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 219.539825][ T6200] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 219.539845][ T6200] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 219.539865][ T6200] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 219.539882][ T6200] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 219.539899][ T6200] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 219.539940][ T6200] [ 219.834503][ T6210] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 219.848369][ T6200] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 219.954350][ T6216] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 219.956476][ T6200] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 5874] close(3 [pid 6210] <... mount resumed>) = 0 [pid 6210] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] chdir("./file1") = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6210] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6210] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6209] <... futex resumed>) = 0 [pid 6210] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] <... openat resumed>) = 4 [pid 6210] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6210] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6209] <... futex resumed>) = 0 [pid 6210] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 220.026535][ T6210] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 220.027681][ T6200] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 220.079664][ T6216] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 220.089180][ T6210] XFS (loop1): Starting recovery (logdev: internal) [ 220.105159][ T6216] XFS (loop2): Starting recovery (logdev: internal) [ 220.117107][ T6210] XFS (loop1): Ending recovery (logdev: internal) [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] <... pwritev2 resumed>) = 65007 [pid 6210] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6210] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6209] <... futex resumed>) = 0 [pid 6210] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 220.330600][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 220.342124][ T6216] XFS (loop2): Ending recovery (logdev: internal) [ 220.366421][ T6210] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... mount resumed>) = 0 [pid 6216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6216] chdir("./file1") = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6210] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6210] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6209] <... futex resumed>) = 0 [pid 6210] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 220.379364][ T6210] XFS (loop1): Unmount and run xfs_repair [pid 6209] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 0 [pid 6216] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6216] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6216] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5874] <... close resumed>) = 0 [ 220.410007][ T6210] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 220.423645][ T6210] CPU: 0 UID: 0 PID: 6210 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 220.423682][ T6210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.423699][ T6210] Call Trace: [ 220.423709][ T6210] [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6238 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./6/file1") = 0 [pid 5871] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] newfstatat(AT_FDCWD, "./6/binderfs", [pid 6212] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6212] <... futex resumed>) = 0 [pid 5871] unlink("./6/binderfs" [pid 6212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [ 220.423720][ T6210] dump_stack_lvl+0x189/0x250 [ 220.423758][ T6210] ? __pfx__xfs_alert_tag+0x10/0x10 [ 220.423798][ T6210] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.423835][ T6210] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 220.423886][ T6210] xfs_corruption_error+0x122/0x170 [ 220.423928][ T6210] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 220.423965][ T6210] xfs_alloc_fixup_trees+0x95e/0xd20 [ 220.423994][ T6210] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 220.424037][ T6210] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 5871] <... unlink resumed>) = 0 [pid 6212] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] getdents64(3, [pid 6212] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6212] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] close(3 [pid 6212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5871] <... close resumed>) = 0 [pid 6212] <... clone3 resumed> => {parent_tid=[6239]}, 88) = 6239 [pid 5871] rmdir("./6" [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... rmdir resumed>) = 0 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] mkdir("./7", 0777 [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6239 attached ./strace-static-x86_64: Process 6238 attached [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 220.424073][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424103][ T6210] ? rcu_is_watching+0x15/0xb0 [ 220.424134][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424163][ T6210] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 220.424195][ T6210] ? rcu_is_watching+0x15/0xb0 [ 220.424235][ T6210] xfs_alloc_cur_finish+0xd3/0x4b0 [ 220.424266][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424296][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424332][ T6210] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 220.424388][ T6210] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [pid 5871] close(3 [pid 6216] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6216] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.424415][ T6210] ? xfs_group_grab+0x28/0x480 [ 220.424448][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424473][ T6210] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 220.424505][ T6210] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 220.424552][ T6210] xfs_alloc_vextent_start_ag+0x388/0x850 [ 220.424596][ T6210] xfs_bmapi_allocate+0x188e/0x2e00 [ 220.424664][ T6210] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 220.424699][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424750][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424779][ T6210] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 220.424804][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.424831][ T6210] ? xfs_iext_prev+0x35a/0x370 [ 220.424871][ T6210] ? xfs_iext_get_extent+0x1bb/0x370 [ 220.424903][ T6210] xfs_bmapi_write+0x7df/0x1260 [ 220.424963][ T6210] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 220.425050][ T6210] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 220.425093][ T6210] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 220.425125][ T6210] ? kasan_save_track+0x4f/0x80 [pid 6216] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6239] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 220.425151][ T6210] ? kasan_save_track+0x3e/0x80 [ 220.425175][ T6210] ? kasan_save_free_info+0x46/0x50 [ 220.425214][ T6210] ? kmem_cache_free+0x18f/0x400 [ 220.425243][ T6210] ? __xfs_trans_commit+0x3e0/0xbd0 [ 220.425270][ T6210] ? xfs_trans_roll+0x130/0x450 [ 220.425294][ T6210] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 220.425335][ T6210] xfs_attr_set_iter+0x2d4/0x4b70 [ 220.425370][ T6210] ? filename_setxattr+0x274/0x600 [ 220.425405][ T6210] ? path_setxattrat+0x364/0x3a0 [ 220.425427][ T6210] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 220.425483][ T6210] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 220.425543][ T6210] ? kasan_quarantine_put+0xdd/0x220 [ 220.425571][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.425601][ T6210] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.425642][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.425676][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.425705][ T6210] ? kmem_cache_free+0x18f/0x400 [ 220.425734][ T6210] ? __xfs_trans_commit+0x3e0/0xbd0 [ 220.425766][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.425795][ T6210] ? __xfs_trans_commit+0x4c7/0xbd0 [ 220.425839][ T6210] xfs_attr_finish_item+0xed/0x320 [ 220.425881][ T6210] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 220.425920][ T6210] xfs_defer_finish_one+0x5c8/0xcf0 [ 220.425983][ T6210] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 220.426035][ T6210] xfs_defer_finish_noroll+0x910/0x12d0 [ 220.426082][ T6210] ? xfs_trans_commit+0x10b/0x1c0 [ 220.426110][ T6210] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 220.426140][ T6210] ? inode_set_ctime_current+0x740/0xb40 [pid 6239] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6238] set_robust_list(0x55555d962760, 24) = 0 [pid 6210] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6238] chdir("./7") = 0 [pid 6238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6238] setpgid(0, 0) = 0 [pid 6238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6238] write(3, "1000", 4) = 4 [pid 6238] close(3) = 0 executing program [pid 6238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6238] write(1, "executing program\n", 18) = 18 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6238] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6240 attached [pid 6240] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6238] <... clone3 resumed> => {parent_tid=[6240]}, 88) = 6240 [pid 6240] <... rseq resumed>) = 0 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] set_robust_list(0x7f3cdbf259a0, 24 [pid 6238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6240] <... set_robust_list resumed>) = 0 [pid 6238] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], [pid 6238] <... futex resumed>) = 0 [pid 6240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 220.426184][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.426211][ T6210] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 220.426248][ T6210] xfs_trans_commit+0x10b/0x1c0 [ 220.426272][ T6210] ? __pfx_xfs_trans_commit+0x10/0x10 [ 220.426304][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.426332][ T6210] ? xfs_trans_log_inode+0x12c/0x1a0 [ 220.426366][ T6210] xfs_attr_set+0xdc6/0x1210 [ 220.426410][ T6210] ? __pfx_xfs_attr_set+0x10/0x10 [ 220.426441][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6241 attached [pid 6241] set_robust_list(0x55555d962760, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6241 [pid 6241] <... set_robust_list resumed>) = 0 [pid 6241] chdir("./7") = 0 [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6241] setpgid(0, 0) = 0 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 220.426470][ T6210] ? __lock_acquire+0xab9/0xd20 [ 220.426507][ T6210] ? xfs_da_hashname+0x59d/0x740 [ 220.426535][ T6210] ? do_raw_spin_lock+0x121/0x290 [ 220.426575][ T6210] ? xfs_attr_change+0x2ac/0x390 [ 220.426611][ T6210] xfs_xattr_set+0x14d/0x250 [ 220.426644][ T6210] ? __pfx_xfs_xattr_set+0x10/0x10 [ 220.426691][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.426719][ T6210] ? evm_protect_xattr+0x4d4/0xa90 [ 220.426748][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6241] write(3, "1000", 4 [pid 6210] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] exit_group(0) = ? [pid 6210] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ [pid 6241] <... write resumed>) = 4 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6209, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=103 /* 1.03 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6241] close(3) = 0 [pid 6241] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6241] write(1, "executing program\n", 18) = 18 [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6241] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... restart_syscall resumed>) = 0 [pid 6241] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5872] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", [pid 6241] <... clone3 resumed> => {parent_tid=[6242]}, 88) = 6242 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] getdents64(3, [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6241] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6242 attached [pid 6241] <... futex resumed>) = 0 [pid 6242] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6242] <... rseq resumed>) = 0 [pid 6242] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 220.426777][ T6210] ? rcu_is_watching+0x15/0xb0 [ 220.426817][ T6210] ? __pfx_evm_protect_xattr+0x10/0x10 [ 220.426847][ T6210] ? __pfx_xfs_xattr_set+0x10/0x10 [ 220.426874][ T6210] __vfs_setxattr+0x43c/0x480 [ 220.426925][ T6210] __vfs_setxattr_noperm+0x12d/0x660 [ 220.426970][ T6210] vfs_setxattr+0x16b/0x2f0 [ 220.427013][ T6210] ? __pfx_vfs_setxattr+0x10/0x10 [ 220.427050][ T6210] ? mnt_get_write_access+0x223/0x2a0 [ 220.427081][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6242] memfd_create("syzkaller", 0) = 3 [pid 6242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6212] exit_group(0) = ? [pid 6216] <... futex resumed>) = ? [pid 6216] +++ exited with 0 +++ [ 220.427116][ T6210] filename_setxattr+0x274/0x600 [ 220.427165][ T6210] ? __pfx_filename_setxattr+0x10/0x10 [ 220.427205][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.427234][ T6210] ? getname_flags+0x1e5/0x540 [ 220.427277][ T6210] path_setxattrat+0x364/0x3a0 [ 220.427315][ T6210] ? __pfx_path_setxattrat+0x10/0x10 [ 220.427383][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.427412][ T6210] ? rcu_is_watching+0x15/0xb0 [ 220.427449][ T6210] __x64_sys_lsetxattr+0xbf/0xe0 [ 220.427492][ T6210] do_syscall_64+0xfa/0x3b0 [ 220.427517][ T6210] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.427557][ T6210] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.427580][ T6210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.427609][ T6210] ? exc_page_fault+0x9f/0xf0 [ 220.427650][ T6210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.427675][ T6210] RIP: 0033:0x7f3cdbf794f9 [ 220.427697][ T6210] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 220.427719][ T6210] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 220.427747][ T6210] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 220.427766][ T6210] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 220.427784][ T6210] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 220.427801][ T6210] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 220.427818][ T6210] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 220.427860][ T6210] [ 220.441562][ T6216] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 220.451635][ T6210] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 220.535063][ T6216] XFS (loop2): Unmount and run xfs_repair [ 220.540011][ T6210] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 220.676988][ T6239] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 220.698018][ T6210] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 220.716176][ T6239] CPU: 1 UID: 0 PID: 6239 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 220.716212][ T6239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.716228][ T6239] Call Trace: [ 220.716238][ T6239] [pid 6240] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 220.716249][ T6239] dump_stack_lvl+0x189/0x250 [ 220.716288][ T6239] ? __pfx__xfs_alert_tag+0x10/0x10 [ 220.716328][ T6239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.716365][ T6239] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 220.716416][ T6239] xfs_corruption_error+0x122/0x170 [ 220.716456][ T6239] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 220.716493][ T6239] xfs_alloc_fixup_trees+0x95e/0xd20 [ 220.716524][ T6239] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 220.716569][ T6239] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 220.716601][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.716632][ T6239] ? rcu_is_watching+0x15/0xb0 [ 220.716663][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.716693][ T6239] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 220.716726][ T6239] ? rcu_is_watching+0x15/0xb0 [ 220.716774][ T6239] xfs_alloc_cur_finish+0xd3/0x4b0 [ 220.716810][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.716841][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.716878][ T6239] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 220.716939][ T6239] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 220.716970][ T6239] ? xfs_group_grab+0x28/0x480 [ 220.717008][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.717038][ T6239] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 220.717073][ T6239] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 220.717123][ T6239] xfs_alloc_vextent_start_ag+0x388/0x850 [ 220.717165][ T6239] xfs_bmapi_allocate+0x188e/0x2e00 [ 220.717233][ T6239] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 220.717267][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.717320][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.717350][ T6239] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 220.717374][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.717403][ T6239] ? xfs_iext_prev+0x35a/0x370 [ 220.717443][ T6239] ? xfs_iext_get_extent+0x1bb/0x370 [ 220.717476][ T6239] xfs_bmapi_write+0x7df/0x1260 [ 220.717539][ T6239] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 220.717622][ T6239] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 220.717665][ T6239] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 220.717697][ T6239] ? kasan_save_track+0x4f/0x80 [ 220.717723][ T6239] ? kasan_save_track+0x3e/0x80 [ 220.717754][ T6239] ? kasan_save_free_info+0x46/0x50 [ 220.717792][ T6239] ? kmem_cache_free+0x18f/0x400 [ 220.717822][ T6239] ? __xfs_trans_commit+0x3e0/0xbd0 [ 220.717848][ T6239] ? xfs_trans_roll+0x130/0x450 [ 220.717873][ T6239] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 220.717915][ T6239] xfs_attr_set_iter+0x2d4/0x4b70 [ 220.717950][ T6239] ? filename_setxattr+0x274/0x600 [ 220.717984][ T6239] ? path_setxattrat+0x364/0x3a0 [ 220.718007][ T6239] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 220.718061][ T6239] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 220.718121][ T6239] ? kasan_quarantine_put+0xdd/0x220 [ 220.718148][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718177][ T6239] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.718218][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718254][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718283][ T6239] ? kmem_cache_free+0x18f/0x400 [ 220.718311][ T6239] ? __xfs_trans_commit+0x3e0/0xbd0 [ 220.718344][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718373][ T6239] ? __xfs_trans_commit+0x4c7/0xbd0 [ 220.718418][ T6239] xfs_attr_finish_item+0xed/0x320 [ 220.718460][ T6239] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 220.718499][ T6239] xfs_defer_finish_one+0x5c8/0xcf0 [ 220.718562][ T6239] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 220.718614][ T6239] xfs_defer_finish_noroll+0x910/0x12d0 [ 220.718655][ T6239] ? xfs_trans_commit+0x10b/0x1c0 [ 220.718688][ T6239] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 220.718723][ T6239] ? inode_set_ctime_current+0x740/0xb40 [ 220.718781][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718810][ T6239] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 220.718851][ T6239] xfs_trans_commit+0x10b/0x1c0 [ 220.718879][ T6239] ? __pfx_xfs_trans_commit+0x10/0x10 [ 220.718912][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.718941][ T6239] ? xfs_trans_log_inode+0x12c/0x1a0 [ 220.718983][ T6239] xfs_attr_set+0xdc6/0x1210 [ 220.719034][ T6239] ? __pfx_xfs_attr_set+0x10/0x10 [ 220.719069][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6242] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6240] <... write resumed>) = 16777216 [ 220.719098][ T6239] ? __lock_acquire+0xab9/0xd20 [ 220.719136][ T6239] ? xfs_da_hashname+0x59d/0x740 [ 220.719169][ T6239] ? do_raw_spin_lock+0x121/0x290 [ 220.719214][ T6239] ? xfs_attr_change+0x2ac/0x390 [ 220.719250][ T6239] xfs_xattr_set+0x14d/0x250 [ 220.719283][ T6239] ? __pfx_xfs_xattr_set+0x10/0x10 [ 220.719330][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.719359][ T6239] ? evm_protect_xattr+0x4d4/0xa90 [ 220.719387][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.719416][ T6239] ? rcu_is_watching+0x15/0xb0 [pid 6240] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 220.719451][ T6239] ? __pfx_evm_protect_xattr+0x10/0x10 [ 220.719479][ T6239] ? __pfx_xfs_xattr_set+0x10/0x10 [ 220.719508][ T6239] __vfs_setxattr+0x43c/0x480 [ 220.719559][ T6239] __vfs_setxattr_noperm+0x12d/0x660 [ 220.719605][ T6239] vfs_setxattr+0x16b/0x2f0 [ 220.719648][ T6239] ? __pfx_vfs_setxattr+0x10/0x10 [ 220.719680][ T6239] ? mnt_get_write_access+0x223/0x2a0 [ 220.719711][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.719751][ T6239] filename_setxattr+0x274/0x600 [pid 6240] ioctl(4, LOOP_SET_FD, 3 [pid 6242] <... write resumed>) = 16777216 [ 220.719801][ T6239] ? __pfx_filename_setxattr+0x10/0x10 [ 220.719841][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.719870][ T6239] ? getname_flags+0x1e5/0x540 [ 220.719913][ T6239] path_setxattrat+0x364/0x3a0 [ 220.719951][ T6239] ? __pfx_path_setxattrat+0x10/0x10 [ 220.720019][ T6239] ? srso_alias_return_thunk+0x5/0xfbef5 [ 220.720048][ T6239] ? rcu_is_watching+0x15/0xb0 [ 220.720085][ T6239] __x64_sys_lsetxattr+0xbf/0xe0 [ 220.720126][ T6239] do_syscall_64+0xfa/0x3b0 [ 220.720154][ T6239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6240] <... ioctl resumed>) = 0 [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6240] mkdir("./file1", 0777) = 0 [ 220.720178][ T6239] ? __switch_to_asm+0x39/0x70 [ 220.720211][ T6239] ? __switch_to_asm+0x33/0x70 [ 220.720250][ T6239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.720274][ T6239] RIP: 0033:0x7f3cdbf794f9 [ 220.720296][ T6239] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 220.720319][ T6239] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 220.720345][ T6239] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 220.720364][ T6239] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 220.720383][ T6239] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 220.720400][ T6239] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 220.720416][ T6239] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 220.720457][ T6239] [ 220.737655][ T6239] XFS (loop2): Corruption detected. Unmount and run xfs_repair [pid 6240] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6242] munmap(0x7f3cd3a00000, 138412032 [pid 6239] <... lsetxattr resumed>) = ? [pid 6242] <... munmap resumed>) = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 221.704826][ T6240] loop3: detected capacity change from 0 to 32768 [ 221.716426][ T6239] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 221.716500][ T6239] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 221.800529][ T6240] XFS: noikeep mount option is deprecated. [ 221.893081][ T6242] loop0: detected capacity change from 0 to 32768 [pid 6242] ioctl(4, LOOP_SET_FD, 3 [pid 6239] +++ exited with 0 +++ [pid 6212] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=149 /* 1.49 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 6242] <... ioctl resumed>) = 0 [pid 6242] close(3) = 0 [pid 5873] <... restart_syscall resumed>) = 0 [pid 5873] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6242] close(4 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 221.911425][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6242] <... close resumed>) = 0 [pid 6242] mkdir("./file1", 0777) = 0 [pid 6242] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./7/file1") = 0 [pid 5872] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./7/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./7") = 0 [ 221.944948][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 221.959764][ T6242] XFS: noikeep mount option is deprecated. [ 221.980377][ T6240] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] mkdir("./8", 0777) = 0 [pid 5873] <... umount2 resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5873] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./7/file1") = 0 [ 222.015408][ T6242] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./7/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./7") = 0 [pid 5873] mkdir("./8", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 222.129133][ T6240] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 222.171759][ T6242] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 222.204036][ T6240] XFS (loop3): Starting recovery (logdev: internal) [ 222.246507][ T6242] XFS (loop0): Starting recovery (logdev: internal) [pid 5873] close(3 [pid 6240] <... mount resumed>) = 0 [pid 6240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./file1") = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] <... futex resumed>) = 0 [pid 6238] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = 0 [pid 6238] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... futex resumed>) = 1 [pid 6240] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] <... futex resumed>) = 0 [pid 6238] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 222.293367][ T6240] XFS (loop3): Ending recovery (logdev: internal) [ 222.327815][ T6242] XFS (loop0): Ending recovery (logdev: internal) [pid 6240] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6242] <... mount resumed>) = 0 [pid 6242] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6242] chdir("./file1") = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6242] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6241] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6242] <... openat resumed>) = 4 [pid 6242] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6259 ./strace-static-x86_64: Process 6259 attached [pid 6259] set_robust_list(0x55555d962760, 24) = 0 [pid 6259] chdir("./8" [pid 6240] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6259] <... chdir resumed>) = 0 [pid 6242] <... pwritev2 resumed>) = 65007 [pid 6259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6242] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... prctl resumed>) = 0 [pid 6259] setpgid(0, 0 [pid 6240] <... futex resumed>) = 1 [pid 6238] <... futex resumed>) = 0 [pid 6259] <... setpgid resumed>) = 0 [pid 6238] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6242] <... futex resumed>) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6240] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6238] <... futex resumed>) = 0 [pid 6259] <... openat resumed>) = 3 [pid 6242] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 222.349173][ T6240] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 222.378871][ T6240] XFS (loop3): Unmount and run xfs_repair [pid 6259] write(3, "1000", 4 [pid 6241] <... futex resumed>) = 0 [pid 6259] <... write resumed>) = 4 [pid 6259] close(3) = 0 [pid 6259] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6259] write(1, "executing program\n", 18) = 18 [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6259] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6259] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6260 attached => {parent_tid=[6260]}, 88) = 6260 [pid 6260] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], [pid 6260] <... rseq resumed>) = 0 [pid 6259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] set_robust_list(0x7f3cdbf259a0, 24 [pid 6259] <... futex resumed>) = 0 [pid 6260] <... set_robust_list resumed>) = 0 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6260] memfd_create("syzkaller", 0) = 3 [ 222.402886][ T6240] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 222.417372][ T6240] CPU: 0 UID: 0 PID: 6240 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 222.417410][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.417427][ T6240] Call Trace: [ 222.417438][ T6240] [pid 6260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] <... close resumed>) = 0 [pid 6260] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6238] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6261 [ 222.417448][ T6240] dump_stack_lvl+0x189/0x250 [ 222.417487][ T6240] ? __pfx__xfs_alert_tag+0x10/0x10 [ 222.417527][ T6240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.417563][ T6240] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 222.417614][ T6240] xfs_corruption_error+0x122/0x170 [ 222.417654][ T6240] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 222.417691][ T6240] xfs_alloc_fixup_trees+0x95e/0xd20 [ 222.417721][ T6240] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 222.417774][ T6240] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 ./strace-static-x86_64: Process 6261 attached [pid 6261] set_robust_list(0x55555d962760, 24) = 0 [pid 6261] chdir("./8") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 executing program [pid 6261] close(3 [pid 6242] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6261] <... close resumed>) = 0 [pid 6242] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] symlink("/dev/binderfs", "./binderfs" [pid 6242] <... futex resumed>) = 0 [pid 6261] <... symlink resumed>) = 0 [pid 6242] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] write(1, "executing program\n", 18) = 18 [pid 6261] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6261] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6262 attached => {parent_tid=[6262]}, 88) = 6262 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6261] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6261] <... futex resumed>) = 0 [pid 6262] <... rseq resumed>) = 0 [pid 6261] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6262] memfd_create("syzkaller", 0) = 3 [ 222.417804][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.417831][ T6240] ? rcu_is_watching+0x15/0xb0 [ 222.417861][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.417890][ T6240] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 222.417922][ T6240] ? rcu_is_watching+0x15/0xb0 [ 222.417963][ T6240] xfs_alloc_cur_finish+0xd3/0x4b0 [ 222.417994][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.418029][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.418063][ T6240] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 222.418121][ T6240] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 222.418152][ T6240] ? xfs_group_grab+0x28/0x480 [ 222.418188][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.418213][ T6240] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 222.418251][ T6240] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 222.418302][ T6240] xfs_alloc_vextent_start_ag+0x388/0x850 [ 222.418344][ T6240] xfs_bmapi_allocate+0x188e/0x2e00 [ 222.418413][ T6240] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 222.418448][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6241] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... futex resumed>) = 0 [ 222.418502][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.418532][ T6240] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 222.418556][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.418585][ T6240] ? xfs_iext_prev+0x35a/0x370 [ 222.418624][ T6240] ? xfs_iext_get_extent+0x1bb/0x370 [ 222.418656][ T6240] xfs_bmapi_write+0x7df/0x1260 [ 222.418718][ T6240] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 222.418815][ T6240] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 222.418858][ T6240] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 222.418897][ T6240] ? kasan_save_track+0x4f/0x80 [ 222.418924][ T6240] ? kasan_save_track+0x3e/0x80 [ 222.418949][ T6240] ? kasan_save_free_info+0x46/0x50 [ 222.418988][ T6240] ? kmem_cache_free+0x18f/0x400 [ 222.419017][ T6240] ? __xfs_trans_commit+0x3e0/0xbd0 [ 222.419043][ T6240] ? xfs_trans_roll+0x130/0x450 [ 222.419068][ T6240] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 222.419110][ T6240] xfs_attr_set_iter+0x2d4/0x4b70 [ 222.419146][ T6240] ? filename_setxattr+0x274/0x600 [ 222.419181][ T6240] ? path_setxattrat+0x364/0x3a0 [pid 6242] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6240] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] exit_group(0 [pid 6240] <... futex resumed>) = ? [pid 6238] <... exit_group resumed>) = ? [pid 6240] +++ exited with 0 +++ [pid 6238] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6238, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=72 /* 0.72 s */} --- [pid 5874] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 222.419204][ T6240] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 222.419259][ T6240] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 222.419320][ T6240] ? kasan_quarantine_put+0xdd/0x220 [ 222.419347][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.419376][ T6240] ? lockdep_hardirqs_on+0x9c/0x150 [ 222.419418][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.419454][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.419484][ T6240] ? kmem_cache_free+0x18f/0x400 [ 222.419513][ T6240] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 5874] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 222.419545][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.419575][ T6240] ? __xfs_trans_commit+0x4c7/0xbd0 [ 222.419619][ T6240] xfs_attr_finish_item+0xed/0x320 [ 222.419662][ T6240] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 222.419701][ T6240] xfs_defer_finish_one+0x5c8/0xcf0 [ 222.419769][ T6240] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 222.419820][ T6240] xfs_defer_finish_noroll+0x910/0x12d0 [ 222.419861][ T6240] ? xfs_trans_commit+0x10b/0x1c0 [ 222.419895][ T6240] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 6260] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 222.419930][ T6240] ? inode_set_ctime_current+0x740/0xb40 [ 222.419979][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420008][ T6240] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 222.420049][ T6240] xfs_trans_commit+0x10b/0x1c0 [ 222.420077][ T6240] ? __pfx_xfs_trans_commit+0x10/0x10 [ 222.420110][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420139][ T6240] ? xfs_trans_log_inode+0x12c/0x1a0 [ 222.420181][ T6240] xfs_attr_set+0xdc6/0x1210 [ 222.420233][ T6240] ? __pfx_xfs_attr_set+0x10/0x10 [ 222.420269][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420298][ T6240] ? __lock_acquire+0xab9/0xd20 [ 222.420336][ T6240] ? xfs_da_hashname+0x59d/0x740 [ 222.420370][ T6240] ? do_raw_spin_lock+0x121/0x290 [ 222.420414][ T6240] ? xfs_attr_change+0x2ac/0x390 [ 222.420450][ T6240] xfs_xattr_set+0x14d/0x250 [ 222.420483][ T6240] ? __pfx_xfs_xattr_set+0x10/0x10 [ 222.420529][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420558][ T6240] ? evm_protect_xattr+0x4d4/0xa90 [ 222.420585][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420614][ T6240] ? rcu_is_watching+0x15/0xb0 [ 222.420649][ T6240] ? __pfx_evm_protect_xattr+0x10/0x10 [ 222.420677][ T6240] ? __pfx_xfs_xattr_set+0x10/0x10 [ 222.420745][ T6240] __vfs_setxattr+0x43c/0x480 [ 222.420795][ T6240] __vfs_setxattr_noperm+0x12d/0x660 [ 222.420840][ T6240] vfs_setxattr+0x16b/0x2f0 [ 222.420884][ T6240] ? __pfx_vfs_setxattr+0x10/0x10 [ 222.420914][ T6240] ? mnt_get_write_access+0x223/0x2a0 [ 222.420946][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.420981][ T6240] filename_setxattr+0x274/0x600 [pid 6262] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6241] exit_group(0) = ? [ 222.421029][ T6240] ? __pfx_filename_setxattr+0x10/0x10 [ 222.421070][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.421099][ T6240] ? getname_flags+0x1e5/0x540 [ 222.421142][ T6240] path_setxattrat+0x364/0x3a0 [ 222.421181][ T6240] ? __pfx_path_setxattrat+0x10/0x10 [ 222.421248][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.421277][ T6240] ? rcu_is_watching+0x15/0xb0 [ 222.421315][ T6240] __x64_sys_lsetxattr+0xbf/0xe0 [ 222.421357][ T6240] do_syscall_64+0xfa/0x3b0 [ 222.421382][ T6240] ? lockdep_hardirqs_on+0x9c/0x150 [ 222.421422][ T6240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.421446][ T6240] ? srso_alias_return_thunk+0x5/0xfbef5 [ 222.421475][ T6240] ? exc_page_fault+0x9f/0xf0 [ 222.421517][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.421542][ T6240] RIP: 0033:0x7f3cdbf794f9 [ 222.421566][ T6240] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 222.421589][ T6240] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 222.421617][ T6240] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 222.421636][ T6240] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 222.421654][ T6240] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 222.421671][ T6240] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 222.421688][ T6240] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 222.421728][ T6240] [ 222.422028][ T6240] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 222.461517][ T6242] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 222.468543][ T6240] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 222.486871][ T6242] XFS (loop0): Unmount and run xfs_repair [ 222.489050][ T6240] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 222.641437][ T6242] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 223.167233][ T6242] CPU: 1 UID: 0 PID: 6242 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 223.167270][ T6242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.167286][ T6242] Call Trace: [ 223.167297][ T6242] [ 223.167307][ T6242] dump_stack_lvl+0x189/0x250 [ 223.167345][ T6242] ? __pfx__xfs_alert_tag+0x10/0x10 [ 223.167386][ T6242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.167423][ T6242] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 223.167471][ T6242] xfs_corruption_error+0x122/0x170 [ 223.167515][ T6242] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 223.167550][ T6242] xfs_alloc_fixup_trees+0x95e/0xd20 [ 223.167585][ T6242] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 223.167627][ T6242] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 223.167658][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.167689][ T6242] ? rcu_is_watching+0x15/0xb0 [ 223.167720][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.167757][ T6242] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 223.167789][ T6242] ? rcu_is_watching+0x15/0xb0 [ 223.167828][ T6242] xfs_alloc_cur_finish+0xd3/0x4b0 [ 223.167869][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.167900][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.167936][ T6242] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 223.167996][ T6242] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 223.168026][ T6242] ? xfs_group_grab+0x28/0x480 [ 223.168066][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.168095][ T6242] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 223.168130][ T6242] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 223.168178][ T6242] xfs_alloc_vextent_start_ag+0x388/0x850 [ 223.168218][ T6242] xfs_bmapi_allocate+0x188e/0x2e00 [ 223.168286][ T6242] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 223.168319][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.168371][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6262] <... write resumed>) = 16777216 [pid 6260] <... write resumed>) = 16777216 [pid 6262] munmap(0x7f3cd3a00000, 138412032 [ 223.168399][ T6242] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 223.168424][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.168451][ T6242] ? xfs_iext_prev+0x35a/0x370 [ 223.168495][ T6242] ? xfs_iext_get_extent+0x1bb/0x370 [ 223.168526][ T6242] xfs_bmapi_write+0x7df/0x1260 [ 223.168589][ T6242] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 223.168671][ T6242] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 223.168713][ T6242] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 223.168754][ T6242] ? kasan_save_track+0x4f/0x80 [pid 6260] munmap(0x7f3cd3a00000, 138412032 [pid 6262] <... munmap resumed>) = 0 [pid 6260] <... munmap resumed>) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6260] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6262] <... openat resumed>) = 4 [pid 6260] <... openat resumed>) = 4 [pid 6262] ioctl(4, LOOP_SET_FD, 3 [ 223.168759][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 223.168784][ T6242] ? kasan_save_track+0x3e/0x80 [ 223.168809][ T6242] ? kasan_save_free_info+0x46/0x50 [ 223.168844][ T6242] ? kmem_cache_free+0x18f/0x400 [ 223.168874][ T6242] ? __xfs_trans_commit+0x3e0/0xbd0 [ 223.168900][ T6242] ? xfs_trans_roll+0x130/0x450 [ 223.168924][ T6242] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 223.168966][ T6242] xfs_attr_set_iter+0x2d4/0x4b70 [ 223.169001][ T6242] ? filename_setxattr+0x274/0x600 [ 223.169035][ T6242] ? path_setxattrat+0x364/0x3a0 [ 223.169058][ T6242] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 223.169113][ T6242] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 223.169172][ T6242] ? kasan_quarantine_put+0xdd/0x220 [ 223.169199][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169228][ T6242] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.169268][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169304][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169332][ T6242] ? kmem_cache_free+0x18f/0x400 [pid 6260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6262] <... ioctl resumed>) = 0 [pid 6262] close(3) = 0 [pid 6262] close(4) = 0 [pid 6262] mkdir("./file1", 0777) = 0 [ 223.169361][ T6242] ? __xfs_trans_commit+0x3e0/0xbd0 [ 223.169393][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169422][ T6242] ? __xfs_trans_commit+0x4c7/0xbd0 [ 223.169467][ T6242] xfs_attr_finish_item+0xed/0x320 [ 223.169508][ T6242] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 223.169546][ T6242] xfs_defer_finish_one+0x5c8/0xcf0 [ 223.169610][ T6242] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 223.169661][ T6242] xfs_defer_finish_noroll+0x910/0x12d0 [ 223.169702][ T6242] ? xfs_trans_commit+0x10b/0x1c0 [ 223.169741][ T6242] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 223.169776][ T6242] ? inode_set_ctime_current+0x740/0xb40 [ 223.169825][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169853][ T6242] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 223.169896][ T6242] xfs_trans_commit+0x10b/0x1c0 [ 223.169924][ T6242] ? __pfx_xfs_trans_commit+0x10/0x10 [ 223.169957][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.169986][ T6242] ? xfs_trans_log_inode+0x12c/0x1a0 [ 223.170028][ T6242] xfs_attr_set+0xdc6/0x1210 [ 223.170079][ T6242] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6262] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6260] close(3 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./7/file1") = 0 [pid 5874] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./7/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./7") = 0 [pid 5874] mkdir("./8", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 223.170114][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.170143][ T6242] ? __lock_acquire+0xab9/0xd20 [ 223.170181][ T6242] ? xfs_da_hashname+0x59d/0x740 [ 223.170214][ T6242] ? do_raw_spin_lock+0x121/0x290 [ 223.170259][ T6242] ? xfs_attr_change+0x2ac/0x390 [ 223.170295][ T6242] xfs_xattr_set+0x14d/0x250 [ 223.170329][ T6242] ? __pfx_xfs_xattr_set+0x10/0x10 [ 223.170376][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.170404][ T6242] ? evm_protect_xattr+0x4d4/0xa90 [pid 5874] close(3 [pid 6260] <... close resumed>) = 0 [pid 6260] close(4) = 0 [pid 6260] mkdir("./file1", 0777) = 0 [ 223.170432][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.170461][ T6242] ? rcu_is_watching+0x15/0xb0 [ 223.170496][ T6242] ? __pfx_evm_protect_xattr+0x10/0x10 [ 223.170526][ T6242] ? __pfx_xfs_xattr_set+0x10/0x10 [ 223.170554][ T6242] __vfs_setxattr+0x43c/0x480 [ 223.170605][ T6242] __vfs_setxattr_noperm+0x12d/0x660 [ 223.170651][ T6242] vfs_setxattr+0x16b/0x2f0 [ 223.170694][ T6242] ? __pfx_vfs_setxattr+0x10/0x10 [ 223.170725][ T6242] ? mnt_get_write_access+0x223/0x2a0 [ 223.170762][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.170798][ T6242] filename_setxattr+0x274/0x600 [ 223.170847][ T6242] ? __pfx_filename_setxattr+0x10/0x10 [ 223.170887][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.170916][ T6242] ? getname_flags+0x1e5/0x540 [ 223.170959][ T6242] path_setxattrat+0x364/0x3a0 [ 223.170996][ T6242] ? __pfx_path_setxattrat+0x10/0x10 [ 223.171066][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.171095][ T6242] ? rcu_is_watching+0x15/0xb0 [ 223.171133][ T6242] __x64_sys_lsetxattr+0xbf/0xe0 [ 223.171175][ T6242] do_syscall_64+0xfa/0x3b0 [ 223.171201][ T6242] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.171241][ T6242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.171265][ T6242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 223.171294][ T6242] ? exc_page_fault+0x9f/0xf0 [ 223.171336][ T6242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.171362][ T6242] RIP: 0033:0x7f3cdbf794f9 [pid 6260] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6242] <... lsetxattr resumed>) = ? [pid 6242] +++ exited with 0 +++ [pid 6241] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6241, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=140 /* 1.40 s */} --- [ 223.171387][ T6242] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 223.171408][ T6242] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 223.171435][ T6242] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 223.171454][ T6242] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 223.171473][ T6242] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 223.171490][ T6242] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 223.171507][ T6242] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 223.171549][ T6242] [ 223.171814][ T6242] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 223.430956][ T6260] loop1: detected capacity change from 0 to 32768 [ 223.435235][ T6262] loop2: detected capacity change from 0 to 32768 [ 223.449065][ T6242] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 223.513926][ T6262] XFS: noikeep mount option is deprecated. [ 223.520966][ T6242] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 223.672526][ T6260] XFS: noikeep mount option is deprecated. [ 223.941346][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6274 attached [pid 5871] newfstatat(4, "", [pid 6274] set_robust_list(0x55555d962760, 24 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./7/file1" [pid 6274] <... set_robust_list resumed>) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6274 [pid 5871] <... rmdir resumed>) = 0 [pid 6274] chdir("./8") = 0 [pid 6274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6274] setpgid(0, 0) = 0 [pid 6274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6274] write(3, "1000", 4) = 4 [pid 6274] close(3) = 0 [pid 6274] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6274] write(1, "executing program\n", 18) = 18 [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6274] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6274] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6277]}, 88) = 6277 ./strace-static-x86_64: Process 6277 attached [pid 6274] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] newfstatat(AT_FDCWD, "./7/binderfs", [pid 6277] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6277] <... rseq resumed>) = 0 [pid 5871] unlink("./7/binderfs" [pid 6277] set_robust_list(0x7f3cdbf259a0, 24 [pid 6274] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... unlink resumed>) = 0 [pid 6277] <... set_robust_list resumed>) = 0 [pid 6274] <... futex resumed>) = 0 [pid 5871] getdents64(3, [pid 6277] rt_sigprocmask(SIG_SETMASK, [], [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] close(3 [ 223.995329][ T6262] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 224.004239][ T6260] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6277] memfd_create("syzkaller", 0 [pid 5871] <... close resumed>) = 0 [pid 6277] <... memfd_create resumed>) = 3 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5871] rmdir("./7") = 0 [pid 5871] mkdir("./8", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 224.049349][ T6260] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 224.075513][ T6260] XFS (loop1): Starting recovery (logdev: internal) [pid 5871] close(3 [pid 6260] <... mount resumed>) = 0 [pid 6260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6260] chdir("./file1") = 0 [pid 6260] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6260] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6259] <... futex resumed>) = 0 [pid 6260] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6259] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6259] <... futex resumed>) = 0 [pid 6260] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6260] <... openat resumed>) = 4 [pid 6260] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6259] <... futex resumed>) = 0 [ 224.089706][ T6262] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 224.097004][ T6260] XFS (loop1): Ending recovery (logdev: internal) [pid 6259] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6260] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6260] <... pwritev2 resumed>) = 65007 [pid 6260] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6259] <... futex resumed>) = 0 [pid 6260] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6259] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 224.147306][ T6262] XFS (loop2): Starting recovery (logdev: internal) [pid 6260] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6259] <... futex resumed>) = 0 [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6260] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6262] <... mount resumed>) = 0 [pid 6260] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6262] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6260] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6259] <... futex resumed>) = 0 [ 224.192462][ T6260] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 224.227956][ T6260] XFS (loop1): Unmount and run xfs_repair [ 224.234032][ T6262] XFS (loop2): Ending recovery (logdev: internal) [pid 6259] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... openat resumed>) = 3 [pid 6260] <... futex resumed>) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6260] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6262] chdir("./file1" [pid 6259] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... chdir resumed>) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6262] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6261] <... futex resumed>) = 0 [pid 6262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6261] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... openat resumed>) = 4 [pid 6262] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6261] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 224.271815][ T6260] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6261] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6262] <... pwritev2 resumed>) = 65007 [pid 6262] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6262] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [ 224.311194][ T6260] CPU: 0 UID: 0 PID: 6260 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 224.311233][ T6260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.311250][ T6260] Call Trace: [ 224.311260][ T6260] [ 224.311271][ T6260] dump_stack_lvl+0x189/0x250 [ 224.311309][ T6260] ? __pfx__xfs_alert_tag+0x10/0x10 [ 224.311348][ T6260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.311383][ T6260] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 6262] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 224.311438][ T6260] xfs_corruption_error+0x122/0x170 [ 224.311480][ T6260] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 224.311517][ T6260] xfs_alloc_fixup_trees+0x95e/0xd20 [ 224.311548][ T6260] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 224.311591][ T6260] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 224.311623][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.311654][ T6260] ? rcu_is_watching+0x15/0xb0 [ 224.311687][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.311717][ T6260] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6261] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6261] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6261] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6281 attached [pid 6281] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6261] <... clone3 resumed> => {parent_tid=[6281]}, 88) = 6281 [pid 6281] <... rseq resumed>) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6281] set_robust_list(0x7f3cdbf049a0, 24 [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6281] <... set_robust_list resumed>) = 0 [pid 6261] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] <... futex resumed>) = 0 [pid 6281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6261] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 224.311762][ T6260] ? rcu_is_watching+0x15/0xb0 [ 224.311804][ T6260] xfs_alloc_cur_finish+0xd3/0x4b0 [ 224.311835][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.311868][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.311904][ T6260] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 224.311965][ T6260] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 224.311995][ T6260] ? xfs_group_grab+0x28/0x480 [ 224.312034][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6281] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6261] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 224.312062][ T6260] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 224.312097][ T6260] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 224.312147][ T6260] xfs_alloc_vextent_start_ag+0x388/0x850 [ 224.312188][ T6260] xfs_bmapi_allocate+0x188e/0x2e00 [ 224.312257][ T6260] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 224.312290][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.312343][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.312372][ T6260] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 224.312396][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.312425][ T6260] ? xfs_iext_prev+0x35a/0x370 [ 224.312466][ T6260] ? xfs_iext_get_extent+0x1bb/0x370 [ 224.312498][ T6260] xfs_bmapi_write+0x7df/0x1260 [ 224.312561][ T6260] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 224.312644][ T6260] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 224.312688][ T6260] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 224.312719][ T6260] ? kasan_save_track+0x4f/0x80 [ 224.312753][ T6260] ? kasan_save_track+0x3e/0x80 [ 224.312778][ T6260] ? kasan_save_free_info+0x46/0x50 [ 224.312818][ T6260] ? kmem_cache_free+0x18f/0x400 [pid 6277] <... write resumed>) = 16777216 [pid 6262] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] <... close resumed>) = 0 [ 224.312848][ T6260] ? __xfs_trans_commit+0x3e0/0xbd0 [ 224.312873][ T6260] ? xfs_trans_roll+0x130/0x450 [ 224.312898][ T6260] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 224.312939][ T6260] xfs_attr_set_iter+0x2d4/0x4b70 [ 224.312975][ T6260] ? filename_setxattr+0x274/0x600 [ 224.313010][ T6260] ? path_setxattrat+0x364/0x3a0 [ 224.313032][ T6260] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 224.313087][ T6260] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 224.313147][ T6260] ? kasan_quarantine_put+0xdd/0x220 [pid 6260] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6277] munmap(0x7f3cd3a00000, 138412032 [pid 6262] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6260] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] exit_group(0) = ? [pid 6262] <... futex resumed>) = 0 [pid 6262] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... futex resumed>) = ? [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6282 [pid 6260] +++ exited with 0 +++ [pid 6259] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6259, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=76 /* 0.76 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 224.313174][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313203][ T6260] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.313245][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313281][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313309][ T6260] ? kmem_cache_free+0x18f/0x400 [ 224.313339][ T6260] ? __xfs_trans_commit+0x3e0/0xbd0 [ 224.313371][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313401][ T6260] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 5872] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6277] <... munmap resumed>) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 6282 attached ) = 4 [pid 6282] set_robust_list(0x55555d962760, 24) = 0 [pid 6277] ioctl(4, LOOP_SET_FD, 3 [pid 6282] chdir("./8") = 0 [pid 6282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 224.313446][ T6260] xfs_attr_finish_item+0xed/0x320 [ 224.313489][ T6260] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 224.313528][ T6260] xfs_defer_finish_one+0x5c8/0xcf0 [ 224.313591][ T6260] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 224.313644][ T6260] xfs_defer_finish_noroll+0x910/0x12d0 [ 224.313686][ T6260] ? xfs_trans_commit+0x10b/0x1c0 [ 224.313719][ T6260] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 224.313760][ T6260] ? inode_set_ctime_current+0x740/0xb40 [pid 6282] setpgid(0, 0) = 0 [pid 6282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6282] write(3, "1000", 4 [pid 6277] <... ioctl resumed>) = 0 [pid 6282] <... write resumed>) = 4 [pid 6277] close(3 [pid 6282] close(3 [pid 6277] <... close resumed>) = 0 [pid 6282] <... close resumed>) = 0 [ 224.313810][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313840][ T6260] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 224.313881][ T6260] xfs_trans_commit+0x10b/0x1c0 [ 224.313908][ T6260] ? __pfx_xfs_trans_commit+0x10/0x10 [ 224.313942][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.313971][ T6260] ? xfs_trans_log_inode+0x12c/0x1a0 [ 224.314013][ T6260] xfs_attr_set+0xdc6/0x1210 [ 224.314064][ T6260] ? __pfx_xfs_attr_set+0x10/0x10 [ 224.314098][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.314128][ T6260] ? __lock_acquire+0xab9/0xd20 [pid 6277] close(4 [pid 6282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6277] <... close resumed>) = 0 [pid 6282] write(1, "executing program\n", 18executing program [pid 6277] mkdir("./file1", 0777 [pid 6282] <... write resumed>) = 18 [pid 6282] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... mkdir resumed>) = 0 [pid 6282] <... futex resumed>) = 0 [pid 6282] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6277] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 224.314165][ T6260] ? xfs_da_hashname+0x59d/0x740 [ 224.314197][ T6260] ? do_raw_spin_lock+0x121/0x290 [ 224.314241][ T6260] ? xfs_attr_change+0x2ac/0x390 [ 224.314277][ T6260] xfs_xattr_set+0x14d/0x250 [ 224.314310][ T6260] ? __pfx_xfs_xattr_set+0x10/0x10 [ 224.314358][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.314387][ T6260] ? evm_protect_xattr+0x4d4/0xa90 [ 224.314415][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.314445][ T6260] ? rcu_is_watching+0x15/0xb0 [ 224.314480][ T6260] ? __pfx_evm_protect_xattr+0x10/0x10 [ 224.314510][ T6260] ? __pfx_xfs_xattr_set+0x10/0x10 [ 224.314539][ T6260] __vfs_setxattr+0x43c/0x480 [ 224.314590][ T6260] __vfs_setxattr_noperm+0x12d/0x660 [ 224.314635][ T6260] vfs_setxattr+0x16b/0x2f0 [ 224.314679][ T6260] ? __pfx_vfs_setxattr+0x10/0x10 [ 224.314709][ T6260] ? mnt_get_write_access+0x223/0x2a0 [ 224.314747][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.314783][ T6260] filename_setxattr+0x274/0x600 [pid 6282] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6284]}, 88) = 6284 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 224.314831][ T6260] ? __pfx_filename_setxattr+0x10/0x10 [ 224.314871][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.314899][ T6260] ? getname_flags+0x1e5/0x540 [ 224.314943][ T6260] path_setxattrat+0x364/0x3a0 [ 224.314981][ T6260] ? __pfx_path_setxattrat+0x10/0x10 [ 224.315048][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.315077][ T6260] ? rcu_is_watching+0x15/0xb0 [ 224.315115][ T6260] __x64_sys_lsetxattr+0xbf/0xe0 [ 224.315158][ T6260] do_syscall_64+0xfa/0x3b0 [ 224.315183][ T6260] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.315224][ T6260] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.315248][ T6260] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.315278][ T6260] ? exc_page_fault+0x9f/0xf0 [ 224.315321][ T6260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.315345][ T6260] RIP: 0033:0x7f3cdbf794f9 [ 224.315369][ T6260] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6282] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6261] exit_group(0) = ? [pid 6262] <... futex resumed>) = ? [pid 6262] +++ exited with 0 +++ [ 224.315391][ T6260] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 224.315420][ T6260] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 224.315439][ T6260] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 224.315458][ T6260] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 224.315475][ T6260] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 224.315492][ T6260] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 224.315533][ T6260] [ 224.315721][ T6260] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 224.344920][ T6262] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 224.547602][ T6260] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 224.552418][ T6262] XFS (loop2): Unmount and run xfs_repair [ 224.566697][ T6260] XFS (loop1): Please unmount the filesystem and rectify the problem(s) ./strace-static-x86_64: Process 6284 attached [pid 6281] <... lsetxattr resumed>) = ? [pid 5872] <... umount2 resumed>) = 0 [pid 6281] +++ exited with 0 +++ [pid 6261] +++ exited with 0 +++ [ 224.605581][ T6281] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 224.690900][ T6277] loop3: detected capacity change from 0 to 32768 [ 224.698546][ T6281] CPU: 1 UID: 0 PID: 6281 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 224.698581][ T6281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.698597][ T6281] Call Trace: [ 224.698608][ T6281] [pid 6284] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=110 /* 1.10 s */} --- [pid 5872] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6284] <... rseq resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6284] set_robust_list(0x7f3cdbf259a0, 24 [pid 5872] newfstatat(AT_FDCWD, "./8/file1", [pid 6284] <... set_robust_list resumed>) = 0 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6284] memfd_create("syzkaller", 0 [pid 5873] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6284] <... memfd_create resumed>) = 3 [pid 5873] <... openat resumed>) = 3 [pid 5872] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(3, "", [pid 5872] newfstatat(4, "", [pid 6284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6284] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4) = 0 [pid 5872] rmdir("./8/file1") = 0 [ 224.698619][ T6281] dump_stack_lvl+0x189/0x250 [ 224.698658][ T6281] ? __pfx__xfs_alert_tag+0x10/0x10 [ 224.698699][ T6281] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.698736][ T6281] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 224.698788][ T6281] xfs_corruption_error+0x122/0x170 [ 224.698829][ T6281] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 224.698866][ T6281] xfs_alloc_fixup_trees+0x95e/0xd20 [ 224.698897][ T6281] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 224.698941][ T6281] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 5872] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./8/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./8") = 0 [pid 5872] mkdir("./9", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 224.698979][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699010][ T6281] ? rcu_is_watching+0x15/0xb0 [ 224.699042][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699071][ T6281] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 224.699104][ T6281] ? rcu_is_watching+0x15/0xb0 [ 224.699269][ T6281] xfs_alloc_cur_finish+0xd3/0x4b0 [ 224.699308][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699342][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699378][ T6281] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 224.699441][ T6281] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 224.699471][ T6281] ? xfs_group_grab+0x28/0x480 [ 224.699510][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699539][ T6281] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 224.699575][ T6281] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 224.699634][ T6281] xfs_alloc_vextent_start_ag+0x388/0x850 [ 224.699676][ T6281] xfs_bmapi_allocate+0x188e/0x2e00 [ 224.699746][ T6281] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 224.699780][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699833][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699863][ T6281] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 224.699887][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.699928][ T6281] ? xfs_iext_prev+0x35a/0x370 [ 224.699968][ T6281] ? xfs_iext_get_extent+0x1bb/0x370 [ 224.700000][ T6281] xfs_bmapi_write+0x7df/0x1260 [ 224.700064][ T6281] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 224.700148][ T6281] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 224.700192][ T6281] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 224.700223][ T6281] ? kasan_save_track+0x4f/0x80 [ 224.700248][ T6281] ? kasan_save_track+0x3e/0x80 [ 224.700272][ T6281] ? kasan_save_free_info+0x46/0x50 [ 224.700307][ T6281] ? kmem_cache_free+0x18f/0x400 [ 224.700335][ T6281] ? __xfs_trans_commit+0x3e0/0xbd0 [ 224.700360][ T6281] ? xfs_trans_roll+0x130/0x450 [ 224.700383][ T6281] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 224.700422][ T6281] xfs_attr_set_iter+0x2d4/0x4b70 [ 224.700455][ T6281] ? filename_setxattr+0x274/0x600 [ 224.700488][ T6281] ? path_setxattrat+0x364/0x3a0 [ 224.700508][ T6281] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 224.700559][ T6281] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 224.700614][ T6281] ? kasan_quarantine_put+0xdd/0x220 [ 224.700637][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.700661][ T6281] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.700697][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.700752][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.700776][ T6281] ? kmem_cache_free+0x18f/0x400 [ 224.700802][ T6281] ? __xfs_trans_commit+0x3e0/0xbd0 [ 224.700829][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.700854][ T6281] ? __xfs_trans_commit+0x4c7/0xbd0 [ 224.700893][ T6281] xfs_attr_finish_item+0xed/0x320 [ 224.700956][ T6281] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 224.700991][ T6281] xfs_defer_finish_one+0x5c8/0xcf0 [ 224.701051][ T6281] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 224.701098][ T6281] xfs_defer_finish_noroll+0x910/0x12d0 [ 224.701136][ T6281] ? xfs_trans_commit+0x10b/0x1c0 [ 224.701166][ T6281] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 224.701198][ T6281] ? inode_set_ctime_current+0x740/0xb40 [ 224.701244][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.701271][ T6281] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 224.701309][ T6281] xfs_trans_commit+0x10b/0x1c0 [ 224.701335][ T6281] ? __pfx_xfs_trans_commit+0x10/0x10 [ 224.701366][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.701392][ T6281] ? xfs_trans_log_inode+0x12c/0x1a0 [ 224.701431][ T6281] xfs_attr_set+0xdc6/0x1210 [ 224.701480][ T6281] ? __pfx_xfs_attr_set+0x10/0x10 [ 224.701511][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] close(3) = 0 [pid 6284] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6289 attached [pid 6289] set_robust_list(0x55555d962760, 24) = 0 [pid 6289] chdir("./9") = 0 [pid 6289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6289 [pid 6289] setpgid(0, 0) = 0 [pid 6289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6289] write(3, "1000", 4) = 4 [pid 6289] close(3) = 0 [ 224.701538][ T6281] ? __lock_acquire+0xab9/0xd20 [ 224.701573][ T6281] ? xfs_da_hashname+0x59d/0x740 [ 224.701603][ T6281] ? do_raw_spin_lock+0x121/0x290 [ 224.701644][ T6281] ? xfs_attr_change+0x2ac/0x390 [ 224.701678][ T6281] xfs_xattr_set+0x14d/0x250 [ 224.701708][ T6281] ? __pfx_xfs_xattr_set+0x10/0x10 [ 224.701752][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.701778][ T6281] ? evm_protect_xattr+0x4d4/0xa90 [ 224.701804][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.701831][ T6281] ? rcu_is_watching+0x15/0xb0 [pid 6289] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6289] write(1, "executing program\n", 18) = 18 [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6289] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6290 attached => {parent_tid=[6290]}, 88) = 6290 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], [pid 6290] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6290] <... rseq resumed>) = 0 [pid 6289] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6290] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] memfd_create("syzkaller", 0) = 3 [pid 6290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 224.701864][ T6281] ? __pfx_evm_protect_xattr+0x10/0x10 [ 224.701891][ T6281] ? __pfx_xfs_xattr_set+0x10/0x10 [ 224.702033][ T6281] __vfs_setxattr+0x43c/0x480 [ 224.702100][ T6281] __vfs_setxattr_noperm+0x12d/0x660 [ 224.702149][ T6281] vfs_setxattr+0x16b/0x2f0 [ 224.702194][ T6281] ? __pfx_vfs_setxattr+0x10/0x10 [ 224.702225][ T6281] ? mnt_get_write_access+0x223/0x2a0 [ 224.702258][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.702296][ T6281] filename_setxattr+0x274/0x600 [ 224.702346][ T6281] ? __pfx_filename_setxattr+0x10/0x10 [ 224.702390][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.702419][ T6281] ? getname_flags+0x1e5/0x540 [ 224.702464][ T6281] path_setxattrat+0x364/0x3a0 [ 224.702502][ T6281] ? __pfx_path_setxattrat+0x10/0x10 [ 224.702573][ T6281] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.702602][ T6281] ? rcu_is_watching+0x15/0xb0 [ 224.702642][ T6281] __x64_sys_lsetxattr+0xbf/0xe0 [ 224.702686][ T6281] do_syscall_64+0xfa/0x3b0 [ 224.702717][ T6281] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.702741][ T6281] ? __switch_to_asm+0x39/0x70 [ 224.702776][ T6281] ? __switch_to_asm+0x33/0x70 [ 224.702816][ T6281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.702842][ T6281] RIP: 0033:0x7f3cdbf794f9 [ 224.702957][ T6281] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 224.702983][ T6281] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 224.703013][ T6281] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 224.703033][ T6281] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 224.703052][ T6281] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 224.703083][ T6281] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 224.703132][ T6281] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 224.703182][ T6281] [ 224.703196][ T6281] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 224.719498][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 224.730950][ T6281] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 224.807471][ T6277] XFS: noikeep mount option is deprecated. [ 224.814280][ T6281] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 225.081443][ T6277] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 225.832047][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6290] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5873] <... umount2 resumed>) = 0 [pid 6284] <... write resumed>) = 16777216 [pid 5873] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./8/file1" [pid 6284] munmap(0x7f3cd3a00000, 138412032 [pid 5873] <... rmdir resumed>) = 0 [pid 5873] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./8/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./8") = 0 [pid 5873] mkdir("./9", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 225.911035][ T6277] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5873] close(3 [pid 6284] <... munmap resumed>) = 0 [pid 6284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 225.984469][ T6277] XFS (loop3): Starting recovery (logdev: internal) [pid 6284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6284] close(3) = 0 [pid 6284] close(4) = 0 [pid 6284] mkdir("./file1", 0777) = 0 [pid 6284] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6277] <... mount resumed>) = 0 [pid 6277] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6277] chdir("./file1") = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6277] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6277] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... openat resumed>) = 4 [pid 6277] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6274] <... futex resumed>) = 0 [ 226.039526][ T6284] loop0: detected capacity change from 0 to 32768 [ 226.062933][ T6277] XFS (loop3): Ending recovery (logdev: internal) [ 226.077902][ T6284] XFS: noikeep mount option is deprecated. [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... pwritev2 resumed>) = 65007 [pid 6277] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6277] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 1 [ 226.132665][ T6277] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 226.145554][ T6284] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 226.163048][ T6277] XFS (loop3): Unmount and run xfs_repair [ 226.193436][ T6277] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 226.217864][ T6277] CPU: 0 UID: 0 PID: 6277 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 6277] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 226.217903][ T6277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.217919][ T6277] Call Trace: [ 226.217929][ T6277] [ 226.217939][ T6277] dump_stack_lvl+0x189/0x250 [ 226.217978][ T6277] ? __pfx__xfs_alert_tag+0x10/0x10 [ 226.218018][ T6277] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.218053][ T6277] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 226.218104][ T6277] xfs_corruption_error+0x122/0x170 [ 226.218146][ T6277] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 226.218179][ T6277] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 6290] <... write resumed>) = 16777216 [ 226.218210][ T6277] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 226.218253][ T6277] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 226.218285][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.218316][ T6277] ? rcu_is_watching+0x15/0xb0 [ 226.218347][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.218376][ T6277] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 226.218408][ T6277] ? rcu_is_watching+0x15/0xb0 [ 226.218449][ T6277] xfs_alloc_cur_finish+0xd3/0x4b0 [ 226.218479][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6290] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... close resumed>) = 0 [pid 6290] <... openat resumed>) = 4 [pid 6290] ioctl(4, LOOP_SET_FD, 3 [ 226.218511][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.218547][ T6277] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 226.218609][ T6277] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 226.218638][ T6277] ? xfs_group_grab+0x28/0x480 [ 226.218675][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.218709][ T6277] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 226.218751][ T6277] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 226.218805][ T6277] xfs_alloc_vextent_start_ag+0x388/0x850 [ 226.218846][ T6277] xfs_bmapi_allocate+0x188e/0x2e00 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6302 [ 226.218914][ T6277] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 226.218950][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.219003][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.219032][ T6277] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 226.219058][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.219088][ T6277] ? xfs_iext_prev+0x35a/0x370 [ 226.219128][ T6277] ? xfs_iext_get_extent+0x1bb/0x370 [ 226.219161][ T6277] xfs_bmapi_write+0x7df/0x1260 [ 226.219225][ T6277] ? __pfx_xfs_bmapi_write+0x10/0x10 ./strace-static-x86_64: Process 6302 attached [pid 6290] <... ioctl resumed>) = 0 [pid 6302] set_robust_list(0x55555d962760, 24 [pid 6290] close(3 [pid 6302] <... set_robust_list resumed>) = 0 [pid 6290] <... close resumed>) = 0 [pid 6302] chdir("./9" [pid 6290] close(4 [pid 6302] <... chdir resumed>) = 0 [pid 6302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6290] <... close resumed>) = 0 [pid 6302] <... prctl resumed>) = 0 [pid 6302] setpgid(0, 0 [pid 6290] mkdir("./file1", 0777 [pid 6302] <... setpgid resumed>) = 0 [pid 6302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6290] <... mkdir resumed>) = 0 [pid 6302] <... openat resumed>) = 3 [pid 6290] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 226.219310][ T6277] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 226.219353][ T6277] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 226.219386][ T6277] ? kasan_save_track+0x4f/0x80 [ 226.219413][ T6277] ? kasan_save_track+0x3e/0x80 [ 226.219439][ T6277] ? kasan_save_free_info+0x46/0x50 [ 226.219478][ T6277] ? kmem_cache_free+0x18f/0x400 [ 226.219507][ T6277] ? __xfs_trans_commit+0x3e0/0xbd0 [ 226.219534][ T6277] ? xfs_trans_roll+0x130/0x450 [ 226.219558][ T6277] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 226.219600][ T6277] xfs_attr_set_iter+0x2d4/0x4b70 [pid 6302] write(3, "1000", 4executing program ) = 4 [pid 6302] close(3) = 0 [pid 6302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6302] write(1, "executing program\n", 18) = 18 [pid 6302] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6302] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 226.219637][ T6277] ? filename_setxattr+0x274/0x600 [ 226.219672][ T6277] ? path_setxattrat+0x364/0x3a0 [ 226.219695][ T6277] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 226.219785][ T6277] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 226.219846][ T6277] ? kasan_quarantine_put+0xdd/0x220 [ 226.219874][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.219903][ T6277] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.219946][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.219982][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6303]}, 88) = 6303 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 226.220009][ T6277] ? kmem_cache_free+0x18f/0x400 [ 226.220040][ T6277] ? __xfs_trans_commit+0x3e0/0xbd0 [ 226.220074][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.220104][ T6277] ? __xfs_trans_commit+0x4c7/0xbd0 [ 226.220150][ T6277] xfs_attr_finish_item+0xed/0x320 [ 226.220194][ T6277] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 226.220234][ T6277] xfs_defer_finish_one+0x5c8/0xcf0 [ 226.220298][ T6277] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 226.220350][ T6277] xfs_defer_finish_noroll+0x910/0x12d0 [ 226.220391][ T6277] ? xfs_trans_commit+0x10b/0x1c0 [ 226.220425][ T6277] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 226.220460][ T6277] ? inode_set_ctime_current+0x740/0xb40 [ 226.220510][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.220540][ T6277] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 226.220582][ T6277] xfs_trans_commit+0x10b/0x1c0 [ 226.220610][ T6277] ? __pfx_xfs_trans_commit+0x10/0x10 [ 226.220643][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.220672][ T6277] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 6302] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6303 attached ) = 0 [pid 6277] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6303] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6302] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6303] <... rseq resumed>) = 0 [pid 6303] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6303] memfd_create("syzkaller", 0) = 3 [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6277] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] exit_group(0 [pid 6277] <... futex resumed>) = ? [pid 6274] <... exit_group resumed>) = ? [pid 6277] +++ exited with 0 +++ [pid 6274] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6274, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=133 /* 1.33 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 226.220715][ T6277] xfs_attr_set+0xdc6/0x1210 [ 226.220799][ T6277] ? __pfx_xfs_attr_set+0x10/0x10 [ 226.220835][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.220864][ T6277] ? __lock_acquire+0xab9/0xd20 [ 226.220903][ T6277] ? xfs_da_hashname+0x59d/0x740 [ 226.220937][ T6277] ? do_raw_spin_lock+0x121/0x290 [ 226.220983][ T6277] ? xfs_attr_change+0x2ac/0x390 [ 226.221019][ T6277] xfs_xattr_set+0x14d/0x250 [ 226.221054][ T6277] ? __pfx_xfs_xattr_set+0x10/0x10 [ 226.221102][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6284] <... mount resumed>) = 0 [pid 6284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6284] chdir("./file1") = 0 [pid 6284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6284] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6282] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... openat resumed>) = 4 [pid 6284] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6284] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6282] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... pwritev2 resumed>) = 65007 [pid 6284] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.221132][ T6277] ? evm_protect_xattr+0x4d4/0xa90 [ 226.221159][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.221189][ T6277] ? rcu_is_watching+0x15/0xb0 [ 226.221224][ T6277] ? __pfx_evm_protect_xattr+0x10/0x10 [ 226.221253][ T6277] ? __pfx_xfs_xattr_set+0x10/0x10 [ 226.221282][ T6277] __vfs_setxattr+0x43c/0x480 [ 226.221334][ T6277] __vfs_setxattr_noperm+0x12d/0x660 [ 226.221380][ T6277] vfs_setxattr+0x16b/0x2f0 [ 226.221423][ T6277] ? __pfx_vfs_setxattr+0x10/0x10 [ 226.221455][ T6277] ? mnt_get_write_access+0x223/0x2a0 [ 226.221487][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.221521][ T6277] filename_setxattr+0x274/0x600 [ 226.221571][ T6277] ? __pfx_filename_setxattr+0x10/0x10 [ 226.221611][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.221641][ T6277] ? getname_flags+0x1e5/0x540 [ 226.221684][ T6277] path_setxattrat+0x364/0x3a0 [ 226.221723][ T6277] ? __pfx_path_setxattrat+0x10/0x10 [ 226.221798][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.221828][ T6277] ? rcu_is_watching+0x15/0xb0 [pid 6282] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 226.221867][ T6277] __x64_sys_lsetxattr+0xbf/0xe0 [ 226.221910][ T6277] do_syscall_64+0xfa/0x3b0 [ 226.221936][ T6277] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.221977][ T6277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.222002][ T6277] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.222032][ T6277] ? exc_page_fault+0x9f/0xf0 [ 226.222075][ T6277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.222100][ T6277] RIP: 0033:0x7f3cdbf794f9 [pid 6284] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6303] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6282] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6282] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6312]}, 88) = 6312 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 226.222123][ T6277] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 226.222146][ T6277] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 226.222174][ T6277] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 226.222193][ T6277] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 226.222212][ T6277] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 226.222229][ T6277] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 226.222246][ T6277] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 226.222287][ T6277] [ 226.222696][ T6277] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 226.241583][ T6284] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 226.370504][ T6290] loop1: detected capacity change from 0 to 32768 [ 226.385494][ T6284] XFS (loop0): Starting recovery (logdev: internal) [pid 6282] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.415818][ T6277] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 226.443081][ T6290] XFS: noikeep mount option is deprecated. [ 226.476909][ T6277] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 226.650866][ T6284] XFS (loop0): Ending recovery (logdev: internal) [ 226.657530][ T6290] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb ./strace-static-x86_64: Process 6312 attached [pid 6284] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6284] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6282] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] <... rseq resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6312] set_robust_list(0x7f3cdbf049a0, 24 [pid 6284] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] <... set_robust_list resumed>) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 226.743680][ T6284] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 226.960589][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 227.010206][ T6284] XFS (loop0): Unmount and run xfs_repair [pid 6312] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6303] <... write resumed>) = 16777216 [ 227.035371][ T6312] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 227.058950][ T6312] CPU: 0 UID: 0 PID: 6312 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 227.058986][ T6312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.059004][ T6312] Call Trace: [ 227.059013][ T6312] [ 227.059025][ T6312] dump_stack_lvl+0x189/0x250 [pid 6303] munmap(0x7f3cd3a00000, 138412032 [pid 6282] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 227.059062][ T6312] ? __pfx__xfs_alert_tag+0x10/0x10 [ 227.059109][ T6312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.059145][ T6312] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 227.059195][ T6312] xfs_corruption_error+0x122/0x170 [ 227.059237][ T6312] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 227.059273][ T6312] xfs_alloc_fixup_trees+0x95e/0xd20 [ 227.059304][ T6312] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 227.059347][ T6312] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 227.059379][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6303] <... munmap resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./8/file1") = 0 [pid 5874] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./8/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./8") = 0 [pid 5874] mkdir("./9", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 227.059409][ T6312] ? rcu_is_watching+0x15/0xb0 [ 227.059442][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.059471][ T6312] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 227.059504][ T6312] ? rcu_is_watching+0x15/0xb0 [ 227.059545][ T6312] xfs_alloc_cur_finish+0xd3/0x4b0 [ 227.059575][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.059606][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.059641][ T6312] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 227.059701][ T6312] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 227.059732][ T6312] ? xfs_group_grab+0x28/0x480 [ 227.059771][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.059802][ T6312] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 227.059837][ T6312] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 227.059888][ T6312] xfs_alloc_vextent_start_ag+0x388/0x850 [ 227.059930][ T6312] xfs_bmapi_allocate+0x188e/0x2e00 [ 227.059999][ T6312] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 227.060034][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.060097][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.060127][ T6312] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 227.060152][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.060182][ T6312] ? xfs_iext_prev+0x35a/0x370 [ 227.060223][ T6312] ? xfs_iext_get_extent+0x1bb/0x370 [ 227.060256][ T6312] xfs_bmapi_write+0x7df/0x1260 [ 227.060319][ T6312] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 227.060402][ T6312] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 227.060446][ T6312] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 227.060478][ T6312] ? kasan_save_track+0x4f/0x80 [ 227.060505][ T6312] ? kasan_save_track+0x3e/0x80 [ 227.060531][ T6312] ? kasan_save_free_info+0x46/0x50 [ 227.060570][ T6312] ? kmem_cache_free+0x18f/0x400 [ 227.060601][ T6312] ? __xfs_trans_commit+0x3e0/0xbd0 [ 227.060628][ T6312] ? xfs_trans_roll+0x130/0x450 [ 227.060652][ T6312] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 227.060695][ T6312] xfs_attr_set_iter+0x2d4/0x4b70 [ 227.060757][ T6312] ? filename_setxattr+0x274/0x600 [ 227.060793][ T6312] ? path_setxattrat+0x364/0x3a0 [ 227.060816][ T6312] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 227.060871][ T6312] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 227.060931][ T6312] ? kasan_quarantine_put+0xdd/0x220 [ 227.060958][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.060988][ T6312] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.061031][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061067][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061104][ T6312] ? kmem_cache_free+0x18f/0x400 [ 227.061134][ T6312] ? __xfs_trans_commit+0x3e0/0xbd0 [ 227.061167][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061197][ T6312] ? __xfs_trans_commit+0x4c7/0xbd0 [ 227.061243][ T6312] xfs_attr_finish_item+0xed/0x320 [ 227.061285][ T6312] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 227.061325][ T6312] xfs_defer_finish_one+0x5c8/0xcf0 [ 227.061389][ T6312] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 227.061441][ T6312] xfs_defer_finish_noroll+0x910/0x12d0 [ 227.061484][ T6312] ? xfs_trans_commit+0x10b/0x1c0 [ 227.061517][ T6312] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 227.061553][ T6312] ? inode_set_ctime_current+0x740/0xb40 [pid 5874] close(3executing program [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6312] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6312] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] exit_group(0 [pid 6312] <... futex resumed>) = ? [pid 6282] <... exit_group resumed>) = ? [pid 6312] +++ exited with 0 +++ [pid 6284] <... futex resumed>) = ? [pid 6284] +++ exited with 0 +++ [pid 6282] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6282, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=84 /* 0.84 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6313 attached [pid 6313] set_robust_list(0x55555d962760, 24) = 0 [pid 6313] chdir("./9" [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6313 [pid 6313] <... chdir resumed>) = 0 [pid 6313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6313] setpgid(0, 0) = 0 [pid 6313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6313] write(3, "1000", 4) = 4 [pid 6313] close(3) = 0 [pid 6313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6313] write(1, "executing program\n", 18) = 18 [pid 6313] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6313] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6313] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] <... openat resumed>) = 4 [pid 6313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6303] ioctl(4, LOOP_SET_FD, 3 [pid 6313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6314 attached [pid 6314] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6313] <... clone3 resumed> => {parent_tid=[6314]}, 88) = 6314 [pid 6314] <... rseq resumed>) = 0 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6314] set_robust_list(0x7f3cdbf259a0, 24 [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6314] <... set_robust_list resumed>) = 0 [pid 6313] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], [pid 6313] <... futex resumed>) = 0 [pid 6314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 227.061603][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061633][ T6312] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 227.061676][ T6312] xfs_trans_commit+0x10b/0x1c0 [ 227.061703][ T6312] ? __pfx_xfs_trans_commit+0x10/0x10 [ 227.061737][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061766][ T6312] ? xfs_trans_log_inode+0x12c/0x1a0 [ 227.061809][ T6312] xfs_attr_set+0xdc6/0x1210 [ 227.061860][ T6312] ? __pfx_xfs_attr_set+0x10/0x10 [ 227.061897][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.061926][ T6312] ? __lock_acquire+0xab9/0xd20 [pid 6314] memfd_create("syzkaller", 0) = 3 [pid 6314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 227.061965][ T6312] ? xfs_da_hashname+0x59d/0x740 [ 227.061999][ T6312] ? do_raw_spin_lock+0x121/0x290 [ 227.062044][ T6312] ? xfs_attr_change+0x2ac/0x390 [ 227.062085][ T6312] xfs_xattr_set+0x14d/0x250 [ 227.062120][ T6312] ? __pfx_xfs_xattr_set+0x10/0x10 [ 227.062166][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.062196][ T6312] ? evm_protect_xattr+0x4d4/0xa90 [ 227.062223][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.062253][ T6312] ? rcu_is_watching+0x15/0xb0 [pid 6290] <... mount resumed>) = 0 [pid 6290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6290] chdir("./file1") = 0 [pid 6290] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6290] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 227.062289][ T6312] ? __pfx_evm_protect_xattr+0x10/0x10 [ 227.062319][ T6312] ? __pfx_xfs_xattr_set+0x10/0x10 [ 227.062348][ T6312] __vfs_setxattr+0x43c/0x480 [ 227.062398][ T6312] __vfs_setxattr_noperm+0x12d/0x660 [ 227.062445][ T6312] vfs_setxattr+0x16b/0x2f0 [ 227.062489][ T6312] ? __pfx_vfs_setxattr+0x10/0x10 [ 227.062521][ T6312] ? mnt_get_write_access+0x223/0x2a0 [ 227.062552][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.062588][ T6312] filename_setxattr+0x274/0x600 [ 227.062637][ T6312] ? __pfx_filename_setxattr+0x10/0x10 [pid 6290] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... futex resumed>) = 0 [pid 6289] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6289] <... futex resumed>) = 1 [pid 6290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6290] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 227.062678][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.062707][ T6312] ? getname_flags+0x1e5/0x540 [ 227.062751][ T6312] path_setxattrat+0x364/0x3a0 [ 227.062789][ T6312] ? __pfx_path_setxattrat+0x10/0x10 [ 227.062858][ T6312] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.062888][ T6312] ? rcu_is_watching+0x15/0xb0 [ 227.062928][ T6312] __x64_sys_lsetxattr+0xbf/0xe0 [ 227.062970][ T6312] do_syscall_64+0xfa/0x3b0 [ 227.062999][ T6312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6290] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... futex resumed>) = 1 [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [ 227.063024][ T6312] ? __switch_to_asm+0x39/0x70 [ 227.063058][ T6312] ? __switch_to_asm+0x33/0x70 [ 227.063103][ T6312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.063129][ T6312] RIP: 0033:0x7f3cdbf794f9 [ 227.063152][ T6312] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 227.063175][ T6312] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 227.063203][ T6312] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 227.063223][ T6312] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 227.063242][ T6312] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 227.063259][ T6312] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 227.063276][ T6312] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 227.063317][ T6312] [ 227.063327][ T6312] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 6290] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6303] <... ioctl resumed>) = 0 [pid 6289] <... futex resumed>) = 1 [ 227.074988][ T6290] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 227.124308][ T6312] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 227.148184][ T6290] XFS (loop1): Starting recovery (logdev: internal) [ 227.188266][ T6312] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 227.264324][ T6290] XFS (loop1): Ending recovery (logdev: internal) [pid 6303] close(3 [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... close resumed>) = 0 [pid 6303] close(4) = 0 [pid 6303] mkdir("./file1", 0777) = 0 [ 227.488110][ T6303] loop2: detected capacity change from 0 to 32768 [ 227.636067][ T6290] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 227.689090][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 227.757004][ T6290] XFS (loop1): Unmount and run xfs_repair [pid 6303] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6290] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6290] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... umount2 resumed>) = 0 [pid 6289] <... futex resumed>) = 0 [pid 5871] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6289] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6289] <... futex resumed>) = 1 [pid 5871] newfstatat(AT_FDCWD, "./8/file1", [pid 6289] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] <... futex resumed>) = 0 [pid 6290] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 227.866081][ T6303] XFS: noikeep mount option is deprecated. [ 227.891017][ T6290] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 227.906364][ T6290] CPU: 1 UID: 0 PID: 6290 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 227.906403][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.906418][ T6290] Call Trace: [ 227.906432][ T6290] [ 227.906444][ T6290] dump_stack_lvl+0x189/0x250 [ 227.906482][ T6290] ? __pfx__xfs_alert_tag+0x10/0x10 [ 227.906519][ T6290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.906553][ T6290] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 227.906600][ T6290] xfs_corruption_error+0x122/0x170 [pid 5871] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6314] <... write resumed>) = 16777216 [pid 6289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... openat resumed>) = 4 [pid 6314] munmap(0x7f3cd3a00000, 138412032 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [ 227.906638][ T6290] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 227.906673][ T6290] xfs_alloc_fixup_trees+0x95e/0xd20 [ 227.906700][ T6290] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 227.906741][ T6290] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 227.906770][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.906808][ T6290] ? rcu_is_watching+0x15/0xb0 [ 227.906850][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.906878][ T6290] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 227.906909][ T6290] ? rcu_is_watching+0x15/0xb0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./8/file1") = 0 [pid 5871] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./8/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./8") = 0 [pid 5871] mkdir("./9", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 227.906948][ T6290] xfs_alloc_cur_finish+0xd3/0x4b0 [ 227.906977][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907007][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907039][ T6290] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 227.907098][ T6290] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 227.907126][ T6290] ? xfs_group_grab+0x28/0x480 [ 227.907162][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907189][ T6290] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 227.907222][ T6290] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 227.907271][ T6290] xfs_alloc_vextent_start_ag+0x388/0x850 [ 227.907311][ T6290] xfs_bmapi_allocate+0x188e/0x2e00 [ 227.907378][ T6290] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 227.907411][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907463][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907491][ T6290] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 227.907515][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.907543][ T6290] ? xfs_iext_prev+0x35a/0x370 [ 227.907582][ T6290] ? xfs_iext_get_extent+0x1bb/0x370 [ 227.907614][ T6290] xfs_bmapi_write+0x7df/0x1260 [ 227.907677][ T6290] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 227.907760][ T6290] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 227.907803][ T6290] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 227.907842][ T6290] ? kasan_save_track+0x4f/0x80 [ 227.907870][ T6290] ? kasan_save_track+0x3e/0x80 [ 227.907897][ T6290] ? kasan_save_free_info+0x46/0x50 [ 227.907936][ T6290] ? kmem_cache_free+0x18f/0x400 [ 227.907966][ T6290] ? __xfs_trans_commit+0x3e0/0xbd0 [ 227.907991][ T6290] ? xfs_trans_roll+0x130/0x450 [ 227.908014][ T6290] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 227.908054][ T6290] xfs_attr_set_iter+0x2d4/0x4b70 [ 227.908087][ T6290] ? filename_setxattr+0x274/0x600 [ 227.908120][ T6290] ? path_setxattrat+0x364/0x3a0 [ 227.908142][ T6290] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 227.908193][ T6290] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 227.908249][ T6290] ? kasan_quarantine_put+0xdd/0x220 [ 227.908273][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.908299][ T6290] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.908338][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.908371][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.908399][ T6290] ? kmem_cache_free+0x18f/0x400 [ 227.908426][ T6290] ? __xfs_trans_commit+0x3e0/0xbd0 [ 227.908456][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.908483][ T6290] ? __xfs_trans_commit+0x4c7/0xbd0 [ 227.908526][ T6290] xfs_attr_finish_item+0xed/0x320 [ 227.908567][ T6290] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 227.908602][ T6290] xfs_defer_finish_one+0x5c8/0xcf0 [ 227.908663][ T6290] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 227.908713][ T6290] xfs_defer_finish_noroll+0x910/0x12d0 [ 227.908753][ T6290] ? xfs_trans_commit+0x10b/0x1c0 [ 227.908784][ T6290] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 227.908817][ T6290] ? inode_set_ctime_current+0x740/0xb40 [ 227.908870][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.908898][ T6290] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 227.908937][ T6290] xfs_trans_commit+0x10b/0x1c0 [ 227.908963][ T6290] ? __pfx_xfs_trans_commit+0x10/0x10 [ 227.908995][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909020][ T6290] ? xfs_trans_log_inode+0x12c/0x1a0 [ 227.909062][ T6290] xfs_attr_set+0xdc6/0x1210 [ 227.909119][ T6290] ? __pfx_xfs_attr_set+0x10/0x10 [ 227.909152][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909181][ T6290] ? __lock_acquire+0xab9/0xd20 [ 227.909224][ T6290] ? xfs_da_hashname+0x59d/0x740 [ 227.909261][ T6290] ? do_raw_spin_lock+0x121/0x290 [ 227.909303][ T6290] ? xfs_attr_change+0x2ac/0x390 [ 227.909336][ T6290] xfs_xattr_set+0x14d/0x250 [ 227.909369][ T6290] ? __pfx_xfs_xattr_set+0x10/0x10 [ 227.909415][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909442][ T6290] ? evm_protect_xattr+0x4d4/0xa90 [ 227.909468][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909495][ T6290] ? rcu_is_watching+0x15/0xb0 [ 227.909529][ T6290] ? __pfx_evm_protect_xattr+0x10/0x10 [ 227.909558][ T6290] ? __pfx_xfs_xattr_set+0x10/0x10 [ 227.909584][ T6290] __vfs_setxattr+0x43c/0x480 [ 227.909634][ T6290] __vfs_setxattr_noperm+0x12d/0x660 [ 227.909677][ T6290] vfs_setxattr+0x16b/0x2f0 [ 227.909719][ T6290] ? __pfx_vfs_setxattr+0x10/0x10 [ 227.909749][ T6290] ? mnt_get_write_access+0x223/0x2a0 [ 227.909778][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909812][ T6290] filename_setxattr+0x274/0x600 [ 227.909877][ T6290] ? __pfx_filename_setxattr+0x10/0x10 [ 227.909916][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.909943][ T6290] ? getname_flags+0x1e5/0x540 [ 227.909986][ T6290] path_setxattrat+0x364/0x3a0 [ 227.910024][ T6290] ? __pfx_path_setxattrat+0x10/0x10 [ 227.910092][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.910117][ T6290] ? rcu_is_watching+0x15/0xb0 [ 227.910153][ T6290] __x64_sys_lsetxattr+0xbf/0xe0 [ 227.910193][ T6290] do_syscall_64+0xfa/0x3b0 [ 227.910218][ T6290] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.910257][ T6290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.910280][ T6290] ? srso_alias_return_thunk+0x5/0xfbef5 [ 227.910308][ T6290] ? exc_page_fault+0x9f/0xf0 [ 227.910348][ T6290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.910376][ T6290] RIP: 0033:0x7f3cdbf794f9 [ 227.910400][ T6290] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 227.910421][ T6290] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 227.910448][ T6290] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 227.910466][ T6290] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 227.910484][ T6290] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 5871] close(3 [pid 6314] <... munmap resumed>) = 0 [pid 6314] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 227.910499][ T6290] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 227.910515][ T6290] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 227.910553][ T6290] [ 228.596019][ T6290] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 228.620779][ T6303] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 228.632560][ T6290] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 228.664052][ T6314] loop3: detected capacity change from 0 to 32768 [pid 6314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6314] close(3) = 0 [pid 6314] close(4) = 0 [ 228.700152][ T6303] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 228.722819][ T6290] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [pid 6314] mkdir("./file1", 0777) = 0 [pid 6314] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6290] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] <... close resumed>) = 0 [ 228.746941][ T6314] XFS: noikeep mount option is deprecated. [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6290] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6324 attached [pid 6289] exit_group(0) = ? [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6324 [pid 6290] <... futex resumed>) = ? [pid 6324] set_robust_list(0x55555d962760, 24 [pid 6290] +++ exited with 0 +++ [pid 6289] +++ exited with 0 +++ [pid 6324] <... set_robust_list resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6289, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=98 /* 0.98 s */} --- [pid 6324] chdir("./9" [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6324] <... chdir resumed>) = 0 [pid 6324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6324] setpgid(0, 0) = 0 [pid 6324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6324] <... openat resumed>) = 3 [pid 6324] write(3, "1000", 4) = 4 [pid 6324] close(3) = 0 [pid 6324] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6324] write(1, "executing program\n", 18) = 18 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6324] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6330 attached [pid 6330] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6324] <... clone3 resumed> => {parent_tid=[6330]}, 88) = 6330 [pid 6330] <... rseq resumed>) = 0 [pid 6324] rt_sigprocmask(SIG_SETMASK, [], [pid 6330] set_robust_list(0x7f3cdbf259a0, 24 [pid 6324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] <... set_robust_list resumed>) = 0 [pid 6324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] rt_sigprocmask(SIG_SETMASK, [], [pid 6324] <... futex resumed>) = 0 [ 228.780604][ T6303] XFS (loop2): Starting recovery (logdev: internal) [ 228.805366][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6330] memfd_create("syzkaller", 0) = 3 [pid 6330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 228.861724][ T6303] XFS (loop2): Ending recovery (logdev: internal) [ 228.875961][ T6314] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6303] <... mount resumed>) = 0 [pid 6303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6303] chdir("./file1") = 0 [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... umount2 resumed>) = 0 [pid 6303] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6303] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6303] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5872] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 6303] <... openat resumed>) = 4 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6303] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 6303] <... futex resumed>) = 1 [pid 6302] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6302] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] close(4 [pid 6302] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6302] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] rmdir("./9/file1") = 0 [pid 6330] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6303] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5872] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./9/binderfs") = 0 [ 228.904972][ T6314] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 228.926246][ T6314] XFS (loop3): Starting recovery (logdev: internal) [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6303] <... pwritev2 resumed>) = 65007 [pid 5872] close(3 [pid 6303] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 6314] <... mount resumed>) = 0 [pid 6303] <... futex resumed>) = 1 [pid 6302] <... futex resumed>) = 0 [pid 5872] rmdir("./9" [pid 6303] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6302] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rmdir resumed>) = 0 [pid 6314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6314] chdir("./file1") = 0 [pid 6314] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6302] <... futex resumed>) = 0 [pid 6314] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6302] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] mkdir("./10", 0777 [pid 6314] <... futex resumed>) = 1 [pid 6313] <... futex resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6314] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6313] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6313] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6313] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 6314] <... openat resumed>) = 4 [pid 6314] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6314] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6313] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 228.988237][ T6314] XFS (loop3): Ending recovery (logdev: internal) [ 229.001549][ T6303] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6313] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] <... pwritev2 resumed>) = 65007 [pid 6314] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6313] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6313] <... futex resumed>) = 0 [pid 6313] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6302] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6302] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6334]}, 88) = 6334 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6302] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6302] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 229.056791][ T6314] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 229.077615][ T6303] XFS (loop2): Unmount and run xfs_repair [pid 6303] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6334 attached [pid 6313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6334] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6313] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... rseq resumed>) = 0 [pid 6313] <... futex resumed>) = 0 [pid 6334] set_robust_list(0x7f3cdbf049a0, 24 [pid 6313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6334] <... set_robust_list resumed>) = 0 [pid 6313] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6313] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6313] <... mprotect resumed>) = 0 [pid 6334] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6313] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6314] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6313] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6314] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6335]}, 88) = 6335 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6314] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6313] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6335 attached [pid 6335] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6335] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 229.107804][ T6314] XFS (loop3): Unmount and run xfs_repair [ 229.131439][ T6334] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6335] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 229.152783][ T6335] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 229.179723][ T6334] CPU: 0 UID: 0 PID: 6334 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 229.179773][ T6334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.179790][ T6334] Call Trace: [ 229.179801][ T6334] [ 229.179812][ T6334] dump_stack_lvl+0x189/0x250 [ 229.179852][ T6334] ? __pfx__xfs_alert_tag+0x10/0x10 [ 229.179893][ T6334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.179930][ T6334] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 229.179981][ T6334] xfs_corruption_error+0x122/0x170 [ 229.180023][ T6334] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 229.180058][ T6334] xfs_alloc_fixup_trees+0x95e/0xd20 [ 229.180089][ T6334] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 6330] <... write resumed>) = 16777216 [pid 6313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6330] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 229.180132][ T6334] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 229.180164][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180195][ T6334] ? rcu_is_watching+0x15/0xb0 [ 229.180226][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180256][ T6334] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 229.180289][ T6334] ? rcu_is_watching+0x15/0xb0 [ 229.180331][ T6334] xfs_alloc_cur_finish+0xd3/0x4b0 [ 229.180368][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180400][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180436][ T6334] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 229.180497][ T6334] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 229.180527][ T6334] ? xfs_group_grab+0x28/0x480 [ 229.180566][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180595][ T6334] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 229.180630][ T6334] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 229.180681][ T6334] xfs_alloc_vextent_start_ag+0x388/0x850 [ 229.180723][ T6334] xfs_bmapi_allocate+0x188e/0x2e00 [pid 6330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6330] close(3) = 0 [pid 6330] close(4) = 0 [pid 6330] mkdir("./file1", 0777) = 0 [ 229.180829][ T6334] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 229.180864][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180917][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.180947][ T6334] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 229.180972][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.181001][ T6334] ? xfs_iext_prev+0x35a/0x370 [ 229.181041][ T6334] ? xfs_iext_get_extent+0x1bb/0x370 [ 229.181073][ T6334] xfs_bmapi_write+0x7df/0x1260 [ 229.181136][ T6334] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 229.181220][ T6334] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 229.181264][ T6334] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 229.181295][ T6334] ? kasan_save_track+0x4f/0x80 [ 229.181323][ T6334] ? kasan_save_track+0x3e/0x80 [ 229.181348][ T6334] ? kasan_save_free_info+0x46/0x50 [ 229.181387][ T6334] ? kmem_cache_free+0x18f/0x400 [ 229.181418][ T6334] ? __xfs_trans_commit+0x3e0/0xbd0 [ 229.181444][ T6334] ? xfs_trans_roll+0x130/0x450 [ 229.181469][ T6334] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 229.181511][ T6334] xfs_attr_set_iter+0x2d4/0x4b70 [ 229.181548][ T6334] ? filename_setxattr+0x274/0x600 [ 229.181583][ T6334] ? path_setxattrat+0x364/0x3a0 [ 229.181606][ T6334] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 229.181661][ T6334] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 229.181721][ T6334] ? kasan_quarantine_put+0xdd/0x220 [ 229.181749][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.181785][ T6334] ? lockdep_hardirqs_on+0x9c/0x150 [ 229.181828][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.181864][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.181893][ T6334] ? kmem_cache_free+0x18f/0x400 [pid 6330] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... close resumed>) = 0 [pid 6335] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6335] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 229.181923][ T6334] ? __xfs_trans_commit+0x3e0/0xbd0 [ 229.181957][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.181986][ T6334] ? __xfs_trans_commit+0x4c7/0xbd0 [ 229.182031][ T6334] xfs_attr_finish_item+0xed/0x320 [ 229.182074][ T6334] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 229.182113][ T6334] xfs_defer_finish_one+0x5c8/0xcf0 [ 229.182176][ T6334] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 229.182228][ T6334] xfs_defer_finish_noroll+0x910/0x12d0 [ 229.182269][ T6334] ? xfs_trans_commit+0x10b/0x1c0 [ 229.182303][ T6334] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 229.182338][ T6334] ? inode_set_ctime_current+0x740/0xb40 [ 229.182388][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.182417][ T6334] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 229.182459][ T6334] xfs_trans_commit+0x10b/0x1c0 [ 229.182487][ T6334] ? __pfx_xfs_trans_commit+0x10/0x10 [ 229.182520][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.182550][ T6334] ? xfs_trans_log_inode+0x12c/0x1a0 [ 229.182592][ T6334] xfs_attr_set+0xdc6/0x1210 [pid 6335] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6339 attached , child_tidptr=0x55555d962750) = 6339 [pid 6339] set_robust_list(0x55555d962760, 24 [pid 6313] exit_group(0 [pid 6339] <... set_robust_list resumed>) = 0 [pid 6339] chdir("./10" [pid 6335] <... futex resumed>) = ? [pid 6314] <... futex resumed>) = ? [pid 6313] <... exit_group resumed>) = ? [pid 6335] +++ exited with 0 +++ [pid 6314] +++ exited with 0 +++ [pid 6339] <... chdir resumed>) = 0 [ 229.182643][ T6334] ? __pfx_xfs_attr_set+0x10/0x10 [ 229.182679][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.182708][ T6334] ? __lock_acquire+0xab9/0xd20 [ 229.182747][ T6334] ? xfs_da_hashname+0x59d/0x740 [ 229.182794][ T6334] ? do_raw_spin_lock+0x121/0x290 [ 229.182839][ T6334] ? xfs_attr_change+0x2ac/0x390 [ 229.182875][ T6334] xfs_xattr_set+0x14d/0x250 [ 229.182908][ T6334] ? __pfx_xfs_xattr_set+0x10/0x10 [ 229.182955][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6339] write(3, "1000", 4 [pid 6313] +++ exited with 0 +++ [pid 6339] <... write resumed>) = 4 [pid 6339] close(3 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6313, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=107 /* 1.07 s */} --- [pid 6339] <... close resumed>) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5874] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6339] write(1, "executing program\n", 18 [pid 5874] <... openat resumed>) = 3 [pid 6339] <... write resumed>) = 18 [pid 6339] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] newfstatat(3, "", [pid 6339] <... futex resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6339] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5874] getdents64(3, [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6339] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6339] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 229.182985][ T6334] ? evm_protect_xattr+0x4d4/0xa90 [ 229.183012][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.183042][ T6334] ? rcu_is_watching+0x15/0xb0 [ 229.183077][ T6334] ? __pfx_evm_protect_xattr+0x10/0x10 [ 229.183106][ T6334] ? __pfx_xfs_xattr_set+0x10/0x10 [ 229.183135][ T6334] __vfs_setxattr+0x43c/0x480 [ 229.183186][ T6334] __vfs_setxattr_noperm+0x12d/0x660 [ 229.183232][ T6334] vfs_setxattr+0x16b/0x2f0 [ 229.183275][ T6334] ? __pfx_vfs_setxattr+0x10/0x10 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6343]}, 88) = 6343 ./strace-static-x86_64: Process 6343 attached [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6343] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6343] set_robust_list(0x7f3cdbf259a0, 24 [pid 6339] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... set_robust_list resumed>) = 0 [pid 6339] <... futex resumed>) = 0 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 229.183311][ T6334] ? mnt_get_write_access+0x223/0x2a0 [ 229.183342][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.183377][ T6334] filename_setxattr+0x274/0x600 [ 229.183426][ T6334] ? __pfx_filename_setxattr+0x10/0x10 [ 229.183466][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.183495][ T6334] ? getname_flags+0x1e5/0x540 [ 229.183539][ T6334] path_setxattrat+0x364/0x3a0 [ 229.183577][ T6334] ? __pfx_path_setxattrat+0x10/0x10 [ 229.183644][ T6334] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.183674][ T6334] ? rcu_is_watching+0x15/0xb0 [ 229.183712][ T6334] __x64_sys_lsetxattr+0xbf/0xe0 [ 229.183761][ T6334] do_syscall_64+0xfa/0x3b0 [ 229.183789][ T6334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.183814][ T6334] ? __switch_to_asm+0x39/0x70 [ 229.183847][ T6334] ? __switch_to_asm+0x33/0x70 [ 229.183888][ T6334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.183912][ T6334] RIP: 0033:0x7f3cdbf794f9 [ 229.183934][ T6334] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 229.183957][ T6334] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 229.183984][ T6334] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 229.184004][ T6334] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 229.184023][ T6334] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 6343] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6334] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6334] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 229.184039][ T6334] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 229.184057][ T6334] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 229.184098][ T6334] [ 229.206234][ T6335] CPU: 1 UID: 0 PID: 6335 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 229.206273][ T6335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.206289][ T6335] Call Trace: [ 229.206301][ T6335] [ 229.206311][ T6335] dump_stack_lvl+0x189/0x250 [pid 6302] exit_group(0) = ? [pid 6334] <... futex resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6303] <... futex resumed>) = ? [pid 6303] +++ exited with 0 +++ [pid 6302] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6302, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=107 /* 1.07 s */} --- [pid 5873] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 229.206350][ T6335] ? __pfx__xfs_alert_tag+0x10/0x10 [ 229.206389][ T6335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.206425][ T6335] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 229.206475][ T6335] xfs_corruption_error+0x122/0x170 [ 229.206516][ T6335] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 229.206551][ T6335] xfs_alloc_fixup_trees+0x95e/0xd20 [ 229.206581][ T6335] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 229.206624][ T6335] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 229.206655][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.206685][ T6335] ? rcu_is_watching+0x15/0xb0 [ 229.206716][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.206757][ T6335] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 229.206790][ T6335] ? rcu_is_watching+0x15/0xb0 [ 229.206835][ T6335] xfs_alloc_cur_finish+0xd3/0x4b0 [ 229.206865][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.206897][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.206932][ T6335] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 229.206991][ T6335] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 229.207021][ T6335] ? xfs_group_grab+0x28/0x480 [ 229.207059][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.207088][ T6335] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 229.207123][ T6335] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 229.207172][ T6335] xfs_alloc_vextent_start_ag+0x388/0x850 [ 229.207213][ T6335] xfs_bmapi_allocate+0x188e/0x2e00 [ 229.207281][ T6335] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 229.207314][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.207367][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.207395][ T6335] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 229.207419][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.207448][ T6335] ? xfs_iext_prev+0x35a/0x370 [ 229.207488][ T6335] ? xfs_iext_get_extent+0x1bb/0x370 [ 229.207520][ T6335] xfs_bmapi_write+0x7df/0x1260 [ 229.207581][ T6335] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 229.207663][ T6335] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 229.207706][ T6335] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 229.207742][ T6335] ? kasan_save_track+0x4f/0x80 [ 229.207769][ T6335] ? kasan_save_track+0x3e/0x80 [ 229.207794][ T6335] ? kasan_save_free_info+0x46/0x50 [ 229.207832][ T6335] ? kmem_cache_free+0x18f/0x400 [ 229.207861][ T6335] ? __xfs_trans_commit+0x3e0/0xbd0 [ 229.207886][ T6335] ? xfs_trans_roll+0x130/0x450 [ 229.207911][ T6335] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 229.207952][ T6335] xfs_attr_set_iter+0x2d4/0x4b70 [ 229.207988][ T6335] ? filename_setxattr+0x274/0x600 [ 229.208022][ T6335] ? path_setxattrat+0x364/0x3a0 [ 229.208044][ T6335] ? __x64_sys_lsetxattr+0xbf/0xe0 [pid 5873] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6343] <... write resumed>) = 16777216 [pid 5874] <... umount2 resumed>) = 0 [ 229.208098][ T6335] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 229.208157][ T6335] ? kasan_quarantine_put+0xdd/0x220 [ 229.208184][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208212][ T6335] ? lockdep_hardirqs_on+0x9c/0x150 [ 229.208254][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208289][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208318][ T6335] ? kmem_cache_free+0x18f/0x400 [ 229.208346][ T6335] ? __xfs_trans_commit+0x3e0/0xbd0 [ 229.208378][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208407][ T6335] ? __xfs_trans_commit+0x4c7/0xbd0 [ 229.208452][ T6335] xfs_attr_finish_item+0xed/0x320 [ 229.208493][ T6335] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 229.208532][ T6335] xfs_defer_finish_one+0x5c8/0xcf0 [ 229.208594][ T6335] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 229.208646][ T6335] xfs_defer_finish_noroll+0x910/0x12d0 [ 229.208686][ T6335] ? xfs_trans_commit+0x10b/0x1c0 [ 229.208719][ T6335] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 229.208759][ T6335] ? inode_set_ctime_current+0x740/0xb40 [pid 6343] munmap(0x7f3cd3a00000, 138412032 [pid 5874] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./9/file1") = 0 [pid 5874] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./9/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./9") = 0 [pid 5874] mkdir("./10", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 229.208808][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208837][ T6335] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 229.208878][ T6335] xfs_trans_commit+0x10b/0x1c0 [ 229.208906][ T6335] ? __pfx_xfs_trans_commit+0x10/0x10 [ 229.208939][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.208969][ T6335] ? xfs_trans_log_inode+0x12c/0x1a0 [ 229.209011][ T6335] xfs_attr_set+0xdc6/0x1210 [ 229.209062][ T6335] ? __pfx_xfs_attr_set+0x10/0x10 [ 229.209097][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.209126][ T6335] ? __lock_acquire+0xab9/0xd20 [ 229.209163][ T6335] ? xfs_da_hashname+0x59d/0x740 [ 229.209196][ T6335] ? do_raw_spin_lock+0x121/0x290 [ 229.209241][ T6335] ? xfs_attr_change+0x2ac/0x390 [ 229.209277][ T6335] xfs_xattr_set+0x14d/0x250 [ 229.209310][ T6335] ? __pfx_xfs_xattr_set+0x10/0x10 [ 229.209355][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.209384][ T6335] ? evm_protect_xattr+0x4d4/0xa90 [ 229.209413][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.209442][ T6335] ? rcu_is_watching+0x15/0xb0 [ 229.209476][ T6335] ? __pfx_evm_protect_xattr+0x10/0x10 [pid 5874] close(3 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./9/file1") = 0 [pid 5873] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./9/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./9") = 0 [pid 5873] mkdir("./10", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 229.209505][ T6335] ? __pfx_xfs_xattr_set+0x10/0x10 [ 229.209534][ T6335] __vfs_setxattr+0x43c/0x480 [ 229.209585][ T6335] __vfs_setxattr_noperm+0x12d/0x660 [ 229.209630][ T6335] vfs_setxattr+0x16b/0x2f0 [ 229.209674][ T6335] ? __pfx_vfs_setxattr+0x10/0x10 [ 229.209704][ T6335] ? mnt_get_write_access+0x223/0x2a0 [ 229.209740][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.209775][ T6335] filename_setxattr+0x274/0x600 [ 229.209824][ T6335] ? __pfx_filename_setxattr+0x10/0x10 [ 229.209864][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.209893][ T6335] ? getname_flags+0x1e5/0x540 [ 229.209935][ T6335] path_setxattrat+0x364/0x3a0 [ 229.209974][ T6335] ? __pfx_path_setxattrat+0x10/0x10 [ 229.210042][ T6335] ? srso_alias_return_thunk+0x5/0xfbef5 [ 229.210071][ T6335] ? rcu_is_watching+0x15/0xb0 [ 229.210108][ T6335] __x64_sys_lsetxattr+0xbf/0xe0 [ 229.210151][ T6335] do_syscall_64+0xfa/0x3b0 [ 229.210179][ T6335] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.210203][ T6335] ? __switch_to_asm+0x39/0x70 [ 229.210236][ T6335] ? __switch_to_asm+0x33/0x70 [ 229.210276][ T6335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.210301][ T6335] RIP: 0033:0x7f3cdbf794f9 [ 229.210326][ T6335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 229.210347][ T6335] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 229.210374][ T6335] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 229.210394][ T6335] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 229.210412][ T6335] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 229.210429][ T6335] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 229.210446][ T6335] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 229.210487][ T6335] [ 229.210628][ T6335] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 229.249406][ T6334] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 229.286685][ T6330] loop0: detected capacity change from 0 to 32768 [ 229.346307][ T6335] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 229.360684][ T6330] XFS: noikeep mount option is deprecated. [ 229.390096][ T6335] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 229.430381][ T6334] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 229.704676][ T6330] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 229.706021][ T6334] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 229.893709][ T6330] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 230.035032][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 230.054679][ T6330] XFS (loop0): Starting recovery (logdev: internal) [pid 5873] close(3 [pid 6343] <... munmap resumed>) = 0 [ 230.119174][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 230.139646][ T6330] XFS (loop0): Ending recovery (logdev: internal) [pid 6343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6343] close(3) = 0 [pid 5874] <... close resumed>) = 0 [pid 6343] close(4 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6343] <... close resumed>) = 0 [pid 6343] mkdir("./file1", 0777./strace-static-x86_64: Process 6346 attached ) = 0 [pid 6330] <... mount resumed>) = 0 [pid 6346] set_robust_list(0x55555d962760, 24 [pid 6330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6346] <... set_robust_list resumed>) = 0 [pid 6343] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6330] chdir("./file1" [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6346 [pid 6330] <... chdir resumed>) = 0 [pid 6330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6330] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] chdir("./10") = 0 [pid 6346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6346] setpgid(0, 0) = 0 [pid 6346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5873] <... close resumed>) = 0 [pid 6346] <... openat resumed>) = 3 [pid 6324] <... futex resumed>) = 0 [pid 6346] write(3, "1000", 4 [pid 6324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... write resumed>) = 4 [pid 6330] <... futex resumed>) = 0 [pid 6324] <... futex resumed>) = 1 [pid 6346] close(3 [pid 6330] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... close resumed>) = 0 [pid 6330] <... openat resumed>) = 4 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6346] symlink("/dev/binderfs", "./binderfs" [pid 6330] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... symlink resumed>) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6330] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6346] write(1, "executing program\n", 18 [pid 6324] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6347 attached [pid 6346] <... write resumed>) = 18 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6347 [pid 6346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6347] set_robust_list(0x55555d962760, 24 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] <... set_robust_list resumed>) = 0 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6347] chdir("./10" [pid 6346] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6347] <... chdir resumed>) = 0 [pid 6346] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6330] <... pwritev2 resumed>) = 65007 [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6346] <... mprotect resumed>) = 0 [pid 6347] <... prctl resumed>) = 0 [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6330] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] setpgid(0, 0 [pid 6346] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6324] <... futex resumed>) = 0 [ 230.721710][ T6343] loop1: detected capacity change from 0 to 32768 [ 230.755648][ T6343] XFS: noikeep mount option is deprecated. [pid 6347] <... setpgid resumed>) = 0 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6349 attached [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6347] <... openat resumed>) = 3 [pid 6346] <... clone3 resumed> => {parent_tid=[6349]}, 88) = 6349 [pid 6349] <... rseq resumed>) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] set_robust_list(0x7f3cdbf259a0, 24 [pid 6347] write(3, "1000", 4 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6349] <... set_robust_list resumed>) = 0 [pid 6347] <... write resumed>) = 4 [pid 6346] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], [pid 6347] close(3 [pid 6346] <... futex resumed>) = 0 [pid 6349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] <... close resumed>) = 0 [pid 6346] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] memfd_create("syzkaller", 0 [pid 6347] symlink("/dev/binderfs", "./binderfs" [pid 6349] <... memfd_create resumed>) = 3 [pid 6347] <... symlink resumed>) = 0 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6347] write(1, "executing program\n", 18executing program ) = 18 [pid 6347] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6347] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6354]}, 88) = 6354 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6354 attached [pid 6354] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6354] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6330] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6330] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] memfd_create("syzkaller", 0) = 3 [pid 6330] <... futex resumed>) = 1 [pid 6354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6330] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6354] <... mmap resumed>) = 0x7f3cd3a00000 [ 230.815553][ T6330] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 230.832843][ T6330] XFS (loop0): Unmount and run xfs_repair [ 230.846113][ T6343] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 230.877783][ T6330] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 230.907522][ T6330] CPU: 0 UID: 0 PID: 6330 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 230.907564][ T6330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.907582][ T6330] Call Trace: [ 230.907593][ T6330] [ 230.907604][ T6330] dump_stack_lvl+0x189/0x250 [ 230.907646][ T6330] ? __pfx__xfs_alert_tag+0x10/0x10 [ 230.907686][ T6330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.907723][ T6330] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 230.907775][ T6330] xfs_corruption_error+0x122/0x170 [ 230.907817][ T6330] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 230.907854][ T6330] xfs_alloc_fixup_trees+0x95e/0xd20 [ 230.907885][ T6330] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 230.907928][ T6330] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 230.907961][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.907992][ T6330] ? rcu_is_watching+0x15/0xb0 [ 230.908039][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908068][ T6330] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 230.908101][ T6330] ? rcu_is_watching+0x15/0xb0 [ 230.908143][ T6330] xfs_alloc_cur_finish+0xd3/0x4b0 [ 230.908174][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908205][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908240][ T6330] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 230.908302][ T6330] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 230.908332][ T6330] ? xfs_group_grab+0x28/0x480 [ 230.908373][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908403][ T6330] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 230.908438][ T6330] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 230.908489][ T6330] xfs_alloc_vextent_start_ag+0x388/0x850 [ 230.908530][ T6330] xfs_bmapi_allocate+0x188e/0x2e00 [ 230.908599][ T6330] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 230.908633][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908685][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908715][ T6330] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 230.908739][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.908768][ T6330] ? xfs_iext_prev+0x35a/0x370 [ 230.908808][ T6330] ? xfs_iext_get_extent+0x1bb/0x370 [ 230.908840][ T6330] xfs_bmapi_write+0x7df/0x1260 [ 230.908903][ T6330] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 6324] exit_group(0) = ? [ 230.908987][ T6330] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 230.909038][ T6330] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 230.909070][ T6330] ? kasan_save_track+0x4f/0x80 [ 230.909097][ T6330] ? kasan_save_track+0x3e/0x80 [ 230.909123][ T6330] ? kasan_save_free_info+0x46/0x50 [ 230.909162][ T6330] ? kmem_cache_free+0x18f/0x400 [ 230.909193][ T6330] ? __xfs_trans_commit+0x3e0/0xbd0 [ 230.909220][ T6330] ? xfs_trans_roll+0x130/0x450 [ 230.909245][ T6330] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 230.909287][ T6330] xfs_attr_set_iter+0x2d4/0x4b70 [ 230.909323][ T6330] ? filename_setxattr+0x274/0x600 [ 230.909359][ T6330] ? path_setxattrat+0x364/0x3a0 [ 230.909382][ T6330] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 230.909437][ T6330] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 230.909498][ T6330] ? kasan_quarantine_put+0xdd/0x220 [ 230.909524][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.909554][ T6330] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.909595][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.909629][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.909659][ T6330] ? kmem_cache_free+0x18f/0x400 [ 230.909688][ T6330] ? __xfs_trans_commit+0x3e0/0xbd0 [ 230.909721][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.909750][ T6330] ? __xfs_trans_commit+0x4c7/0xbd0 [ 230.909793][ T6330] xfs_attr_finish_item+0xed/0x320 [ 230.909834][ T6330] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 230.909873][ T6330] xfs_defer_finish_one+0x5c8/0xcf0 [ 230.909937][ T6330] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 230.909990][ T6330] xfs_defer_finish_noroll+0x910/0x12d0 [ 230.910040][ T6330] ? xfs_trans_commit+0x10b/0x1c0 [ 230.910073][ T6330] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 230.910109][ T6330] ? inode_set_ctime_current+0x740/0xb40 [ 230.910157][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.910186][ T6330] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 230.910229][ T6330] xfs_trans_commit+0x10b/0x1c0 [ 230.910257][ T6330] ? __pfx_xfs_trans_commit+0x10/0x10 [ 230.910292][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.910322][ T6330] ? xfs_trans_log_inode+0x12c/0x1a0 [ 230.910363][ T6330] xfs_attr_set+0xdc6/0x1210 [ 230.910417][ T6330] ? __pfx_xfs_attr_set+0x10/0x10 [ 230.910452][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.910480][ T6330] ? __lock_acquire+0xab9/0xd20 [ 230.910518][ T6330] ? xfs_da_hashname+0x59d/0x740 [ 230.910550][ T6330] ? do_raw_spin_lock+0x121/0x290 [ 230.910594][ T6330] ? xfs_attr_change+0x2ac/0x390 [ 230.910629][ T6330] xfs_xattr_set+0x14d/0x250 [ 230.910662][ T6330] ? __pfx_xfs_xattr_set+0x10/0x10 [ 230.910710][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.910739][ T6330] ? evm_protect_xattr+0x4d4/0xa90 [ 230.910765][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.910794][ T6330] ? rcu_is_watching+0x15/0xb0 [ 230.910830][ T6330] ? __pfx_evm_protect_xattr+0x10/0x10 [ 230.910858][ T6330] ? __pfx_xfs_xattr_set+0x10/0x10 [ 230.910887][ T6330] __vfs_setxattr+0x43c/0x480 [ 230.910936][ T6330] __vfs_setxattr_noperm+0x12d/0x660 [ 230.910982][ T6330] vfs_setxattr+0x16b/0x2f0 [ 230.911033][ T6330] ? __pfx_vfs_setxattr+0x10/0x10 [ 230.911066][ T6330] ? mnt_get_write_access+0x223/0x2a0 [ 230.911098][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.911134][ T6330] filename_setxattr+0x274/0x600 [ 230.911184][ T6330] ? __pfx_filename_setxattr+0x10/0x10 [ 230.911223][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.911253][ T6330] ? getname_flags+0x1e5/0x540 [ 230.911297][ T6330] path_setxattrat+0x364/0x3a0 [ 230.911336][ T6330] ? __pfx_path_setxattrat+0x10/0x10 [ 230.911404][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.911434][ T6330] ? rcu_is_watching+0x15/0xb0 [ 230.911474][ T6330] __x64_sys_lsetxattr+0xbf/0xe0 [pid 6349] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 230.911517][ T6330] do_syscall_64+0xfa/0x3b0 [ 230.911543][ T6330] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.911585][ T6330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.911609][ T6330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.911638][ T6330] ? exc_page_fault+0x9f/0xf0 [ 230.911682][ T6330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.911708][ T6330] RIP: 0033:0x7f3cdbf794f9 [ 230.911731][ T6330] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 230.911755][ T6330] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 230.911784][ T6330] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 230.911804][ T6330] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 230.911824][ T6330] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 230.911842][ T6330] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 6349] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6354] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6349] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3 [pid 6330] <... lsetxattr resumed>) = ? [pid 6330] +++ exited with 0 +++ [pid 6324] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6324, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=186 /* 1.86 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 230.911860][ T6330] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 230.911902][ T6330] [ 230.911914][ T6330] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 231.597185][ T6330] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 231.598324][ T6349] loop3: detected capacity change from 0 to 32768 [ 231.613435][ T6330] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6349] <... ioctl resumed>) = 0 [pid 6349] close(3) = 0 [pid 6349] close(4) = 0 [pid 6349] mkdir("./file1", 0777) = 0 [ 231.652224][ T6343] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 231.668061][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 231.680621][ T6349] XFS: noikeep mount option is deprecated. [ 231.699731][ T6343] XFS (loop1): Starting recovery (logdev: internal) [pid 6349] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./9/file1") = 0 [pid 5871] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6343] <... mount resumed>) = 0 [pid 6343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] newfstatat(AT_FDCWD, "./9/binderfs", [pid 6343] <... openat resumed>) = 3 [pid 6343] chdir("./file1") = 0 [ 231.736141][ T6349] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 231.740337][ T6343] XFS (loop1): Ending recovery (logdev: internal) [pid 6343] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./9/binderfs" [pid 6343] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, [pid 6343] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6343] <... futex resumed>) = 1 [pid 6343] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] <... futex resumed>) = 0 [pid 5871] close(3 [pid 6339] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./9" [pid 6339] <... futex resumed>) = 1 [pid 6343] <... futex resumed>) = 0 [pid 6343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6339] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./10", 0777 [pid 6343] <... openat resumed>) = 4 [pid 6343] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 6339] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6343] <... pwritev2 resumed>) = 65007 [pid 6343] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6343] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6339] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6339] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... ioctl resumed>) = 0 [ 231.845108][ T6349] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 231.852393][ T6343] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5871] close(3 [pid 6343] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6343] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = 0 [pid 6343] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6339] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6366 attached [pid 6366] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6339] <... clone3 resumed> => {parent_tid=[6366]}, 88) = 6366 [pid 6366] <... rseq resumed>) = 0 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] set_robust_list(0x7f3cdbf049a0, 24 [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] <... set_robust_list resumed>) = 0 [pid 6339] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 231.910133][ T6343] XFS (loop1): Unmount and run xfs_repair [ 231.919616][ T6349] XFS (loop3): Starting recovery (logdev: internal) [ 231.951757][ T6366] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 231.968211][ T6349] XFS (loop3): Ending recovery (logdev: internal) [ 231.981451][ T6366] CPU: 1 UID: 0 PID: 6366 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 231.981492][ T6366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.981508][ T6366] Call Trace: [ 231.981518][ T6366] [ 231.981530][ T6366] dump_stack_lvl+0x189/0x250 [ 231.981570][ T6366] ? __pfx__xfs_alert_tag+0x10/0x10 [ 231.981610][ T6366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.981647][ T6366] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 231.981697][ T6366] xfs_corruption_error+0x122/0x170 [ 231.981738][ T6366] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 231.981793][ T6366] xfs_alloc_fixup_trees+0x95e/0xd20 [ 231.981824][ T6366] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 231.981867][ T6366] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 231.981899][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.981931][ T6366] ? rcu_is_watching+0x15/0xb0 [ 231.981962][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.981993][ T6366] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 231.982027][ T6366] ? rcu_is_watching+0x15/0xb0 [ 231.982069][ T6366] xfs_alloc_cur_finish+0xd3/0x4b0 [ 231.982100][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982132][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982169][ T6366] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 231.982230][ T6366] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 231.982262][ T6366] ? xfs_group_grab+0x28/0x480 [ 231.982301][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982330][ T6366] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 231.982365][ T6366] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 231.982416][ T6366] xfs_alloc_vextent_start_ag+0x388/0x850 [ 231.982458][ T6366] xfs_bmapi_allocate+0x188e/0x2e00 [ 231.982526][ T6366] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 231.982562][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982615][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982644][ T6366] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 231.982669][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.982698][ T6366] ? xfs_iext_prev+0x35a/0x370 [ 231.982739][ T6366] ? xfs_iext_get_extent+0x1bb/0x370 [ 231.982778][ T6366] xfs_bmapi_write+0x7df/0x1260 [ 231.982841][ T6366] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 6366] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6349] <... mount resumed>) = 0 [pid 6349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./file1") = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6349] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] <... write resumed>) = 16777216 [pid 6354] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6354] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6354] ioctl(4, LOOP_SET_FD, 3 [pid 6346] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6367 ./strace-static-x86_64: Process 6367 attached [ 231.982926][ T6366] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 231.982970][ T6366] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 231.983003][ T6366] ? kasan_save_track+0x4f/0x80 [ 231.983031][ T6366] ? kasan_save_track+0x3e/0x80 [ 231.983057][ T6366] ? kasan_save_free_info+0x46/0x50 [ 231.983097][ T6366] ? kmem_cache_free+0x18f/0x400 [ 231.983127][ T6366] ? __xfs_trans_commit+0x3e0/0xbd0 [ 231.983153][ T6366] ? xfs_trans_roll+0x130/0x450 [ 231.983178][ T6366] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 6354] <... ioctl resumed>) = 0 [pid 6346] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] set_robust_list(0x55555d962760, 24) = 0 [pid 6367] chdir("./10") = 0 [pid 6354] close(3 [pid 6349] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6354] <... close resumed>) = 0 [pid 6349] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6346] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... prctl resumed>) = 0 [pid 6354] close(4 [pid 6349] <... openat resumed>) = 4 [pid 6367] setpgid(0, 0 [pid 6354] <... close resumed>) = 0 [pid 6349] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... setpgid resumed>) = 0 [pid 6354] mkdir("./file1", 0777 [pid 6349] <... futex resumed>) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6354] <... mkdir resumed>) = 0 [pid 6349] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 231.983220][ T6366] xfs_attr_set_iter+0x2d4/0x4b70 [ 231.983256][ T6366] ? filename_setxattr+0x274/0x600 [ 231.983291][ T6366] ? path_setxattrat+0x364/0x3a0 [ 231.983314][ T6366] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 231.983368][ T6366] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 231.983428][ T6366] ? kasan_quarantine_put+0xdd/0x220 [ 231.983455][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.983484][ T6366] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.983527][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.983562][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.983592][ T6366] ? kmem_cache_free+0x18f/0x400 [ 231.983621][ T6366] ? __xfs_trans_commit+0x3e0/0xbd0 [ 231.983653][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.983682][ T6366] ? __xfs_trans_commit+0x4c7/0xbd0 [ 231.983728][ T6366] xfs_attr_finish_item+0xed/0x320 [ 231.983775][ T6366] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 231.983814][ T6366] xfs_defer_finish_one+0x5c8/0xcf0 [ 231.983878][ T6366] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 231.983930][ T6366] xfs_defer_finish_noroll+0x910/0x12d0 [pid 6346] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... openat resumed>) = 3 [pid 6354] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 231.983972][ T6366] ? xfs_trans_commit+0x10b/0x1c0 [ 231.984005][ T6366] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 231.984040][ T6366] ? inode_set_ctime_current+0x740/0xb40 [ 231.984090][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.984119][ T6366] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 231.984160][ T6366] xfs_trans_commit+0x10b/0x1c0 [ 231.984187][ T6366] ? __pfx_xfs_trans_commit+0x10/0x10 [ 231.984221][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.984250][ T6366] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 6349] <... pwritev2 resumed>) = 65007 [pid 6346] <... futex resumed>) = 0 [pid 6367] write(3, "1000", 4 [pid 6349] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... write resumed>) = 4 [pid 6349] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6367] close(3 [pid 6349] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... close resumed>) = 0 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] <... futex resumed>) = 0 [pid 6367] symlink("/dev/binderfs", "./binderfs" [pid 6349] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6346] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6366] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6367] <... symlink resumed>) = 0 [pid 6367] write(1, "executing program\n", 18executing program ) = 18 [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6367] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6367] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6339] exit_group(0) = ? [pid 6343] <... futex resumed>) = ? [pid 6343] +++ exited with 0 +++ [pid 6367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6373]}, 88) = 6373 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 231.984293][ T6366] xfs_attr_set+0xdc6/0x1210 [ 231.984343][ T6366] ? __pfx_xfs_attr_set+0x10/0x10 [ 231.984379][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.984407][ T6366] ? __lock_acquire+0xab9/0xd20 [ 231.984446][ T6366] ? xfs_da_hashname+0x59d/0x740 [ 231.984478][ T6366] ? do_raw_spin_lock+0x121/0x290 [ 231.984523][ T6366] ? xfs_attr_change+0x2ac/0x390 [ 231.984558][ T6366] xfs_xattr_set+0x14d/0x250 [ 231.984592][ T6366] ? __pfx_xfs_xattr_set+0x10/0x10 [ 231.984639][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] <... futex resumed>) = ? [pid 6366] +++ exited with 0 +++ [pid 6339] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=83 /* 0.83 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6373 attached [pid 6346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... restart_syscall resumed>) = 0 [pid 6373] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6346] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... rseq resumed>) = 0 [pid 6346] <... futex resumed>) = 0 [ 231.984668][ T6366] ? evm_protect_xattr+0x4d4/0xa90 [ 231.984696][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.984726][ T6366] ? rcu_is_watching+0x15/0xb0 [ 231.984768][ T6366] ? __pfx_evm_protect_xattr+0x10/0x10 [ 231.984797][ T6366] ? __pfx_xfs_xattr_set+0x10/0x10 [ 231.984826][ T6366] __vfs_setxattr+0x43c/0x480 [ 231.984878][ T6366] __vfs_setxattr_noperm+0x12d/0x660 [ 231.984923][ T6366] vfs_setxattr+0x16b/0x2f0 [ 231.984967][ T6366] ? __pfx_vfs_setxattr+0x10/0x10 [ 231.984998][ T6366] ? mnt_get_write_access+0x223/0x2a0 [pid 6373] set_robust_list(0x7f3cdbf259a0, 24 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6373] <... set_robust_list resumed>) = 0 [pid 5872] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] <... mprotect resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6373] memfd_create("syzkaller", 0 [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6346] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 6373] <... memfd_create resumed>) = 3 [pid 6346] <... clone3 resumed> => {parent_tid=[6377]}, 88) = 6377 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6377 attached [pid 6349] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6377] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6377] set_robust_list(0x7f3cdbf049a0, 24 [pid 6349] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] <... set_robust_list resumed>) = 0 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] <... futex resumed>) = 0 [pid 6377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6377] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 231.985029][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.985065][ T6366] filename_setxattr+0x274/0x600 [ 231.985113][ T6366] ? __pfx_filename_setxattr+0x10/0x10 [ 231.985154][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.985182][ T6366] ? getname_flags+0x1e5/0x540 [ 231.985226][ T6366] path_setxattrat+0x364/0x3a0 [ 231.985264][ T6366] ? __pfx_path_setxattrat+0x10/0x10 [ 231.985333][ T6366] ? srso_alias_return_thunk+0x5/0xfbef5 [ 231.985361][ T6366] ? rcu_is_watching+0x15/0xb0 [pid 6349] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6373] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6346] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] <... futex resumed>) = 0 [ 231.985399][ T6366] __x64_sys_lsetxattr+0xbf/0xe0 [ 231.985441][ T6366] do_syscall_64+0xfa/0x3b0 [ 231.985469][ T6366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.985494][ T6366] ? __switch_to_asm+0x39/0x70 [ 231.985529][ T6366] ? __switch_to_asm+0x33/0x70 [ 231.985569][ T6366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.985594][ T6366] RIP: 0033:0x7f3cdbf794f9 [ 231.985617][ T6366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 231.985640][ T6366] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 231.985667][ T6366] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 231.985687][ T6366] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 231.985706][ T6366] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 231.985723][ T6366] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 6377] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6346] <... futex resumed>) = 1 [ 231.985740][ T6366] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 231.985786][ T6366] [ 231.985798][ T6366] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 232.210772][ T6354] loop2: detected capacity change from 0 to 32768 [ 232.223469][ T6366] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 232.392629][ T6354] XFS: noikeep mount option is deprecated. [ 232.397618][ T6366] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 232.405998][ T6349] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 232.434633][ T6354] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 232.439094][ T6349] XFS (loop3): Unmount and run xfs_repair [ 232.536732][ T6354] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6346] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6377] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6377] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] exit_group(0) = ? [pid 6377] <... futex resumed>) = ? [pid 6377] +++ exited with 0 +++ [pid 6349] <... futex resumed>) = ? [pid 6349] +++ exited with 0 +++ [pid 6346] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6346, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=65 /* 0.65 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 232.570150][ T6377] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 232.570227][ T6377] CPU: 0 UID: 0 PID: 6377 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 232.570259][ T6377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.570275][ T6377] Call Trace: [ 232.570284][ T6377] [ 232.570295][ T6377] dump_stack_lvl+0x189/0x250 [ 232.570330][ T6377] ? __pfx__xfs_alert_tag+0x10/0x10 [ 232.570369][ T6377] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 5874] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 232.570405][ T6377] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 232.570454][ T6377] xfs_corruption_error+0x122/0x170 [ 232.570495][ T6377] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 232.570529][ T6377] xfs_alloc_fixup_trees+0x95e/0xd20 [ 232.570559][ T6377] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 232.570601][ T6377] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 232.570634][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.570660][ T6377] ? rcu_is_watching+0x15/0xb0 [ 232.570689][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.570716][ T6377] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 232.570748][ T6377] ? rcu_is_watching+0x15/0xb0 [ 232.570797][ T6377] xfs_alloc_cur_finish+0xd3/0x4b0 [ 232.570828][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.570859][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.570894][ T6377] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 232.570953][ T6377] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 232.570983][ T6377] ? xfs_group_grab+0x28/0x480 [ 232.571024][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.571052][ T6377] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 232.571087][ T6377] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 232.571137][ T6377] xfs_alloc_vextent_start_ag+0x388/0x850 [ 232.571178][ T6377] xfs_bmapi_allocate+0x188e/0x2e00 [ 232.571248][ T6377] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 232.571281][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.571333][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.571362][ T6377] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 232.571387][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.571416][ T6377] ? xfs_iext_prev+0x35a/0x370 [ 232.571455][ T6377] ? xfs_iext_get_extent+0x1bb/0x370 [ 232.571488][ T6377] xfs_bmapi_write+0x7df/0x1260 [ 232.571549][ T6377] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 232.571632][ T6377] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 232.571674][ T6377] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 232.571706][ T6377] ? kasan_save_track+0x4f/0x80 [ 232.571732][ T6377] ? kasan_save_track+0x3e/0x80 [ 232.571763][ T6377] ? kasan_save_free_info+0x46/0x50 [ 232.571801][ T6377] ? kmem_cache_free+0x18f/0x400 [ 232.571831][ T6377] ? __xfs_trans_commit+0x3e0/0xbd0 [ 232.571857][ T6377] ? xfs_trans_roll+0x130/0x450 [ 232.571881][ T6377] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 232.571923][ T6377] xfs_attr_set_iter+0x2d4/0x4b70 [ 232.571959][ T6377] ? filename_setxattr+0x274/0x600 [ 232.571994][ T6377] ? path_setxattrat+0x364/0x3a0 [ 232.572016][ T6377] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 232.572070][ T6377] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 232.572129][ T6377] ? kasan_quarantine_put+0xdd/0x220 [pid 6373] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 6373] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 232.572156][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.572184][ T6377] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.572227][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.572262][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.572290][ T6377] ? kmem_cache_free+0x18f/0x400 [ 232.572319][ T6377] ? __xfs_trans_commit+0x3e0/0xbd0 [ 232.572351][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.572379][ T6377] ? __xfs_trans_commit+0x4c7/0xbd0 [ 232.572424][ T6377] xfs_attr_finish_item+0xed/0x320 [pid 6373] ioctl(4, LOOP_SET_FD, 3 [pid 6354] <... mount resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 6354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6354] chdir("./file1" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6354] <... chdir resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./10/file1", [pid 6354] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6354] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6354] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6347] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... openat resumed>) = 4 [pid 5872] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6354] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 6354] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6347] <... futex resumed>) = 0 [pid 6354] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] newfstatat(4, "", [pid 6354] <... pwritev2 resumed>) = 65007 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6354] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6354] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 6354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6347] <... futex resumed>) = 0 [pid 6354] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [ 232.572466][ T6377] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 232.572504][ T6377] xfs_defer_finish_one+0x5c8/0xcf0 [ 232.572566][ T6377] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 232.572617][ T6377] xfs_defer_finish_noroll+0x910/0x12d0 [ 232.572658][ T6377] ? xfs_trans_commit+0x10b/0x1c0 [ 232.572691][ T6377] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 232.572725][ T6377] ? inode_set_ctime_current+0x740/0xb40 [ 232.572780][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6373] <... ioctl resumed>) = 0 [pid 6373] close(3) = 0 [pid 6373] close(4) = 0 [pid 6373] mkdir("./file1", 0777) = 0 [pid 6373] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./10/file1") = 0 [pid 5872] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./10/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./10") = 0 [pid 5872] mkdir("./11", 0777) = 0 [ 232.572809][ T6377] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 232.572850][ T6377] xfs_trans_commit+0x10b/0x1c0 [ 232.572878][ T6377] ? __pfx_xfs_trans_commit+0x10/0x10 [ 232.572911][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.572939][ T6377] ? xfs_trans_log_inode+0x12c/0x1a0 [ 232.572981][ T6377] xfs_attr_set+0xdc6/0x1210 [ 232.573033][ T6377] ? __pfx_xfs_attr_set+0x10/0x10 [ 232.573069][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.573097][ T6377] ? __lock_acquire+0xab9/0xd20 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 232.573136][ T6377] ? xfs_da_hashname+0x59d/0x740 [ 232.573168][ T6377] ? do_raw_spin_lock+0x121/0x290 [ 232.573213][ T6377] ? xfs_attr_change+0x2ac/0x390 [ 232.573248][ T6377] xfs_xattr_set+0x14d/0x250 [ 232.573282][ T6377] ? __pfx_xfs_xattr_set+0x10/0x10 [ 232.573329][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.573358][ T6377] ? evm_protect_xattr+0x4d4/0xa90 [ 232.573386][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.573415][ T6377] ? rcu_is_watching+0x15/0xb0 [ 232.573450][ T6377] ? __pfx_evm_protect_xattr+0x10/0x10 [ 232.573479][ T6377] ? __pfx_xfs_xattr_set+0x10/0x10 [ 232.573508][ T6377] __vfs_setxattr+0x43c/0x480 [ 232.573559][ T6377] __vfs_setxattr_noperm+0x12d/0x660 [ 232.573605][ T6377] vfs_setxattr+0x16b/0x2f0 [ 232.573648][ T6377] ? __pfx_vfs_setxattr+0x10/0x10 [ 232.573679][ T6377] ? mnt_get_write_access+0x223/0x2a0 [ 232.573711][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.573746][ T6377] filename_setxattr+0x274/0x600 [ 232.573800][ T6377] ? __pfx_filename_setxattr+0x10/0x10 [ 232.573840][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.573869][ T6377] ? getname_flags+0x1e5/0x540 [ 232.573912][ T6377] path_setxattrat+0x364/0x3a0 [ 232.573950][ T6377] ? __pfx_path_setxattrat+0x10/0x10 [ 232.574020][ T6377] ? srso_alias_return_thunk+0x5/0xfbef5 [ 232.574048][ T6377] ? rcu_is_watching+0x15/0xb0 [ 232.574086][ T6377] __x64_sys_lsetxattr+0xbf/0xe0 [ 232.574129][ T6377] do_syscall_64+0xfa/0x3b0 [ 232.574158][ T6377] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.574183][ T6377] ? __switch_to_asm+0x39/0x70 [ 232.574217][ T6377] ? __switch_to_asm+0x33/0x70 [ 232.574256][ T6377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.574282][ T6377] RIP: 0033:0x7f3cdbf794f9 [ 232.574306][ T6377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 232.574328][ T6377] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 232.574355][ T6377] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 232.574375][ T6377] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 232.574393][ T6377] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 232.574410][ T6377] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 232.574427][ T6377] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 232.574468][ T6377] [ 232.574479][ T6377] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 232.585400][ T6354] XFS (loop2): Starting recovery (logdev: internal) [pid 5872] close(3 [pid 6347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6347] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6347] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6383]}, 88) = 6383 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6383 attached [pid 6383] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6383] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 232.597991][ T6377] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 232.659088][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 232.659887][ T6377] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 232.683861][ T6354] XFS (loop2): Ending recovery (logdev: internal) [ 233.115184][ T6373] loop0: detected capacity change from 0 to 32768 [pid 6383] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6354] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 233.145268][ T6354] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 233.166454][ T6373] XFS: noikeep mount option is deprecated. [ 233.529889][ T6354] XFS (loop2): Unmount and run xfs_repair [ 233.531644][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6354] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... close resumed>) = 0 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6385 attached [ 233.551684][ T6383] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 233.556097][ T6373] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 233.581444][ T6383] CPU: 1 UID: 0 PID: 6383 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 6385] set_robust_list(0x55555d962760, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6385 [pid 6385] <... set_robust_list resumed>) = 0 [pid 6385] chdir("./11") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 233.581484][ T6383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.581500][ T6383] Call Trace: [ 233.581510][ T6383] [ 233.581520][ T6383] dump_stack_lvl+0x189/0x250 [ 233.581560][ T6383] ? __pfx__xfs_alert_tag+0x10/0x10 [ 233.581599][ T6383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.581634][ T6383] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 233.581690][ T6383] xfs_corruption_error+0x122/0x170 [ 233.581731][ T6383] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 233.581767][ T6383] xfs_alloc_fixup_trees+0x95e/0xd20 [ 233.581810][ T6383] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6385] write(1, "executing program\n", 18) = 18 [pid 6385] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6385] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6388]}, 88) = 6388 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6385] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.581854][ T6383] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 233.581884][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.581912][ T6383] ? rcu_is_watching+0x15/0xb0 [ 233.581943][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.581972][ T6383] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 233.582004][ T6383] ? rcu_is_watching+0x15/0xb0 [ 233.582044][ T6383] xfs_alloc_cur_finish+0xd3/0x4b0 [ 233.582074][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.582104][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6385] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6388 attached [pid 5874] <... umount2 resumed>) = 0 [pid 6388] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5874] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6388] <... rseq resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6388] set_robust_list(0x7f3cdbf259a0, 24 [pid 5874] newfstatat(AT_FDCWD, "./10/file1", [pid 6388] <... set_robust_list resumed>) = 0 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6388] memfd_create("syzkaller", 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6388] <... memfd_create resumed>) = 3 [pid 5874] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] <... openat resumed>) = 4 [pid 6388] <... mmap resumed>) = 0x7f3cd3a00000 [ 233.582140][ T6383] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 233.582202][ T6383] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 233.582234][ T6383] ? xfs_group_grab+0x28/0x480 [ 233.582273][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.582303][ T6383] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 233.582339][ T6383] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 233.582389][ T6383] xfs_alloc_vextent_start_ag+0x388/0x850 [ 233.582429][ T6383] xfs_bmapi_allocate+0x188e/0x2e00 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, [pid 6383] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6383] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [ 233.582498][ T6383] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 233.582532][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.582584][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.582613][ T6383] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 233.582636][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.582665][ T6383] ? xfs_iext_prev+0x35a/0x370 [ 233.582705][ T6383] ? xfs_iext_get_extent+0x1bb/0x370 [ 233.582737][ T6383] xfs_bmapi_write+0x7df/0x1260 [ 233.582807][ T6383] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 5874] close(4) = 0 [pid 5874] rmdir("./10/file1") = 0 [pid 5874] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./10/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./10") = 0 [pid 5874] mkdir("./11", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 233.582887][ T6383] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 233.582929][ T6383] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 233.582961][ T6383] ? kasan_save_track+0x4f/0x80 [ 233.582987][ T6383] ? kasan_save_track+0x3e/0x80 [ 233.583011][ T6383] ? kasan_save_free_info+0x46/0x50 [ 233.583048][ T6383] ? kmem_cache_free+0x18f/0x400 [ 233.583076][ T6383] ? __xfs_trans_commit+0x3e0/0xbd0 [ 233.583103][ T6383] ? xfs_trans_roll+0x130/0x450 [ 233.583127][ T6383] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 5874] close(3 [pid 6347] exit_group(0 [pid 6383] <... futex resumed>) = ? [pid 6347] <... exit_group resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6354] <... futex resumed>) = ? [pid 6354] +++ exited with 0 +++ [pid 6347] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6347, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=139 /* 1.39 s */} --- [ 233.583167][ T6383] xfs_attr_set_iter+0x2d4/0x4b70 [ 233.583202][ T6383] ? filename_setxattr+0x274/0x600 [ 233.583236][ T6383] ? path_setxattrat+0x364/0x3a0 [ 233.583258][ T6383] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 233.583313][ T6383] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 233.583374][ T6383] ? kasan_quarantine_put+0xdd/0x220 [ 233.583402][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.583432][ T6383] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.583473][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 233.583513][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.583544][ T6383] ? kmem_cache_free+0x18f/0x400 [ 233.583573][ T6383] ? __xfs_trans_commit+0x3e0/0xbd0 [ 233.583608][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.583638][ T6383] ? __xfs_trans_commit+0x4c7/0xbd0 [ 233.583684][ T6383] xfs_attr_finish_item+0xed/0x320 [ 233.583728][ T6383] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 233.583768][ T6383] xfs_defer_finish_one+0x5c8/0xcf0 [ 233.583838][ T6383] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 233.583889][ T6383] xfs_defer_finish_noroll+0x910/0x12d0 [ 233.583930][ T6383] ? xfs_trans_commit+0x10b/0x1c0 [ 233.583963][ T6383] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 233.583998][ T6383] ? inode_set_ctime_current+0x740/0xb40 [ 233.584047][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.584077][ T6383] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 233.584118][ T6383] xfs_trans_commit+0x10b/0x1c0 [ 233.584146][ T6383] ? __pfx_xfs_trans_commit+0x10/0x10 [ 233.584179][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.584208][ T6383] ? xfs_trans_log_inode+0x12c/0x1a0 [ 233.584251][ T6383] xfs_attr_set+0xdc6/0x1210 [ 233.584301][ T6383] ? __pfx_xfs_attr_set+0x10/0x10 [ 233.584337][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.584367][ T6383] ? __lock_acquire+0xab9/0xd20 [ 233.584406][ T6383] ? xfs_da_hashname+0x59d/0x740 [ 233.584439][ T6383] ? do_raw_spin_lock+0x121/0x290 [ 233.584482][ T6383] ? xfs_attr_change+0x2ac/0x390 [ 233.584518][ T6383] xfs_xattr_set+0x14d/0x250 [ 233.584552][ T6383] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 5873] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 233.584599][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.584629][ T6383] ? evm_protect_xattr+0x4d4/0xa90 [ 233.584658][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.584687][ T6383] ? rcu_is_watching+0x15/0xb0 [ 233.584722][ T6383] ? __pfx_evm_protect_xattr+0x10/0x10 [ 233.584751][ T6383] ? __pfx_xfs_xattr_set+0x10/0x10 [ 233.584788][ T6383] __vfs_setxattr+0x43c/0x480 [ 233.584841][ T6383] __vfs_setxattr_noperm+0x12d/0x660 [ 233.584889][ T6383] vfs_setxattr+0x16b/0x2f0 [ 233.584934][ T6383] ? __pfx_vfs_setxattr+0x10/0x10 [ 233.584967][ T6383] ? mnt_get_write_access+0x223/0x2a0 [ 233.585000][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.585037][ T6383] filename_setxattr+0x274/0x600 [ 233.585086][ T6383] ? __pfx_filename_setxattr+0x10/0x10 [ 233.585127][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.585156][ T6383] ? getname_flags+0x1e5/0x540 [ 233.585200][ T6383] path_setxattrat+0x364/0x3a0 [ 233.585239][ T6383] ? __pfx_path_setxattrat+0x10/0x10 [ 233.585309][ T6383] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.585338][ T6383] ? rcu_is_watching+0x15/0xb0 [ 233.585378][ T6383] __x64_sys_lsetxattr+0xbf/0xe0 [ 233.585416][ T6383] do_syscall_64+0xfa/0x3b0 [ 233.585441][ T6383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.585463][ T6383] ? __switch_to_asm+0x39/0x70 [ 233.585493][ T6383] ? __switch_to_asm+0x33/0x70 [ 233.585528][ T6383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.585551][ T6383] RIP: 0033:0x7f3cdbf794f9 [ 233.585571][ T6383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 233.585591][ T6383] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 233.585616][ T6383] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 233.585633][ T6383] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 233.585650][ T6383] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 233.585665][ T6383] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 6388] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... close resumed>) = 0 [ 233.585680][ T6383] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 233.585716][ T6383] [ 233.590653][ T6383] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 233.641163][ T6373] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 233.645674][ T6383] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 233.714515][ T6373] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6389 attached [pid 6373] <... mount resumed>) = 0 [pid 6373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6389 [pid 6373] <... openat resumed>) = 3 [pid 6389] set_robust_list(0x55555d962760, 24 [pid 6373] chdir("./file1" [pid 6389] <... set_robust_list resumed>) = 0 [pid 6373] <... chdir resumed>) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6389] chdir("./11") = 0 [pid 6373] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6389] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6373] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... prctl resumed>) = 0 [pid 6373] <... futex resumed>) = 1 [pid 6367] <... futex resumed>) = 0 [pid 6389] setpgid(0, 0 [pid 6373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... setpgid resumed>) = 0 [pid 6373] <... openat resumed>) = 4 [pid 6367] <... futex resumed>) = 0 [pid 6389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6373] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6373] <... futex resumed>) = 0 [pid 6367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... openat resumed>) = 3 [pid 6373] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6367] <... futex resumed>) = 0 [pid 6389] write(3, "1000", 4 [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... write resumed>) = 4 [pid 6389] close(3) = 0 [ 233.719846][ T6383] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 233.772331][ T6373] XFS (loop0): Ending recovery (logdev: internal) [ 234.333841][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6389] symlink("/dev/binderfs", "./binderfs" [pid 5873] <... umount2 resumed>) = 0 [pid 6389] <... symlink resumed>) = 0 [pid 5873] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6389] write(1, "executing program\n", 18 [pid 5873] newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5873] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6389] <... write resumed>) = 18 [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] <... futex resumed>) = 0 [pid 6389] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5873] <... openat resumed>) = 4 [pid 6389] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5873] newfstatat(4, "", [pid 6389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6389] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6389] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6373] <... pwritev2 resumed>) = 65007 [pid 6389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6373] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6373] <... futex resumed>) = 1 [pid 6367] <... futex resumed>) = 0 [pid 6367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6367] <... futex resumed>) = 0 [pid 6389] <... clone3 resumed> => {parent_tid=[6390]}, 88) = 6390 ./strace-static-x86_64: Process 6390 attached [pid 5873] getdents64(4, [pid 6390] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6390] <... rseq resumed>) = 0 [pid 6390] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5873] getdents64(4, [pid 6390] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./10/file1") = 0 [pid 5873] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./10/binderfs") = 0 [pid 5873] getdents64(3, [pid 6389] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6389] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6390] memfd_create("syzkaller", 0 [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] close(3 [pid 6390] <... memfd_create resumed>) = 3 [pid 5873] <... close resumed>) = 0 [pid 6390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] rmdir("./10" [pid 6390] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6373] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... rmdir resumed>) = 0 [pid 6373] <... futex resumed>) = 1 [pid 6367] <... futex resumed>) = 0 [pid 6373] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6367] <... futex resumed>) = 1 [pid 6373] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] mkdir("./11", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 234.415216][ T6373] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 234.428813][ T6373] XFS (loop0): Unmount and run xfs_repair [ 234.454461][ T6373] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 234.483748][ T6373] CPU: 1 UID: 0 PID: 6373 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 234.483785][ T6373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 234.483809][ T6373] Call Trace: [ 234.483818][ T6373] [ 234.483828][ T6373] dump_stack_lvl+0x189/0x250 [ 234.483866][ T6373] ? __pfx__xfs_alert_tag+0x10/0x10 [ 234.483905][ T6373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.483940][ T6373] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 234.483990][ T6373] xfs_corruption_error+0x122/0x170 [ 234.484032][ T6373] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 234.484068][ T6373] xfs_alloc_fixup_trees+0x95e/0xd20 [ 234.484098][ T6373] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 234.484140][ T6373] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 234.484172][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484202][ T6373] ? rcu_is_watching+0x15/0xb0 [ 234.484233][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484262][ T6373] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 234.484295][ T6373] ? rcu_is_watching+0x15/0xb0 [ 234.484335][ T6373] xfs_alloc_cur_finish+0xd3/0x4b0 [ 234.484366][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484398][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484433][ T6373] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 234.484493][ T6373] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 234.484523][ T6373] ? xfs_group_grab+0x28/0x480 [ 234.484560][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484589][ T6373] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 234.484624][ T6373] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 234.484674][ T6373] xfs_alloc_vextent_start_ag+0x388/0x850 [ 234.484714][ T6373] xfs_bmapi_allocate+0x188e/0x2e00 [ 234.484782][ T6373] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 234.484824][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484877][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484905][ T6373] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 234.484930][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.484959][ T6373] ? xfs_iext_prev+0x35a/0x370 [ 234.484998][ T6373] ? xfs_iext_get_extent+0x1bb/0x370 [ 234.485030][ T6373] xfs_bmapi_write+0x7df/0x1260 [ 234.485091][ T6373] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 234.485173][ T6373] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 234.485216][ T6373] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 234.485248][ T6373] ? kasan_save_track+0x4f/0x80 [ 234.485275][ T6373] ? kasan_save_track+0x3e/0x80 [ 234.485301][ T6373] ? kasan_save_free_info+0x46/0x50 [ 234.485340][ T6373] ? kmem_cache_free+0x18f/0x400 [ 234.485368][ T6373] ? __xfs_trans_commit+0x3e0/0xbd0 [ 234.485394][ T6373] ? xfs_trans_roll+0x130/0x450 [ 234.485419][ T6373] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 234.485460][ T6373] xfs_attr_set_iter+0x2d4/0x4b70 [ 234.485496][ T6373] ? filename_setxattr+0x274/0x600 [ 234.485531][ T6373] ? path_setxattrat+0x364/0x3a0 [ 234.485553][ T6373] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 234.485607][ T6373] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 234.485667][ T6373] ? kasan_quarantine_put+0xdd/0x220 [ 234.485694][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.485723][ T6373] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.485765][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.485805][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.485834][ T6373] ? kmem_cache_free+0x18f/0x400 [ 234.485863][ T6373] ? __xfs_trans_commit+0x3e0/0xbd0 [ 234.485895][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.485924][ T6373] ? __xfs_trans_commit+0x4c7/0xbd0 [ 234.485969][ T6373] xfs_attr_finish_item+0xed/0x320 [ 234.486010][ T6373] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 234.486049][ T6373] xfs_defer_finish_one+0x5c8/0xcf0 [ 234.486112][ T6373] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 234.486163][ T6373] xfs_defer_finish_noroll+0x910/0x12d0 [ 234.486204][ T6373] ? xfs_trans_commit+0x10b/0x1c0 [ 234.486237][ T6373] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 234.486272][ T6373] ? inode_set_ctime_current+0x740/0xb40 [ 234.486321][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.486349][ T6373] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 234.486391][ T6373] xfs_trans_commit+0x10b/0x1c0 [ 234.486419][ T6373] ? __pfx_xfs_trans_commit+0x10/0x10 [ 234.486452][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.486481][ T6373] ? xfs_trans_log_inode+0x12c/0x1a0 [ 234.486523][ T6373] xfs_attr_set+0xdc6/0x1210 [ 234.486573][ T6373] ? __pfx_xfs_attr_set+0x10/0x10 [ 234.486609][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.486638][ T6373] ? __lock_acquire+0xab9/0xd20 [ 234.486675][ T6373] ? xfs_da_hashname+0x59d/0x740 [ 234.486708][ T6373] ? do_raw_spin_lock+0x121/0x290 [ 234.486753][ T6373] ? xfs_attr_change+0x2ac/0x390 [ 234.486788][ T6373] xfs_xattr_set+0x14d/0x250 [ 234.486832][ T6373] ? __pfx_xfs_xattr_set+0x10/0x10 [ 234.486877][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.486904][ T6373] ? evm_protect_xattr+0x4d4/0xa90 [ 234.486932][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.486959][ T6373] ? rcu_is_watching+0x15/0xb0 [ 234.486992][ T6373] ? __pfx_evm_protect_xattr+0x10/0x10 [ 234.487021][ T6373] ? __pfx_xfs_xattr_set+0x10/0x10 [ 234.487050][ T6373] __vfs_setxattr+0x43c/0x480 [ 234.487100][ T6373] __vfs_setxattr_noperm+0x12d/0x660 [ 234.487144][ T6373] vfs_setxattr+0x16b/0x2f0 [ 234.487182][ T6373] ? __pfx_vfs_setxattr+0x10/0x10 [ 234.487210][ T6373] ? mnt_get_write_access+0x223/0x2a0 [ 234.487237][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.487269][ T6373] filename_setxattr+0x274/0x600 [ 234.487311][ T6373] ? __pfx_filename_setxattr+0x10/0x10 [ 234.487347][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.487373][ T6373] ? getname_flags+0x1e5/0x540 [ 234.487410][ T6373] path_setxattrat+0x364/0x3a0 [ 234.487443][ T6373] ? __pfx_path_setxattrat+0x10/0x10 [ 234.487513][ T6373] __x64_sys_lsetxattr+0xbf/0xe0 [ 234.487550][ T6373] do_syscall_64+0xfa/0x3b0 [ 234.487572][ T6373] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.487607][ T6373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.487628][ T6373] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.487654][ T6373] ? exc_page_fault+0x9f/0xf0 [ 234.487690][ T6373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.487712][ T6373] RIP: 0033:0x7f3cdbf794f9 [ 234.487733][ T6373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 234.487752][ T6373] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 234.487775][ T6373] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 234.487791][ T6373] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 234.487812][ T6373] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 234.487827][ T6373] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 234.487841][ T6373] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 234.487876][ T6373] [ 235.149924][ T6373] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 6388] <... write resumed>) = 16777216 [pid 6390] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6388] munmap(0x7f3cd3a00000, 138412032 [pid 6367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 235.211585][ T6373] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 235.255969][ T6373] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 6373] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6388] <... munmap resumed>) = 0 [pid 6373] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6367] exit_group(0) = ? [pid 6373] +++ exited with 0 +++ [pid 6367] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6367, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=102 /* 1.02 s */} --- [pid 5871] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6388] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3 [pid 6390] <... write resumed>) = 16777216 [pid 6390] munmap(0x7f3cd3a00000, 138412032 [pid 6388] <... ioctl resumed>) = 0 [pid 6388] close(3) = 0 [pid 6388] close(4) = 0 [pid 6388] mkdir("./file1", 0777) = 0 [ 235.388070][ T6388] loop1: detected capacity change from 0 to 32768 [ 235.399119][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6390] <... munmap resumed>) = 0 [ 235.451419][ T6388] XFS: noikeep mount option is deprecated. [ 235.475131][ T6390] loop3: detected capacity change from 0 to 32768 [pid 6388] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6390] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6390] close(3) = 0 [pid 6390] close(4) = 0 [pid 6390] mkdir("./file1", 0777) = 0 [ 235.497583][ T6390] XFS: noikeep mount option is deprecated. [pid 6390] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6397 attached ) = -1 EINVAL (Invalid argument) [pid 6397] set_robust_list(0x55555d962760, 24) = 0 [pid 6397] chdir("./11") = 0 [pid 6397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6397] setpgid(0, 0) = 0 [pid 6397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6397] write(3, "1000", 4) = 4 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6397 [ 235.522180][ T6390] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] newfstatat(AT_FDCWD, "./10/file1", [pid 6397] close(3) = 0 [pid 6397] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6397] write(1, "executing program\n", 18) = 18 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6397] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6405]}, 88) = 6405 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6397] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6405 attached [pid 6405] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5871] openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6405] <... rseq resumed>) = 0 [pid 6405] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... openat resumed>) = 4 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] memfd_create("syzkaller", 0 [pid 5871] newfstatat(4, "", [pid 6405] <... memfd_create resumed>) = 3 [pid 6405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./10/file1") = 0 [pid 5871] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./10/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./10") = 0 [pid 5871] mkdir("./11", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 235.615625][ T6388] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 235.696232][ T6390] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 235.735986][ T6388] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] close(3) = 0 [ 235.801011][ T6390] XFS (loop3): Starting recovery (logdev: internal) [ 235.820458][ T6388] XFS (loop1): Starting recovery (logdev: internal) [pid 6390] <... mount resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6409 attached [pid 6390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6405] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6409 [pid 6409] set_robust_list(0x55555d962760, 24 [pid 6390] <... openat resumed>) = 3 [pid 6388] <... mount resumed>) = 0 [pid 6409] <... set_robust_list resumed>) = 0 [pid 6388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6390] chdir("./file1" [pid 6388] <... openat resumed>) = 3 [pid 6390] <... chdir resumed>) = 0 [pid 6388] chdir("./file1" [pid 6390] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6388] <... chdir resumed>) = 0 [pid 6390] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6388] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6390] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6409] chdir("./11" [pid 6389] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... chdir resumed>) = 0 [pid 6390] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6389] <... futex resumed>) = 0 [pid 6388] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = 0 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... prctl resumed>) = 0 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6409] setpgid(0, 0 [pid 6385] <... futex resumed>) = 0 [pid 6409] <... setpgid resumed>) = 0 [pid 6390] <... openat resumed>) = 4 [pid 6385] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6390] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... openat resumed>) = 4 [pid 6409] write(3, "1000", 4 [pid 6390] <... futex resumed>) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6409] <... write resumed>) = 4 [pid 6390] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6389] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] close(3 [pid 6390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6389] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6409] <... close resumed>) = 0 [pid 6390] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] symlink("/dev/binderfs", "./binderfs" [pid 6388] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... symlink resumed>) = 0 executing program [pid 6409] write(1, "executing program\n", 18) = 18 [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6409] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6388] <... pwritev2 resumed>) = 65007 [pid 6409] <... mprotect resumed>) = 0 [pid 6390] <... pwritev2 resumed>) = 65007 [pid 6388] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6385] <... futex resumed>) = 0 [pid 6409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6385] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6410 attached [pid 6409] <... clone3 resumed> => {parent_tid=[6410]}, 88) = 6410 [pid 6385] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6390] <... futex resumed>) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6410] <... rseq resumed>) = 0 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 235.850205][ T6390] XFS (loop3): Ending recovery (logdev: internal) [ 235.876759][ T6388] XFS (loop1): Ending recovery (logdev: internal) [pid 6389] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] set_robust_list(0x7f3cdbf259a0, 24 [pid 6409] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6389] <... futex resumed>) = 0 [pid 6388] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6410] <... set_robust_list resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6390] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] memfd_create("syzkaller", 0) = 3 [pid 6410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6388] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6390] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6385] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6385] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6385] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6390] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... mprotect resumed>) = 0 [ 235.928706][ T6388] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 235.942620][ T6390] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 235.956520][ T6388] XFS (loop1): Unmount and run xfs_repair [ 235.963483][ T6390] XFS (loop3): Unmount and run xfs_repair [pid 6390] <... futex resumed>) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6390] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6389] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6389] <... futex resumed>) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6411 attached [pid 6389] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... clone3 resumed> => {parent_tid=[6411]}, 88) = 6411 [pid 6411] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], [pid 6411] <... rseq resumed>) = 0 [pid 6411] set_robust_list(0x7f3cdbf049a0, 24 [pid 6388] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] <... set_robust_list resumed>) = 0 [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... futex resumed>) = 0 [ 235.991406][ T6390] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 236.020812][ T6411] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 236.026897][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 236.026936][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.026953][ T6390] Call Trace: [ 236.026966][ T6390] [ 236.026980][ T6390] dump_stack_lvl+0x189/0x250 [ 236.027017][ T6390] ? __pfx__xfs_alert_tag+0x10/0x10 [ 236.027067][ T6390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.027103][ T6390] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 236.027152][ T6390] xfs_corruption_error+0x122/0x170 [pid 6388] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 236.027193][ T6390] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 236.027229][ T6390] xfs_alloc_fixup_trees+0x95e/0xd20 [ 236.027259][ T6390] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 236.027301][ T6390] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 236.027333][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.027362][ T6390] ? rcu_is_watching+0x15/0xb0 [ 236.027393][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.027421][ T6390] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 236.027454][ T6390] ? rcu_is_watching+0x15/0xb0 [pid 6389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 236.027494][ T6390] xfs_alloc_cur_finish+0xd3/0x4b0 [ 236.027524][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.027555][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.027590][ T6390] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 236.027649][ T6390] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 236.027680][ T6390] ? xfs_group_grab+0x28/0x480 [ 236.027717][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.027745][ T6390] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 236.027780][ T6390] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 236.027829][ T6390] xfs_alloc_vextent_start_ag+0x388/0x850 [ 236.027870][ T6390] xfs_bmapi_allocate+0x188e/0x2e00 [ 236.027937][ T6390] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 236.027970][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028022][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028055][ T6390] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 236.028080][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028108][ T6390] ? xfs_iext_prev+0x35a/0x370 [ 236.028147][ T6390] ? xfs_iext_get_extent+0x1bb/0x370 [pid 6410] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6405] <... write resumed>) = 16777216 [ 236.028179][ T6390] xfs_bmapi_write+0x7df/0x1260 [ 236.028239][ T6390] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 236.028321][ T6390] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 236.028364][ T6390] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 236.028395][ T6390] ? kasan_save_track+0x4f/0x80 [ 236.028421][ T6390] ? kasan_save_track+0x3e/0x80 [ 236.028446][ T6390] ? kasan_save_free_info+0x46/0x50 [ 236.028484][ T6390] ? kmem_cache_free+0x18f/0x400 [ 236.028513][ T6390] ? __xfs_trans_commit+0x3e0/0xbd0 [ 236.028539][ T6390] ? xfs_trans_roll+0x130/0x450 [pid 6405] munmap(0x7f3cd3a00000, 138412032 [pid 6390] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6390] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 236.028562][ T6390] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 236.028603][ T6390] xfs_attr_set_iter+0x2d4/0x4b70 [ 236.028639][ T6390] ? filename_setxattr+0x274/0x600 [ 236.028673][ T6390] ? path_setxattrat+0x364/0x3a0 [ 236.028695][ T6390] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 236.028748][ T6390] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 236.028807][ T6390] ? kasan_quarantine_put+0xdd/0x220 [ 236.028833][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028862][ T6390] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6390] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6389] exit_group(0 [pid 6390] <... futex resumed>) = ? [pid 6389] <... exit_group resumed>) = ? [pid 6390] +++ exited with 0 +++ [pid 6389] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6389, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=51 /* 0.51 s */} --- [ 236.028903][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028938][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.028967][ T6390] ? kmem_cache_free+0x18f/0x400 [ 236.028994][ T6390] ? __xfs_trans_commit+0x3e0/0xbd0 [ 236.029026][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.029059][ T6390] ? __xfs_trans_commit+0x4c7/0xbd0 [ 236.029104][ T6390] xfs_attr_finish_item+0xed/0x320 [ 236.029145][ T6390] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 236.029183][ T6390] xfs_defer_finish_one+0x5c8/0xcf0 [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 236.029244][ T6390] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 236.029295][ T6390] xfs_defer_finish_noroll+0x910/0x12d0 [ 236.029335][ T6390] ? xfs_trans_commit+0x10b/0x1c0 [ 236.029367][ T6390] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 236.029401][ T6390] ? inode_set_ctime_current+0x740/0xb40 [ 236.029449][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.029478][ T6390] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 236.029522][ T6390] xfs_trans_commit+0x10b/0x1c0 [ 236.029549][ T6390] ? __pfx_xfs_trans_commit+0x10/0x10 [pid 5874] getdents64(3, [pid 6405] <... munmap resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6405] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 236.029581][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.029703][ T6390] ? xfs_trans_log_inode+0x12c/0x1a0 [ 236.029757][ T6390] xfs_attr_set+0xdc6/0x1210 [ 236.029810][ T6390] ? __pfx_xfs_attr_set+0x10/0x10 [ 236.029845][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.029874][ T6390] ? __lock_acquire+0xab9/0xd20 [ 236.029912][ T6390] ? xfs_da_hashname+0x59d/0x740 [ 236.029945][ T6390] ? do_raw_spin_lock+0x121/0x290 [ 236.029989][ T6390] ? xfs_attr_change+0x2ac/0x390 [ 236.030037][ T6390] xfs_xattr_set+0x14d/0x250 [ 236.030069][ T6390] ? __pfx_xfs_xattr_set+0x10/0x10 [ 236.030115][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.030143][ T6390] ? evm_protect_xattr+0x4d4/0xa90 [ 236.030171][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.030199][ T6390] ? rcu_is_watching+0x15/0xb0 [ 236.030237][ T6390] ? __pfx_evm_protect_xattr+0x10/0x10 [ 236.030266][ T6390] ? __pfx_xfs_xattr_set+0x10/0x10 [ 236.030297][ T6390] __vfs_setxattr+0x43c/0x480 [ 236.030347][ T6390] __vfs_setxattr_noperm+0x12d/0x660 [pid 6405] ioctl(4, LOOP_SET_FD, 3 [pid 6411] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6410] <... write resumed>) = 16777216 [pid 6411] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] munmap(0x7f3cd3a00000, 138412032 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6410] <... munmap resumed>) = 0 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6385] exit_group(0 [pid 6411] <... futex resumed>) = ? [pid 6410] <... openat resumed>) = 4 [pid 6385] <... exit_group resumed>) = ? [ 236.030392][ T6390] vfs_setxattr+0x16b/0x2f0 [ 236.030436][ T6390] ? __pfx_vfs_setxattr+0x10/0x10 [ 236.030466][ T6390] ? mnt_get_write_access+0x223/0x2a0 [ 236.030498][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.030533][ T6390] filename_setxattr+0x274/0x600 [ 236.030581][ T6390] ? __pfx_filename_setxattr+0x10/0x10 [ 236.030621][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.030649][ T6390] ? getname_flags+0x1e5/0x540 [ 236.030691][ T6390] path_setxattrat+0x364/0x3a0 [ 236.030728][ T6390] ? __pfx_path_setxattrat+0x10/0x10 [pid 6410] ioctl(4, LOOP_SET_FD, 3 [pid 6411] +++ exited with 0 +++ [pid 6405] <... ioctl resumed>) = 0 [pid 6388] <... futex resumed>) = ? [pid 6388] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ [pid 6405] close(3) = 0 [pid 6405] close(4) = 0 [pid 6405] mkdir("./file1", 0777) = 0 [ 236.030796][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.030824][ T6390] ? rcu_is_watching+0x15/0xb0 [ 236.030861][ T6390] __x64_sys_lsetxattr+0xbf/0xe0 [ 236.030903][ T6390] do_syscall_64+0xfa/0x3b0 [ 236.030930][ T6390] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.030969][ T6390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.030993][ T6390] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.031029][ T6390] ? exc_page_fault+0x9f/0xf0 [ 236.031070][ T6390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.031095][ T6390] RIP: 0033:0x7f3cdbf794f9 [ 236.031121][ T6390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 236.031142][ T6390] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 236.031168][ T6390] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 236.031187][ T6390] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 236.031206][ T6390] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 236.031222][ T6390] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 236.031239][ T6390] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 236.031279][ T6390] [ 236.036938][ T6390] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 236.109347][ T6411] CPU: 1 UID: 0 PID: 6411 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 236.109383][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.109399][ T6411] Call Trace: [ 236.109410][ T6411] [ 236.109421][ T6411] dump_stack_lvl+0x189/0x250 [ 236.109459][ T6411] ? __pfx__xfs_alert_tag+0x10/0x10 [ 236.109499][ T6411] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.109534][ T6411] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 236.109584][ T6411] xfs_corruption_error+0x122/0x170 [ 236.109625][ T6411] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 236.109661][ T6411] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 6405] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=63 /* 0.63 s */} --- [pid 5872] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 236.109691][ T6411] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 236.109734][ T6411] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 236.109773][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.109804][ T6411] ? rcu_is_watching+0x15/0xb0 [ 236.109835][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.109864][ T6411] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 236.109896][ T6411] ? rcu_is_watching+0x15/0xb0 [ 236.109937][ T6411] xfs_alloc_cur_finish+0xd3/0x4b0 [ 236.109967][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6410] <... ioctl resumed>) = 0 [pid 6410] close(3) = 0 [pid 6410] close(4) = 0 [pid 6410] mkdir("./file1", 0777) = 0 [ 236.109998][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.110033][ T6411] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 236.110094][ T6411] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 236.110125][ T6411] ? xfs_group_grab+0x28/0x480 [ 236.110162][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.110190][ T6411] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 236.110225][ T6411] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 236.110274][ T6411] xfs_alloc_vextent_start_ag+0x388/0x850 [ 236.110315][ T6411] xfs_bmapi_allocate+0x188e/0x2e00 [ 236.110385][ T6411] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 236.110419][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.110470][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.110499][ T6411] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 236.110523][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.110551][ T6411] ? xfs_iext_prev+0x35a/0x370 [ 236.110591][ T6411] ? xfs_iext_get_extent+0x1bb/0x370 [ 236.110622][ T6411] xfs_bmapi_write+0x7df/0x1260 [ 236.110683][ T6411] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 236.110771][ T6411] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 236.110814][ T6411] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 236.110845][ T6411] ? kasan_save_track+0x4f/0x80 [ 236.110871][ T6411] ? kasan_save_track+0x3e/0x80 [ 236.110896][ T6411] ? kasan_save_free_info+0x46/0x50 [ 236.110933][ T6411] ? kmem_cache_free+0x18f/0x400 [ 236.110963][ T6411] ? __xfs_trans_commit+0x3e0/0xbd0 [ 236.110988][ T6411] ? xfs_trans_roll+0x130/0x450 [ 236.111012][ T6411] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 236.111053][ T6411] xfs_attr_set_iter+0x2d4/0x4b70 [ 236.111088][ T6411] ? filename_setxattr+0x274/0x600 [ 236.111121][ T6411] ? path_setxattrat+0x364/0x3a0 [ 236.111144][ T6411] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 236.111198][ T6411] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 236.111257][ T6411] ? kasan_quarantine_put+0xdd/0x220 [ 236.111284][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.111313][ T6411] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.111354][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6410] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [ 236.111389][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.111417][ T6411] ? kmem_cache_free+0x18f/0x400 [ 236.111444][ T6411] ? __xfs_trans_commit+0x3e0/0xbd0 [ 236.111477][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.111506][ T6411] ? __xfs_trans_commit+0x4c7/0xbd0 [ 236.111552][ T6411] xfs_attr_finish_item+0xed/0x320 [ 236.111594][ T6411] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 236.111631][ T6411] xfs_defer_finish_one+0x5c8/0xcf0 [ 236.111694][ T6411] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 236.111745][ T6411] xfs_defer_finish_noroll+0x910/0x12d0 [pid 5872] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./11/file1", [pid 5872] newfstatat(AT_FDCWD, "./11/file1", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", [pid 5872] <... openat resumed>) = 4 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] newfstatat(4, "", [pid 5874] getdents64(4, [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5874] getdents64(4, [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] getdents64(4, [pid 5874] close(4 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] <... close resumed>) = 0 [pid 5872] close(4 [pid 5874] rmdir("./11/file1" [pid 5872] <... close resumed>) = 0 [pid 5874] <... rmdir resumed>) = 0 [pid 5872] rmdir("./11/file1" [pid 5874] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... rmdir resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5874] unlink("./11/binderfs" [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... unlink resumed>) = 0 [pid 5872] unlink("./11/binderfs" [pid 5874] getdents64(3, [pid 5872] <... unlink resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 236.111792][ T6411] ? xfs_trans_commit+0x10b/0x1c0 [ 236.111825][ T6411] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 236.111859][ T6411] ? inode_set_ctime_current+0x740/0xb40 [ 236.111908][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.111938][ T6411] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 236.111979][ T6411] xfs_trans_commit+0x10b/0x1c0 [ 236.112006][ T6411] ? __pfx_xfs_trans_commit+0x10/0x10 [ 236.112039][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] close(3 [pid 5872] getdents64(3, [pid 5874] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./11") = 0 [pid 5872] mkdir("./12", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [ 236.112068][ T6411] ? xfs_trans_log_inode+0x12c/0x1a0 [ 236.112109][ T6411] xfs_attr_set+0xdc6/0x1210 [ 236.112159][ T6411] ? __pfx_xfs_attr_set+0x10/0x10 [ 236.112193][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.112222][ T6411] ? __lock_acquire+0xab9/0xd20 [ 236.112260][ T6411] ? xfs_da_hashname+0x59d/0x740 [ 236.112293][ T6411] ? do_raw_spin_lock+0x121/0x290 [ 236.112337][ T6411] ? xfs_attr_change+0x2ac/0x390 [ 236.112372][ T6411] xfs_xattr_set+0x14d/0x250 [ 236.112406][ T6411] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 5874] rmdir("./11") = 0 [pid 5874] mkdir("./12", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 236.112453][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.112481][ T6411] ? evm_protect_xattr+0x4d4/0xa90 [ 236.112509][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.112537][ T6411] ? rcu_is_watching+0x15/0xb0 [ 236.112573][ T6411] ? __pfx_evm_protect_xattr+0x10/0x10 [ 236.112602][ T6411] ? __pfx_xfs_xattr_set+0x10/0x10 [ 236.112630][ T6411] __vfs_setxattr+0x43c/0x480 [ 236.112681][ T6411] __vfs_setxattr_noperm+0x12d/0x660 [ 236.112726][ T6411] vfs_setxattr+0x16b/0x2f0 [ 236.112779][ T6411] ? __pfx_vfs_setxattr+0x10/0x10 [ 236.112810][ T6411] ? mnt_get_write_access+0x223/0x2a0 [ 236.112841][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.112877][ T6411] filename_setxattr+0x274/0x600 [ 236.112926][ T6411] ? __pfx_filename_setxattr+0x10/0x10 [ 236.112966][ T6411] ? srso_alias_return_thunk+0x5/0xfbef5 [ 236.112994][ T6411] ? getname_flags+0x1e5/0x540 [ 236.113037][ T6411] path_setxattrat+0x364/0x3a0 [ 236.113075][ T6411] ? __pfx_path_setxattrat+0x10/0x10 [ 236.113142][ T6411] ? __might_fault+0xb0/0x130 [ 236.113183][ T6411] __x64_sys_lsetxattr+0xbf/0xe0 [ 236.113224][ T6411] do_syscall_64+0xfa/0x3b0 [ 236.113252][ T6411] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.113276][ T6411] ? __switch_to_asm+0x39/0x70 [ 236.113309][ T6411] ? __switch_to_asm+0x33/0x70 [ 236.113348][ T6411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.113374][ T6411] RIP: 0033:0x7f3cdbf794f9 [ 236.113398][ T6411] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 236.113420][ T6411] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 236.113448][ T6411] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 236.113468][ T6411] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 236.113488][ T6411] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 236.113505][ T6411] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 236.113523][ T6411] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 236.113565][ T6411] [ 236.121468][ T6411] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 236.196557][ T6390] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 236.247905][ T6411] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 236.255014][ T6390] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 236.287381][ T6411] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 236.471184][ T6405] loop2: detected capacity change from 0 to 32768 [ 236.582244][ T6410] loop0: detected capacity change from 0 to 32768 [ 236.610119][ T6405] XFS: noikeep mount option is deprecated. [ 236.616337][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 236.890194][ T6410] XFS: noikeep mount option is deprecated. [ 236.934855][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.053704][ T6405] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.067692][ T6410] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.135207][ T6405] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 237.181202][ T6410] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 237.211756][ T6405] XFS (loop2): Starting recovery (logdev: internal) [ 237.345827][ T6410] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6428 attached , child_tidptr=0x55555d962750) = 6428 [pid 6428] set_robust_list(0x55555d962760, 24) = 0 [pid 6428] chdir("./12") = 0 [pid 6428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6428] setpgid(0, 0) = 0 [pid 6428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6428] write(3, "1000", 4) = 4 [pid 6428] close(3) = 0 [pid 6428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6428] write(1, "executing program\n", 18executing program [ 237.596383][ T6405] XFS (loop2): Ending recovery (logdev: internal) ) = 18 [pid 5874] <... close resumed>) = 0 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6428] <... futex resumed>) = 0 [pid 6428] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6405] <... mount resumed>) = 0 [pid 6410] <... mount resumed>) = 0 [pid 6428] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6405] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6410] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6410] chdir("./file1") = 0 [pid 6410] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6410] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6405] chdir("./file1" [pid 6410] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6405] <... chdir resumed>) = 0 [pid 6409] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6428] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6405] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6428] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6410] <... openat resumed>) = 4 [pid 6405] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6405] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6410] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6397] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6405] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6429 attached [pid 6429] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6429] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6405] <... openat resumed>) = 4 [pid 6428] <... clone3 resumed> => {parent_tid=[6429]}, 88) = 6429 ./strace-static-x86_64: Process 6430 attached [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6410] <... pwritev2 resumed>) = 65007 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], [pid 6405] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6430] set_robust_list(0x55555d962760, 24 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... futex resumed>) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6430 [pid 6428] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... set_robust_list resumed>) = 0 [pid 6429] memfd_create("syzkaller", 0 [pid 6428] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6397] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] chdir("./12" [pid 6429] <... memfd_create resumed>) = 3 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6410] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6430] <... chdir resumed>) = 0 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6409] <... futex resumed>) = 0 [pid 6405] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6429] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... prctl resumed>) = 0 [pid 6430] setpgid(0, 0) = 0 [pid 6430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6410] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 237.638967][ T6410] XFS (loop0): Ending recovery (logdev: internal) [pid 6430] write(3, "1000", 4) = 4 [pid 6405] <... pwritev2 resumed>) = 65007 [pid 6405] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] close(3 [pid 6410] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6397] <... futex resumed>) = 0 [pid 6397] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6430] <... close resumed>) = 0 [pid 6410] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6430] symlink("/dev/binderfs", "./binderfs" [pid 6410] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6409] <... futex resumed>) = 0 [pid 6430] <... symlink resumed>) = 0 [pid 6409] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 237.691779][ T6410] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 237.704519][ T6410] XFS (loop0): Unmount and run xfs_repair [ 237.715940][ T6405] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 237.729926][ T6405] XFS (loop2): Unmount and run xfs_repair [pid 6410] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6430] write(1, "executing program\n", 18executing program [pid 6405] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6405] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... futex resumed>) = 0 [pid 6430] <... write resumed>) = 18 [pid 6397] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6405] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6430] <... futex resumed>) = 0 [pid 6430] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [ 237.738382][ T6410] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 237.755140][ T6410] CPU: 0 UID: 0 PID: 6410 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 237.755178][ T6410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.755196][ T6410] Call Trace: [ 237.755207][ T6410] [ 237.755218][ T6410] dump_stack_lvl+0x189/0x250 [pid 6430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6409] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6430] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 237.755257][ T6410] ? __pfx__xfs_alert_tag+0x10/0x10 [ 237.755297][ T6410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.755334][ T6410] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 237.755386][ T6410] xfs_corruption_error+0x122/0x170 [ 237.755428][ T6410] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 237.755466][ T6410] xfs_alloc_fixup_trees+0x95e/0xd20 [ 237.755497][ T6410] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 237.755541][ T6410] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 237.755574][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6431]}, 88) = 6431 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6431 attached [pid 6430] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6430] <... futex resumed>) = 0 [pid 6431] <... rseq resumed>) = 0 [pid 6430] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6431] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6431] memfd_create("syzkaller", 0) = 3 [pid 6431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 237.755605][ T6410] ? rcu_is_watching+0x15/0xb0 [ 237.755638][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.755667][ T6410] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 237.755701][ T6410] ? rcu_is_watching+0x15/0xb0 [ 237.755742][ T6410] xfs_alloc_cur_finish+0xd3/0x4b0 [ 237.755774][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.755822][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.755859][ T6410] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 237.755920][ T6410] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 237.755952][ T6410] ? xfs_group_grab+0x28/0x480 [ 237.755992][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.756022][ T6410] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 237.756058][ T6410] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 237.756109][ T6410] xfs_alloc_vextent_start_ag+0x388/0x850 [ 237.756151][ T6410] xfs_bmapi_allocate+0x188e/0x2e00 [ 237.756221][ T6410] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 237.756256][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.756311][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.756324][ T6405] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 237.756341][ T6410] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 237.756365][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.756394][ T6410] ? xfs_iext_prev+0x35a/0x370 [ 237.756432][ T6410] ? xfs_iext_get_extent+0x1bb/0x370 [ 237.756466][ T6410] xfs_bmapi_write+0x7df/0x1260 [ 237.756530][ T6410] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 237.756612][ T6410] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 237.756656][ T6410] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 237.756689][ T6410] ? kasan_save_track+0x4f/0x80 [ 237.756716][ T6410] ? kasan_save_track+0x3e/0x80 [ 237.756743][ T6410] ? kasan_save_free_info+0x46/0x50 [ 237.756798][ T6410] ? kmem_cache_free+0x18f/0x400 [ 237.756830][ T6410] ? __xfs_trans_commit+0x3e0/0xbd0 [ 237.756857][ T6410] ? xfs_trans_roll+0x130/0x450 [ 237.756882][ T6410] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 237.756925][ T6410] xfs_attr_set_iter+0x2d4/0x4b70 [ 237.756962][ T6410] ? filename_setxattr+0x274/0x600 [pid 6429] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6410] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6410] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 237.756997][ T6410] ? path_setxattrat+0x364/0x3a0 [ 237.757020][ T6410] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 237.757076][ T6410] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 237.757137][ T6410] ? kasan_quarantine_put+0xdd/0x220 [ 237.757165][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757195][ T6410] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.757239][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757275][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757306][ T6410] ? kmem_cache_free+0x18f/0x400 [ 237.757335][ T6410] ? __xfs_trans_commit+0x3e0/0xbd0 [ 237.757369][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757399][ T6410] ? __xfs_trans_commit+0x4c7/0xbd0 [ 237.757445][ T6410] xfs_attr_finish_item+0xed/0x320 [ 237.757488][ T6410] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 237.757528][ T6410] xfs_defer_finish_one+0x5c8/0xcf0 [ 237.757592][ T6410] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 237.757645][ T6410] xfs_defer_finish_noroll+0x910/0x12d0 [ 237.757687][ T6410] ? xfs_trans_commit+0x10b/0x1c0 [pid 6431] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6409] exit_group(0 [pid 6410] <... futex resumed>) = ? [pid 6409] <... exit_group resumed>) = ? [pid 6410] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=92 /* 0.92 s */} --- [pid 5871] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 237.757722][ T6410] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 237.757758][ T6410] ? inode_set_ctime_current+0x740/0xb40 [ 237.757813][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757843][ T6410] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 237.757886][ T6410] xfs_trans_commit+0x10b/0x1c0 [ 237.757915][ T6410] ? __pfx_xfs_trans_commit+0x10/0x10 [ 237.757949][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.757979][ T6410] ? xfs_trans_log_inode+0x12c/0x1a0 [ 237.758022][ T6410] xfs_attr_set+0xdc6/0x1210 [pid 5871] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6397] exit_group(0) = ? [ 237.758075][ T6410] ? __pfx_xfs_attr_set+0x10/0x10 [ 237.758111][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.758140][ T6410] ? __lock_acquire+0xab9/0xd20 [ 237.758179][ T6410] ? xfs_da_hashname+0x59d/0x740 [ 237.758213][ T6410] ? do_raw_spin_lock+0x121/0x290 [ 237.758259][ T6410] ? xfs_attr_change+0x2ac/0x390 [ 237.758295][ T6410] xfs_xattr_set+0x14d/0x250 [ 237.758330][ T6410] ? __pfx_xfs_xattr_set+0x10/0x10 [ 237.758377][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.758407][ T6410] ? evm_protect_xattr+0x4d4/0xa90 [ 237.758436][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.758466][ T6410] ? rcu_is_watching+0x15/0xb0 [ 237.758502][ T6410] ? __pfx_evm_protect_xattr+0x10/0x10 [ 237.758533][ T6410] ? __pfx_xfs_xattr_set+0x10/0x10 [ 237.758562][ T6410] __vfs_setxattr+0x43c/0x480 [ 237.758614][ T6410] __vfs_setxattr_noperm+0x12d/0x660 [ 237.758660][ T6410] vfs_setxattr+0x16b/0x2f0 [ 237.758705][ T6410] ? __pfx_vfs_setxattr+0x10/0x10 [ 237.758737][ T6410] ? mnt_get_write_access+0x223/0x2a0 [ 237.758769][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.758819][ T6410] filename_setxattr+0x274/0x600 [ 237.758869][ T6410] ? __pfx_filename_setxattr+0x10/0x10 [ 237.758910][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.758939][ T6410] ? getname_flags+0x1e5/0x540 [ 237.758984][ T6410] path_setxattrat+0x364/0x3a0 [ 237.759023][ T6410] ? __pfx_path_setxattrat+0x10/0x10 [ 237.759093][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.759123][ T6410] ? rcu_is_watching+0x15/0xb0 [ 237.759162][ T6410] __x64_sys_lsetxattr+0xbf/0xe0 [ 237.759205][ T6410] do_syscall_64+0xfa/0x3b0 [ 237.759230][ T6410] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.759271][ T6410] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.759296][ T6410] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.759326][ T6410] ? exc_page_fault+0x9f/0xf0 [ 237.759369][ T6410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.759395][ T6410] RIP: 0033:0x7f3cdbf794f9 [ 237.759420][ T6410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 237.759443][ T6410] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 237.759470][ T6410] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 237.759491][ T6410] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 237.759511][ T6410] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 237.759529][ T6410] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 6429] <... write resumed>) = 16777216 [ 237.759547][ T6410] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 237.759588][ T6410] [ 237.760864][ T6410] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 237.776873][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 237.776912][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.776929][ T6405] Call Trace: [ 237.776941][ T6405] [ 237.776953][ T6405] dump_stack_lvl+0x189/0x250 [pid 6429] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 237.776992][ T6405] ? __pfx__xfs_alert_tag+0x10/0x10 [ 237.777039][ T6405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.777077][ T6405] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 237.777128][ T6405] xfs_corruption_error+0x122/0x170 [ 237.777169][ T6405] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 237.777206][ T6405] xfs_alloc_fixup_trees+0x95e/0xd20 [ 237.777237][ T6405] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 237.777281][ T6405] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 237.777313][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.777344][ T6405] ? rcu_is_watching+0x15/0xb0 [ 237.777375][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.777405][ T6405] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 237.777439][ T6405] ? rcu_is_watching+0x15/0xb0 [ 237.777481][ T6405] xfs_alloc_cur_finish+0xd3/0x4b0 [ 237.777512][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.777544][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.777580][ T6405] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 237.777641][ T6405] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 237.777673][ T6405] ? xfs_group_grab+0x28/0x480 [pid 6429] ioctl(4, LOOP_SET_FD, 3 [pid 6431] <... write resumed>) = 16777216 [pid 6405] <... lsetxattr resumed>) = ? [pid 6431] munmap(0x7f3cd3a00000, 138412032 [pid 6405] +++ exited with 0 +++ [pid 6397] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6397, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=129 /* 1.29 s */} --- [pid 5873] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6431] <... munmap resumed>) = 0 [pid 6429] <... ioctl resumed>) = 0 [pid 6429] close(3) = 0 [ 237.777711][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.777741][ T6405] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 237.777776][ T6405] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 237.777827][ T6405] xfs_alloc_vextent_start_ag+0x388/0x850 [ 237.777869][ T6405] xfs_bmapi_allocate+0x188e/0x2e00 [ 237.777937][ T6405] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 237.777972][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.778029][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6429] close(4) = 0 [pid 6429] mkdir("./file1", 0777) = 0 [pid 6429] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6431] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 237.778059][ T6405] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 237.778084][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.778114][ T6405] ? xfs_iext_prev+0x35a/0x370 [ 237.778153][ T6405] ? xfs_iext_get_extent+0x1bb/0x370 [ 237.778187][ T6405] xfs_bmapi_write+0x7df/0x1260 [ 237.778250][ T6405] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 237.778334][ T6405] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 237.778377][ T6405] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 237.778409][ T6405] ? kasan_save_track+0x4f/0x80 [ 237.778436][ T6405] ? kasan_save_track+0x3e/0x80 [ 237.778463][ T6405] ? kasan_save_free_info+0x46/0x50 [ 237.778502][ T6405] ? kmem_cache_free+0x18f/0x400 [ 237.778531][ T6405] ? __xfs_trans_commit+0x3e0/0xbd0 [ 237.778558][ T6405] ? xfs_trans_roll+0x130/0x450 [ 237.778584][ T6405] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 237.778625][ T6405] xfs_attr_set_iter+0x2d4/0x4b70 [ 237.778661][ T6405] ? filename_setxattr+0x274/0x600 [ 237.778696][ T6405] ? path_setxattrat+0x364/0x3a0 [ 237.778719][ T6405] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 237.778773][ T6405] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 237.778834][ T6405] ? kasan_quarantine_put+0xdd/0x220 [ 237.778861][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.778891][ T6405] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.778935][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.778971][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.779001][ T6405] ? kmem_cache_free+0x18f/0x400 [ 237.779036][ T6405] ? __xfs_trans_commit+0x3e0/0xbd0 [ 237.779070][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6431] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./11/file1") = 0 [pid 5871] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./11/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 237.779100][ T6405] ? __xfs_trans_commit+0x4c7/0xbd0 [ 237.779152][ T6405] xfs_attr_finish_item+0xed/0x320 [ 237.779194][ T6405] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 237.779234][ T6405] xfs_defer_finish_one+0x5c8/0xcf0 [ 237.779295][ T6405] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 237.779347][ T6405] xfs_defer_finish_noroll+0x910/0x12d0 [ 237.779390][ T6405] ? xfs_trans_commit+0x10b/0x1c0 [ 237.779424][ T6405] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 237.779459][ T6405] ? inode_set_ctime_current+0x740/0xb40 [pid 5871] close(3) = 0 [pid 6431] <... ioctl resumed>) = 0 [pid 6431] close(3) = 0 [pid 6431] close(4) = 0 [pid 6431] mkdir("./file1", 0777) = 0 [ 237.779511][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.779541][ T6405] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 237.779584][ T6405] xfs_trans_commit+0x10b/0x1c0 [ 237.779612][ T6405] ? __pfx_xfs_trans_commit+0x10/0x10 [ 237.779646][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.779676][ T6405] ? xfs_trans_log_inode+0x12c/0x1a0 [ 237.779719][ T6405] xfs_attr_set+0xdc6/0x1210 [ 237.779770][ T6405] ? __pfx_xfs_attr_set+0x10/0x10 [ 237.779806][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.779836][ T6405] ? __lock_acquire+0xab9/0xd20 [pid 6431] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] rmdir("./11") = 0 [pid 5871] mkdir("./12", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 237.779874][ T6405] ? xfs_da_hashname+0x59d/0x740 [ 237.779908][ T6405] ? do_raw_spin_lock+0x121/0x290 [ 237.779959][ T6405] ? xfs_attr_change+0x2ac/0x390 [ 237.779996][ T6405] xfs_xattr_set+0x14d/0x250 [ 237.780037][ T6405] ? __pfx_xfs_xattr_set+0x10/0x10 [ 237.780085][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.780115][ T6405] ? evm_protect_xattr+0x4d4/0xa90 [ 237.780144][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.780173][ T6405] ? rcu_is_watching+0x15/0xb0 [ 237.780210][ T6405] ? __pfx_evm_protect_xattr+0x10/0x10 [ 237.780240][ T6405] ? __pfx_xfs_xattr_set+0x10/0x10 [ 237.780269][ T6405] __vfs_setxattr+0x43c/0x480 [ 237.780322][ T6405] __vfs_setxattr_noperm+0x12d/0x660 [ 237.780368][ T6405] vfs_setxattr+0x16b/0x2f0 [ 237.780413][ T6405] ? __pfx_vfs_setxattr+0x10/0x10 [ 237.780445][ T6405] ? mnt_get_write_access+0x223/0x2a0 [ 237.780478][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.780514][ T6405] filename_setxattr+0x274/0x600 [ 237.780564][ T6405] ? __pfx_filename_setxattr+0x10/0x10 [ 237.780605][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.780635][ T6405] ? getname_flags+0x1e5/0x540 [ 237.780679][ T6405] path_setxattrat+0x364/0x3a0 [ 237.780718][ T6405] ? __pfx_path_setxattrat+0x10/0x10 [ 237.780822][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.780852][ T6405] ? rcu_is_watching+0x15/0xb0 [ 237.780892][ T6405] __x64_sys_lsetxattr+0xbf/0xe0 [ 237.780935][ T6405] do_syscall_64+0xfa/0x3b0 [ 237.780961][ T6405] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.781002][ T6405] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.781031][ T6405] ? srso_alias_return_thunk+0x5/0xfbef5 [ 237.781061][ T6405] ? exc_page_fault+0x9f/0xf0 [ 237.781105][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.781132][ T6405] RIP: 0033:0x7f3cdbf794f9 [ 237.781156][ T6405] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 237.781180][ T6405] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 237.781208][ T6405] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 237.781228][ T6405] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 237.781248][ T6405] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 237.781266][ T6405] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 237.781284][ T6405] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 237.781327][ T6405] [ 237.787338][ T6405] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 237.813057][ T6410] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 237.914795][ T6405] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 237.919585][ T6410] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 237.956560][ T6405] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 238.530262][ T6429] loop1: detected capacity change from 0 to 32768 [ 238.624780][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 238.660969][ T6429] XFS: noikeep mount option is deprecated. [ 238.668128][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 238.694138][ T6431] loop3: detected capacity change from 0 to 32768 [ 238.851226][ T6429] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 238.877194][ T6431] XFS: noikeep mount option is deprecated. [pid 5871] close(3 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5873] <... openat resumed>) = 4 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, ./strace-static-x86_64: Process 6444 attached 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6444] set_robust_list(0x55555d962760, 24 [pid 5873] getdents64(4, [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6444 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6444] <... set_robust_list resumed>) = 0 [pid 5873] close(4) = 0 [pid 6444] chdir("./12" [pid 5873] rmdir("./11/file1" [pid 6444] <... chdir resumed>) = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 5873] <... rmdir resumed>) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6444] write(1, "executing program\n", 18 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6444] <... write resumed>) = 18 [pid 6444] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5873] newfstatat(AT_FDCWD, "./11/binderfs", [pid 6444] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5873] unlink("./11/binderfs" [pid 6444] <... rt_sigprocmask resumed>[], 8) = 0 [ 239.335172][ T6431] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 239.356044][ T6429] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5873] <... unlink resumed>) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6449 attached [pid 6449] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6444] <... clone3 resumed> => {parent_tid=[6449]}, 88) = 6449 [pid 6449] <... rseq resumed>) = 0 [pid 6449] set_robust_list(0x7f3cdbf259a0, 24 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] <... set_robust_list resumed>) = 0 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6444] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6444] <... futex resumed>) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./11") = 0 [pid 5873] mkdir("./12", 0777 [pid 6449] memfd_create("syzkaller", 0 [pid 5873] <... mkdir resumed>) = 0 [pid 6449] <... memfd_create resumed>) = 3 [pid 6449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6444] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 239.382974][ T6431] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 239.409195][ T6429] XFS (loop1): Starting recovery (logdev: internal) [ 239.435830][ T6431] XFS (loop3): Starting recovery (logdev: internal) [ 239.466393][ T6431] XFS (loop3): Ending recovery (logdev: internal) [pid 5873] close(3 [pid 6431] <... mount resumed>) = 0 [pid 6431] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6431] chdir("./file1") = 0 [pid 6431] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6431] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... futex resumed>) = 1 [pid 6431] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [ 239.480449][ T6429] XFS (loop1): Ending recovery (logdev: internal) [pid 6431] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... mount resumed>) = 0 [pid 6430] <... futex resumed>) = 0 [pid 6429] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6430] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] <... openat resumed>) = 3 [pid 6430] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] chdir("./file1") = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6431] <... futex resumed>) = 1 [pid 6429] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6429] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6429] <... futex resumed>) = 1 [pid 6429] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6429] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... openat resumed>) = 4 [pid 6429] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... pwritev2 resumed>) = 65007 [pid 6431] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... pwritev2 resumed>) = 65007 [pid 6429] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = 1 [pid 6429] <... futex resumed>) = 1 [pid 6431] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6429] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6429] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6430] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6430] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6450]}, 88) = 6450 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6450 attached NULL, 8) = 0 [pid 6430] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6450] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 239.551681][ T6431] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 239.566329][ T6429] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 239.586699][ T6431] XFS (loop3): Unmount and run xfs_repair [ 239.587781][ T6429] XFS (loop1): Unmount and run xfs_repair [pid 6450] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6431] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6429] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6429] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6431] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... futex resumed>) = 0 [pid 6431] <... futex resumed>) = 0 [pid 6428] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 239.614453][ T6450] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 239.632040][ T6429] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 239.647664][ T6450] CPU: 1 UID: 0 PID: 6450 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 239.647702][ T6450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.647719][ T6450] Call Trace: [ 239.647730][ T6450] [ 239.647742][ T6450] dump_stack_lvl+0x189/0x250 [ 239.647791][ T6450] ? __pfx__xfs_alert_tag+0x10/0x10 [ 239.647832][ T6450] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.647870][ T6450] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 239.647929][ T6450] xfs_corruption_error+0x122/0x170 [ 239.647971][ T6450] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 6431] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] <... close resumed>) = 0 [ 239.648010][ T6450] xfs_alloc_fixup_trees+0x95e/0xd20 [ 239.648041][ T6450] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 239.648085][ T6450] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 239.648118][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648149][ T6450] ? rcu_is_watching+0x15/0xb0 [ 239.648182][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648213][ T6450] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 239.648247][ T6450] ? rcu_is_watching+0x15/0xb0 [ 239.648290][ T6450] xfs_alloc_cur_finish+0xd3/0x4b0 [ 239.648323][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648356][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648394][ T6450] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 239.648455][ T6450] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 239.648488][ T6450] ? xfs_group_grab+0x28/0x480 [ 239.648528][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648558][ T6450] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 239.648595][ T6450] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 239.648647][ T6450] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6451 [ 239.648689][ T6450] xfs_bmapi_allocate+0x188e/0x2e00 [ 239.648758][ T6450] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 239.648803][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648857][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648888][ T6450] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 239.648913][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.648944][ T6450] ? xfs_iext_prev+0x35a/0x370 [ 239.648985][ T6450] ? xfs_iext_get_extent+0x1bb/0x370 [ 239.649019][ T6450] xfs_bmapi_write+0x7df/0x1260 ./strace-static-x86_64: Process 6451 attached [pid 6450] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6450] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [ 239.649082][ T6450] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 239.649167][ T6450] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 239.649211][ T6450] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 239.649245][ T6450] ? kasan_save_track+0x4f/0x80 [ 239.649273][ T6450] ? kasan_save_track+0x3e/0x80 [ 239.649300][ T6450] ? kasan_save_free_info+0x46/0x50 [ 239.649340][ T6450] ? kmem_cache_free+0x18f/0x400 [ 239.649371][ T6450] ? __xfs_trans_commit+0x3e0/0xbd0 [ 239.649398][ T6450] ? xfs_trans_roll+0x130/0x450 [ 239.649424][ T6450] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 6430] exit_group(0 [pid 6431] <... futex resumed>) = ? [pid 6430] <... exit_group resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6450] <... futex resumed>) = ? [pid 6450] +++ exited with 0 +++ [pid 6430] +++ exited with 0 +++ [pid 6428] exit_group(0) = ? [ 239.649467][ T6450] xfs_attr_set_iter+0x2d4/0x4b70 [ 239.649504][ T6450] ? filename_setxattr+0x274/0x600 [ 239.649540][ T6450] ? path_setxattrat+0x364/0x3a0 [ 239.649564][ T6450] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 239.649619][ T6450] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 239.649681][ T6450] ? kasan_quarantine_put+0xdd/0x220 [ 239.649708][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.649739][ T6450] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.649790][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6451] set_robust_list(0x55555d962760, 24 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6430, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=94 /* 0.94 s */} --- [pid 6451] <... set_robust_list resumed>) = 0 [pid 5874] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 239.649827][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.649857][ T6450] ? kmem_cache_free+0x18f/0x400 [ 239.649887][ T6450] ? __xfs_trans_commit+0x3e0/0xbd0 [ 239.649921][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.649951][ T6450] ? __xfs_trans_commit+0x4c7/0xbd0 [ 239.649997][ T6450] xfs_attr_finish_item+0xed/0x320 [ 239.650040][ T6450] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 239.650080][ T6450] xfs_defer_finish_one+0x5c8/0xcf0 [ 239.650145][ T6450] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 239.650198][ T6450] xfs_defer_finish_noroll+0x910/0x12d0 [ 239.650241][ T6450] ? xfs_trans_commit+0x10b/0x1c0 [ 239.650276][ T6450] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 239.650312][ T6450] ? inode_set_ctime_current+0x740/0xb40 [ 239.650363][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.650393][ T6450] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 239.650436][ T6450] xfs_trans_commit+0x10b/0x1c0 [ 239.650465][ T6450] ? __pfx_xfs_trans_commit+0x10/0x10 [ 239.650499][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.650529][ T6450] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5874] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6449] <... write resumed>) = 16777216 [pid 6451] chdir("./12") = 0 [pid 6449] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 239.650573][ T6450] xfs_attr_set+0xdc6/0x1210 [ 239.650625][ T6450] ? __pfx_xfs_attr_set+0x10/0x10 [ 239.650657][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.650688][ T6450] ? __lock_acquire+0xab9/0xd20 [ 239.650726][ T6450] ? xfs_da_hashname+0x59d/0x740 [ 239.650761][ T6450] ? do_raw_spin_lock+0x121/0x290 [ 239.650812][ T6450] ? xfs_attr_change+0x2ac/0x390 [ 239.650849][ T6450] xfs_xattr_set+0x14d/0x250 [ 239.650883][ T6450] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6449] ioctl(4, LOOP_SET_FD, 3 [pid 6451] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6429] <... lsetxattr resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ [pid 6451] <... prctl resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6428, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=100 /* 1.00 s */} --- [pid 6451] setpgid(0, 0 [pid 5874] <... umount2 resumed>) = 0 [pid 6451] <... setpgid resumed>) = 0 [ 239.650931][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.650962][ T6450] ? evm_protect_xattr+0x4d4/0xa90 [ 239.650991][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.651021][ T6450] ? rcu_is_watching+0x15/0xb0 [ 239.651058][ T6450] ? __pfx_evm_protect_xattr+0x10/0x10 [ 239.651089][ T6450] ? __pfx_xfs_xattr_set+0x10/0x10 [ 239.651119][ T6450] __vfs_setxattr+0x43c/0x480 [ 239.651171][ T6450] __vfs_setxattr_noperm+0x12d/0x660 [ 239.651218][ T6450] vfs_setxattr+0x16b/0x2f0 [ 239.651264][ T6450] ? __pfx_vfs_setxattr+0x10/0x10 [pid 5874] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./12/file1", [pid 5872] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6451] <... openat resumed>) = 3 [pid 6451] write(3, "1000", 4 [pid 5874] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(3, "", [pid 6451] <... write resumed>) = 4 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6451] close(3 [pid 5874] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6451] <... close resumed>) = 0 [pid 5874] <... openat resumed>) = 4 [pid 5872] getdents64(3, [pid 6451] symlink("/dev/binderfs", "./binderfs" [pid 5874] newfstatat(4, "", [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6451] <... symlink resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6451] write(1, "executing program\n", 18 [pid 5874] getdents64(4, [pid 6451] <... write resumed>) = 18 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] getdents64(4, [pid 6451] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6451] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5874] close(4) = 0 [pid 6451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5874] rmdir("./12/file1" [pid 6451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 5874] <... rmdir resumed>) = 0 [pid 6451] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6451] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5874] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6451] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5874] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./12/binderfs" [pid 6451] <... clone3 resumed> => {parent_tid=[6452]}, 88) = 6452 [pid 6451] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... unlink resumed>) = 0 [pid 6451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6451] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./12") = 0 [pid 5874] mkdir("./13", 0777./strace-static-x86_64: Process 6452 attached [pid 6452] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5874] <... mkdir resumed>) = 0 [pid 6452] <... rseq resumed>) = 0 [pid 6452] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6452] memfd_create("syzkaller", 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6452] <... memfd_create resumed>) = 3 [ 239.651296][ T6450] ? mnt_get_write_access+0x223/0x2a0 [ 239.651329][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.651366][ T6450] filename_setxattr+0x274/0x600 [ 239.651416][ T6450] ? __pfx_filename_setxattr+0x10/0x10 [ 239.651457][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.651487][ T6450] ? getname_flags+0x1e5/0x540 [ 239.651531][ T6450] path_setxattrat+0x364/0x3a0 [ 239.651570][ T6450] ? __pfx_path_setxattrat+0x10/0x10 [ 239.651639][ T6450] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.651669][ T6450] ? rcu_is_watching+0x15/0xb0 [ 239.651709][ T6450] __x64_sys_lsetxattr+0xbf/0xe0 [ 239.651752][ T6450] do_syscall_64+0xfa/0x3b0 [ 239.651787][ T6450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.651813][ T6450] ? __switch_to_asm+0x39/0x70 [ 239.651848][ T6450] ? __switch_to_asm+0x33/0x70 [ 239.651890][ T6450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.651916][ T6450] RIP: 0033:0x7f3cdbf794f9 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 6452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 239.651940][ T6450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 239.651964][ T6450] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 239.651993][ T6450] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 239.652013][ T6450] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 239.652032][ T6450] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 239.652050][ T6450] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 239.652068][ T6450] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 239.652111][ T6450] [ 239.652123][ T6450] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 239.664582][ T6429] CPU: 0 UID: 0 PID: 6429 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 239.664621][ T6429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.664638][ T6429] Call Trace: [ 239.664650][ T6429] [ 239.664662][ T6429] dump_stack_lvl+0x189/0x250 [ 239.664700][ T6429] ? __pfx__xfs_alert_tag+0x10/0x10 [ 239.664743][ T6429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.664779][ T6429] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 239.664830][ T6429] xfs_corruption_error+0x122/0x170 [ 239.664871][ T6429] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 239.664907][ T6429] xfs_alloc_fixup_trees+0x95e/0xd20 [ 239.664938][ T6429] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 239.664982][ T6429] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 5874] close(3 [ 239.665020][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665051][ T6429] ? rcu_is_watching+0x15/0xb0 [ 239.665083][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665113][ T6429] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 239.665146][ T6429] ? rcu_is_watching+0x15/0xb0 [ 239.665187][ T6429] xfs_alloc_cur_finish+0xd3/0x4b0 [ 239.665219][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665251][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665287][ T6429] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 239.665348][ T6429] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 239.665379][ T6429] ? xfs_group_grab+0x28/0x480 [ 239.665418][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665447][ T6429] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 239.665482][ T6429] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 239.665533][ T6429] xfs_alloc_vextent_start_ag+0x388/0x850 [ 239.665575][ T6429] xfs_bmapi_allocate+0x188e/0x2e00 [ 239.665646][ T6429] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 239.665680][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665733][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665762][ T6429] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 239.665787][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.665817][ T6429] ? xfs_iext_prev+0x35a/0x370 [ 239.665856][ T6429] ? xfs_iext_get_extent+0x1bb/0x370 [ 239.665889][ T6429] xfs_bmapi_write+0x7df/0x1260 [ 239.665952][ T6429] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 239.666041][ T6429] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 239.666085][ T6429] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 239.666116][ T6429] ? kasan_save_track+0x4f/0x80 [ 239.666143][ T6429] ? kasan_save_track+0x3e/0x80 [ 239.666170][ T6429] ? kasan_save_free_info+0x46/0x50 [ 239.666208][ T6429] ? kmem_cache_free+0x18f/0x400 [ 239.666238][ T6429] ? __xfs_trans_commit+0x3e0/0xbd0 [ 239.666264][ T6429] ? xfs_trans_roll+0x130/0x450 [ 239.666289][ T6429] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 239.666330][ T6429] xfs_attr_set_iter+0x2d4/0x4b70 [ 239.666367][ T6429] ? filename_setxattr+0x274/0x600 [ 239.666401][ T6429] ? path_setxattrat+0x364/0x3a0 [ 239.666424][ T6429] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 239.666479][ T6429] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 239.666539][ T6429] ? kasan_quarantine_put+0xdd/0x220 [ 239.666567][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.666596][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.666638][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.666675][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.666704][ T6429] ? kmem_cache_free+0x18f/0x400 [ 239.666733][ T6429] ? __xfs_trans_commit+0x3e0/0xbd0 [ 239.666766][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.666799][ T6429] ? __xfs_trans_commit+0x4c7/0xbd0 [ 239.666848][ T6429] xfs_attr_finish_item+0xed/0x320 [ 239.666891][ T6429] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 239.666930][ T6429] xfs_defer_finish_one+0x5c8/0xcf0 [ 239.666994][ T6429] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 239.667051][ T6429] xfs_defer_finish_noroll+0x910/0x12d0 [ 239.667095][ T6429] ? xfs_trans_commit+0x10b/0x1c0 [ 239.667129][ T6429] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 239.667165][ T6429] ? inode_set_ctime_current+0x740/0xb40 [ 239.667214][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.667244][ T6429] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 239.667286][ T6429] xfs_trans_commit+0x10b/0x1c0 [ 239.667314][ T6429] ? __pfx_xfs_trans_commit+0x10/0x10 [ 239.667349][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.667378][ T6429] ? xfs_trans_log_inode+0x12c/0x1a0 [ 239.667421][ T6429] xfs_attr_set+0xdc6/0x1210 [ 239.667472][ T6429] ? __pfx_xfs_attr_set+0x10/0x10 [ 239.667508][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6452] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 239.667537][ T6429] ? __lock_acquire+0xab9/0xd20 [ 239.667576][ T6429] ? xfs_da_hashname+0x59d/0x740 [ 239.667609][ T6429] ? do_raw_spin_lock+0x121/0x290 [ 239.667655][ T6429] ? xfs_attr_change+0x2ac/0x390 [ 239.667692][ T6429] xfs_xattr_set+0x14d/0x250 [ 239.667726][ T6429] ? __pfx_xfs_xattr_set+0x10/0x10 [ 239.667773][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.667803][ T6429] ? evm_protect_xattr+0x4d4/0xa90 [ 239.667831][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.667860][ T6429] ? rcu_is_watching+0x15/0xb0 [pid 6452] munmap(0x7f3cd3a00000, 138412032 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6453 attached [pid 6452] <... munmap resumed>) = 0 [pid 6453] set_robust_list(0x55555d962760, 24 [pid 6452] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6453 [pid 6453] <... set_robust_list resumed>) = 0 [pid 6453] chdir("./13" [pid 6452] <... openat resumed>) = 4 [pid 6453] <... chdir resumed>) = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6452] ioctl(4, LOOP_SET_FD, 3 [pid 6453] setpgid(0, 0 [pid 6449] <... ioctl resumed>) = 0 [ 239.667896][ T6429] ? __pfx_evm_protect_xattr+0x10/0x10 [ 239.667926][ T6429] ? __pfx_xfs_xattr_set+0x10/0x10 [ 239.667955][ T6429] __vfs_setxattr+0x43c/0x480 [ 239.668006][ T6429] __vfs_setxattr_noperm+0x12d/0x660 [ 239.668058][ T6429] vfs_setxattr+0x16b/0x2f0 [ 239.668102][ T6429] ? __pfx_vfs_setxattr+0x10/0x10 [ 239.668134][ T6429] ? mnt_get_write_access+0x223/0x2a0 [ 239.668166][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.668202][ T6429] filename_setxattr+0x274/0x600 [pid 6449] close(3 [pid 6453] <... setpgid resumed>) = 0 [pid 6449] <... close resumed>) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6449] close(4) = 0 [pid 6449] mkdir("./file1", 0777) = 0 [pid 6453] <... openat resumed>) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [ 239.668252][ T6429] ? __pfx_filename_setxattr+0x10/0x10 [ 239.668293][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.668325][ T6429] ? getname_flags+0x1e5/0x540 [ 239.668369][ T6429] path_setxattrat+0x364/0x3a0 [ 239.668408][ T6429] ? __pfx_path_setxattrat+0x10/0x10 [ 239.668489][ T6429] __x64_sys_lsetxattr+0xbf/0xe0 [ 239.668532][ T6429] do_syscall_64+0xfa/0x3b0 [ 239.668558][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.668598][ T6429] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6453] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6449] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6453] write(1, "executing program\n", 18) = 18 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6453] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6454]}, 88) = 6454 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6453] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6454 attached [pid 6454] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6454] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6454] memfd_create("syzkaller", 0) = 3 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 239.668623][ T6429] ? srso_alias_return_thunk+0x5/0xfbef5 [ 239.668653][ T6429] ? exc_page_fault+0x9f/0xf0 [ 239.668696][ T6429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.668721][ T6429] RIP: 0033:0x7f3cdbf794f9 [ 239.668746][ T6429] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 239.668768][ T6429] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 6452] <... ioctl resumed>) = 0 [pid 6452] close(3) = 0 [pid 6452] close(4) = 0 [ 239.668796][ T6429] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 239.668817][ T6429] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 239.668836][ T6429] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 239.668854][ T6429] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 239.668872][ T6429] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 239.668913][ T6429] [pid 6452] mkdir("./file1", 0777) = 0 [ 239.669477][ T6429] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 239.878499][ T6450] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 239.887683][ T6429] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 239.890523][ T6450] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 239.894823][ T6429] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 240.123905][ T6449] loop0: detected capacity change from 0 to 32768 [ 240.138401][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 240.862183][ T6452] loop2: detected capacity change from 0 to 32768 [ 240.926226][ T6449] XFS: noikeep mount option is deprecated. [ 241.038939][ T6452] XFS: noikeep mount option is deprecated. [ 241.110705][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6452] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6454] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./12/file1") = 0 [pid 5872] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./12/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./12") = 0 [pid 5872] mkdir("./13", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 241.215342][ T6449] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 241.236130][ T6452] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 241.348109][ T6452] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 241.364430][ T6449] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x55555d962760, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6471 [pid 6471] <... set_robust_list resumed>) = 0 [pid 6471] chdir("./13") = 0 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] setpgid(0, 0) = 0 [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6471] write(3, "1000", 4executing program ) = 4 [pid 6471] close(3) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6471] write(1, "executing program\n", 18) = 18 [pid 6471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 241.417212][ T6452] XFS (loop2): Starting recovery (logdev: internal) [ 241.450498][ T6449] XFS (loop0): Starting recovery (logdev: internal) [pid 6471] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6472 attached => {parent_tid=[6472]}, 88) = 6472 [pid 6452] <... mount resumed>) = 0 [pid 6452] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6471] rt_sigprocmask(SIG_SETMASK, [], [pid 6452] <... openat resumed>) = 3 [pid 6472] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6452] chdir("./file1" [pid 6472] <... rseq resumed>) = 0 [pid 6452] <... chdir resumed>) = 0 [pid 6472] set_robust_list(0x7f3cdbf259a0, 24 [pid 6452] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6472] <... set_robust_list resumed>) = 0 [pid 6471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6452] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6472] rt_sigprocmask(SIG_SETMASK, [], [pid 6471] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6471] <... futex resumed>) = 0 [pid 6452] <... futex resumed>) = 1 [pid 6451] <... futex resumed>) = 0 [pid 6472] memfd_create("syzkaller", 0 [pid 6471] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6452] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6451] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... memfd_create resumed>) = 3 [pid 6452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6451] <... futex resumed>) = 0 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6452] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6452] <... openat resumed>) = 4 [pid 6449] <... mount resumed>) = 0 [pid 6452] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6452] <... futex resumed>) = 1 [pid 6451] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6449] chdir("./file1") = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6449] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] <... futex resumed>) = 0 [pid 6449] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6449] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [ 241.502011][ T6452] XFS (loop2): Ending recovery (logdev: internal) [ 241.521857][ T6449] XFS (loop0): Ending recovery (logdev: internal) [pid 6444] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] <... pwritev2 resumed>) = 65007 [pid 6444] <... futex resumed>) = 0 [pid 6452] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6444] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6452] <... futex resumed>) = 1 [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] <... pwritev2 resumed>) = 65007 [pid 6452] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6449] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6452] <... futex resumed>) = 1 [pid 6452] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6449] <... futex resumed>) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 241.584352][ T6452] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 241.608135][ T6452] XFS (loop2): Unmount and run xfs_repair [pid 6449] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6454] <... write resumed>) = 16777216 [ 241.631106][ T6452] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 241.645811][ T6449] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 241.646538][ T6452] CPU: 0 UID: 0 PID: 6452 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 241.646577][ T6452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.646594][ T6452] Call Trace: [pid 6444] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] munmap(0x7f3cd3a00000, 138412032 [pid 6451] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6444] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6444] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6444] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6473]}, 88) = 6473 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6444] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 241.646609][ T6452] [ 241.646622][ T6452] dump_stack_lvl+0x189/0x250 [ 241.646660][ T6452] ? __pfx__xfs_alert_tag+0x10/0x10 [ 241.646700][ T6452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.646737][ T6452] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 241.646796][ T6452] xfs_corruption_error+0x122/0x170 [ 241.646837][ T6452] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 241.646881][ T6452] xfs_alloc_fixup_trees+0x95e/0xd20 [ 241.646912][ T6452] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 241.646955][ T6452] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 241.646987][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647018][ T6452] ? rcu_is_watching+0x15/0xb0 [ 241.647050][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647079][ T6452] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 241.647114][ T6452] ? rcu_is_watching+0x15/0xb0 [ 241.647156][ T6452] xfs_alloc_cur_finish+0xd3/0x4b0 [ 241.647188][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647220][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647256][ T6452] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6444] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6473 attached [pid 6472] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6454] <... munmap resumed>) = 0 [pid 6449] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6444] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6473] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6454] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6449] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... rseq resumed>) = 0 [pid 6454] <... openat resumed>) = 4 [pid 6449] <... futex resumed>) = 0 [pid 6473] set_robust_list(0x7f3cdbf049a0, 24 [pid 6454] ioctl(4, LOOP_SET_FD, 3 [pid 6449] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] <... set_robust_list resumed>) = 0 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6473] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6454] <... ioctl resumed>) = 0 [pid 6454] close(3) = 0 [ 241.647318][ T6452] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 241.647350][ T6452] ? xfs_group_grab+0x28/0x480 [ 241.647389][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647419][ T6452] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 241.647455][ T6452] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 241.647506][ T6452] xfs_alloc_vextent_start_ag+0x388/0x850 [ 241.647549][ T6452] xfs_bmapi_allocate+0x188e/0x2e00 [ 241.647618][ T6452] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 241.647654][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6454] close(4) = 0 [pid 6454] mkdir("./file1", 0777) = 0 [ 241.647707][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647737][ T6452] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 241.647762][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.647793][ T6452] ? xfs_iext_prev+0x35a/0x370 [ 241.647833][ T6452] ? xfs_iext_get_extent+0x1bb/0x370 [ 241.647873][ T6452] xfs_bmapi_write+0x7df/0x1260 [ 241.647937][ T6452] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 241.648022][ T6452] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 241.648066][ T6452] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 241.648098][ T6452] ? kasan_save_track+0x4f/0x80 [ 241.648126][ T6452] ? kasan_save_track+0x3e/0x80 [ 241.648152][ T6452] ? kasan_save_free_info+0x46/0x50 [ 241.648190][ T6452] ? kmem_cache_free+0x18f/0x400 [ 241.648221][ T6452] ? __xfs_trans_commit+0x3e0/0xbd0 [ 241.648246][ T6452] ? xfs_trans_roll+0x130/0x450 [ 241.648271][ T6452] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 241.648313][ T6452] xfs_attr_set_iter+0x2d4/0x4b70 [ 241.648348][ T6452] ? filename_setxattr+0x274/0x600 [ 241.648383][ T6452] ? path_setxattrat+0x364/0x3a0 [ 241.648406][ T6452] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 241.648460][ T6452] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 241.648520][ T6452] ? kasan_quarantine_put+0xdd/0x220 [ 241.648547][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.648576][ T6452] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.648618][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.648654][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.648684][ T6452] ? kmem_cache_free+0x18f/0x400 [ 241.648713][ T6452] ? __xfs_trans_commit+0x3e0/0xbd0 [ 241.648746][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.648776][ T6452] ? __xfs_trans_commit+0x4c7/0xbd0 [ 241.648821][ T6452] xfs_attr_finish_item+0xed/0x320 [ 241.648868][ T6452] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 241.648907][ T6452] xfs_defer_finish_one+0x5c8/0xcf0 [ 241.648971][ T6452] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 241.649023][ T6452] xfs_defer_finish_noroll+0x910/0x12d0 [ 241.649065][ T6452] ? xfs_trans_commit+0x10b/0x1c0 [ 241.649098][ T6452] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 241.649133][ T6452] ? inode_set_ctime_current+0x740/0xb40 [ 241.649183][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.649213][ T6452] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 241.649255][ T6452] xfs_trans_commit+0x10b/0x1c0 [ 241.649283][ T6452] ? __pfx_xfs_trans_commit+0x10/0x10 [ 241.649317][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.649346][ T6452] ? xfs_trans_log_inode+0x12c/0x1a0 [ 241.649388][ T6452] xfs_attr_set+0xdc6/0x1210 [ 241.649438][ T6452] ? __pfx_xfs_attr_set+0x10/0x10 [ 241.649474][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.649503][ T6452] ? __lock_acquire+0xab9/0xd20 [ 241.649541][ T6452] ? xfs_da_hashname+0x59d/0x740 [ 241.649574][ T6452] ? do_raw_spin_lock+0x121/0x290 [ 241.649619][ T6452] ? xfs_attr_change+0x2ac/0x390 [ 241.649656][ T6452] xfs_xattr_set+0x14d/0x250 [ 241.649691][ T6452] ? __pfx_xfs_xattr_set+0x10/0x10 [ 241.649738][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.649767][ T6452] ? evm_protect_xattr+0x4d4/0xa90 [ 241.649796][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.649825][ T6452] ? rcu_is_watching+0x15/0xb0 [pid 6454] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6472] <... write resumed>) = 16777216 [pid 6452] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 241.649869][ T6452] ? __pfx_evm_protect_xattr+0x10/0x10 [ 241.649899][ T6452] ? __pfx_xfs_xattr_set+0x10/0x10 [ 241.649929][ T6452] __vfs_setxattr+0x43c/0x480 [ 241.649980][ T6452] __vfs_setxattr_noperm+0x12d/0x660 [ 241.650026][ T6452] vfs_setxattr+0x16b/0x2f0 [ 241.650070][ T6452] ? __pfx_vfs_setxattr+0x10/0x10 [ 241.650101][ T6452] ? mnt_get_write_access+0x223/0x2a0 [ 241.650133][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.650168][ T6452] filename_setxattr+0x274/0x600 [pid 6472] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6472] ioctl(4, LOOP_SET_FD, 3 [pid 6452] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 241.650217][ T6452] ? __pfx_filename_setxattr+0x10/0x10 [ 241.650258][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.650288][ T6452] ? getname_flags+0x1e5/0x540 [ 241.650331][ T6452] path_setxattrat+0x364/0x3a0 [ 241.650370][ T6452] ? __pfx_path_setxattrat+0x10/0x10 [ 241.650439][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.650469][ T6452] ? rcu_is_watching+0x15/0xb0 [ 241.650507][ T6452] __x64_sys_lsetxattr+0xbf/0xe0 [ 241.650550][ T6452] do_syscall_64+0xfa/0x3b0 [ 241.650576][ T6452] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.650616][ T6452] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.650641][ T6452] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.650670][ T6452] ? exc_page_fault+0x9f/0xf0 [ 241.650712][ T6452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.650739][ T6452] RIP: 0033:0x7f3cdbf794f9 [ 241.650762][ T6452] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 241.650785][ T6452] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 241.650813][ T6452] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 241.650833][ T6452] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 241.650857][ T6452] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 241.650874][ T6452] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 241.650892][ T6452] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 241.650934][ T6452] [pid 6452] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6472] <... ioctl resumed>) = 0 [ 241.651023][ T6452] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 241.688768][ T6449] XFS (loop0): Unmount and run xfs_repair [ 241.721007][ T6452] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 241.803911][ T6454] loop3: detected capacity change from 0 to 32768 [ 241.807092][ T6452] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 241.854571][ T6454] XFS: noikeep mount option is deprecated. [pid 6472] close(3 [pid 6451] exit_group(0 [pid 6472] <... close resumed>) = 0 [pid 6451] <... exit_group resumed>) = ? [pid 6472] close(4) = 0 [pid 6472] mkdir("./file1", 0777) = 0 [pid 6472] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6452] <... futex resumed>) = ? [ 241.967864][ T6473] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 242.219586][ T6472] loop1: detected capacity change from 0 to 32768 [ 242.223886][ T6473] CPU: 0 UID: 0 PID: 6473 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 242.223919][ T6473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.223936][ T6473] Call Trace: [ 242.223948][ T6473] [ 242.223959][ T6473] dump_stack_lvl+0x189/0x250 [pid 6452] +++ exited with 0 +++ [pid 6451] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6451, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=76 /* 0.76 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 242.223998][ T6473] ? __pfx__xfs_alert_tag+0x10/0x10 [ 242.224039][ T6473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.224075][ T6473] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 242.224126][ T6473] xfs_corruption_error+0x122/0x170 [ 242.224166][ T6473] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 242.224203][ T6473] xfs_alloc_fixup_trees+0x95e/0xd20 [ 242.224234][ T6473] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 242.224278][ T6473] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 242.224310][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.224341][ T6473] ? rcu_is_watching+0x15/0xb0 [ 242.224372][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.224402][ T6473] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 242.224435][ T6473] ? rcu_is_watching+0x15/0xb0 [ 242.224475][ T6473] xfs_alloc_cur_finish+0xd3/0x4b0 [ 242.224507][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.224539][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.224575][ T6473] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 242.224635][ T6473] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 242.224665][ T6473] ? xfs_group_grab+0x28/0x480 [ 242.224703][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.224731][ T6473] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 242.224767][ T6473] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 242.224817][ T6473] xfs_alloc_vextent_start_ag+0x388/0x850 [ 242.224863][ T6473] xfs_bmapi_allocate+0x188e/0x2e00 [ 242.224932][ T6473] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 242.224966][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.225019][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6473] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6473] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] exit_group(0 [pid 6449] <... futex resumed>) = ? [pid 6444] <... exit_group resumed>) = ? [pid 6449] +++ exited with 0 +++ [ 242.225048][ T6473] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 242.225073][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.225102][ T6473] ? xfs_iext_prev+0x35a/0x370 [ 242.225142][ T6473] ? xfs_iext_get_extent+0x1bb/0x370 [ 242.225175][ T6473] xfs_bmapi_write+0x7df/0x1260 [ 242.225237][ T6473] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 242.225319][ T6473] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 242.225362][ T6473] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 242.225394][ T6473] ? kasan_save_track+0x4f/0x80 [ 242.225420][ T6473] ? kasan_save_track+0x3e/0x80 [pid 6473] <... futex resumed>) = ? [pid 6473] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=179 /* 1.79 s */} --- [pid 5871] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 242.225445][ T6473] ? kasan_save_free_info+0x46/0x50 [ 242.225484][ T6473] ? kmem_cache_free+0x18f/0x400 [ 242.225514][ T6473] ? __xfs_trans_commit+0x3e0/0xbd0 [ 242.225541][ T6473] ? xfs_trans_roll+0x130/0x450 [ 242.225566][ T6473] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 242.225608][ T6473] xfs_attr_set_iter+0x2d4/0x4b70 [ 242.225643][ T6473] ? filename_setxattr+0x274/0x600 [ 242.225678][ T6473] ? path_setxattrat+0x364/0x3a0 [ 242.225701][ T6473] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 242.225755][ T6473] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 5871] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6454] <... mount resumed>) = 0 [pid 6454] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6454] chdir("./file1") = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6454] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 242.225815][ T6473] ? kasan_quarantine_put+0xdd/0x220 [ 242.225842][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.225875][ T6473] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.225917][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.225953][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.225982][ T6473] ? kmem_cache_free+0x18f/0x400 [ 242.226011][ T6473] ? __xfs_trans_commit+0x3e0/0xbd0 [ 242.226044][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.226073][ T6473] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 6454] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... futex resumed>) = 0 [pid 6454] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6454] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5873] <... umount2 resumed>) = 0 [pid 6454] <... pwritev2 resumed>) = 65007 [pid 5871] <... umount2 resumed>) = 0 [pid 6454] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6454] <... futex resumed>) = 1 [pid 6453] <... futex resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6454] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] newfstatat(AT_FDCWD, "./12/file1", [pid 5871] newfstatat(AT_FDCWD, "./12/file1", [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6454] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6454] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 242.226119][ T6473] xfs_attr_finish_item+0xed/0x320 [ 242.226161][ T6473] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 242.226200][ T6473] xfs_defer_finish_one+0x5c8/0xcf0 [ 242.226262][ T6473] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 242.226313][ T6473] xfs_defer_finish_noroll+0x910/0x12d0 [ 242.226354][ T6473] ? xfs_trans_commit+0x10b/0x1c0 [ 242.226388][ T6473] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 242.226423][ T6473] ? inode_set_ctime_current+0x740/0xb40 [ 242.226473][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6454] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6454] <... futex resumed>) = 1 [pid 6453] <... futex resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... openat resumed>) = 4 [pid 6454] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] newfstatat(4, "", [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6454] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6453] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... openat resumed>) = 4 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5873] newfstatat(4, "", [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [ 242.226503][ T6473] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 242.226544][ T6473] xfs_trans_commit+0x10b/0x1c0 [ 242.226572][ T6473] ? __pfx_xfs_trans_commit+0x10/0x10 [ 242.226607][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.226636][ T6473] ? xfs_trans_log_inode+0x12c/0x1a0 [ 242.226678][ T6473] xfs_attr_set+0xdc6/0x1210 [ 242.226728][ T6473] ? __pfx_xfs_attr_set+0x10/0x10 [ 242.226764][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.226797][ T6473] ? __lock_acquire+0xab9/0xd20 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./12/file1") = 0 [pid 5871] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./12/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./12") = 0 [pid 5871] mkdir("./13", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./12/file1") = 0 [pid 5873] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 242.226835][ T6473] ? xfs_da_hashname+0x59d/0x740 [ 242.226872][ T6473] ? do_raw_spin_lock+0x121/0x290 [ 242.226916][ T6473] ? xfs_attr_change+0x2ac/0x390 [ 242.226953][ T6473] xfs_xattr_set+0x14d/0x250 [ 242.226986][ T6473] ? __pfx_xfs_xattr_set+0x10/0x10 [ 242.227034][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.227063][ T6473] ? evm_protect_xattr+0x4d4/0xa90 [ 242.227091][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.227120][ T6473] ? rcu_is_watching+0x15/0xb0 [ 242.227155][ T6473] ? __pfx_evm_protect_xattr+0x10/0x10 [pid 5873] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] unlink("./12/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./12") = 0 [pid 5873] mkdir("./13", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 242.227185][ T6473] ? __pfx_xfs_xattr_set+0x10/0x10 [ 242.227214][ T6473] __vfs_setxattr+0x43c/0x480 [ 242.227264][ T6473] __vfs_setxattr_noperm+0x12d/0x660 [ 242.227310][ T6473] vfs_setxattr+0x16b/0x2f0 [ 242.227354][ T6473] ? __pfx_vfs_setxattr+0x10/0x10 [ 242.227385][ T6473] ? mnt_get_write_access+0x223/0x2a0 [ 242.227417][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.227453][ T6473] filename_setxattr+0x274/0x600 [ 242.227502][ T6473] ? __pfx_filename_setxattr+0x10/0x10 [ 242.227542][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.227571][ T6473] ? getname_flags+0x1e5/0x540 [ 242.227615][ T6473] path_setxattrat+0x364/0x3a0 [ 242.227653][ T6473] ? __pfx_path_setxattrat+0x10/0x10 [ 242.227722][ T6473] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.227751][ T6473] ? rcu_is_watching+0x15/0xb0 [ 242.227789][ T6473] __x64_sys_lsetxattr+0xbf/0xe0 [ 242.227831][ T6473] do_syscall_64+0xfa/0x3b0 [ 242.227864][ T6473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.227889][ T6473] ? __switch_to_asm+0x39/0x70 [ 242.227923][ T6473] ? __switch_to_asm+0x33/0x70 [ 242.227962][ T6473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.227988][ T6473] RIP: 0033:0x7f3cdbf794f9 [ 242.228011][ T6473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 242.228034][ T6473] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 242.228061][ T6473] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 242.228081][ T6473] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 242.228100][ T6473] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 242.228118][ T6473] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 242.228137][ T6473] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 242.228178][ T6473] [ 242.230239][ T6473] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 5873] close(3 [pid 6472] <... mount resumed>) = 0 [pid 6472] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6472] chdir("./file1") = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6472] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6472] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... futex resumed>) = 0 [pid 6472] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6472] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6472] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... futex resumed>) = 0 [ 242.259367][ T6454] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 242.317903][ T6473] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 242.418161][ T6472] XFS: noikeep mount option is deprecated. [ 242.434362][ T6473] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 242.599549][ T6454] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6471] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6471] <... futex resumed>) = 1 [pid 6472] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6471] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... pwritev2 resumed>) = 65007 [pid 6472] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6472] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6471] <... futex resumed>) = 1 [pid 6472] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 242.602605][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 242.625756][ T6454] XFS (loop3): Starting recovery (logdev: internal) [ 242.633104][ T6472] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 242.701121][ T6454] XFS (loop3): Ending recovery (logdev: internal) [ 242.710243][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 242.741378][ T6472] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 242.787998][ T6454] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 242.788058][ T6454] XFS (loop3): Unmount and run xfs_repair [ 242.798969][ T6454] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 242.863122][ T6472] XFS (loop1): Starting recovery (logdev: internal) [ 242.882116][ T6454] CPU: 0 UID: 0 PID: 6454 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 6471] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6471] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6471] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6490]}, 88) = 6490 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 242.882151][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.882166][ T6454] Call Trace: [ 242.882176][ T6454] [ 242.882187][ T6454] dump_stack_lvl+0x189/0x250 [ 242.882223][ T6454] ? __pfx__xfs_alert_tag+0x10/0x10 [ 242.882260][ T6454] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.882294][ T6454] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 242.882341][ T6454] xfs_corruption_error+0x122/0x170 [ 242.882379][ T6454] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 242.882413][ T6454] xfs_alloc_fixup_trees+0x95e/0xd20 [ 242.882442][ T6454] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 242.882482][ T6454] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 242.882512][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.882540][ T6454] ? rcu_is_watching+0x15/0xb0 [ 242.882570][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.882597][ T6454] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 242.882628][ T6454] ? rcu_is_watching+0x15/0xb0 [ 242.882667][ T6454] xfs_alloc_cur_finish+0xd3/0x4b0 [ 242.882695][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.882725][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.882758][ T6454] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 242.882822][ T6454] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 242.882851][ T6454] ? xfs_group_grab+0x28/0x480 [ 242.882886][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.882914][ T6454] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 242.882947][ T6454] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 242.882994][ T6454] xfs_alloc_vextent_start_ag+0x388/0x850 [ 242.883033][ T6454] xfs_bmapi_allocate+0x188e/0x2e00 [pid 6471] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program ./strace-static-x86_64: Process 6490 attached [pid 6490] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5873] <... close resumed>) = 0 [pid 6490] <... rseq resumed>) = 0 [pid 6454] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6490] set_robust_list(0x7f3cdbf049a0, 24 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6490] <... set_robust_list resumed>) = 0 [pid 6490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6490] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6491 ./strace-static-x86_64: Process 6491 attached [pid 6454] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] set_robust_list(0x55555d962760, 24 [pid 6454] <... futex resumed>) = 0 [pid 6491] <... set_robust_list resumed>) = 0 [pid 6453] exit_group(0 [pid 6491] chdir("./13" [pid 6453] <... exit_group resumed>) = ? [pid 6491] <... chdir resumed>) = 0 [pid 6491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6491] setpgid(0, 0) = 0 [pid 6491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6491] write(3, "1000", 4) = 4 [pid 6491] close(3) = 0 [pid 6491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6491] write(1, "executing program\n", 18) = 18 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6491] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6492]}, 88) = 6492 [pid 6491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6491] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] +++ exited with 0 +++ [pid 6453] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6453, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=99 /* 0.99 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6492 attached ) = 0 [pid 5874] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6492] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6492] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6492] memfd_create("syzkaller", 0) = 3 [pid 6492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6471] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 242.883096][ T6454] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 242.883128][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.883176][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.883204][ T6454] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 242.883227][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.883254][ T6454] ? xfs_iext_prev+0x35a/0x370 [ 242.883292][ T6454] ? xfs_iext_get_extent+0x1bb/0x370 [ 242.883322][ T6454] xfs_bmapi_write+0x7df/0x1260 [ 242.883380][ T6454] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 5871] <... close resumed>) = 0 [ 242.883456][ T6454] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 242.883497][ T6454] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 242.883527][ T6454] ? kasan_save_track+0x4f/0x80 [ 242.883552][ T6454] ? kasan_save_track+0x3e/0x80 [ 242.883575][ T6454] ? kasan_save_free_info+0x46/0x50 [ 242.883612][ T6454] ? kmem_cache_free+0x18f/0x400 [ 242.883640][ T6454] ? __xfs_trans_commit+0x3e0/0xbd0 [ 242.883664][ T6454] ? xfs_trans_roll+0x130/0x450 [ 242.883687][ T6454] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6493 [ 242.883726][ T6454] xfs_attr_set_iter+0x2d4/0x4b70 [ 242.883759][ T6454] ? filename_setxattr+0x274/0x600 [ 242.883796][ T6454] ? path_setxattrat+0x364/0x3a0 [ 242.883817][ T6454] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 242.883868][ T6454] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 242.883924][ T6454] ? kasan_quarantine_put+0xdd/0x220 [ 242.883949][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.883976][ T6454] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.884016][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.884050][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.884077][ T6454] ? kmem_cache_free+0x18f/0x400 [ 242.884104][ T6454] ? __xfs_trans_commit+0x3e0/0xbd0 [ 242.884135][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.884163][ T6454] ? __xfs_trans_commit+0x4c7/0xbd0 [ 242.884205][ T6454] xfs_attr_finish_item+0xed/0x320 [ 242.884245][ T6454] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 242.884281][ T6454] xfs_defer_finish_one+0x5c8/0xcf0 [ 242.884340][ T6454] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 242.884388][ T6454] xfs_defer_finish_noroll+0x910/0x12d0 [pid 6492] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216./strace-static-x86_64: Process 6493 attached [pid 6493] set_robust_list(0x55555d962760, 24) = 0 [pid 6493] chdir("./13") = 0 [pid 6493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6493] setpgid(0, 0) = 0 [pid 6493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6493] write(3, "1000", 4) = 4 [pid 6493] close(3) = 0 [pid 6493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6493] write(1, "executing program\n", 18executing program ) = 18 [pid 6493] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6493] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6494 attached => {parent_tid=[6494]}, 88) = 6494 [pid 6493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6493] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [ 242.884425][ T6454] ? xfs_trans_commit+0x10b/0x1c0 [ 242.884457][ T6454] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 242.884490][ T6454] ? inode_set_ctime_current+0x740/0xb40 [ 242.884537][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.884564][ T6454] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 242.884603][ T6454] xfs_trans_commit+0x10b/0x1c0 [ 242.884630][ T6454] ? __pfx_xfs_trans_commit+0x10/0x10 [ 242.884662][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6493] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6494] <... rseq resumed>) = 0 [pid 6494] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] exit_group(0) = ? [pid 6494] memfd_create("syzkaller", 0) = 3 [pid 6494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 242.884689][ T6454] ? xfs_trans_log_inode+0x12c/0x1a0 [ 242.884728][ T6454] xfs_attr_set+0xdc6/0x1210 [ 242.884777][ T6454] ? __pfx_xfs_attr_set+0x10/0x10 [ 242.884814][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.884842][ T6454] ? __lock_acquire+0xab9/0xd20 [ 242.884878][ T6454] ? xfs_da_hashname+0x59d/0x740 [ 242.884909][ T6454] ? do_raw_spin_lock+0x121/0x290 [ 242.884950][ T6454] ? xfs_attr_change+0x2ac/0x390 [ 242.884984][ T6454] xfs_xattr_set+0x14d/0x250 [ 242.885016][ T6454] ? __pfx_xfs_xattr_set+0x10/0x10 [ 242.885060][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885087][ T6454] ? evm_protect_xattr+0x4d4/0xa90 [ 242.885114][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885142][ T6454] ? rcu_is_watching+0x15/0xb0 [ 242.885175][ T6454] ? __pfx_evm_protect_xattr+0x10/0x10 [ 242.885203][ T6454] ? __pfx_xfs_xattr_set+0x10/0x10 [ 242.885230][ T6454] __vfs_setxattr+0x43c/0x480 [ 242.885277][ T6454] __vfs_setxattr_noperm+0x12d/0x660 [ 242.885320][ T6454] vfs_setxattr+0x16b/0x2f0 [ 242.885361][ T6454] ? __pfx_vfs_setxattr+0x10/0x10 [ 242.885391][ T6454] ? mnt_get_write_access+0x223/0x2a0 [ 242.885421][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885454][ T6454] filename_setxattr+0x274/0x600 [ 242.885500][ T6454] ? __pfx_filename_setxattr+0x10/0x10 [ 242.885539][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885566][ T6454] ? getname_flags+0x1e5/0x540 [ 242.885606][ T6454] path_setxattrat+0x364/0x3a0 [ 242.885642][ T6454] ? __pfx_path_setxattrat+0x10/0x10 [ 242.885707][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885734][ T6454] ? rcu_is_watching+0x15/0xb0 [ 242.885770][ T6454] __x64_sys_lsetxattr+0xbf/0xe0 [ 242.885817][ T6454] do_syscall_64+0xfa/0x3b0 [ 242.885842][ T6454] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.885880][ T6454] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.885903][ T6454] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.885930][ T6454] ? exc_page_fault+0x9f/0xf0 [ 242.885970][ T6454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.885994][ T6454] RIP: 0033:0x7f3cdbf794f9 [ 242.886016][ T6454] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 242.886037][ T6454] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 242.886063][ T6454] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 242.886082][ T6454] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 242.886100][ T6454] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 242.886117][ T6454] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 242.886133][ T6454] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 242.886172][ T6454] [ 242.886183][ T6454] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 243.029420][ T6472] XFS (loop1): Ending recovery (logdev: internal) [ 243.044463][ T6454] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 243.169334][ T6472] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 243.187692][ T6454] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 243.285746][ T6472] XFS (loop1): Unmount and run xfs_repair [ 243.973882][ T6490] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6494] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6492] <... write resumed>) = 16777216 [pid 6472] <... open resumed>) = ? [pid 6492] munmap(0x7f3cd3a00000, 138412032 [pid 6472] +++ exited with 0 +++ [ 243.994008][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 244.006891][ T6490] CPU: 1 UID: 0 PID: 6490 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 244.006922][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.006938][ T6490] Call Trace: [ 244.006948][ T6490] [ 244.006958][ T6490] dump_stack_lvl+0x189/0x250 [ 244.006993][ T6490] ? __pfx__xfs_alert_tag+0x10/0x10 [ 244.007030][ T6490] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.007064][ T6490] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 244.007116][ T6490] xfs_corruption_error+0x122/0x170 [ 244.007153][ T6490] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 244.007187][ T6490] xfs_alloc_fixup_trees+0x95e/0xd20 [ 244.007215][ T6490] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 244.007255][ T6490] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 244.007286][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6492] <... munmap resumed>) = 0 [pid 6492] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 244.007314][ T6490] ? rcu_is_watching+0x15/0xb0 [ 244.007343][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007369][ T6490] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 244.007398][ T6490] ? rcu_is_watching+0x15/0xb0 [ 244.007437][ T6490] xfs_alloc_cur_finish+0xd3/0x4b0 [ 244.007467][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007497][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007530][ T6490] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 244.007586][ T6490] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 244.007615][ T6490] ? xfs_group_grab+0x28/0x480 [ 244.007650][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007678][ T6490] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 244.007711][ T6490] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 244.007759][ T6490] xfs_alloc_vextent_start_ag+0x388/0x850 [ 244.007798][ T6490] xfs_bmapi_allocate+0x188e/0x2e00 [ 244.007860][ T6490] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 244.007894][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007942][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.007970][ T6490] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 244.007994][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.008022][ T6490] ? xfs_iext_prev+0x35a/0x370 [ 244.008060][ T6490] ? xfs_iext_get_extent+0x1bb/0x370 [ 244.008101][ T6490] xfs_bmapi_write+0x7df/0x1260 [ 244.008159][ T6490] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 244.008237][ T6490] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 244.008277][ T6490] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 244.008306][ T6490] ? kasan_save_track+0x4f/0x80 [pid 6492] ioctl(4, LOOP_SET_FD, 3 [pid 6494] <... write resumed>) = 16777216 [pid 6492] <... ioctl resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 6492] close(3 [pid 5874] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6492] <... close resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6492] close(4 [pid 5874] newfstatat(AT_FDCWD, "./13/file1", [pid 6492] <... close resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6492] mkdir("./file1", 0777 [pid 5874] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6492] <... mkdir resumed>) = 0 [pid 6494] munmap(0x7f3cd3a00000, 138412032 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./13/file1") = 0 [ 244.008332][ T6490] ? kasan_save_track+0x3e/0x80 [ 244.008355][ T6490] ? kasan_save_free_info+0x46/0x50 [ 244.008391][ T6490] ? kmem_cache_free+0x18f/0x400 [ 244.008417][ T6490] ? __xfs_trans_commit+0x3e0/0xbd0 [ 244.008440][ T6490] ? xfs_trans_roll+0x130/0x450 [ 244.008462][ T6490] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 244.008500][ T6490] xfs_attr_set_iter+0x2d4/0x4b70 [ 244.008533][ T6490] ? filename_setxattr+0x274/0x600 [ 244.008565][ T6490] ? path_setxattrat+0x364/0x3a0 [ 244.008585][ T6490] ? __x64_sys_lsetxattr+0xbf/0xe0 [pid 6492] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6494] <... munmap resumed>) = 0 [pid 5874] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 244.008635][ T6490] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 244.008691][ T6490] ? kasan_quarantine_put+0xdd/0x220 [ 244.008716][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.008745][ T6490] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.008789][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.008827][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.008858][ T6490] ? kmem_cache_free+0x18f/0x400 [ 244.008885][ T6490] ? __xfs_trans_commit+0x3e0/0xbd0 [ 244.008917][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.008945][ T6490] ? __xfs_trans_commit+0x4c7/0xbd0 [ 244.008988][ T6490] xfs_attr_finish_item+0xed/0x320 [ 244.009029][ T6490] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 244.009066][ T6490] xfs_defer_finish_one+0x5c8/0xcf0 [ 244.009134][ T6490] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 244.009183][ T6490] xfs_defer_finish_noroll+0x910/0x12d0 [ 244.009223][ T6490] ? xfs_trans_commit+0x10b/0x1c0 [ 244.009256][ T6490] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 244.009295][ T6490] ? inode_set_ctime_current+0x740/0xb40 [pid 6494] ioctl(4, LOOP_SET_FD, 3 [pid 6490] <... lsetxattr resumed>) = ? [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./13/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./13") = 0 [pid 5874] mkdir("./14", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 6490] +++ exited with 0 +++ [pid 6471] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6471, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=144 /* 1.44 s */} --- [ 244.009343][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.009372][ T6490] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 244.009412][ T6490] xfs_trans_commit+0x10b/0x1c0 [ 244.009438][ T6490] ? __pfx_xfs_trans_commit+0x10/0x10 [ 244.009466][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.009490][ T6490] ? xfs_trans_log_inode+0x12c/0x1a0 [ 244.009524][ T6490] xfs_attr_set+0xdc6/0x1210 [ 244.009570][ T6490] ? __pfx_xfs_attr_set+0x10/0x10 [ 244.009603][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 244.009629][ T6490] ? __lock_acquire+0xab9/0xd20 [ 244.009664][ T6490] ? xfs_da_hashname+0x59d/0x740 [ 244.009696][ T6490] ? do_raw_spin_lock+0x121/0x290 [ 244.009738][ T6490] ? xfs_attr_change+0x2ac/0x390 [ 244.009772][ T6490] xfs_xattr_set+0x14d/0x250 [ 244.009804][ T6490] ? __pfx_xfs_xattr_set+0x10/0x10 [ 244.009848][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.009876][ T6490] ? evm_protect_xattr+0x4d4/0xa90 [ 244.009903][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.009930][ T6490] ? rcu_is_watching+0x15/0xb0 [ 244.009964][ T6490] ? __pfx_evm_protect_xattr+0x10/0x10 [ 244.009992][ T6490] ? __pfx_xfs_xattr_set+0x10/0x10 [ 244.010020][ T6490] __vfs_setxattr+0x43c/0x480 [ 244.010068][ T6490] __vfs_setxattr_noperm+0x12d/0x660 [ 244.010118][ T6490] vfs_setxattr+0x16b/0x2f0 [ 244.010160][ T6490] ? __pfx_vfs_setxattr+0x10/0x10 [ 244.010190][ T6490] ? mnt_get_write_access+0x223/0x2a0 [ 244.010220][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.010254][ T6490] filename_setxattr+0x274/0x600 [pid 5872] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6495 [ 244.010301][ T6490] ? __pfx_filename_setxattr+0x10/0x10 [ 244.010339][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.010366][ T6490] ? getname_flags+0x1e5/0x540 [ 244.010406][ T6490] path_setxattrat+0x364/0x3a0 [ 244.010443][ T6490] ? __pfx_path_setxattrat+0x10/0x10 [ 244.010508][ T6490] ? srso_alias_return_thunk+0x5/0xfbef5 [ 244.010536][ T6490] ? rcu_is_watching+0x15/0xb0 [ 244.010571][ T6490] __x64_sys_lsetxattr+0xbf/0xe0 [ 244.010609][ T6490] do_syscall_64+0xfa/0x3b0 [ 244.010636][ T6490] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.010659][ T6490] ? __switch_to_asm+0x39/0x70 [ 244.010692][ T6490] ? __switch_to_asm+0x33/0x70 [ 244.010729][ T6490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.010753][ T6490] RIP: 0033:0x7f3cdbf794f9 [ 244.010776][ T6490] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 244.010798][ T6490] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd ./strace-static-x86_64: Process 6495 attached [pid 6494] <... ioctl resumed>) = 0 [pid 6494] close(3) = 0 [ 244.010824][ T6490] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 244.010843][ T6490] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 244.010861][ T6490] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 244.010877][ T6490] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 244.010894][ T6490] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 244.010933][ T6490] [ 244.013162][ T6490] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 244.108837][ T6492] loop2: detected capacity change from 0 to 32768 [ 244.213934][ T6490] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 244.294812][ T6492] XFS: noikeep mount option is deprecated. [ 244.298546][ T6490] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 244.339857][ T6494] loop0: detected capacity change from 0 to 32768 [ 244.661883][ T6492] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6494] close(4 [pid 6495] set_robust_list(0x55555d962760, 24 [pid 6494] <... close resumed>) = 0 [pid 6495] <... set_robust_list resumed>) = 0 [ 244.671644][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6495] chdir("./14" [pid 6494] mkdir("./file1", 0777 [pid 6495] <... chdir resumed>) = 0 [pid 6494] <... mkdir resumed>) = 0 [pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6494] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6495] <... prctl resumed>) = 0 [pid 6495] setpgid(0, 0) = 0 [pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6495] write(3, "1000", 4) = 4 [pid 6495] close(3) = 0 [pid 6495] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6495] write(1, "executing program\n", 18) = 18 [pid 6495] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6495] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6508]}, 88) = 6508 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6508 attached [pid 6495] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./13/file1") = 0 [pid 5872] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./13/binderfs" [pid 6508] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6495] <... futex resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 6508] <... rseq resumed>) = 0 [pid 6495] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] getdents64(3, [pid 6508] set_robust_list(0x7f3cdbf259a0, 24 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./13" [pid 6508] <... set_robust_list resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [ 244.771259][ T6494] XFS: noikeep mount option is deprecated. [ 244.802567][ T6492] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6508] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] mkdir("./14", 0777 [pid 6508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6508] memfd_create("syzkaller", 0) = 3 [pid 6508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 244.842504][ T6492] XFS (loop2): Starting recovery (logdev: internal) [ 244.859281][ T6494] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6492] <... mount resumed>) = 0 [pid 6492] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6492] chdir("./file1") = 0 [pid 6492] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6492] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 244.908482][ T6492] XFS (loop2): Ending recovery (logdev: internal) [pid 6492] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6492] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6492] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040) = -1 EUCLEAN (Structure needs cleaning) [pid 6492] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 244.994843][ T6492] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 244.996119][ T6494] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 245.016838][ T6492] XFS (loop2): Unmount and run xfs_repair [ 245.037741][ T6492] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 245.059813][ T6494] XFS (loop0): Starting recovery (logdev: internal) [ 245.073964][ T6492] CPU: 1 UID: 0 PID: 6492 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 245.073999][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.074016][ T6492] Call Trace: [ 245.074027][ T6492] [ 245.074044][ T6492] dump_stack_lvl+0x189/0x250 [ 245.074081][ T6492] ? __pfx__xfs_alert_tag+0x10/0x10 [ 245.074121][ T6492] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.074156][ T6492] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 245.074206][ T6492] xfs_corruption_error+0x122/0x170 [ 245.074246][ T6492] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 245.074281][ T6492] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 6492] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6508] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6491] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... close resumed>) = 0 [ 245.074310][ T6492] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 245.074351][ T6492] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 245.074381][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.074411][ T6492] ? rcu_is_watching+0x15/0xb0 [ 245.074441][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.074469][ T6492] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 245.074501][ T6492] ? rcu_is_watching+0x15/0xb0 [ 245.074542][ T6492] xfs_alloc_cur_finish+0xd3/0x4b0 [ 245.074571][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.074601][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.074634][ T6492] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 245.074692][ T6492] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 245.074722][ T6492] ? xfs_group_grab+0x28/0x480 [ 245.074761][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.074789][ T6492] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 245.074824][ T6492] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 245.074874][ T6492] xfs_alloc_vextent_start_ag+0x388/0x850 [ 245.074914][ T6492] xfs_bmapi_allocate+0x188e/0x2e00 [ 245.074981][ T6492] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 245.075015][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.075071][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.075100][ T6492] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 245.075123][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.075153][ T6492] ? xfs_iext_prev+0x35a/0x370 [ 245.075192][ T6492] ? xfs_iext_get_extent+0x1bb/0x370 [ 245.075224][ T6492] xfs_bmapi_write+0x7df/0x1260 [ 245.075285][ T6492] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 245.075365][ T6492] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 245.075407][ T6492] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 245.075438][ T6492] ? kasan_save_track+0x4f/0x80 [ 245.075465][ T6492] ? kasan_save_track+0x3e/0x80 [ 245.075490][ T6492] ? kasan_save_free_info+0x46/0x50 [ 245.075528][ T6492] ? kmem_cache_free+0x18f/0x400 [ 245.075558][ T6492] ? __xfs_trans_commit+0x3e0/0xbd0 [ 245.075583][ T6492] ? xfs_trans_roll+0x130/0x450 [ 245.075608][ T6492] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 245.075649][ T6492] xfs_attr_set_iter+0x2d4/0x4b70 [ 245.075685][ T6492] ? filename_setxattr+0x274/0x600 [ 245.075720][ T6492] ? path_setxattrat+0x364/0x3a0 [ 245.075742][ T6492] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 245.075797][ T6492] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 245.075856][ T6492] ? kasan_quarantine_put+0xdd/0x220 [ 245.075882][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.075912][ T6492] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.075954][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.075989][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.076018][ T6492] ? kmem_cache_free+0x18f/0x400 [ 245.076058][ T6492] ? __xfs_trans_commit+0x3e0/0xbd0 [ 245.076091][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.076120][ T6492] ? __xfs_trans_commit+0x4c7/0xbd0 [ 245.076164][ T6492] xfs_attr_finish_item+0xed/0x320 [ 245.076207][ T6492] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 245.076244][ T6492] xfs_defer_finish_one+0x5c8/0xcf0 [ 245.076306][ T6492] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 245.076356][ T6492] xfs_defer_finish_noroll+0x910/0x12d0 [ 245.076396][ T6492] ? xfs_trans_commit+0x10b/0x1c0 [ 245.076429][ T6492] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 245.076464][ T6492] ? inode_set_ctime_current+0x740/0xb40 [ 245.076513][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.076543][ T6492] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 245.076584][ T6492] xfs_trans_commit+0x10b/0x1c0 [ 245.076612][ T6492] ? __pfx_xfs_trans_commit+0x10/0x10 [ 245.076645][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.076674][ T6492] ? xfs_trans_log_inode+0x12c/0x1a0 [ 245.076715][ T6492] xfs_attr_set+0xdc6/0x1210 [ 245.076765][ T6492] ? __pfx_xfs_attr_set+0x10/0x10 [ 245.076804][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.076832][ T6492] ? __lock_acquire+0xab9/0xd20 [ 245.076872][ T6492] ? xfs_da_hashname+0x59d/0x740 [ 245.076905][ T6492] ? do_raw_spin_lock+0x121/0x290 [ 245.076947][ T6492] ? xfs_attr_change+0x2ac/0x390 [ 245.076982][ T6492] xfs_xattr_set+0x14d/0x250 [ 245.077014][ T6492] ? __pfx_xfs_xattr_set+0x10/0x10 [ 245.077065][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077093][ T6492] ? evm_protect_xattr+0x4d4/0xa90 [ 245.077120][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077148][ T6492] ? rcu_is_watching+0x15/0xb0 [ 245.077183][ T6492] ? __pfx_evm_protect_xattr+0x10/0x10 [ 245.077212][ T6492] ? __pfx_xfs_xattr_set+0x10/0x10 [ 245.077240][ T6492] __vfs_setxattr+0x43c/0x480 [ 245.077290][ T6492] __vfs_setxattr_noperm+0x12d/0x660 [ 245.077335][ T6492] vfs_setxattr+0x16b/0x2f0 [ 245.077377][ T6492] ? __pfx_vfs_setxattr+0x10/0x10 [ 245.077408][ T6492] ? mnt_get_write_access+0x223/0x2a0 [ 245.077440][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077475][ T6492] filename_setxattr+0x274/0x600 [ 245.077522][ T6492] ? __pfx_filename_setxattr+0x10/0x10 [ 245.077561][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077590][ T6492] ? getname_flags+0x1e5/0x540 [ 245.077632][ T6492] path_setxattrat+0x364/0x3a0 [ 245.077669][ T6492] ? __pfx_path_setxattrat+0x10/0x10 [ 245.077736][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077765][ T6492] ? rcu_is_watching+0x15/0xb0 [ 245.077803][ T6492] __x64_sys_lsetxattr+0xbf/0xe0 [ 245.077845][ T6492] do_syscall_64+0xfa/0x3b0 [ 245.077869][ T6492] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.077909][ T6492] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.077934][ T6492] ? srso_alias_return_thunk+0x5/0xfbef5 [ 245.077963][ T6492] ? exc_page_fault+0x9f/0xf0 [ 245.078004][ T6492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.078029][ T6492] RIP: 0033:0x7f3cdbf794f9 [ 245.078056][ T6492] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 245.078078][ T6492] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 245.078105][ T6492] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 245.078125][ T6492] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 245.078144][ T6492] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 245.078161][ T6492] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 245.078178][ T6492] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 245.078218][ T6492] [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6513 attached , child_tidptr=0x55555d962750) = 6513 [pid 6513] set_robust_list(0x55555d962760, 24) = 0 [pid 6513] chdir("./14") = 0 [pid 6513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6513] setpgid(0, 0) = 0 [pid 6513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6513] write(3, "1000", 4executing program ) = 4 [pid 6513] close(3) = 0 [pid 6513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6513] write(1, "executing program\n", 18) = 18 [pid 6513] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6513] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6514]}, 88) = 6514 ./strace-static-x86_64: Process 6514 attached [pid 6513] rt_sigprocmask(SIG_SETMASK, [], [pid 6514] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] set_robust_list(0x7f3cdbf259a0, 24 [pid 6513] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... set_robust_list resumed>) = 0 [pid 6513] <... futex resumed>) = 0 [pid 6514] rt_sigprocmask(SIG_SETMASK, [], [pid 6513] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] memfd_create("syzkaller", 0) = 3 [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 245.752161][ T6492] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 245.786334][ T6494] XFS (loop0): Ending recovery (logdev: internal) [pid 6494] <... mount resumed>) = 0 [pid 6494] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6494] chdir("./file1") = 0 [pid 6494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6494] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6494] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6493] <... futex resumed>) = 0 [pid 6494] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6493] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] <... openat resumed>) = 4 [pid 6494] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6494] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6493] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 245.808747][ T6492] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 6493] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] <... pwritev2 resumed>) = 65007 [pid 6494] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6494] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6493] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... write resumed>) = 16777216 [pid 6508] munmap(0x7f3cd3a00000, 138412032 [pid 6492] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6508] <... munmap resumed>) = 0 [pid 6494] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6493] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6508] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6493] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] <... openat resumed>) = 4 [pid 6493] <... futex resumed>) = 0 [pid 6508] ioctl(4, LOOP_SET_FD, 3 [ 245.865947][ T6494] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 245.880359][ T6492] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 245.897856][ T6494] XFS (loop0): Unmount and run xfs_repair [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6494] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6492] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] exit_group(0 [pid 6494] <... futex resumed>) = 0 [pid 6493] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6491] <... exit_group resumed>) = ? [pid 6494] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] <... mprotect resumed>) = 0 [pid 6492] <... futex resumed>) = ? [pid 6493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6508] <... ioctl resumed>) = 0 [pid 6493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6492] +++ exited with 0 +++ [pid 6491] +++ exited with 0 +++ [pid 6508] close(3 [pid 6493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6491, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=53 /* 0.53 s */} --- ./strace-static-x86_64: Process 6515 attached [pid 6508] <... close resumed>) = 0 [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 6508] close(4 [pid 6493] <... clone3 resumed> => {parent_tid=[6515]}, 88) = 6515 [pid 5873] <... restart_syscall resumed>) = 0 [pid 6515] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6493] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6515] <... rseq resumed>) = 0 [pid 6508] <... close resumed>) = 0 [pid 6493] <... futex resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6515] set_robust_list(0x7f3cdbf049a0, 24 [pid 6508] mkdir("./file1", 0777 [pid 6493] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6515] <... set_robust_list resumed>) = 0 [pid 5873] <... openat resumed>) = 3 [pid 5873] newfstatat(3, "", [pid 6515] rt_sigprocmask(SIG_SETMASK, [], [pid 6508] <... mkdir resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6508] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] getdents64(3, [pid 6515] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 245.942575][ T6508] loop3: detected capacity change from 0 to 32768 [ 245.977333][ T6508] XFS: noikeep mount option is deprecated. [pid 5873] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6493] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 245.984640][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 245.996637][ T6515] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 246.009923][ T6515] CPU: 1 UID: 0 PID: 6515 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 246.009956][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.009973][ T6515] Call Trace: [ 246.009984][ T6515] [ 246.009995][ T6515] dump_stack_lvl+0x189/0x250 [ 246.010032][ T6515] ? __pfx__xfs_alert_tag+0x10/0x10 [ 246.010079][ T6515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.010114][ T6515] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 246.010163][ T6515] xfs_corruption_error+0x122/0x170 [ 246.010204][ T6515] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 246.010240][ T6515] xfs_alloc_fixup_trees+0x95e/0xd20 [ 246.010270][ T6515] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 246.010312][ T6515] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 246.010344][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.010373][ T6515] ? rcu_is_watching+0x15/0xb0 [ 246.010404][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.010432][ T6515] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 246.010464][ T6515] ? rcu_is_watching+0x15/0xb0 [ 246.010504][ T6515] xfs_alloc_cur_finish+0xd3/0x4b0 [ 246.010534][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.010565][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.010599][ T6515] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 246.010657][ T6515] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 246.010687][ T6515] ? xfs_group_grab+0x28/0x480 [ 246.010724][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.010752][ T6515] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 246.010785][ T6515] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 246.010832][ T6515] xfs_alloc_vextent_start_ag+0x388/0x850 [ 246.010871][ T6515] xfs_bmapi_allocate+0x188e/0x2e00 [ 246.010936][ T6515] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 246.010970][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011020][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011054][ T6515] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 246.011078][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011113][ T6515] ? xfs_iext_prev+0x35a/0x370 [ 246.011160][ T6515] ? xfs_iext_get_extent+0x1bb/0x370 [ 246.011189][ T6515] xfs_bmapi_write+0x7df/0x1260 [ 246.011251][ T6515] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 246.011329][ T6515] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 246.011370][ T6515] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 246.011401][ T6515] ? kasan_save_track+0x4f/0x80 [ 246.011428][ T6515] ? kasan_save_track+0x3e/0x80 [ 246.011452][ T6515] ? kasan_save_free_info+0x46/0x50 [ 246.011490][ T6515] ? kmem_cache_free+0x18f/0x400 [ 246.011519][ T6515] ? __xfs_trans_commit+0x3e0/0xbd0 [ 246.011545][ T6515] ? xfs_trans_roll+0x130/0x450 [ 246.011567][ T6515] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 246.011607][ T6515] xfs_attr_set_iter+0x2d4/0x4b70 [ 246.011641][ T6515] ? filename_setxattr+0x274/0x600 [ 246.011674][ T6515] ? path_setxattrat+0x364/0x3a0 [ 246.011695][ T6515] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 246.011746][ T6515] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 246.011802][ T6515] ? kasan_quarantine_put+0xdd/0x220 [ 246.011827][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011856][ T6515] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.011896][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011930][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.011959][ T6515] ? kmem_cache_free+0x18f/0x400 [ 246.011988][ T6515] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 6514] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./13/file1") = 0 [pid 5873] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./13/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./13") = 0 [pid 5873] mkdir("./14", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 246.012021][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.012056][ T6515] ? __xfs_trans_commit+0x4c7/0xbd0 [ 246.012082][ T6515] ? xfs_trans_dup+0xc3/0x5f0 [ 246.012121][ T6515] xfs_attr_finish_item+0xed/0x320 [ 246.012162][ T6515] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 246.012199][ T6515] xfs_defer_finish_one+0x5c8/0xcf0 [ 246.012260][ T6515] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 246.012308][ T6515] xfs_defer_finish_noroll+0x910/0x12d0 [ 246.012349][ T6515] ? xfs_trans_commit+0x10b/0x1c0 [ 246.012382][ T6515] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 246.012414][ T6515] ? inode_set_ctime_current+0x740/0xb40 [ 246.012458][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.012482][ T6515] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 246.012516][ T6515] xfs_trans_commit+0x10b/0x1c0 [ 246.012539][ T6515] ? __pfx_xfs_trans_commit+0x10/0x10 [ 246.012565][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] close(3 [ 246.012589][ T6515] ? xfs_trans_log_inode+0x12c/0x1a0 [ 246.012627][ T6515] xfs_attr_set+0xdc6/0x1210 [ 246.012673][ T6515] ? __pfx_xfs_attr_set+0x10/0x10 [ 246.012705][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.012732][ T6515] ? __lock_acquire+0xab9/0xd20 [ 246.012767][ T6515] ? xfs_da_hashname+0x59d/0x740 [ 246.012800][ T6515] ? do_raw_spin_lock+0x121/0x290 [ 246.012842][ T6515] ? xfs_attr_change+0x2ac/0x390 [ 246.012876][ T6515] xfs_xattr_set+0x14d/0x250 [ 246.012907][ T6515] ? __pfx_xfs_xattr_set+0x10/0x10 [ 246.012950][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.012977][ T6515] ? evm_protect_xattr+0x4d4/0xa90 [ 246.013005][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.013040][ T6515] ? rcu_is_watching+0x15/0xb0 [ 246.013075][ T6515] ? __pfx_evm_protect_xattr+0x10/0x10 [ 246.013102][ T6515] ? __pfx_xfs_xattr_set+0x10/0x10 [ 246.013130][ T6515] __vfs_setxattr+0x43c/0x480 [ 246.013181][ T6515] __vfs_setxattr_noperm+0x12d/0x660 [ 246.013224][ T6515] vfs_setxattr+0x16b/0x2f0 [ 246.013266][ T6515] ? __pfx_vfs_setxattr+0x10/0x10 [pid 6514] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 246.013297][ T6515] ? mnt_get_write_access+0x223/0x2a0 [ 246.013329][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.013363][ T6515] filename_setxattr+0x274/0x600 [ 246.013411][ T6515] ? __pfx_filename_setxattr+0x10/0x10 [ 246.013450][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.013478][ T6515] ? getname_flags+0x1e5/0x540 [ 246.013520][ T6515] path_setxattrat+0x364/0x3a0 [ 246.013557][ T6515] ? __pfx_path_setxattrat+0x10/0x10 [ 246.013621][ T6515] ? srso_alias_return_thunk+0x5/0xfbef5 [ 246.013650][ T6515] ? rcu_is_watching+0x15/0xb0 [ 246.013687][ T6515] __x64_sys_lsetxattr+0xbf/0xe0 [ 246.013729][ T6515] do_syscall_64+0xfa/0x3b0 [ 246.013758][ T6515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.013782][ T6515] ? __switch_to_asm+0x39/0x70 [ 246.013816][ T6515] ? __switch_to_asm+0x33/0x70 [ 246.013854][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.013877][ T6515] RIP: 0033:0x7f3cdbf794f9 [ 246.013898][ T6515] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 246.013920][ T6515] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 246.013946][ T6515] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 246.013966][ T6515] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 246.013984][ T6515] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 246.014001][ T6515] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 6514] ioctl(4, LOOP_SET_FD, 3 [pid 6515] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6515] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... close resumed>) = 0 [ 246.014018][ T6515] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 246.014063][ T6515] [ 246.014074][ T6515] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 246.038726][ T6508] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 246.357460][ T6515] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 246.556560][ T6514] loop1: detected capacity change from 0 to 32768 [pid 6493] exit_group(0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6493] <... exit_group resumed>) = ? [pid 6494] <... futex resumed>) = ? [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6524 [pid 6494] +++ exited with 0 +++ ./strace-static-x86_64: Process 6524 attached [pid 6524] set_robust_list(0x55555d962760, 24) = 0 [pid 6524] chdir("./14") = 0 [pid 6524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6524] setpgid(0, 0) = 0 [pid 6524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6524] write(3, "1000", 4) = 4 [pid 6524] close(3) = 0 [pid 6524] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6524] write(1, "executing program\n", 18) = 18 [pid 6524] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6524] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6525]}, 88) = 6525 [pid 6524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6524] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6525 attached [pid 6525] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6525] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6515] <... futex resumed>) = ? [pid 6525] memfd_create("syzkaller", 0) = 3 [pid 6525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6515] +++ exited with 0 +++ [pid 6514] <... ioctl resumed>) = 0 [pid 6493] +++ exited with 0 +++ [pid 6514] close(3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6493, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=88 /* 0.88 s */} --- [pid 6514] <... close resumed>) = 0 [pid 6514] close(4) = 0 [ 246.677010][ T6515] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 246.693839][ T6508] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6514] mkdir("./file1", 0777) = 0 [pid 5871] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6514] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 246.807058][ T6514] XFS: noikeep mount option is deprecated. [ 246.815798][ T6508] XFS (loop3): Starting recovery (logdev: internal) [ 246.815800][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5871] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./13/file1") = 0 [pid 5871] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./13/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./13") = 0 [pid 5871] mkdir("./14", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6508] <... mount resumed>) = 0 [pid 6508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6508] chdir("./file1") = 0 [pid 6508] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6508] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [ 246.878017][ T6514] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 246.902129][ T6508] XFS (loop3): Ending recovery (logdev: internal) [pid 6508] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6508] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6508] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6495] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... pwritev2 resumed>) = 65007 [pid 6495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 246.975930][ T6514] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6508] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 0 [pid 6508] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 247.023019][ T6508] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6495] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6508] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6495] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6495] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6534 attached [pid 6508] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6495] <... clone3 resumed> => {parent_tid=[6534]}, 88) = 6534 [pid 6508] <... futex resumed>) = 0 [pid 6534] <... rseq resumed>) = 0 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], [pid 6508] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] set_robust_list(0x7f3cdbf049a0, 24 [pid 6495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6534] <... set_robust_list resumed>) = 0 [pid 6495] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] rt_sigprocmask(SIG_SETMASK, [], [pid 6495] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 247.064735][ T6508] XFS (loop3): Unmount and run xfs_repair [ 247.065631][ T6514] XFS (loop1): Starting recovery (logdev: internal) [pid 6534] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6535 ./strace-static-x86_64: Process 6535 attached [pid 6535] set_robust_list(0x55555d962760, 24) = 0 [pid 6535] chdir("./14") = 0 [pid 6535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6535] setpgid(0, 0) = 0 [pid 6535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6535] write(3, "1000", 4) = 4 [pid 6535] close(3) = 0 [pid 6535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6535] write(1, "executing program\n", 18executing program ) = 18 [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6535] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6536 attached => {parent_tid=[6536]}, 88) = 6536 [pid 6535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6535] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6535] <... futex resumed>) = 0 [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6536] <... rseq resumed>) = 0 [pid 6536] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6536] memfd_create("syzkaller", 0 [pid 6514] <... mount resumed>) = 0 [ 247.115532][ T6534] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 247.136250][ T6514] XFS (loop1): Ending recovery (logdev: internal) [pid 6514] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6536] <... memfd_create resumed>) = 3 [pid 6536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6514] <... openat resumed>) = 3 [pid 6536] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6514] chdir("./file1") = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6514] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6514] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 247.157281][ T6534] CPU: 1 UID: 0 PID: 6534 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 247.157316][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.157332][ T6534] Call Trace: [ 247.157343][ T6534] [ 247.157353][ T6534] dump_stack_lvl+0x189/0x250 [ 247.157390][ T6534] ? __pfx__xfs_alert_tag+0x10/0x10 [ 247.157427][ T6534] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.157462][ T6534] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 6514] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6514] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6514] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6513] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 247.157510][ T6534] xfs_corruption_error+0x122/0x170 [ 247.157549][ T6534] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 247.157583][ T6534] xfs_alloc_fixup_trees+0x95e/0xd20 [ 247.157612][ T6534] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 247.157653][ T6534] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 247.157683][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.157712][ T6534] ? rcu_is_watching+0x15/0xb0 [ 247.157742][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.157771][ T6534] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 247.157802][ T6534] ? rcu_is_watching+0x15/0xb0 [ 247.157851][ T6534] xfs_alloc_cur_finish+0xd3/0x4b0 [ 247.157882][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.157913][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.157946][ T6534] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 247.158005][ T6534] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 247.158035][ T6534] ? xfs_group_grab+0x28/0x480 [ 247.158071][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.158100][ T6534] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 247.158133][ T6534] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 247.158185][ T6534] xfs_alloc_vextent_start_ag+0x388/0x850 [ 247.158225][ T6534] xfs_bmapi_allocate+0x188e/0x2e00 [ 247.158290][ T6534] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 247.158323][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.158373][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.158402][ T6534] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 247.158425][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.158453][ T6534] ? xfs_iext_prev+0x35a/0x370 [ 247.158492][ T6534] ? xfs_iext_get_extent+0x1bb/0x370 [ 247.158523][ T6534] xfs_bmapi_write+0x7df/0x1260 [ 247.158583][ T6534] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 247.158662][ T6534] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 247.158704][ T6534] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 247.158735][ T6534] ? kasan_save_track+0x4f/0x80 [ 247.158761][ T6534] ? kasan_save_track+0x3e/0x80 [ 247.158785][ T6534] ? kasan_save_free_info+0x46/0x50 [ 247.158823][ T6534] ? kmem_cache_free+0x18f/0x400 [ 247.158863][ T6534] ? __xfs_trans_commit+0x3e0/0xbd0 [ 247.158889][ T6534] ? xfs_trans_roll+0x130/0x450 [ 247.158913][ T6534] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 247.158953][ T6534] xfs_attr_set_iter+0x2d4/0x4b70 [ 247.158988][ T6534] ? filename_setxattr+0x274/0x600 [ 247.159022][ T6534] ? path_setxattrat+0x364/0x3a0 [ 247.159044][ T6534] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 247.159097][ T6534] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 247.159151][ T6534] ? kasan_quarantine_put+0xdd/0x220 [ 247.159178][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6513] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6514] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... futex resumed>) = 0 [pid 6513] <... futex resumed>) = 0 [pid 6514] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6513] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6537]}, 88) = 6537 [pid 6513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6513] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 247.159204][ T6534] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.159245][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.159282][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.159310][ T6534] ? kmem_cache_free+0x18f/0x400 [ 247.159343][ T6534] ? __xfs_trans_commit+0x3e0/0xbd0 [ 247.159375][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.159403][ T6534] ? __xfs_trans_commit+0x4c7/0xbd0 [ 247.159446][ T6534] xfs_attr_finish_item+0xed/0x320 [ 247.159484][ T6534] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 247.159521][ T6534] xfs_defer_finish_one+0x5c8/0xcf0 [ 247.159581][ T6534] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 247.159631][ T6534] xfs_defer_finish_noroll+0x910/0x12d0 [ 247.159672][ T6534] ? xfs_trans_commit+0x10b/0x1c0 [ 247.159704][ T6534] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 247.159739][ T6534] ? inode_set_ctime_current+0x740/0xb40 [ 247.159787][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.159816][ T6534] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 247.159865][ T6534] xfs_trans_commit+0x10b/0x1c0 [pid 6525] <... write resumed>) = 16777216 [ 247.159891][ T6534] ? __pfx_xfs_trans_commit+0x10/0x10 [ 247.159923][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.159952][ T6534] ? xfs_trans_log_inode+0x12c/0x1a0 [ 247.159993][ T6534] xfs_attr_set+0xdc6/0x1210 [ 247.160043][ T6534] ? __pfx_xfs_attr_set+0x10/0x10 [ 247.160079][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.160107][ T6534] ? __lock_acquire+0xab9/0xd20 [ 247.160145][ T6534] ? xfs_da_hashname+0x59d/0x740 [ 247.160179][ T6534] ? do_raw_spin_lock+0x121/0x290 [ 247.160220][ T6534] ? xfs_attr_change+0x2ac/0x390 [pid 6525] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6525] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 247.160255][ T6534] xfs_xattr_set+0x14d/0x250 [ 247.160286][ T6534] ? __pfx_xfs_xattr_set+0x10/0x10 [ 247.160330][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.160357][ T6534] ? evm_protect_xattr+0x4d4/0xa90 [ 247.160385][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.160414][ T6534] ? rcu_is_watching+0x15/0xb0 [ 247.160448][ T6534] ? __pfx_evm_protect_xattr+0x10/0x10 [ 247.160484][ T6534] ? __pfx_xfs_xattr_set+0x10/0x10 [ 247.160512][ T6534] __vfs_setxattr+0x43c/0x480 [ 247.160561][ T6534] __vfs_setxattr_noperm+0x12d/0x660 [ 247.160605][ T6534] vfs_setxattr+0x16b/0x2f0 [ 247.160647][ T6534] ? __pfx_vfs_setxattr+0x10/0x10 [ 247.160677][ T6534] ? mnt_get_write_access+0x223/0x2a0 [ 247.160709][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.160742][ T6534] filename_setxattr+0x274/0x600 [ 247.160815][ T6534] ? __pfx_filename_setxattr+0x10/0x10 [ 247.160862][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.160892][ T6534] ? getname_flags+0x1e5/0x540 [ 247.160934][ T6534] path_setxattrat+0x364/0x3a0 [ 247.160972][ T6534] ? __pfx_path_setxattrat+0x10/0x10 [ 247.161037][ T6534] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.161064][ T6534] ? rcu_is_watching+0x15/0xb0 [ 247.161101][ T6534] __x64_sys_lsetxattr+0xbf/0xe0 [ 247.161142][ T6534] do_syscall_64+0xfa/0x3b0 [ 247.161171][ T6534] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.161194][ T6534] ? __switch_to_asm+0x39/0x70 [ 247.161226][ T6534] ? __switch_to_asm+0x33/0x70 [ 247.161263][ T6534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.161290][ T6534] RIP: 0033:0x7f3cdbf794f9 [pid 6525] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6537 attached [pid 6536] <... write resumed>) = 16777216 [pid 6534] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6537] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6536] munmap(0x7f3cd3a00000, 138412032 [pid 6534] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] exit_group(0 [pid 6537] <... rseq resumed>) = 0 [pid 6508] <... futex resumed>) = ? [pid 6495] <... exit_group resumed>) = ? [pid 6537] set_robust_list(0x7f3cdbf049a0, 24 [pid 6508] +++ exited with 0 +++ [pid 6537] <... set_robust_list resumed>) = 0 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6537] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6536] <... munmap resumed>) = 0 [pid 6534] <... futex resumed>) = ? [pid 6525] <... ioctl resumed>) = 0 [pid 6536] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 247.161313][ T6534] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 247.161335][ T6534] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 247.161360][ T6534] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 247.161380][ T6534] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6525] close(3 [pid 6536] <... openat resumed>) = 4 [pid 6534] +++ exited with 0 +++ [pid 6525] <... close resumed>) = 0 [pid 6495] +++ exited with 0 +++ [pid 6536] ioctl(4, LOOP_SET_FD, 3 [ 247.161399][ T6534] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 247.161415][ T6534] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 247.161433][ T6534] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 247.161472][ T6534] [ 247.163188][ T6534] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 247.222887][ T6514] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6525] close(4) = 0 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6495, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=120 /* 1.20 s */} --- [pid 5874] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 247.243338][ T6534] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 247.286893][ T6514] XFS (loop1): Unmount and run xfs_repair [ 247.289702][ T6534] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 247.648953][ T6525] loop2: detected capacity change from 0 to 32768 [ 247.781790][ T6537] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 247.838079][ T6536] loop0: detected capacity change from 0 to 32768 [pid 5874] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6525] mkdir("./file1", 0777) = 0 [pid 6525] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6536] <... ioctl resumed>) = 0 [ 247.845710][ T6537] CPU: 1 UID: 0 PID: 6537 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 247.845745][ T6537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.845761][ T6537] Call Trace: [ 247.845771][ T6537] [ 247.845782][ T6537] dump_stack_lvl+0x189/0x250 [ 247.845820][ T6537] ? __pfx__xfs_alert_tag+0x10/0x10 [ 247.845858][ T6537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.845893][ T6537] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 247.845941][ T6537] xfs_corruption_error+0x122/0x170 [ 247.845980][ T6537] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 247.846015][ T6537] xfs_alloc_fixup_trees+0x95e/0xd20 [ 247.846052][ T6537] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 247.846097][ T6537] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 247.846133][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846170][ T6537] ? rcu_is_watching+0x15/0xb0 [ 247.846201][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846229][ T6537] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6536] close(3) = 0 [pid 6536] close(4) = 0 [pid 6536] mkdir("./file1", 0777) = 0 [ 247.846259][ T6537] ? rcu_is_watching+0x15/0xb0 [ 247.846299][ T6537] xfs_alloc_cur_finish+0xd3/0x4b0 [ 247.846328][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846358][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846392][ T6537] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 247.846449][ T6537] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 247.846479][ T6537] ? xfs_group_grab+0x28/0x480 [ 247.846515][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846543][ T6537] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 247.846577][ T6537] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 247.846624][ T6537] xfs_alloc_vextent_start_ag+0x388/0x850 [ 247.846663][ T6537] xfs_bmapi_allocate+0x188e/0x2e00 [ 247.846728][ T6537] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 247.846760][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846809][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846837][ T6537] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 247.846861][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.846888][ T6537] ? xfs_iext_prev+0x35a/0x370 [pid 6536] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6513] exit_group(0) = ? [ 247.846926][ T6537] ? xfs_iext_get_extent+0x1bb/0x370 [ 247.846957][ T6537] xfs_bmapi_write+0x7df/0x1260 [ 247.847016][ T6537] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 247.847101][ T6537] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 247.847142][ T6537] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 247.847172][ T6537] ? kasan_save_track+0x4f/0x80 [ 247.847200][ T6537] ? kasan_save_track+0x3e/0x80 [ 247.847225][ T6537] ? kasan_save_free_info+0x46/0x50 [ 247.847262][ T6537] ? kmem_cache_free+0x18f/0x400 [ 247.847291][ T6537] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 6514] <... futex resumed>) = ? [pid 6514] +++ exited with 0 +++ [ 247.847316][ T6537] ? xfs_trans_roll+0x130/0x450 [ 247.847340][ T6537] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 247.847380][ T6537] xfs_attr_set_iter+0x2d4/0x4b70 [ 247.847414][ T6537] ? filename_setxattr+0x274/0x600 [ 247.847448][ T6537] ? path_setxattrat+0x364/0x3a0 [ 247.847470][ T6537] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 247.847522][ T6537] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 247.847579][ T6537] ? kasan_quarantine_put+0xdd/0x220 [ 247.847605][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6537] <... lsetxattr resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6513] +++ exited with 0 +++ [ 247.847633][ T6537] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.847674][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.847708][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.847735][ T6537] ? kmem_cache_free+0x18f/0x400 [ 247.847763][ T6537] ? __xfs_trans_commit+0x3e0/0xbd0 [ 247.847795][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.847823][ T6537] ? __xfs_trans_commit+0x4c7/0xbd0 [ 247.847866][ T6537] xfs_attr_finish_item+0xed/0x320 [ 247.847907][ T6537] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 247.847943][ T6537] xfs_defer_finish_one+0x5c8/0xcf0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6513, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=95 /* 0.95 s */} --- [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [ 247.848003][ T6537] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 247.848057][ T6537] xfs_defer_finish_noroll+0x910/0x12d0 [ 247.848097][ T6537] ? xfs_trans_commit+0x10b/0x1c0 [ 247.848129][ T6537] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 247.848162][ T6537] ? inode_set_ctime_current+0x740/0xb40 [ 247.848210][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.848238][ T6537] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 247.848278][ T6537] xfs_trans_commit+0x10b/0x1c0 [pid 5874] rmdir("./14/file1" [pid 5872] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... rmdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(3, "", [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5872] getdents64(3, [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] unlink("./14/binderfs" [pid 5872] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... unlink resumed>) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./14") = 0 [ 247.848304][ T6537] ? __pfx_xfs_trans_commit+0x10/0x10 [ 247.848337][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.848365][ T6537] ? xfs_trans_log_inode+0x12c/0x1a0 [ 247.848405][ T6537] xfs_attr_set+0xdc6/0x1210 [ 247.848453][ T6537] ? __pfx_xfs_attr_set+0x10/0x10 [ 247.848487][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.848515][ T6537] ? __lock_acquire+0xab9/0xd20 [ 247.848552][ T6537] ? xfs_da_hashname+0x59d/0x740 [ 247.848584][ T6537] ? do_raw_spin_lock+0x121/0x290 [pid 5874] mkdir("./15", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 247.848627][ T6537] ? xfs_attr_change+0x2ac/0x390 [ 247.848661][ T6537] xfs_xattr_set+0x14d/0x250 [ 247.848693][ T6537] ? __pfx_xfs_xattr_set+0x10/0x10 [ 247.848738][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.848766][ T6537] ? evm_protect_xattr+0x4d4/0xa90 [ 247.848793][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.848821][ T6537] ? rcu_is_watching+0x15/0xb0 [ 247.848854][ T6537] ? __pfx_evm_protect_xattr+0x10/0x10 [ 247.848882][ T6537] ? __pfx_xfs_xattr_set+0x10/0x10 [ 247.848911][ T6537] __vfs_setxattr+0x43c/0x480 [ 247.848959][ T6537] __vfs_setxattr_noperm+0x12d/0x660 [ 247.849003][ T6537] vfs_setxattr+0x16b/0x2f0 [ 247.849054][ T6537] ? __pfx_vfs_setxattr+0x10/0x10 [ 247.849084][ T6537] ? mnt_get_write_access+0x223/0x2a0 [ 247.849115][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.849149][ T6537] filename_setxattr+0x274/0x600 [ 247.849196][ T6537] ? __pfx_filename_setxattr+0x10/0x10 [ 247.849234][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.849262][ T6537] ? getname_flags+0x1e5/0x540 [ 247.849303][ T6537] path_setxattrat+0x364/0x3a0 [ 247.849339][ T6537] ? __pfx_path_setxattrat+0x10/0x10 [ 247.849406][ T6537] ? srso_alias_return_thunk+0x5/0xfbef5 [ 247.849435][ T6537] ? rcu_is_watching+0x15/0xb0 [ 247.849472][ T6537] __x64_sys_lsetxattr+0xbf/0xe0 [ 247.849512][ T6537] do_syscall_64+0xfa/0x3b0 [ 247.849539][ T6537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.849568][ T6537] ? __switch_to_asm+0x39/0x70 [ 247.849601][ T6537] ? __switch_to_asm+0x33/0x70 [ 247.849638][ T6537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.849663][ T6537] RIP: 0033:0x7f3cdbf794f9 [ 247.849685][ T6537] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 247.849707][ T6537] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 247.849734][ T6537] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 247.849753][ T6537] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 247.849772][ T6537] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 247.849788][ T6537] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 247.849805][ T6537] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 247.849844][ T6537] [ 247.881888][ T6525] XFS: noikeep mount option is deprecated. [ 247.886413][ T6537] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 247.904603][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] close(3) = 0 [ 247.945690][ T6537] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 248.052322][ T6536] XFS: noikeep mount option is deprecated. [ 248.069049][ T6537] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 248.239827][ T6525] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 248.261194][ T6536] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6536] <... mount resumed>) = 0 [pid 6536] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6536] chdir("./file1") = 0 [pid 6536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... futex resumed>) = 0 [pid 6535] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] <... futex resumed>) = 0 [pid 6535] <... futex resumed>) = 1 [pid 6536] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... openat resumed>) = 4 [pid 6536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6535] <... futex resumed>) = 0 [pid 6536] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6535] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... pwritev2 resumed>) = 65007 [pid 6536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6535] <... futex resumed>) = 0 [pid 6536] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6535] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] <... mount resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6554 attached [pid 6525] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6554] set_robust_list(0x55555d962760, 24 [pid 6525] <... openat resumed>) = 3 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6554 [pid 6554] <... set_robust_list resumed>) = 0 [pid 6554] chdir("./15" [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6554] <... chdir resumed>) = 0 [pid 6525] chdir("./file1" [pid 6554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6554] setpgid(0, 0) = 0 [pid 6554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6554] write(3, "1000", 4) = 4 [pid 6525] <... chdir resumed>) = 0 [pid 6554] close(3 [ 248.299143][ T6525] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 248.343592][ T6536] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 248.359626][ T6525] XFS (loop2): Starting recovery (logdev: internal) [ 248.433022][ T6536] XFS (loop0): Starting recovery (logdev: internal) [ 248.596581][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 248.636124][ T6536] XFS (loop0): Ending recovery (logdev: internal) [pid 6525] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6554] <... close resumed>) = 0 [pid 6525] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6554] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6525] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] write(1, "executing program\n", 18) = 18 [pid 6525] <... futex resumed>) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6524] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6524] <... futex resumed>) = 0 [pid 6554] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6524] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6554] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6525] <... openat resumed>) = 4 [pid 6554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6554] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6536] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6525] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6536] <... futex resumed>) = 1 [pid 6535] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6524] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6524] <... futex resumed>) = 0 [pid 6535] <... futex resumed>) = 0 [pid 6524] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6554] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6525] <... pwritev2 resumed>) = 65007 [pid 5872] <... umount2 resumed>) = 0 [ 248.665295][ T6525] XFS (loop2): Ending recovery (logdev: internal) [ 248.703044][ T6536] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 248.739772][ T6536] XFS (loop0): Unmount and run xfs_repair [ 248.755927][ T6536] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6525] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6554] <... clone3 resumed> => {parent_tid=[6555]}, 88) = 6555 [pid 6525] <... futex resumed>) = 1 [pid 6524] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6525] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6524] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6555 attached [pid 6554] rt_sigprocmask(SIG_SETMASK, [], [pid 6524] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./14/file1", [pid 6555] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6555] <... rseq resumed>) = 0 [pid 6554] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] set_robust_list(0x7f3cdbf259a0, 24 [pid 6554] <... futex resumed>) = 0 [pid 6555] <... set_robust_list resumed>) = 0 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6555] memfd_create("syzkaller", 0) = 3 [pid 6555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 248.769784][ T6536] CPU: 0 UID: 0 PID: 6536 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 248.769836][ T6536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.769853][ T6536] Call Trace: [ 248.769862][ T6536] [ 248.769871][ T6536] dump_stack_lvl+0x189/0x250 [ 248.769906][ T6536] ? __pfx__xfs_alert_tag+0x10/0x10 [ 248.769943][ T6536] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6524] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./14/file1") = 0 [pid 5872] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./14/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./14") = 0 [pid 5872] mkdir("./15", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 248.769977][ T6536] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 248.770028][ T6536] xfs_corruption_error+0x122/0x170 [ 248.770066][ T6536] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 248.770101][ T6536] xfs_alloc_fixup_trees+0x95e/0xd20 [ 248.770130][ T6536] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 248.770173][ T6536] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 248.770200][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770227][ T6536] ? rcu_is_watching+0x15/0xb0 [ 248.770254][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 6524] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6524] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6524] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] close(3 [pid 6524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6556]}, 88) = 6556 [pid 6524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6524] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6556 attached [pid 6556] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6556] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 248.770278][ T6536] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 248.770305][ T6536] ? rcu_is_watching+0x15/0xb0 [ 248.770340][ T6536] xfs_alloc_cur_finish+0xd3/0x4b0 [ 248.770365][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770391][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770420][ T6536] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 248.770471][ T6536] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 248.770497][ T6536] ? xfs_group_grab+0x28/0x480 [ 248.770529][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6556] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6524] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 248.770554][ T6536] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 248.770584][ T6536] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 248.770627][ T6536] xfs_alloc_vextent_start_ag+0x388/0x850 [ 248.770662][ T6536] xfs_bmapi_allocate+0x188e/0x2e00 [ 248.770728][ T6536] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 248.770758][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770812][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770837][ T6536] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 248.770859][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.770885][ T6536] ? xfs_iext_prev+0x35a/0x370 [ 248.770919][ T6536] ? xfs_iext_get_extent+0x1bb/0x370 [ 248.770947][ T6536] xfs_bmapi_write+0x7df/0x1260 [ 248.771001][ T6536] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 248.771071][ T6536] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 248.771109][ T6536] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 248.771136][ T6536] ? kasan_save_track+0x4f/0x80 [ 248.771159][ T6536] ? kasan_save_track+0x3e/0x80 [ 248.771181][ T6536] ? kasan_save_free_info+0x46/0x50 [ 248.771215][ T6536] ? kmem_cache_free+0x18f/0x400 [ 248.771242][ T6536] ? __xfs_trans_commit+0x3e0/0xbd0 [ 248.771265][ T6536] ? xfs_trans_roll+0x130/0x450 [ 248.771286][ T6536] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 248.771323][ T6536] xfs_attr_set_iter+0x2d4/0x4b70 [ 248.771354][ T6536] ? filename_setxattr+0x274/0x600 [ 248.771384][ T6536] ? path_setxattrat+0x364/0x3a0 [ 248.771403][ T6536] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 248.771450][ T6536] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 248.771510][ T6536] ? kasan_quarantine_put+0xdd/0x220 [ 248.771535][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.771560][ T6536] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.771597][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.771628][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.771653][ T6536] ? kmem_cache_free+0x18f/0x400 [ 248.771680][ T6536] ? __xfs_trans_commit+0x3e0/0xbd0 [ 248.771710][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.771735][ T6536] ? __xfs_trans_commit+0x4c7/0xbd0 [ 248.771774][ T6536] xfs_attr_finish_item+0xed/0x320 [ 248.771820][ T6536] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 248.771852][ T6536] xfs_defer_finish_one+0x5c8/0xcf0 [ 248.771910][ T6536] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 248.771955][ T6536] xfs_defer_finish_noroll+0x910/0x12d0 [ 248.771990][ T6536] ? xfs_trans_commit+0x10b/0x1c0 [ 248.772019][ T6536] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 248.772050][ T6536] ? inode_set_ctime_current+0x740/0xb40 [ 248.772094][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772120][ T6536] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 6525] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5872] <... close resumed>) = 0 [pid 6536] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6555] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6525] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6525] <... futex resumed>) = 0 [ 248.772157][ T6536] xfs_trans_commit+0x10b/0x1c0 [ 248.772180][ T6536] ? __pfx_xfs_trans_commit+0x10/0x10 [ 248.772210][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772235][ T6536] ? xfs_trans_log_inode+0x12c/0x1a0 [ 248.772272][ T6536] xfs_attr_set+0xdc6/0x1210 [ 248.772317][ T6536] ? __pfx_xfs_attr_set+0x10/0x10 [ 248.772347][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772372][ T6536] ? __lock_acquire+0xab9/0xd20 [ 248.772406][ T6536] ? xfs_da_hashname+0x59d/0x740 [pid 6525] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6557 [pid 6536] <... futex resumed>) = 0 [pid 6535] exit_group(0) = ? [ 248.772435][ T6536] ? do_raw_spin_lock+0x121/0x290 [ 248.772474][ T6536] ? xfs_attr_change+0x2ac/0x390 [ 248.772506][ T6536] xfs_xattr_set+0x14d/0x250 [ 248.772534][ T6536] ? __pfx_xfs_xattr_set+0x10/0x10 [ 248.772575][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772600][ T6536] ? evm_protect_xattr+0x4d4/0xa90 [ 248.772624][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772649][ T6536] ? rcu_is_watching+0x15/0xb0 [ 248.772680][ T6536] ? __pfx_evm_protect_xattr+0x10/0x10 [ 248.772705][ T6536] ? __pfx_xfs_xattr_set+0x10/0x10 [ 248.772730][ T6536] __vfs_setxattr+0x43c/0x480 [ 248.772776][ T6536] __vfs_setxattr_noperm+0x12d/0x660 [ 248.772828][ T6536] vfs_setxattr+0x16b/0x2f0 [ 248.772867][ T6536] ? __pfx_vfs_setxattr+0x10/0x10 [ 248.772895][ T6536] ? mnt_get_write_access+0x223/0x2a0 [ 248.772923][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.772955][ T6536] filename_setxattr+0x274/0x600 [ 248.773000][ T6536] ? __pfx_filename_setxattr+0x10/0x10 [ 248.773036][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.773063][ T6536] ? getname_flags+0x1e5/0x540 [ 248.773102][ T6536] path_setxattrat+0x364/0x3a0 [ 248.773137][ T6536] ? __pfx_path_setxattrat+0x10/0x10 [ 248.773199][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.773224][ T6536] ? rcu_is_watching+0x15/0xb0 [ 248.773260][ T6536] __x64_sys_lsetxattr+0xbf/0xe0 [ 248.773297][ T6536] do_syscall_64+0xfa/0x3b0 [ 248.773320][ T6536] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.773356][ T6536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f ./strace-static-x86_64: Process 6557 attached [pid 6536] +++ exited with 0 +++ [pid 6535] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6535, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=79 /* 0.79 s */} --- [pid 5871] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6557] set_robust_list(0x55555d962760, 24 [pid 5871] newfstatat(3, "", [pid 6557] <... set_robust_list resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6557] chdir("./15" [pid 5871] getdents64(3, [pid 6557] <... chdir resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6557] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6557] <... prctl resumed>) = 0 [pid 6557] setpgid(0, 0) = 0 [pid 6557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6557] write(3, "1000", 4) = 4 [pid 6557] close(3) = 0 [pid 6557] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6557] write(1, "executing program\n", 18) = 18 [pid 6557] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6557] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6558]}, 88) = 6558 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6557] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 248.773378][ T6536] ? srso_alias_return_thunk+0x5/0xfbef5 [ 248.773404][ T6536] ? exc_page_fault+0x9f/0xf0 [ 248.773440][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.773462][ T6536] RIP: 0033:0x7f3cdbf794f9 [ 248.773483][ T6536] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 248.773502][ T6536] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 6557] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6524] exit_group(0 [pid 6525] <... futex resumed>) = ? [pid 6524] <... exit_group resumed>) = ? [pid 6525] +++ exited with 0 +++ [ 248.773527][ T6536] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 248.773544][ T6536] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 248.773561][ T6536] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 248.773576][ T6536] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 248.773591][ T6536] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 248.773627][ T6536] [ 248.773638][ T6536] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 6555] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 6558 attached [pid 6555] munmap(0x7f3cd3a00000, 138412032 [pid 6558] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6558] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6558] memfd_create("syzkaller", 0) = 3 [ 248.778956][ T6525] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 248.939886][ T6536] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 248.942899][ T6525] XFS (loop2): Unmount and run xfs_repair [ 249.065701][ T6536] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 249.198055][ T6556] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 249.198123][ T6556] CPU: 1 UID: 0 PID: 6556 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 249.198154][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.198170][ T6556] Call Trace: [ 249.198180][ T6556] [ 249.198191][ T6556] dump_stack_lvl+0x189/0x250 [ 249.198225][ T6556] ? __pfx__xfs_alert_tag+0x10/0x10 [pid 6558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6555] <... munmap resumed>) = 0 [pid 6555] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 249.198262][ T6556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.198297][ T6556] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 249.198344][ T6556] xfs_corruption_error+0x122/0x170 [ 249.198383][ T6556] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 249.198418][ T6556] xfs_alloc_fixup_trees+0x95e/0xd20 [ 249.198447][ T6556] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 249.198487][ T6556] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 249.198518][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.198547][ T6556] ? rcu_is_watching+0x15/0xb0 [pid 6555] ioctl(4, LOOP_SET_FD, 3 [pid 6558] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6555] <... ioctl resumed>) = 0 [pid 6555] close(3) = 0 [pid 6555] close(4) = 0 [pid 6555] mkdir("./file1", 0777) = 0 [ 249.198576][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.198604][ T6556] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 249.198635][ T6556] ? rcu_is_watching+0x15/0xb0 [ 249.198674][ T6556] xfs_alloc_cur_finish+0xd3/0x4b0 [ 249.198703][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.198733][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.198767][ T6556] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 249.198823][ T6556] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 249.198852][ T6556] ? xfs_group_grab+0x28/0x480 [ 249.198888][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.198915][ T6556] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 249.198948][ T6556] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 249.198994][ T6556] xfs_alloc_vextent_start_ag+0x388/0x850 [ 249.199033][ T6556] xfs_bmapi_allocate+0x188e/0x2e00 [ 249.199101][ T6556] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 249.199133][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.199182][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.199210][ T6556] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 249.199233][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.199260][ T6556] ? xfs_iext_prev+0x35a/0x370 [ 249.199297][ T6556] ? xfs_iext_get_extent+0x1bb/0x370 [ 249.199328][ T6556] xfs_bmapi_write+0x7df/0x1260 [ 249.199386][ T6556] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 249.199464][ T6556] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 249.199505][ T6556] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 249.199534][ T6556] ? kasan_save_track+0x4f/0x80 [ 249.199559][ T6556] ? kasan_save_track+0x3e/0x80 [ 249.199584][ T6556] ? kasan_save_free_info+0x46/0x50 [ 249.199620][ T6556] ? kmem_cache_free+0x18f/0x400 [ 249.199648][ T6556] ? __xfs_trans_commit+0x3e0/0xbd0 [ 249.199672][ T6556] ? xfs_trans_roll+0x130/0x450 [ 249.199696][ T6556] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 249.199734][ T6556] xfs_attr_set_iter+0x2d4/0x4b70 [ 249.199768][ T6556] ? filename_setxattr+0x274/0x600 [ 249.199800][ T6556] ? path_setxattrat+0x364/0x3a0 [ 249.199822][ T6556] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 249.199872][ T6556] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 249.199928][ T6556] ? kasan_quarantine_put+0xdd/0x220 [ 249.199953][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.199981][ T6556] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.200021][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.200060][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.200087][ T6556] ? kmem_cache_free+0x18f/0x400 [ 249.200115][ T6556] ? __xfs_trans_commit+0x3e0/0xbd0 [ 249.200146][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.200173][ T6556] ? __xfs_trans_commit+0x4c7/0xbd0 [ 249.200216][ T6556] xfs_attr_finish_item+0xed/0x320 [ 249.200256][ T6556] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 249.200292][ T6556] xfs_defer_finish_one+0x5c8/0xcf0 [ 249.200351][ T6556] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 249.200399][ T6556] xfs_defer_finish_noroll+0x910/0x12d0 [ 249.200438][ T6556] ? xfs_trans_commit+0x10b/0x1c0 [ 249.200469][ T6556] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 249.200503][ T6556] ? inode_set_ctime_current+0x740/0xb40 [ 249.200549][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6555] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6558] <... write resumed>) = 16777216 [ 249.200576][ T6556] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 249.200615][ T6556] xfs_trans_commit+0x10b/0x1c0 [ 249.200641][ T6556] ? __pfx_xfs_trans_commit+0x10/0x10 [ 249.200673][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.200700][ T6556] ? xfs_trans_log_inode+0x12c/0x1a0 [ 249.200740][ T6556] xfs_attr_set+0xdc6/0x1210 [ 249.200811][ T6556] ? __pfx_xfs_attr_set+0x10/0x10 [ 249.200844][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.200872][ T6556] ? __lock_acquire+0xab9/0xd20 [ 249.200908][ T6556] ? xfs_da_hashname+0x59d/0x740 [ 249.200940][ T6556] ? do_raw_spin_lock+0x121/0x290 [ 249.200982][ T6556] ? xfs_attr_change+0x2ac/0x390 [ 249.201016][ T6556] xfs_xattr_set+0x14d/0x250 [ 249.201051][ T6556] ? __pfx_xfs_xattr_set+0x10/0x10 [ 249.201096][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.201123][ T6556] ? evm_protect_xattr+0x4d4/0xa90 [ 249.201150][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.201178][ T6556] ? rcu_is_watching+0x15/0xb0 [ 249.201212][ T6556] ? __pfx_evm_protect_xattr+0x10/0x10 [ 249.201240][ T6556] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6558] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6556] <... lsetxattr resumed>) = ? [pid 6558] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6556] +++ exited with 0 +++ [pid 6524] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6524, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=160 /* 1.60 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 6558] <... openat resumed>) = 4 [ 249.201267][ T6556] __vfs_setxattr+0x43c/0x480 [ 249.201315][ T6556] __vfs_setxattr_noperm+0x12d/0x660 [ 249.201359][ T6556] vfs_setxattr+0x16b/0x2f0 [ 249.201400][ T6556] ? __pfx_vfs_setxattr+0x10/0x10 [ 249.201429][ T6556] ? mnt_get_write_access+0x223/0x2a0 [ 249.201460][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.201494][ T6556] filename_setxattr+0x274/0x600 [ 249.201540][ T6556] ? __pfx_filename_setxattr+0x10/0x10 [ 249.201578][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6558] ioctl(4, LOOP_SET_FD, 3 [pid 5873] <... restart_syscall resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./14/file1", [pid 5873] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... openat resumed>) = 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] newfstatat(3, "", [pid 5871] <... openat resumed>) = 4 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, [pid 5871] newfstatat(4, "", [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 6558] <... ioctl resumed>) = 0 [pid 5873] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6558] close(3) = 0 [pid 6558] close(4) = 0 [pid 6558] mkdir("./file1", 0777 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 6558] <... mkdir resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6558] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 249.201606][ T6556] ? getname_flags+0x1e5/0x540 [ 249.201647][ T6556] path_setxattrat+0x364/0x3a0 [ 249.201683][ T6556] ? __pfx_path_setxattrat+0x10/0x10 [ 249.201748][ T6556] ? srso_alias_return_thunk+0x5/0xfbef5 [ 249.201776][ T6556] ? rcu_is_watching+0x15/0xb0 [ 249.201811][ T6556] __x64_sys_lsetxattr+0xbf/0xe0 [ 249.201851][ T6556] do_syscall_64+0xfa/0x3b0 [ 249.201878][ T6556] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.201901][ T6556] ? __switch_to_asm+0x39/0x70 [ 249.201934][ T6556] ? __switch_to_asm+0x33/0x70 [ 249.201971][ T6556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.201995][ T6556] RIP: 0033:0x7f3cdbf794f9 [ 249.202017][ T6556] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 249.202039][ T6556] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 249.202069][ T6556] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [pid 5871] close(4) = 0 [ 249.202088][ T6556] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 249.202106][ T6556] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 249.202123][ T6556] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 249.202140][ T6556] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 249.202178][ T6556] [ 249.202189][ T6556] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 249.550852][ T6555] loop3: detected capacity change from 0 to 32768 [ 249.637381][ T6556] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 249.673943][ T6555] XFS: noikeep mount option is deprecated. [ 249.678255][ T6556] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 250.005263][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 250.039977][ T6555] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 250.049312][ T6558] loop1: detected capacity change from 0 to 32768 [pid 5871] rmdir("./14/file1") = 0 [pid 5871] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./14/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./14") = 0 [pid 5871] mkdir("./15", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 250.082449][ T6555] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 250.131933][ T6558] XFS: noikeep mount option is deprecated. [ 250.190579][ T6555] XFS (loop3): Starting recovery (logdev: internal) [ 250.318484][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] close(3 [pid 6555] <... mount resumed>) = 0 [pid 6555] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6555] chdir("./file1") = 0 [pid 6555] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6555] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6554] <... futex resumed>) = 0 [pid 6555] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6554] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6554] <... futex resumed>) = 0 [pid 6555] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... openat resumed>) = 4 [pid 5873] <... umount2 resumed>) = 0 [pid 6555] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6554] <... futex resumed>) = 0 [pid 6555] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6554] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... pwritev2 resumed>) = 65007 [ 250.339433][ T6558] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 250.358819][ T6555] XFS (loop3): Ending recovery (logdev: internal) [pid 6555] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6554] <... futex resumed>) = 0 [pid 6555] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6554] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./14/file1") = 0 [pid 5873] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./14/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6555] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6555] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6554] <... futex resumed>) = 0 [pid 6555] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6554] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6554] <... futex resumed>) = 0 [pid 6555] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6554] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] close(3) = 0 [pid 5873] rmdir("./14") = 0 [pid 5873] mkdir("./15", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 250.414894][ T6555] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 250.440112][ T6555] XFS (loop3): Unmount and run xfs_repair [ 250.450906][ T6555] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 5873] close(3 [pid 6554] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 250.502185][ T6558] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 250.543347][ T6555] CPU: 0 UID: 0 PID: 6555 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 250.543384][ T6555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.543399][ T6555] Call Trace: [ 250.543410][ T6555] [ 250.543420][ T6555] dump_stack_lvl+0x189/0x250 [ 250.543457][ T6555] ? __pfx__xfs_alert_tag+0x10/0x10 [ 250.543496][ T6555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.543531][ T6555] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 250.543579][ T6555] xfs_corruption_error+0x122/0x170 [ 250.543619][ T6555] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 250.543654][ T6555] xfs_alloc_fixup_trees+0x95e/0xd20 [ 250.543684][ T6555] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 250.543726][ T6555] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 250.543756][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.543785][ T6555] ? rcu_is_watching+0x15/0xb0 [ 250.543816][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.543845][ T6555] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 250.543885][ T6555] ? rcu_is_watching+0x15/0xb0 [ 250.543924][ T6555] xfs_alloc_cur_finish+0xd3/0x4b0 [ 250.543954][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.543984][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.544018][ T6555] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 250.544075][ T6555] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 250.544106][ T6555] ? xfs_group_grab+0x28/0x480 [ 250.544143][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.544171][ T6555] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 250.544205][ T6555] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 250.544253][ T6555] xfs_alloc_vextent_start_ag+0x388/0x850 [ 250.544291][ T6555] xfs_bmapi_allocate+0x188e/0x2e00 [ 250.544359][ T6555] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 250.544391][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.544441][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.544468][ T6555] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 250.544491][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.544519][ T6555] ? xfs_iext_prev+0x35a/0x370 [ 250.544557][ T6555] ? xfs_iext_get_extent+0x1bb/0x370 [ 250.544587][ T6555] xfs_bmapi_write+0x7df/0x1260 [ 250.544645][ T6555] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 250.544723][ T6555] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 250.544765][ T6555] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 250.544795][ T6555] ? kasan_save_track+0x4f/0x80 [ 250.544821][ T6555] ? kasan_save_track+0x3e/0x80 [ 250.544845][ T6555] ? kasan_save_free_info+0x46/0x50 [ 250.544888][ T6555] ? kmem_cache_free+0x18f/0x400 [ 250.544917][ T6555] ? __xfs_trans_commit+0x3e0/0xbd0 [ 250.544942][ T6555] ? xfs_trans_roll+0x130/0x450 [ 250.544964][ T6555] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 250.545004][ T6555] xfs_attr_set_iter+0x2d4/0x4b70 [ 250.545038][ T6555] ? filename_setxattr+0x274/0x600 [ 250.545070][ T6555] ? path_setxattrat+0x364/0x3a0 [ 250.545092][ T6555] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 250.545143][ T6555] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 250.545199][ T6555] ? kasan_quarantine_put+0xdd/0x220 [ 250.545225][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545253][ T6555] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.545293][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545327][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545355][ T6555] ? kmem_cache_free+0x18f/0x400 [ 250.545383][ T6555] ? __xfs_trans_commit+0x3e0/0xbd0 [ 250.545413][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545441][ T6555] ? __xfs_trans_commit+0x4c7/0xbd0 [ 250.545484][ T6555] xfs_attr_finish_item+0xed/0x320 [ 250.545524][ T6555] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 250.545562][ T6555] xfs_defer_finish_one+0x5c8/0xcf0 [ 250.545621][ T6555] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 250.545670][ T6555] xfs_defer_finish_noroll+0x910/0x12d0 [ 250.545710][ T6555] ? xfs_trans_commit+0x10b/0x1c0 [ 250.545741][ T6555] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 250.545775][ T6555] ? inode_set_ctime_current+0x740/0xb40 [ 250.545821][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545849][ T6555] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 250.545893][ T6555] xfs_trans_commit+0x10b/0x1c0 [ 250.545919][ T6555] ? __pfx_xfs_trans_commit+0x10/0x10 [ 250.545950][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.545978][ T6555] ? xfs_trans_log_inode+0x12c/0x1a0 [ 250.546018][ T6555] xfs_attr_set+0xdc6/0x1210 [ 250.546065][ T6555] ? __pfx_xfs_attr_set+0x10/0x10 [ 250.546099][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.546132][ T6555] ? __pfx___schedule+0x10/0x10 [ 250.546172][ T6555] ? xfs_da_hashname+0x59d/0x740 [ 250.546203][ T6555] ? do_raw_spin_lock+0x121/0x290 [ 250.546246][ T6555] ? xfs_attr_change+0x2ac/0x390 [ 250.546280][ T6555] xfs_xattr_set+0x14d/0x250 [ 250.546306][ T6555] ? trace_irq_disable+0x37/0x110 [ 250.546347][ T6555] ? __pfx_xfs_xattr_set+0x10/0x10 [ 250.546409][ T6555] ? __pfx_xfs_xattr_set+0x10/0x10 [ 250.546437][ T6555] __vfs_setxattr+0x43c/0x480 [ 250.546485][ T6555] __vfs_setxattr_noperm+0x12d/0x660 [ 250.546529][ T6555] vfs_setxattr+0x16b/0x2f0 [ 250.546570][ T6555] ? __pfx_vfs_setxattr+0x10/0x10 [ 250.546600][ T6555] ? mnt_get_write_access+0x223/0x2a0 [ 250.546630][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.546664][ T6555] filename_setxattr+0x274/0x600 [ 250.546710][ T6555] ? __pfx_filename_setxattr+0x10/0x10 [ 250.546748][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.546776][ T6555] ? getname_flags+0x1e5/0x540 [ 250.546817][ T6555] path_setxattrat+0x364/0x3a0 [ 250.546854][ T6555] ? __pfx_path_setxattrat+0x10/0x10 [ 250.546925][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.546954][ T6555] ? rcu_is_watching+0x15/0xb0 [ 250.546990][ T6555] __x64_sys_lsetxattr+0xbf/0xe0 [ 250.547030][ T6555] do_syscall_64+0xfa/0x3b0 [ 250.547055][ T6555] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.547092][ T6555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.547115][ T6555] ? srso_alias_return_thunk+0x5/0xfbef5 [ 250.547143][ T6555] ? exc_page_fault+0x9f/0xf0 [ 250.547183][ T6555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.547207][ T6555] RIP: 0033:0x7f3cdbf794f9 [ 250.547230][ T6555] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5873] <... close resumed>) = 0 [ 250.547251][ T6555] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 250.547277][ T6555] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 250.547296][ T6555] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 250.547314][ T6555] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 250.547331][ T6555] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 250.547348][ T6555] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 250.547386][ T6555] [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6575 attached [pid 6575] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6575 [pid 6575] <... set_robust_list resumed>) = 0 [pid 6575] chdir("./15") = 0 [pid 6575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6575] setpgid(0, 0) = 0 [pid 6575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6575] write(3, "1000", 4) = 4 [pid 6575] close(3) = 0 [pid 6575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6575] write(1, "executing program\n", 18) = 18 [pid 6575] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6575] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6576]}, 88) = 6576 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6576 attached [pid 6576] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6576] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6576] memfd_create("syzkaller", 0) = 3 [pid 6576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6577 attached [pid 6577] set_robust_list(0x55555d962760, 24) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6577 [ 251.205365][ T6558] XFS (loop1): Starting recovery (logdev: internal) [ 251.230147][ T6555] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 251.240004][ T6558] XFS (loop1): Ending recovery (logdev: internal) executing program [pid 6558] <... mount resumed>) = 0 [pid 6577] chdir("./15") = 0 [pid 6577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6577] setpgid(0, 0) = 0 [pid 6577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6577] write(3, "1000", 4) = 4 [pid 6577] close(3) = 0 [pid 6577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6577] write(1, "executing program\n", 18) = 18 [pid 6577] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6577] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6578]}, 88) = 6578 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6577] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6578 attached [pid 6578] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6578] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6578] memfd_create("syzkaller", 0) = 3 [pid 6558] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6555] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6555] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... openat resumed>) = 3 [pid 6554] exit_group(0 [pid 6555] <... futex resumed>) = 0 [pid 6554] <... exit_group resumed>) = ? [pid 6558] chdir("./file1" [pid 6555] +++ exited with 0 +++ [pid 6554] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6554, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=64 /* 0.64 s */} --- [pid 6558] <... chdir resumed>) = 0 [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 6558] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6558] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [ 251.258749][ T6555] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 251.278424][ T6555] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 6558] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6557] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... openat resumed>) = 4 [pid 6557] <... futex resumed>) = 0 [pid 5874] <... restart_syscall resumed>) = 0 [pid 6557] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6558] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 6558] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] newfstatat(3, "", [pid 6558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6557] <... futex resumed>) = 0 [pid 6558] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6557] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6576] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [ 251.358788][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] close(4) = 0 [pid 6558] <... pwritev2 resumed>) = 65007 [pid 5874] rmdir("./15/file1" [pid 6558] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... rmdir resumed>) = 0 [pid 6558] <... futex resumed>) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6558] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6557] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6557] <... futex resumed>) = 0 [pid 6558] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5874] newfstatat(AT_FDCWD, "./15/binderfs", [pid 6557] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./15/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./15") = 0 [pid 5874] mkdir("./16", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 251.398551][ T6558] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5874] close(3 [pid 6557] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6557] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6557] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6579]}, 88) = 6579 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6557] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6579 attached [pid 6579] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6579] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6579] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6558] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6557] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6558] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... write resumed>) = 16777216 [ 251.487071][ T6558] XFS (loop1): Unmount and run xfs_repair [ 251.519118][ T6579] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 251.563119][ T6579] CPU: 0 UID: 0 PID: 6579 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 251.563157][ T6579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.563172][ T6579] Call Trace: [ 251.563183][ T6579] [ 251.563194][ T6579] dump_stack_lvl+0x189/0x250 [ 251.563232][ T6579] ? __pfx__xfs_alert_tag+0x10/0x10 [ 251.563268][ T6579] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.563303][ T6579] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 251.563350][ T6579] xfs_corruption_error+0x122/0x170 [ 251.563387][ T6579] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 251.563419][ T6579] xfs_alloc_fixup_trees+0x95e/0xd20 [ 251.563448][ T6579] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 251.563486][ T6579] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 251.563513][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.563542][ T6579] ? rcu_is_watching+0x15/0xb0 [ 251.563570][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.563596][ T6579] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 251.563627][ T6579] ? rcu_is_watching+0x15/0xb0 [ 251.563664][ T6579] xfs_alloc_cur_finish+0xd3/0x4b0 [ 251.563692][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.563722][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.563755][ T6579] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 251.563819][ T6579] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 251.563849][ T6579] ? xfs_group_grab+0x28/0x480 [ 251.563885][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.563913][ T6579] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 251.563946][ T6579] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 251.563991][ T6579] xfs_alloc_vextent_start_ag+0x388/0x850 [ 251.564029][ T6579] xfs_bmapi_allocate+0x188e/0x2e00 [ 251.564092][ T6579] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 251.564124][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.564175][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.564203][ T6579] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 251.564227][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.564256][ T6579] ? xfs_iext_prev+0x35a/0x370 [ 251.564294][ T6579] ? xfs_iext_get_extent+0x1bb/0x370 [ 251.564324][ T6579] xfs_bmapi_write+0x7df/0x1260 [ 251.564384][ T6579] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 251.564463][ T6579] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 251.564504][ T6579] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 251.564535][ T6579] ? kasan_save_track+0x4f/0x80 [ 251.564560][ T6579] ? kasan_save_track+0x3e/0x80 [ 251.564586][ T6579] ? kasan_save_free_info+0x46/0x50 [ 251.564624][ T6579] ? kmem_cache_free+0x18f/0x400 [ 251.564652][ T6579] ? __xfs_trans_commit+0x3e0/0xbd0 [ 251.564677][ T6579] ? xfs_trans_roll+0x130/0x450 [ 251.564700][ T6579] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 251.564739][ T6579] xfs_attr_set_iter+0x2d4/0x4b70 [ 251.564772][ T6579] ? filename_setxattr+0x274/0x600 [ 251.564805][ T6579] ? path_setxattrat+0x364/0x3a0 [ 251.564836][ T6579] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 251.564887][ T6579] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 251.564943][ T6579] ? kasan_quarantine_put+0xdd/0x220 [ 251.564969][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.564997][ T6579] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.565036][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565070][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565097][ T6579] ? kmem_cache_free+0x18f/0x400 [ 251.565125][ T6579] ? __xfs_trans_commit+0x3e0/0xbd0 [ 251.565156][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565184][ T6579] ? __xfs_trans_commit+0x4c7/0xbd0 [ 251.565227][ T6579] xfs_attr_finish_item+0xed/0x320 [ 251.565267][ T6579] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 251.565304][ T6579] xfs_defer_finish_one+0x5c8/0xcf0 [ 251.565364][ T6579] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 251.565413][ T6579] xfs_defer_finish_noroll+0x910/0x12d0 [ 251.565452][ T6579] ? xfs_trans_commit+0x10b/0x1c0 [ 251.565483][ T6579] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 251.565517][ T6579] ? inode_set_ctime_current+0x740/0xb40 [ 251.565564][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565591][ T6579] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 251.565631][ T6579] xfs_trans_commit+0x10b/0x1c0 [ 251.565657][ T6579] ? __pfx_xfs_trans_commit+0x10/0x10 [ 251.565689][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565716][ T6579] ? xfs_trans_log_inode+0x12c/0x1a0 [ 251.565755][ T6579] xfs_attr_set+0xdc6/0x1210 [ 251.565802][ T6579] ? __pfx_xfs_attr_set+0x10/0x10 [ 251.565844][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.565871][ T6579] ? __lock_acquire+0xab9/0xd20 [ 251.565908][ T6579] ? xfs_da_hashname+0x59d/0x740 [ 251.565939][ T6579] ? do_raw_spin_lock+0x121/0x290 [ 251.565981][ T6579] ? xfs_attr_change+0x2ac/0x390 [ 251.566015][ T6579] xfs_xattr_set+0x14d/0x250 [ 251.566048][ T6579] ? __pfx_xfs_xattr_set+0x10/0x10 [ 251.566091][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.566119][ T6579] ? evm_protect_xattr+0x4d4/0xa90 [ 251.566146][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.566173][ T6579] ? rcu_is_watching+0x15/0xb0 [ 251.566207][ T6579] ? __pfx_evm_protect_xattr+0x10/0x10 [ 251.566235][ T6579] ? __pfx_xfs_xattr_set+0x10/0x10 [ 251.566262][ T6579] __vfs_setxattr+0x43c/0x480 [ 251.566310][ T6579] __vfs_setxattr_noperm+0x12d/0x660 [ 251.566352][ T6579] vfs_setxattr+0x16b/0x2f0 [ 251.566392][ T6579] ? __pfx_vfs_setxattr+0x10/0x10 [ 251.566423][ T6579] ? mnt_get_write_access+0x223/0x2a0 [ 251.566452][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.566485][ T6579] filename_setxattr+0x274/0x600 [ 251.566531][ T6579] ? __pfx_filename_setxattr+0x10/0x10 [ 251.566568][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.566596][ T6579] ? getname_flags+0x1e5/0x540 [ 251.566636][ T6579] path_setxattrat+0x364/0x3a0 [ 251.566672][ T6579] ? __pfx_path_setxattrat+0x10/0x10 [ 251.566737][ T6579] ? srso_alias_return_thunk+0x5/0xfbef5 [ 251.566765][ T6579] ? rcu_is_watching+0x15/0xb0 [ 251.566806][ T6579] __x64_sys_lsetxattr+0xbf/0xe0 [ 251.566853][ T6579] do_syscall_64+0xfa/0x3b0 [ 251.566881][ T6579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.566905][ T6579] ? __switch_to_asm+0x39/0x70 [ 251.566937][ T6579] ? __switch_to_asm+0x33/0x70 [ 251.566974][ T6579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.566998][ T6579] RIP: 0033:0x7f3cdbf794f9 [ 251.567020][ T6579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 251.567041][ T6579] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 251.567068][ T6579] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 251.567087][ T6579] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 251.567105][ T6579] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 251.567122][ T6579] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 6576] munmap(0x7f3cd3a00000, 138412032) = 0 [ 251.567139][ T6579] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 251.567178][ T6579] [ 252.241116][ T6579] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 252.249808][ T6579] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 6576] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6579] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6579] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] ioctl(4, LOOP_SET_FD, 3 [pid 6579] <... futex resumed>) = 0 [pid 6557] exit_group(0 [pid 6558] <... futex resumed>) = ? [pid 6557] <... exit_group resumed>) = ? [ 252.269237][ T6579] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 252.283722][ T6576] loop2: detected capacity change from 0 to 32768 [pid 6558] +++ exited with 0 +++ [pid 6579] +++ exited with 0 +++ [pid 6557] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6557, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- [pid 5872] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6578] <... write resumed>) = 16777216 [pid 6576] <... ioctl resumed>) = 0 [pid 6578] munmap(0x7f3cd3a00000, 138412032 [pid 6576] close(3) = 0 [pid 6576] close(4) = 0 [pid 6576] mkdir("./file1", 0777) = 0 [pid 6576] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6578] <... munmap resumed>) = 0 [pid 6578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 252.358494][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 252.383497][ T6576] XFS: noikeep mount option is deprecated. [pid 6578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6578] close(3) = 0 [pid 6578] close(4) = 0 [pid 6578] mkdir("./file1", 0777) = 0 [pid 6578] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [ 252.405250][ T6578] loop0: detected capacity change from 0 to 32768 [ 252.421217][ T6578] XFS: noikeep mount option is deprecated. [pid 5872] rmdir("./15/file1") = 0 [pid 5874] <... close resumed>) = 0 [pid 5872] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6588 attached [pid 5872] newfstatat(AT_FDCWD, "./15/binderfs", [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6588 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./15/binderfs" [pid 6588] set_robust_list(0x55555d962760, 24 [pid 5872] <... unlink resumed>) = 0 [pid 6588] <... set_robust_list resumed>) = 0 [pid 5872] getdents64(3, [pid 6588] chdir("./16" [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 6588] <... chdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./15" [pid 6588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6588] setpgid(0, 0 [pid 5872] mkdir("./16", 0777 [pid 6588] <... setpgid resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 252.467569][ T6576] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6588] <... openat resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 6588] write(3, "1000", 4) = 4 [pid 6588] close(3) = 0 [pid 6588] symlink("/dev/binderfs", "./binderfs" [pid 5872] close(3 [pid 6588] <... symlink resumed>) = 0 [ 252.519140][ T6578] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6588] write(1, "executing program\n", 18executing program ) = 18 [pid 6588] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6588] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6595]}, 88) = 6595 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6595 attached NULL, 8) = 0 [pid 6588] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6595] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6595] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6595] memfd_create("syzkaller", 0) = 3 [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... close resumed>) = 0 [pid 6595] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6598 ./strace-static-x86_64: Process 6598 attached [pid 6598] set_robust_list(0x55555d962760, 24) = 0 [pid 6598] chdir("./16") = 0 [pid 6598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6598] setpgid(0, 0) = 0 [pid 6598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6598] write(3, "1000", 4) = 4 [pid 6598] close(3) = 0 [pid 6598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6598] write(1, "executing program\n", 18) = 18 [pid 6598] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6598] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6599]}, 88) = 6599 [pid 6598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6599 attached [pid 6598] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6599] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6599] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6599] memfd_create("syzkaller", 0) = 3 [pid 6599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 252.705974][ T6578] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 252.723475][ T6576] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 252.759318][ T6578] XFS (loop0): Starting recovery (logdev: internal) [ 252.780508][ T6576] XFS (loop2): Starting recovery (logdev: internal) [pid 6595] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6576] <... mount resumed>) = 0 [pid 6576] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6578] <... mount resumed>) = 0 [pid 6576] <... openat resumed>) = 3 [pid 6578] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6576] chdir("./file1" [pid 6578] <... openat resumed>) = 3 [pid 6576] <... chdir resumed>) = 0 [pid 6578] chdir("./file1" [pid 6576] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6578] <... chdir resumed>) = 0 [pid 6576] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6578] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6576] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6576] <... futex resumed>) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6575] <... futex resumed>) = 0 [pid 6599] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6577] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6577] <... futex resumed>) = 0 [pid 6578] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6577] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... openat resumed>) = 4 [ 252.822189][ T6576] XFS (loop2): Ending recovery (logdev: internal) [ 252.828933][ T6578] XFS (loop0): Ending recovery (logdev: internal) [pid 6578] <... openat resumed>) = 4 [pid 6576] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... futex resumed>) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6578] <... futex resumed>) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6576] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6577] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6577] <... futex resumed>) = 0 [pid 6575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] <... pwritev2 resumed>) = 65007 [pid 6577] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6577] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... pwritev2 resumed>) = 65007 [pid 6578] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6576] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6577] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6577] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6600 attached => {parent_tid=[6600]}, 88) = 6600 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6577] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6577] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6600] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 252.913493][ T6578] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 252.937971][ T6576] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6600] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6578] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6575] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6575] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6601]}, 88) = 6601 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6575] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6576] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6601 attached ) = 0 [pid 6576] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6577] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6577] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6601] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6601] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 252.967522][ T6578] XFS (loop0): Unmount and run xfs_repair [ 252.974326][ T6576] XFS (loop2): Unmount and run xfs_repair [ 252.985055][ T6600] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6601] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 253.010643][ T6601] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 253.026880][ T6600] CPU: 0 UID: 0 PID: 6600 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 253.026920][ T6600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.026936][ T6600] Call Trace: [ 253.026947][ T6600] [ 253.026959][ T6600] dump_stack_lvl+0x189/0x250 [ 253.026993][ T6600] ? __pfx__xfs_alert_tag+0x10/0x10 [ 253.027031][ T6600] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.027066][ T6600] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 253.027115][ T6600] xfs_corruption_error+0x122/0x170 [ 253.027154][ T6600] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 253.027188][ T6600] xfs_alloc_fixup_trees+0x95e/0xd20 [ 253.027217][ T6600] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 253.027258][ T6600] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 253.027290][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027320][ T6600] ? rcu_is_watching+0x15/0xb0 [pid 6577] exit_group(0 [pid 6578] <... futex resumed>) = ? [pid 6577] <... exit_group resumed>) = ? [pid 6578] +++ exited with 0 +++ [ 253.027350][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027378][ T6600] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 253.027409][ T6600] ? rcu_is_watching+0x15/0xb0 [ 253.027449][ T6600] xfs_alloc_cur_finish+0xd3/0x4b0 [ 253.027478][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027507][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027541][ T6600] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 253.027598][ T6600] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 253.027629][ T6600] ? xfs_group_grab+0x28/0x480 [ 253.027667][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027696][ T6600] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 253.027730][ T6600] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 253.027778][ T6600] xfs_alloc_vextent_start_ag+0x388/0x850 [ 253.027819][ T6600] xfs_bmapi_allocate+0x188e/0x2e00 [ 253.027884][ T6600] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 253.027925][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.027975][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6599] <... write resumed>) = 16777216 [pid 6595] <... write resumed>) = 16777216 [pid 6595] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6595] ioctl(4, LOOP_SET_FD, 3 [ 253.028004][ T6600] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 253.028029][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.028057][ T6600] ? xfs_iext_prev+0x35a/0x370 [ 253.028097][ T6600] ? xfs_iext_get_extent+0x1bb/0x370 [ 253.028128][ T6600] xfs_bmapi_write+0x7df/0x1260 [ 253.028187][ T6600] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 253.028268][ T6600] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 253.028309][ T6600] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 253.028340][ T6600] ? kasan_save_track+0x4f/0x80 [ 253.028367][ T6600] ? kasan_save_track+0x3e/0x80 [ 253.028391][ T6600] ? kasan_save_free_info+0x46/0x50 [ 253.028429][ T6600] ? kmem_cache_free+0x18f/0x400 [ 253.028458][ T6600] ? __xfs_trans_commit+0x3e0/0xbd0 [ 253.028483][ T6600] ? xfs_trans_roll+0x130/0x450 [ 253.028507][ T6600] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 253.028547][ T6600] xfs_attr_set_iter+0x2d4/0x4b70 [ 253.028582][ T6600] ? filename_setxattr+0x274/0x600 [ 253.028615][ T6600] ? path_setxattrat+0x364/0x3a0 [ 253.028637][ T6600] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 253.028689][ T6600] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 6599] munmap(0x7f3cd3a00000, 138412032 [pid 6600] <... lsetxattr resumed>) = ? [pid 6599] <... munmap resumed>) = 0 [pid 6595] <... ioctl resumed>) = 0 [pid 6599] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 253.028747][ T6600] ? kasan_quarantine_put+0xdd/0x220 [ 253.028773][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.028801][ T6600] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.028842][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.028877][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.028906][ T6600] ? kmem_cache_free+0x18f/0x400 [ 253.028941][ T6600] ? __xfs_trans_commit+0x3e0/0xbd0 [ 253.028972][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.029001][ T6600] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 6599] ioctl(4, LOOP_SET_FD, 3 [pid 6601] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6600] +++ exited with 0 +++ [pid 6595] close(3 [pid 6577] +++ exited with 0 +++ [pid 6601] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... close resumed>) = 0 [pid 6575] exit_group(0 [pid 6601] <... futex resumed>) = ? [pid 6595] close(4 [pid 6576] <... futex resumed>) = ? [pid 6575] <... exit_group resumed>) = ? [pid 6601] +++ exited with 0 +++ [pid 6595] <... close resumed>) = 0 [pid 6576] +++ exited with 0 +++ [pid 6575] +++ exited with 0 +++ [pid 6595] mkdir("./file1", 0777 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6577, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=54 /* 0.54 s */} --- [ 253.029045][ T6600] xfs_attr_finish_item+0xed/0x320 [ 253.029086][ T6600] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 253.029124][ T6600] xfs_defer_finish_one+0x5c8/0xcf0 [ 253.029184][ T6600] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 253.029234][ T6600] xfs_defer_finish_noroll+0x910/0x12d0 [ 253.029275][ T6600] ? xfs_trans_commit+0x10b/0x1c0 [ 253.029308][ T6600] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 253.029342][ T6600] ? inode_set_ctime_current+0x740/0xb40 [ 253.029391][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6595] <... mkdir resumed>) = 0 [ 253.029419][ T6600] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 253.029460][ T6600] xfs_trans_commit+0x10b/0x1c0 [ 253.029488][ T6600] ? __pfx_xfs_trans_commit+0x10/0x10 [ 253.029520][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.029549][ T6600] ? xfs_trans_log_inode+0x12c/0x1a0 [ 253.029590][ T6600] xfs_attr_set+0xdc6/0x1210 [ 253.029639][ T6600] ? __pfx_xfs_attr_set+0x10/0x10 [ 253.029674][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.029703][ T6600] ? __lock_acquire+0xab9/0xd20 [ 253.029740][ T6600] ? xfs_da_hashname+0x59d/0x740 [ 253.029773][ T6600] ? do_raw_spin_lock+0x121/0x290 [ 253.029816][ T6600] ? xfs_attr_change+0x2ac/0x390 [ 253.029851][ T6600] xfs_xattr_set+0x14d/0x250 [ 253.029884][ T6600] ? __pfx_xfs_xattr_set+0x10/0x10 [ 253.029935][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.029965][ T6600] ? evm_protect_xattr+0x4d4/0xa90 [ 253.029992][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.030021][ T6600] ? rcu_is_watching+0x15/0xb0 [ 253.030056][ T6600] ? __pfx_evm_protect_xattr+0x10/0x10 [ 253.030084][ T6600] ? __pfx_xfs_xattr_set+0x10/0x10 [ 253.030113][ T6600] __vfs_setxattr+0x43c/0x480 [ 253.030162][ T6600] __vfs_setxattr_noperm+0x12d/0x660 [ 253.030208][ T6600] vfs_setxattr+0x16b/0x2f0 [ 253.030250][ T6600] ? __pfx_vfs_setxattr+0x10/0x10 [ 253.030286][ T6600] ? mnt_get_write_access+0x223/0x2a0 [ 253.030316][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.030351][ T6600] filename_setxattr+0x274/0x600 [ 253.030398][ T6600] ? __pfx_filename_setxattr+0x10/0x10 [ 253.030441][ T6600] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6595] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6599] <... ioctl resumed>) = 0 [pid 5871] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6575, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=110 /* 1.10 s */} --- [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 5871] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... restart_syscall resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] getdents64(3, [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... openat resumed>) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6599] close(3) = 0 [pid 6599] close(4) = 0 [pid 6599] mkdir("./file1", 0777) = 0 [ 253.030472][ T6600] ? getname_flags+0x1e5/0x540 [ 253.030514][ T6600] path_setxattrat+0x364/0x3a0 [ 253.030552][ T6600] ? __pfx_path_setxattrat+0x10/0x10 [ 253.030617][ T6600] ? __might_fault+0xb0/0x130 [ 253.030656][ T6600] __x64_sys_lsetxattr+0xbf/0xe0 [ 253.030698][ T6600] do_syscall_64+0xfa/0x3b0 [ 253.030726][ T6600] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.030750][ T6600] ? __switch_to_asm+0x39/0x70 [ 253.030783][ T6600] ? __switch_to_asm+0x33/0x70 [ 253.030822][ T6600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.030847][ T6600] RIP: 0033:0x7f3cdbf794f9 [ 253.030869][ T6600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 253.030890][ T6600] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 253.030924][ T6600] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 253.030944][ T6600] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 253.030963][ T6600] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 253.030980][ T6600] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 253.030997][ T6600] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 253.031036][ T6600] [ 253.031088][ T6600] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 253.156969][ T6601] CPU: 1 UID: 0 PID: 6601 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 253.157003][ T6601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.157019][ T6601] Call Trace: [ 253.157030][ T6601] [ 253.157042][ T6601] dump_stack_lvl+0x189/0x250 [ 253.157077][ T6601] ? __pfx__xfs_alert_tag+0x10/0x10 [ 253.157114][ T6601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.157149][ T6601] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 253.157203][ T6601] xfs_corruption_error+0x122/0x170 [ 253.157241][ T6601] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 253.157276][ T6601] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 6599] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 253.157304][ T6601] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 253.157345][ T6601] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 253.157375][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.157404][ T6601] ? rcu_is_watching+0x15/0xb0 [ 253.157433][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.157461][ T6601] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 253.157492][ T6601] ? rcu_is_watching+0x15/0xb0 [ 253.157534][ T6601] xfs_alloc_cur_finish+0xd3/0x4b0 [ 253.157563][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./15/file1") = 0 [ 253.157593][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.157626][ T6601] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 253.157683][ T6601] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 253.157712][ T6601] ? xfs_group_grab+0x28/0x480 [ 253.157748][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.157776][ T6601] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 253.157809][ T6601] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 253.157856][ T6601] xfs_alloc_vextent_start_ag+0x388/0x850 [ 253.157895][ T6601] xfs_bmapi_allocate+0x188e/0x2e00 [ 253.157958][ T6601] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 253.157990][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158039][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158069][ T6601] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 253.158092][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158119][ T6601] ? xfs_iext_prev+0x35a/0x370 [ 253.158156][ T6601] ? xfs_iext_get_extent+0x1bb/0x370 [ 253.158192][ T6601] xfs_bmapi_write+0x7df/0x1260 [ 253.158251][ T6601] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 5871] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] newfstatat(4, "", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./15/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./15") = 0 [pid 5871] mkdir("./16", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6595] <... mount resumed>) = 0 [pid 6595] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6595] chdir("./file1") = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6595] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6588] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] getdents64(4, [pid 6588] <... futex resumed>) = 1 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6588] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./15/file1") = 0 [pid 5873] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./15/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./15") = 0 [pid 5873] mkdir("./16", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 253.158328][ T6601] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 253.158369][ T6601] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 253.158399][ T6601] ? kasan_save_track+0x4f/0x80 [ 253.158424][ T6601] ? kasan_save_track+0x3e/0x80 [ 253.158449][ T6601] ? kasan_save_free_info+0x46/0x50 [ 253.158485][ T6601] ? kmem_cache_free+0x18f/0x400 [ 253.158513][ T6601] ? __xfs_trans_commit+0x3e0/0xbd0 [ 253.158537][ T6601] ? xfs_trans_roll+0x130/0x450 [ 253.158561][ T6601] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 5873] close(3 [pid 6588] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6588] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6588] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6618]}, 88) = 6618 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6588] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6618 attached [pid 6618] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6618] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6618] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = -1 EBADF (Bad file descriptor) [pid 6618] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 253.158600][ T6601] xfs_attr_set_iter+0x2d4/0x4b70 [ 253.158633][ T6601] ? filename_setxattr+0x274/0x600 [ 253.158664][ T6601] ? path_setxattrat+0x364/0x3a0 [ 253.158686][ T6601] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 253.158737][ T6601] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 253.158793][ T6601] ? kasan_quarantine_put+0xdd/0x220 [ 253.158817][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158845][ T6601] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.158884][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158918][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.158945][ T6601] ? kmem_cache_free+0x18f/0x400 [ 253.158973][ T6601] ? __xfs_trans_commit+0x3e0/0xbd0 [ 253.159003][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.159031][ T6601] ? __xfs_trans_commit+0x4c7/0xbd0 [ 253.159073][ T6601] xfs_attr_finish_item+0xed/0x320 [ 253.159113][ T6601] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 253.159150][ T6601] xfs_defer_finish_one+0x5c8/0xcf0 [ 253.159212][ T6601] ? __pfx_xfs_defer_finish_one+0x10/0x10 [pid 6588] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 253.159261][ T6601] xfs_defer_finish_noroll+0x910/0x12d0 [ 253.159299][ T6601] ? xfs_trans_commit+0x10b/0x1c0 [ 253.159331][ T6601] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 253.159363][ T6601] ? inode_set_ctime_current+0x740/0xb40 [ 253.159410][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.159438][ T6601] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 253.159477][ T6601] xfs_trans_commit+0x10b/0x1c0 [ 253.159504][ T6601] ? __pfx_xfs_trans_commit+0x10/0x10 [ 253.159536][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.159563][ T6601] ? xfs_trans_log_inode+0x12c/0x1a0 [ 253.159603][ T6601] xfs_attr_set+0xdc6/0x1210 [ 253.159651][ T6601] ? __pfx_xfs_attr_set+0x10/0x10 [ 253.159684][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.159712][ T6601] ? __lock_acquire+0xab9/0xd20 [ 253.159748][ T6601] ? xfs_da_hashname+0x59d/0x740 [ 253.159780][ T6601] ? do_raw_spin_lock+0x121/0x290 [ 253.159822][ T6601] ? xfs_attr_change+0x2ac/0x390 [ 253.159857][ T6601] xfs_xattr_set+0x14d/0x250 [ 253.159888][ T6601] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6618] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6595] <... futex resumed>) = 0 [pid 6588] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6595] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6588] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbec3000 [pid 6588] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} => {parent_tid=[6619]}, 88) = 6619 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6588] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 253.159933][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.159960][ T6601] ? evm_protect_xattr+0x4d4/0xa90 [ 253.159987][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.160015][ T6601] ? rcu_is_watching+0x15/0xb0 [ 253.160048][ T6601] ? __pfx_evm_protect_xattr+0x10/0x10 [ 253.160076][ T6601] ? __pfx_xfs_xattr_set+0x10/0x10 [ 253.160103][ T6601] __vfs_setxattr+0x43c/0x480 [ 253.160151][ T6601] __vfs_setxattr_noperm+0x12d/0x660 [ 253.160200][ T6601] vfs_setxattr+0x16b/0x2f0 [ 253.160240][ T6601] ? __pfx_vfs_setxattr+0x10/0x10 [pid 6588] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6588] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 253.160271][ T6601] ? mnt_get_write_access+0x223/0x2a0 [ 253.160301][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.160335][ T6601] filename_setxattr+0x274/0x600 [ 253.160381][ T6601] ? __pfx_filename_setxattr+0x10/0x10 [ 253.160419][ T6601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.160446][ T6601] ? getname_flags+0x1e5/0x540 [ 253.160487][ T6601] path_setxattrat+0x364/0x3a0 [ 253.160523][ T6601] ? __pfx_path_setxattrat+0x10/0x10 [ 253.160587][ T6601] ? __might_fault+0xb0/0x130 [ 253.160626][ T6601] __x64_sys_lsetxattr+0xbf/0xe0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6620 attached , child_tidptr=0x55555d962750) = 6620 [ 253.160666][ T6601] do_syscall_64+0xfa/0x3b0 [ 253.160693][ T6601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.160716][ T6601] ? __switch_to_asm+0x39/0x70 [ 253.160748][ T6601] ? __switch_to_asm+0x33/0x70 [ 253.160786][ T6601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.160823][ T6601] RIP: 0033:0x7f3cdbf794f9 [ 253.160844][ T6601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6620] set_robust_list(0x55555d962760, 24) = 0 [pid 6620] chdir("./16") = 0 [pid 6620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6620] setpgid(0, 0) = 0 [pid 6620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6620] write(3, "1000", 4) = 4 [pid 6620] close(3) = 0 [pid 6620] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6620] write(1, "executing program\n", 18) = 18 [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6620] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6621]}, 88) = 6621 [pid 6620] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6621 attached NULL, 8) = 0 [pid 6621] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... rseq resumed>) = 0 [pid 6620] <... futex resumed>) = 0 [pid 6621] set_robust_list(0x7f3cdbf259a0, 24 [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6621] <... set_robust_list resumed>) = 0 [pid 6621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6621] memfd_create("syzkaller", 0) = 3 [pid 6621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 253.160866][ T6601] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 253.160892][ T6601] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 253.160911][ T6601] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 253.160929][ T6601] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 253.160946][ T6601] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 253.160962][ T6601] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 253.161001][ T6601] [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6622 attached , child_tidptr=0x55555d962750) = 6622 [pid 6622] set_robust_list(0x55555d962760, 24) = 0 [pid 6622] chdir("./16") = 0 [pid 6622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6622] setpgid(0, 0) = 0 [ 253.167852][ T6601] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 253.174118][ T6601] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 253.220656][ T6600] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 253.266088][ T6595] loop3: detected capacity change from 0 to 32768 [pid 6622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6622] write(3, "1000", 4) = 4 [pid 6622] close(3) = 0 [pid 6622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6622] write(1, "executing program\n", 18) = 18 [pid 6622] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6622] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 6619 attached [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6623]}, 88) = 6623 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 253.268388][ T6600] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 253.274986][ T6601] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 253.348674][ T6599] loop1: detected capacity change from 0 to 32768 [ 253.429628][ T6595] XFS: noikeep mount option is deprecated. [ 253.585625][ T6599] XFS: noikeep mount option is deprecated. [ 253.638544][ T6595] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 253.651625][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6622] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6599] <... mount resumed>) = 0 [pid 6599] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6599] chdir("./file1") = 0 [pid 6599] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6599] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] <... futex resumed>) = 0 [pid 6598] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6599] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6599] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] <... futex resumed>) = 0 [pid 6599] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6598] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... pwritev2 resumed>) = 65007 [pid 6598] <... futex resumed>) = 0 [pid 6599] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6599] <... futex resumed>) = 0 [pid 6598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 253.659514][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 253.718593][ T6595] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 253.738801][ T6599] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 253.752674][ T6595] XFS (loop3): Starting recovery (logdev: internal) [ 253.797905][ T6599] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 253.850770][ T6595] XFS (loop3): Ending recovery (logdev: internal) [pid 6599] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6598] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6598] <... futex resumed>) = 0 [pid 6599] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6598] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6623 attached [ 253.864528][ T6599] XFS (loop1): Starting recovery (logdev: internal) [ 254.001087][ T6618] XFS (loop3): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 254.429067][ T6599] XFS (loop1): Ending recovery (logdev: internal) [ 254.436858][ T6618] XFS (loop3): Unmount and run xfs_repair [ 254.528291][ T6599] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 254.531840][ T6618] XFS (loop3): First 128 bytes of corrupted metadata buffer: [pid 6619] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053 [pid 6623] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6619] <... rseq resumed>) = 0 [pid 6623] <... rseq resumed>) = 0 [pid 6619] set_robust_list(0x7f3cdbee39a0, 24 [pid 6598] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6598] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] set_robust_list(0x7f3cdbf259a0, 24 [pid 6619] <... set_robust_list resumed>) = 0 [pid 6598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6598] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6624]}, 88) = 6624 [pid 6598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6598] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6624 attached [pid 6624] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6624] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6624] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6623] <... set_robust_list resumed>) = 0 [ 254.557304][ T6599] XFS (loop1): Unmount and run xfs_repair [ 254.568001][ T6618] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 254.588415][ T6618] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 254.598031][ T6618] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 254.608185][ T6618] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [pid 6619] rt_sigprocmask(SIG_SETMASK, [], [pid 6623] rt_sigprocmask(SIG_SETMASK, [], [pid 6619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6599] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6599] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 254.614413][ T6624] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 254.618118][ T6618] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 254.640611][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 254.640644][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.640661][ T6624] Call Trace: [ 254.640671][ T6624] [ 254.640681][ T6624] dump_stack_lvl+0x189/0x250 [ 254.640717][ T6624] ? __pfx__xfs_alert_tag+0x10/0x10 [ 254.640755][ T6624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.640790][ T6624] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 254.640862][ T6624] xfs_corruption_error+0x122/0x170 [ 254.640901][ T6624] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 254.640936][ T6624] xfs_alloc_fixup_trees+0x95e/0xd20 [ 254.640966][ T6624] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 254.641008][ T6624] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 254.641038][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641073][ T6624] ? rcu_is_watching+0x15/0xb0 [ 254.641103][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641132][ T6624] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 254.641163][ T6624] ? rcu_is_watching+0x15/0xb0 [ 254.641203][ T6624] xfs_alloc_cur_finish+0xd3/0x4b0 [ 254.641232][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641262][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641296][ T6624] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 254.641354][ T6624] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 254.641383][ T6624] ? xfs_group_grab+0x28/0x480 [ 254.641420][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641448][ T6624] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 254.641482][ T6624] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 254.641530][ T6624] xfs_alloc_vextent_start_ag+0x388/0x850 [ 254.641569][ T6624] xfs_bmapi_allocate+0x188e/0x2e00 [ 254.641634][ T6624] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 254.641668][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641719][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641746][ T6624] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 254.641770][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.641798][ T6624] ? xfs_iext_prev+0x35a/0x370 [ 254.641835][ T6624] ? xfs_iext_get_extent+0x1bb/0x370 [ 254.641866][ T6624] xfs_bmapi_write+0x7df/0x1260 [ 254.641926][ T6624] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 254.642005][ T6624] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 254.642047][ T6624] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 254.642082][ T6624] ? kasan_save_track+0x4f/0x80 [ 254.642107][ T6624] ? kasan_save_track+0x3e/0x80 [ 254.642132][ T6624] ? kasan_save_free_info+0x46/0x50 [ 254.642169][ T6624] ? kmem_cache_free+0x18f/0x400 [ 254.642198][ T6624] ? __xfs_trans_commit+0x3e0/0xbd0 [ 254.642222][ T6624] ? xfs_trans_roll+0x130/0x450 [ 254.642246][ T6624] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 254.642286][ T6624] xfs_attr_set_iter+0x2d4/0x4b70 [ 254.642321][ T6624] ? filename_setxattr+0x274/0x600 [ 254.642354][ T6624] ? path_setxattrat+0x364/0x3a0 [ 254.642376][ T6624] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 254.642428][ T6624] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 254.642486][ T6624] ? kasan_quarantine_put+0xdd/0x220 [ 254.642512][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.642540][ T6624] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.642581][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.642615][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.642643][ T6624] ? kmem_cache_free+0x18f/0x400 [ 254.642672][ T6624] ? __xfs_trans_commit+0x3e0/0xbd0 [ 254.642703][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.642731][ T6624] ? __xfs_trans_commit+0x4c7/0xbd0 [ 254.642774][ T6624] xfs_attr_finish_item+0xed/0x320 [ 254.642818][ T6624] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 254.642856][ T6624] xfs_defer_finish_one+0x5c8/0xcf0 [ 254.642914][ T6624] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 254.642964][ T6624] xfs_defer_finish_noroll+0x910/0x12d0 [ 254.643004][ T6624] ? xfs_trans_commit+0x10b/0x1c0 [ 254.643036][ T6624] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 254.643077][ T6624] ? inode_set_ctime_current+0x740/0xb40 [ 254.643126][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.643155][ T6624] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 254.643196][ T6624] xfs_trans_commit+0x10b/0x1c0 [ 254.643223][ T6624] ? __pfx_xfs_trans_commit+0x10/0x10 [ 254.643256][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.643284][ T6624] ? xfs_trans_log_inode+0x12c/0x1a0 [ 254.643325][ T6624] xfs_attr_set+0xdc6/0x1210 [ 254.643375][ T6624] ? __pfx_xfs_attr_set+0x10/0x10 [ 254.643410][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.643438][ T6624] ? __lock_acquire+0xab9/0xd20 [ 254.643475][ T6624] ? xfs_da_hashname+0x59d/0x740 [ 254.643508][ T6624] ? do_raw_spin_lock+0x121/0x290 [ 254.643551][ T6624] ? xfs_attr_change+0x2ac/0x390 [ 254.643586][ T6624] xfs_xattr_set+0x14d/0x250 [ 254.643618][ T6624] ? __pfx_xfs_xattr_set+0x10/0x10 [ 254.643664][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.643693][ T6624] ? evm_protect_xattr+0x4d4/0xa90 [ 254.643721][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.643749][ T6624] ? rcu_is_watching+0x15/0xb0 [ 254.643782][ T6624] ? __pfx_evm_protect_xattr+0x10/0x10 [ 254.643809][ T6624] ? __pfx_xfs_xattr_set+0x10/0x10 [ 254.643837][ T6624] __vfs_setxattr+0x43c/0x480 [ 254.643885][ T6624] __vfs_setxattr_noperm+0x12d/0x660 [ 254.643929][ T6624] vfs_setxattr+0x16b/0x2f0 [ 254.643970][ T6624] ? __pfx_vfs_setxattr+0x10/0x10 [ 254.644000][ T6624] ? mnt_get_write_access+0x223/0x2a0 [ 254.644031][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.644071][ T6624] filename_setxattr+0x274/0x600 [ 254.644114][ T6624] ? __pfx_filename_setxattr+0x10/0x10 [ 254.644149][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.644174][ T6624] ? getname_flags+0x1e5/0x540 [ 254.644211][ T6624] path_setxattrat+0x364/0x3a0 [ 254.644245][ T6624] ? __pfx_path_setxattrat+0x10/0x10 [ 254.644304][ T6624] ? srso_alias_return_thunk+0x5/0xfbef5 [ 254.644329][ T6624] ? rcu_is_watching+0x15/0xb0 [ 254.644364][ T6624] __x64_sys_lsetxattr+0xbf/0xe0 [ 254.644401][ T6624] do_syscall_64+0xfa/0x3b0 [ 254.644427][ T6624] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.644449][ T6624] ? __switch_to_asm+0x39/0x70 [ 254.644479][ T6624] ? __switch_to_asm+0x33/0x70 [ 254.644513][ T6624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.644535][ T6624] RIP: 0033:0x7f3cdbf794f9 [ 254.644555][ T6624] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 254.644576][ T6624] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 254.644601][ T6624] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [pid 6599] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 254.644619][ T6624] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 254.644636][ T6624] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 254.644651][ T6624] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 254.644665][ T6624] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 254.644702][ T6624] [ 255.311675][ T6618] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 255.311675][ T6624] XFS (loop1): Corruption detected. Unmount and run xfs_repair [pid 6619] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6623] memfd_create("syzkaller", 0 [pid 6598] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6623] <... memfd_create resumed>) = 3 [pid 6621] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6618] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6623] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6618] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 255.321407][ T6618] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 255.337207][ T6618] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 255.346087][ T6618] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [pid 6618] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] <... openat resumed>) = 5 [pid 6595] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6619] <... lsetxattr resumed>) = 0 [pid 6619] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] futex(0x7f3cdc0036e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] exit_group(0 [pid 6619] <... futex resumed>) = ? [pid 6595] <... futex resumed>) = ? [pid 6588] <... exit_group resumed>) = ? [pid 6619] +++ exited with 0 +++ [pid 6595] +++ exited with 0 +++ [pid 6618] <... futex resumed>) = ? [pid 6618] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6588, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=132 /* 1.32 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6623] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6621] <... write resumed>) = 16777216 [pid 6621] munmap(0x7f3cd3a00000, 138412032 [pid 6624] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6621] <... munmap resumed>) = 0 [pid 6621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 255.501008][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 255.510738][ T6624] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 255.532389][ T6624] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [pid 6621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6621] close(3) = 0 [pid 6621] close(4) = 0 [pid 6621] mkdir("./file1", 0777) = 0 [pid 6621] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6624] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] exit_group(0 [pid 6599] <... futex resumed>) = ? [pid 6598] <... exit_group resumed>) = ? [pid 6624] +++ exited with 0 +++ [pid 6599] +++ exited with 0 +++ [pid 6598] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6598, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=67 /* 0.67 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 255.553796][ T6621] loop0: detected capacity change from 0 to 32768 [ 255.554477][ T5874] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair. [ 255.562982][ T6621] XFS: noikeep mount option is deprecated. [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 255.604157][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./16/file1") = 0 [pid 5874] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./16/binderfs" [pid 6623] <... write resumed>) = 16777216 [pid 5874] <... unlink resumed>) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./16") = 0 [pid 5874] mkdir("./17", 0777 [pid 6623] munmap(0x7f3cd3a00000, 138412032 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... mkdir resumed>) = 0 [pid 5872] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] newfstatat(4, "", [pid 5874] <... openat resumed>) = 3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 5872] getdents64(4, [pid 5874] <... ioctl resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] close(3 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./16/file1") = 0 [pid 5872] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./16/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./16") = 0 [pid 5872] mkdir("./17", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6623] <... munmap resumed>) = 0 [pid 6623] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6623] close(3) = 0 [pid 6623] close(4) = 0 [ 255.825310][ T6623] loop2: detected capacity change from 0 to 32768 [ 255.840660][ T6621] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6623] mkdir("./file1", 0777) = 0 [ 255.877122][ T6623] XFS: noikeep mount option is deprecated. [pid 6623] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6638 attached [pid 6638] set_robust_list(0x55555d962760, 24) = 0 [pid 6638] chdir("./17" [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6638 [pid 6638] <... chdir resumed>) = 0 [pid 6638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6638] setpgid(0, 0) = 0 [pid 6638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6638] write(3, "1000", 4) = 4 [pid 6638] close(3) = 0 [ 255.989085][ T6623] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6638] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6638] write(1, "executing program\n", 18) = 18 [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6638] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6642 attached [pid 6642] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6638] <... clone3 resumed> => {parent_tid=[6642]}, 88) = 6642 [pid 6642] <... rseq resumed>) = 0 [pid 6642] set_robust_list(0x7f3cdbf259a0, 24 [pid 6638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6638] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6642] <... set_robust_list resumed>) = 0 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] memfd_create("syzkaller", 0) = 3 [pid 6642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 256.040666][ T6621] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6643 ./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x55555d962760, 24) = 0 [pid 6643] chdir("./17") = 0 [ 256.090615][ T6623] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 256.119963][ T6621] XFS (loop0): Starting recovery (logdev: internal) [pid 6643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6643] setpgid(0, 0) = 0 [pid 6643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6643] write(3, "1000", 4) = 4 [pid 6643] close(3) = 0 executing program [pid 6643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6643] write(1, "executing program\n", 18) = 18 [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6643] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6644]}, 88) = 6644 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6643] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6644 attached [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6644] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6644] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6644] rt_sigprocmask(SIG_SETMASK, [], [pid 6621] <... mount resumed>) = 0 [pid 6644] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 256.157710][ T6623] XFS (loop2): Starting recovery (logdev: internal) [ 256.173175][ T6621] XFS (loop0): Ending recovery (logdev: internal) [pid 6621] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6644] memfd_create("syzkaller", 0 [pid 6621] chdir("./file1") = 0 [pid 6621] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6644] <... memfd_create resumed>) = 3 [pid 6621] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6621] <... futex resumed>) = 1 [pid 6621] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6623] <... mount resumed>) = 0 [pid 6621] <... openat resumed>) = 4 [pid 6623] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... openat resumed>) = 3 [pid 6621] <... futex resumed>) = 1 [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6642] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6623] chdir("./file1" [pid 6621] <... pwritev2 resumed>) = 65007 [pid 6621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] <... futex resumed>) = 0 [pid 6623] <... chdir resumed>) = 0 [pid 6621] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 256.207935][ T6623] XFS (loop2): Ending recovery (logdev: internal) [pid 6620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6620] <... futex resumed>) = 0 [pid 6623] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6623] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6623] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6622] <... futex resumed>) = 0 [pid 6623] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6622] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] <... futex resumed>) = 0 [pid 6621] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6620] <... futex resumed>) = 0 [pid 6621] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] <... openat resumed>) = 4 [ 256.250535][ T6621] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 256.264904][ T6621] XFS (loop0): Unmount and run xfs_repair [ 256.282582][ T6621] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 256.298998][ T6621] CPU: 1 UID: 0 PID: 6621 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 256.299036][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 256.299052][ T6621] Call Trace: [ 256.299062][ T6621] [ 256.299072][ T6621] dump_stack_lvl+0x189/0x250 [ 256.299116][ T6621] ? __pfx__xfs_alert_tag+0x10/0x10 [ 256.299155][ T6621] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.299190][ T6621] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 256.299238][ T6621] xfs_corruption_error+0x122/0x170 [ 256.299279][ T6621] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 256.299314][ T6621] xfs_alloc_fixup_trees+0x95e/0xd20 [ 256.299344][ T6621] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 256.299385][ T6621] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 256.299416][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.299445][ T6621] ? rcu_is_watching+0x15/0xb0 [ 256.299476][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.299505][ T6621] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 256.299537][ T6621] ? rcu_is_watching+0x15/0xb0 [ 256.299576][ T6621] xfs_alloc_cur_finish+0xd3/0x4b0 [ 256.299607][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.299637][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.299672][ T6621] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 256.299729][ T6621] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 256.299759][ T6621] ? xfs_group_grab+0x28/0x480 [ 256.299796][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.299824][ T6621] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 256.299858][ T6621] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 256.299906][ T6621] xfs_alloc_vextent_start_ag+0x388/0x850 [ 256.299947][ T6621] xfs_bmapi_allocate+0x188e/0x2e00 [ 256.300012][ T6621] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 256.300046][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.300101][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.300130][ T6621] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 256.300154][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.300182][ T6621] ? xfs_iext_prev+0x35a/0x370 [pid 6623] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6623] <... futex resumed>) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6622] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6622] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6622] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6645]}, 88) = 6645 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6645 attached [pid 6645] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6645] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6645] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6622] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 256.300221][ T6621] ? xfs_iext_get_extent+0x1bb/0x370 [ 256.300253][ T6621] xfs_bmapi_write+0x7df/0x1260 [ 256.300313][ T6621] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 256.300392][ T6621] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 256.300434][ T6621] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 256.300465][ T6621] ? kasan_save_track+0x4f/0x80 [ 256.300491][ T6621] ? kasan_save_track+0x3e/0x80 [ 256.300516][ T6621] ? kasan_save_free_info+0x46/0x50 [ 256.300554][ T6621] ? kmem_cache_free+0x18f/0x400 [ 256.300583][ T6621] ? __xfs_trans_commit+0x3e0/0xbd0 [ 256.300609][ T6621] ? xfs_trans_roll+0x130/0x450 [ 256.300634][ T6621] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 256.300674][ T6621] xfs_attr_set_iter+0x2d4/0x4b70 [ 256.300709][ T6621] ? filename_setxattr+0x274/0x600 [ 256.300744][ T6621] ? path_setxattrat+0x364/0x3a0 [ 256.300766][ T6621] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 256.300844][ T6621] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 256.300903][ T6621] ? kasan_quarantine_put+0xdd/0x220 [ 256.300929][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.300959][ T6621] ? lockdep_hardirqs_on+0x9c/0x150 [ 256.301000][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301034][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301063][ T6621] ? kmem_cache_free+0x18f/0x400 [ 256.301097][ T6621] ? __xfs_trans_commit+0x3e0/0xbd0 [ 256.301129][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301158][ T6621] ? __xfs_trans_commit+0x4c7/0xbd0 [ 256.301201][ T6621] xfs_attr_finish_item+0xed/0x320 [ 256.301242][ T6621] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6642] <... write resumed>) = 16777216 [pid 6622] <... mmap resumed>) = 0x7f3cdbec3000 [pid 6622] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} => {parent_tid=[6646]}, 88) = 6646 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 256.301280][ T6621] xfs_defer_finish_one+0x5c8/0xcf0 [ 256.301341][ T6621] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 256.301391][ T6621] xfs_defer_finish_noroll+0x910/0x12d0 [ 256.301431][ T6621] ? xfs_trans_commit+0x10b/0x1c0 [ 256.301463][ T6621] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 256.301498][ T6621] ? inode_set_ctime_current+0x740/0xb40 [ 256.301546][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301575][ T6621] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 256.301616][ T6621] xfs_trans_commit+0x10b/0x1c0 [ 256.301642][ T6621] ? __pfx_xfs_trans_commit+0x10/0x10 [ 256.301675][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301704][ T6621] ? xfs_trans_log_inode+0x12c/0x1a0 [ 256.301745][ T6621] xfs_attr_set+0xdc6/0x1210 [ 256.301794][ T6621] ? __pfx_xfs_attr_set+0x10/0x10 [ 256.301829][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.301857][ T6621] ? __lock_acquire+0xab9/0xd20 [ 256.301893][ T6621] ? xfs_da_hashname+0x59d/0x740 [ 256.301926][ T6621] ? do_raw_spin_lock+0x121/0x290 [ 256.301969][ T6621] ? xfs_attr_change+0x2ac/0x390 [pid 6622] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6646 attached [pid 6644] <... write resumed>) = 16777216 [pid 6642] munmap(0x7f3cd3a00000, 138412032 [pid 6621] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6646] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053 [pid 6644] munmap(0x7f3cd3a00000, 138412032 [pid 6646] <... rseq resumed>) = 0 [pid 6621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] set_robust_list(0x7f3cdbee39a0, 24 [pid 6621] <... futex resumed>) = 0 [pid 6620] exit_group(0 [pid 6646] <... set_robust_list resumed>) = 0 [pid 6621] ???( [pid 6646] rt_sigprocmask(SIG_SETMASK, [], [pid 6620] <... exit_group resumed>) = ? [pid 6646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6646] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6621] <... ??? resumed>) = ? [pid 6621] +++ exited with 0 +++ [pid 6620] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6620, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=69 /* 0.69 s */} --- [pid 5871] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6642] <... munmap resumed>) = 0 [pid 6642] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 256.302004][ T6621] xfs_xattr_set+0x14d/0x250 [ 256.302037][ T6621] ? __pfx_xfs_xattr_set+0x10/0x10 [ 256.302087][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302115][ T6621] ? evm_protect_xattr+0x4d4/0xa90 [ 256.302143][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302171][ T6621] ? rcu_is_watching+0x15/0xb0 [ 256.302206][ T6621] ? __pfx_evm_protect_xattr+0x10/0x10 [ 256.302235][ T6621] ? __pfx_xfs_xattr_set+0x10/0x10 [ 256.302263][ T6621] __vfs_setxattr+0x43c/0x480 [pid 6642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6642] close(3) = 0 [pid 6642] close(4) = 0 [ 256.302312][ T6621] __vfs_setxattr_noperm+0x12d/0x660 [ 256.302356][ T6621] vfs_setxattr+0x16b/0x2f0 [ 256.302398][ T6621] ? __pfx_vfs_setxattr+0x10/0x10 [ 256.302429][ T6621] ? mnt_get_write_access+0x223/0x2a0 [ 256.302460][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302495][ T6621] filename_setxattr+0x274/0x600 [ 256.302542][ T6621] ? __pfx_filename_setxattr+0x10/0x10 [ 256.302581][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302610][ T6621] ? getname_flags+0x1e5/0x540 [ 256.302652][ T6621] path_setxattrat+0x364/0x3a0 [pid 6642] mkdir("./file1", 0777) = 0 [pid 6644] <... munmap resumed>) = 0 [pid 6642] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6644] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 256.302689][ T6621] ? __pfx_path_setxattrat+0x10/0x10 [ 256.302754][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302783][ T6621] ? rcu_is_watching+0x15/0xb0 [ 256.302820][ T6621] __x64_sys_lsetxattr+0xbf/0xe0 [ 256.302861][ T6621] do_syscall_64+0xfa/0x3b0 [ 256.302886][ T6621] ? lockdep_hardirqs_on+0x9c/0x150 [ 256.302925][ T6621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.302950][ T6621] ? srso_alias_return_thunk+0x5/0xfbef5 [ 256.302978][ T6621] ? exc_page_fault+0x9f/0xf0 [ 256.303019][ T6621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6644] close(3) = 0 [pid 6644] close(4) = 0 [pid 6644] mkdir("./file1", 0777) = 0 [ 256.303044][ T6621] RIP: 0033:0x7f3cdbf794f9 [ 256.303066][ T6621] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 256.303093][ T6621] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 256.303120][ T6621] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 256.303140][ T6621] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 256.303159][ T6621] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 256.303176][ T6621] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 256.303193][ T6621] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 256.303231][ T6621] [ 256.303242][ T6621] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 256.536468][ T6645] XFS (loop2): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 256.542171][ T6621] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 256.648186][ T6645] XFS (loop2): Unmount and run xfs_repair [ 256.652021][ T6621] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 256.665044][ T6645] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 256.794533][ T6642] loop3: detected capacity change from 0 to 32768 [ 256.801528][ T6645] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 256.808129][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 256.821732][ T6645] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 256.857875][ T6642] XFS: noikeep mount option is deprecated. [ 256.862788][ T6645] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 256.871434][ T6644] loop1: detected capacity change from 0 to 32768 [ 256.874411][ T6645] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 256.930892][ T6644] XFS: noikeep mount option is deprecated. [ 256.946574][ T6645] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 257.115937][ T6645] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 257.124978][ T6645] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 257.134353][ T6645] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [pid 6644] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... umount2 resumed>) = 0 [pid 6645] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] <... lsetxattr resumed>) = 0 [pid 6645] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... pwritev2 resumed>) = 65007 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6645] <... futex resumed>) = 0 [pid 6623] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] newfstatat(AT_FDCWD, "./16/file1", [pid 6645] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6646] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6646] <... futex resumed>) = 0 [pid 6646] futex(0x7f3cdc0036e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] exit_group(0 [pid 5871] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6645] <... futex resumed>) = ? [pid 6623] <... futex resumed>) = ? [pid 6622] <... exit_group resumed>) = ? [pid 6645] +++ exited with 0 +++ [pid 6623] +++ exited with 0 +++ [pid 5871] <... openat resumed>) = 4 [pid 5871] newfstatat(4, "", [pid 6646] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 6646] +++ exited with 0 +++ [pid 6622] +++ exited with 0 +++ [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6622, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=83 /* 0.83 s */} --- [pid 5871] <... close resumed>) = 0 [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 5871] rmdir("./16/file1" [pid 5873] <... restart_syscall resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5873] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] <... openat resumed>) = 3 [pid 5871] unlink("./16/binderfs" [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] <... unlink resumed>) = 0 [pid 5873] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 257.146563][ T6645] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [ 257.174477][ T6642] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 257.189258][ T6644] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] close(3) = 0 [pid 5871] rmdir("./16") = 0 [pid 5871] mkdir("./17", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 257.221066][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 257.236008][ T5873] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [pid 5871] close(3 [pid 5873] <... umount2 resumed>) = 0 [ 257.285206][ T6642] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5873] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./16/file1") = 0 [pid 5873] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./16/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [ 257.331119][ T6644] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 257.353757][ T6642] XFS (loop3): Starting recovery (logdev: internal) [pid 5873] rmdir("./16") = 0 [pid 5873] mkdir("./17", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6663 ./strace-static-x86_64: Process 6663 attached [pid 6642] <... mount resumed>) = 0 [pid 6642] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6642] chdir("./file1") = 0 [pid 6663] set_robust_list(0x55555d962760, 24 [pid 6642] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6663] <... set_robust_list resumed>) = 0 [pid 6642] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6642] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6638] <... futex resumed>) = 0 [pid 6663] chdir("./17" [pid 6642] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] <... chdir resumed>) = 0 [pid 6638] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6642] <... futex resumed>) = 0 [pid 6638] <... futex resumed>) = 1 [pid 6663] <... prctl resumed>) = 0 [pid 6642] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6663] setpgid(0, 0 [pid 6642] <... openat resumed>) = 4 [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... setpgid resumed>) = 0 [pid 6642] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6638] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... openat resumed>) = 3 [pid 6642] <... futex resumed>) = 0 [pid 6638] <... futex resumed>) = 1 [pid 6642] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 257.405977][ T6644] XFS (loop1): Starting recovery (logdev: internal) [ 257.442413][ T6642] XFS (loop3): Ending recovery (logdev: internal) [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] write(3, "1000", 4 [pid 6642] <... pwritev2 resumed>) = 65007 [pid 6642] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6638] <... futex resumed>) = 0 [pid 6663] <... write resumed>) = 4 [pid 6663] close(3) = 0 [pid 6663] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6638] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] write(1, "executing program\n", 18 [pid 6642] <... futex resumed>) = 0 [pid 6638] <... futex resumed>) = 1 [pid 6663] <... write resumed>) = 18 [pid 6642] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6644] <... mount resumed>) = 0 [pid 6663] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6644] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6644] <... openat resumed>) = 3 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6644] chdir("./file1" [pid 6663] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6644] <... chdir resumed>) = 0 [pid 6663] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6644] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6663] <... mprotect resumed>) = 0 [pid 6644] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6644] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6643] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6644] <... openat resumed>) = 4 [pid 6643] <... futex resumed>) = 0 [pid 6644] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6644] <... futex resumed>) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6644] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6643] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) ./strace-static-x86_64: Process 6664 attached [pid 6644] <... pwritev2 resumed>) = 65007 [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6663] <... clone3 resumed> => {parent_tid=[6664]}, 88) = 6664 [pid 6644] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... rseq resumed>) = 0 [pid 6642] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] set_robust_list(0x7f3cdbf259a0, 24 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], [pid 6644] <... futex resumed>) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6642] <... futex resumed>) = 1 [pid 6638] <... futex resumed>) = 0 [pid 6664] <... set_robust_list resumed>) = 0 [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6644] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6643] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6638] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] rt_sigprocmask(SIG_SETMASK, [], [pid 6663] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6643] <... futex resumed>) = 0 [pid 6642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6638] <... futex resumed>) = 0 [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] <... futex resumed>) = 0 [pid 6644] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 257.488747][ T6644] XFS (loop1): Ending recovery (logdev: internal) [ 257.502866][ T6642] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 257.531605][ T6642] XFS (loop3): Unmount and run xfs_repair [pid 6664] memfd_create("syzkaller", 0) = 3 [pid 6664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6638] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6644] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6644] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = 0 [pid 6644] <... futex resumed>) = 1 [pid 6643] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6643] <... futex resumed>) = 0 [ 257.559021][ T6644] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 257.566236][ T6642] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 257.585483][ T6644] XFS (loop1): Unmount and run xfs_repair [ 257.602774][ T6644] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 257.612447][ T6642] CPU: 0 UID: 0 PID: 6642 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 257.612484][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.612499][ T6642] Call Trace: [ 257.612511][ T6642] [ 257.612521][ T6642] dump_stack_lvl+0x189/0x250 [ 257.612558][ T6642] ? __pfx__xfs_alert_tag+0x10/0x10 [ 257.612595][ T6642] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6643] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 257.612630][ T6642] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 257.612677][ T6642] xfs_corruption_error+0x122/0x170 [ 257.612715][ T6642] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 257.612750][ T6642] xfs_alloc_fixup_trees+0x95e/0xd20 [ 257.612779][ T6642] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 257.612819][ T6642] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 257.612856][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.612884][ T6642] ? rcu_is_watching+0x15/0xb0 [ 257.612914][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.612942][ T6642] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 257.612972][ T6642] ? rcu_is_watching+0x15/0xb0 [ 257.613011][ T6642] xfs_alloc_cur_finish+0xd3/0x4b0 [ 257.613041][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.613070][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.613103][ T6642] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 257.613160][ T6642] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 257.613189][ T6642] ? xfs_group_grab+0x28/0x480 [ 257.613225][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6665 [ 257.613252][ T6642] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 257.613286][ T6642] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 257.613333][ T6642] xfs_alloc_vextent_start_ag+0x388/0x850 [ 257.613372][ T6642] xfs_bmapi_allocate+0x188e/0x2e00 [ 257.613435][ T6642] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 257.613467][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.613516][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.613544][ T6642] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 257.613568][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 ./strace-static-x86_64: Process 6665 attached [pid 6665] set_robust_list(0x55555d962760, 24 [pid 6664] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6642] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6665] <... set_robust_list resumed>) = 0 [pid 6665] chdir("./17") = 0 [pid 6665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6665] setpgid(0, 0) = 0 [ 257.613595][ T6642] ? xfs_iext_prev+0x35a/0x370 [ 257.613633][ T6642] ? xfs_iext_get_extent+0x1bb/0x370 [ 257.613663][ T6642] xfs_bmapi_write+0x7df/0x1260 [ 257.613721][ T6642] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 257.613798][ T6642] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 257.613844][ T6642] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 257.613875][ T6642] ? kasan_save_track+0x4f/0x80 [ 257.613900][ T6642] ? kasan_save_track+0x3e/0x80 [ 257.613924][ T6642] ? kasan_save_free_info+0x46/0x50 [pid 6665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6665] write(3, "1000", 4) = 4 [pid 6665] close(3) = 0 [pid 6665] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6665] write(1, "executing program\n", 18) = 18 [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6642] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] exit_group(0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6638] <... exit_group resumed>) = ? [pid 6665] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6642] <... futex resumed>) = ? ./strace-static-x86_64: Process 6666 attached [pid 6665] <... clone3 resumed> => {parent_tid=[6666]}, 88) = 6666 [pid 6666] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], [pid 6666] <... rseq resumed>) = 0 [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] set_robust_list(0x7f3cdbf259a0, 24 [pid 6665] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... set_robust_list resumed>) = 0 [pid 6665] <... futex resumed>) = 0 [pid 6666] rt_sigprocmask(SIG_SETMASK, [], [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] memfd_create("syzkaller", 0) = 3 [pid 6666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6642] +++ exited with 0 +++ [pid 6638] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6638, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 257.613960][ T6642] ? kmem_cache_free+0x18f/0x400 [ 257.613989][ T6642] ? __xfs_trans_commit+0x3e0/0xbd0 [ 257.614013][ T6642] ? xfs_trans_roll+0x130/0x450 [ 257.614036][ T6642] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 257.614075][ T6642] xfs_attr_set_iter+0x2d4/0x4b70 [ 257.614109][ T6642] ? filename_setxattr+0x274/0x600 [ 257.614142][ T6642] ? path_setxattrat+0x364/0x3a0 [ 257.614163][ T6642] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 257.614214][ T6642] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 257.614270][ T6642] ? kasan_quarantine_put+0xdd/0x220 [ 257.614296][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.614323][ T6642] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.614364][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.614397][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.614424][ T6642] ? kmem_cache_free+0x18f/0x400 [ 257.614452][ T6642] ? __xfs_trans_commit+0x3e0/0xbd0 [ 257.614483][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.614510][ T6642] ? __xfs_trans_commit+0x4c7/0xbd0 [ 257.614553][ T6642] xfs_attr_finish_item+0xed/0x320 [ 257.614593][ T6642] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 257.614629][ T6642] xfs_defer_finish_one+0x5c8/0xcf0 [ 257.614689][ T6642] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 257.614737][ T6642] xfs_defer_finish_noroll+0x910/0x12d0 [ 257.614776][ T6642] ? xfs_trans_commit+0x10b/0x1c0 [ 257.614807][ T6642] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 257.614845][ T6642] ? inode_set_ctime_current+0x740/0xb40 [ 257.614892][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.614919][ T6642] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 257.614959][ T6642] xfs_trans_commit+0x10b/0x1c0 [ 257.614985][ T6642] ? __pfx_xfs_trans_commit+0x10/0x10 [ 257.615016][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615044][ T6642] ? xfs_trans_log_inode+0x12c/0x1a0 [ 257.615083][ T6642] xfs_attr_set+0xdc6/0x1210 [ 257.615131][ T6642] ? __pfx_xfs_attr_set+0x10/0x10 [ 257.615164][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615192][ T6642] ? __lock_acquire+0xab9/0xd20 [ 257.615228][ T6642] ? xfs_da_hashname+0x59d/0x740 [pid 5874] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6643] exit_group(0) = ? [ 257.615259][ T6642] ? do_raw_spin_lock+0x121/0x290 [ 257.615300][ T6642] ? xfs_attr_change+0x2ac/0x390 [ 257.615334][ T6642] xfs_xattr_set+0x14d/0x250 [ 257.615365][ T6642] ? __pfx_xfs_xattr_set+0x10/0x10 [ 257.615410][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615437][ T6642] ? evm_protect_xattr+0x4d4/0xa90 [ 257.615463][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615491][ T6642] ? rcu_is_watching+0x15/0xb0 [ 257.615523][ T6642] ? __pfx_evm_protect_xattr+0x10/0x10 [ 257.615551][ T6642] ? __pfx_xfs_xattr_set+0x10/0x10 [ 257.615578][ T6642] __vfs_setxattr+0x43c/0x480 [ 257.615625][ T6642] __vfs_setxattr_noperm+0x12d/0x660 [ 257.615668][ T6642] vfs_setxattr+0x16b/0x2f0 [ 257.615708][ T6642] ? __pfx_vfs_setxattr+0x10/0x10 [ 257.615737][ T6642] ? mnt_get_write_access+0x223/0x2a0 [ 257.615766][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615800][ T6642] filename_setxattr+0x274/0x600 [ 257.615850][ T6642] ? __pfx_filename_setxattr+0x10/0x10 [ 257.615885][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.615912][ T6642] ? getname_flags+0x1e5/0x540 [ 257.615953][ T6642] path_setxattrat+0x364/0x3a0 [ 257.615987][ T6642] ? __pfx_path_setxattrat+0x10/0x10 [ 257.616050][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.616078][ T6642] ? rcu_is_watching+0x15/0xb0 [ 257.616115][ T6642] __x64_sys_lsetxattr+0xbf/0xe0 [ 257.616154][ T6642] do_syscall_64+0xfa/0x3b0 [ 257.616179][ T6642] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.616217][ T6642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.616240][ T6642] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.616268][ T6642] ? exc_page_fault+0x9f/0xf0 [ 257.616307][ T6642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.616331][ T6642] RIP: 0033:0x7f3cdbf794f9 [ 257.616352][ T6642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 257.616372][ T6642] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 6666] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6664] <... write resumed>) = 16777216 [ 257.616398][ T6642] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 257.616416][ T6642] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 257.616434][ T6642] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 257.616449][ T6642] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 257.616466][ T6642] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 257.616504][ T6642] [ 257.616515][ T6642] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 6664] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 257.656854][ T6644] CPU: 1 UID: 0 PID: 6644 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 257.656890][ T6644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.656906][ T6644] Call Trace: [ 257.656916][ T6644] [ 257.656928][ T6644] dump_stack_lvl+0x189/0x250 [ 257.656963][ T6644] ? __pfx__xfs_alert_tag+0x10/0x10 [ 257.657000][ T6644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.657034][ T6644] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 257.657089][ T6644] xfs_corruption_error+0x122/0x170 [ 257.657127][ T6644] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 257.657162][ T6644] xfs_alloc_fixup_trees+0x95e/0xd20 [ 257.657191][ T6644] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 257.657232][ T6644] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 257.657262][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657291][ T6644] ? rcu_is_watching+0x15/0xb0 [ 257.657320][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657348][ T6644] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 257.657379][ T6644] ? rcu_is_watching+0x15/0xb0 [ 257.657418][ T6644] xfs_alloc_cur_finish+0xd3/0x4b0 [ 257.657447][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657477][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657511][ T6644] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 257.657567][ T6644] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 257.657596][ T6644] ? xfs_group_grab+0x28/0x480 [ 257.657632][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657659][ T6644] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 257.657692][ T6644] xfs_alloc_vextent_iterate_ags+0x640/0x940 [pid 6664] ioctl(4, LOOP_SET_FD, 3 [pid 6666] <... write resumed>) = 16777216 [pid 6644] <... lsetxattr resumed>) = ? [pid 6666] munmap(0x7f3cd3a00000, 138412032 [pid 6644] +++ exited with 0 +++ [pid 6643] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6643, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=98 /* 0.98 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6666] <... munmap resumed>) = 0 [pid 6664] <... ioctl resumed>) = 0 [pid 6666] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 257.657740][ T6644] xfs_alloc_vextent_start_ag+0x388/0x850 [ 257.657779][ T6644] xfs_bmapi_allocate+0x188e/0x2e00 [ 257.657842][ T6644] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 257.657875][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657924][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.657952][ T6644] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 257.657975][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.658002][ T6644] ? xfs_iext_prev+0x35a/0x370 [ 257.658040][ T6644] ? xfs_iext_get_extent+0x1bb/0x370 [ 257.658070][ T6644] xfs_bmapi_write+0x7df/0x1260 [ 257.658134][ T6644] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 257.658211][ T6644] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 257.658252][ T6644] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 257.658282][ T6644] ? kasan_save_track+0x4f/0x80 [ 257.658307][ T6644] ? kasan_save_track+0x3e/0x80 [ 257.658331][ T6644] ? kasan_save_free_info+0x46/0x50 [ 257.658368][ T6644] ? kmem_cache_free+0x18f/0x400 [ 257.658396][ T6644] ? __xfs_trans_commit+0x3e0/0xbd0 [ 257.658421][ T6644] ? xfs_trans_roll+0x130/0x450 [ 257.658444][ T6644] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 257.658483][ T6644] xfs_attr_set_iter+0x2d4/0x4b70 [ 257.658518][ T6644] ? filename_setxattr+0x274/0x600 [ 257.658550][ T6644] ? path_setxattrat+0x364/0x3a0 [ 257.658571][ T6644] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 257.658622][ T6644] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 257.658678][ T6644] ? kasan_quarantine_put+0xdd/0x220 [ 257.658704][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.658731][ T6644] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6666] ioctl(4, LOOP_SET_FD, 3 [pid 6664] close(3) = 0 [pid 6664] close(4) = 0 [pid 6664] mkdir("./file1", 0777) = 0 [ 257.658771][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.658805][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.658832][ T6644] ? kmem_cache_free+0x18f/0x400 [ 257.658859][ T6644] ? __xfs_trans_commit+0x3e0/0xbd0 [ 257.658890][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.658917][ T6644] ? __xfs_trans_commit+0x4c7/0xbd0 [ 257.658960][ T6644] xfs_attr_finish_item+0xed/0x320 [ 257.659000][ T6644] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 257.659036][ T6644] xfs_defer_finish_one+0x5c8/0xcf0 [pid 6664] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6666] <... ioctl resumed>) = 0 [pid 6666] close(3) = 0 [pid 6666] close(4) = 0 [pid 6666] mkdir("./file1", 0777) = 0 [ 257.659104][ T6644] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 257.659153][ T6644] xfs_defer_finish_noroll+0x910/0x12d0 [ 257.659191][ T6644] ? xfs_trans_commit+0x10b/0x1c0 [ 257.659223][ T6644] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 257.659256][ T6644] ? inode_set_ctime_current+0x740/0xb40 [ 257.659303][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.659331][ T6644] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 257.659371][ T6644] xfs_trans_commit+0x10b/0x1c0 [ 257.659397][ T6644] ? __pfx_xfs_trans_commit+0x10/0x10 [ 257.659429][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.659456][ T6644] ? xfs_trans_log_inode+0x12c/0x1a0 [ 257.659496][ T6644] xfs_attr_set+0xdc6/0x1210 [ 257.659544][ T6644] ? __pfx_xfs_attr_set+0x10/0x10 [ 257.659578][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.659605][ T6644] ? __lock_acquire+0xab9/0xd20 [ 257.659641][ T6644] ? xfs_da_hashname+0x59d/0x740 [ 257.659673][ T6644] ? do_raw_spin_lock+0x121/0x290 [ 257.659715][ T6644] ? xfs_attr_change+0x2ac/0x390 [ 257.659749][ T6644] xfs_xattr_set+0x14d/0x250 [ 257.659781][ T6644] ? __pfx_xfs_xattr_set+0x10/0x10 [ 257.659825][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.659853][ T6644] ? evm_protect_xattr+0x4d4/0xa90 [ 257.659880][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.659908][ T6644] ? rcu_is_watching+0x15/0xb0 [ 257.659941][ T6644] ? __pfx_evm_protect_xattr+0x10/0x10 [ 257.659972][ T6644] ? __pfx_xfs_xattr_set+0x10/0x10 [ 257.659999][ T6644] __vfs_setxattr+0x43c/0x480 [ 257.660048][ T6644] __vfs_setxattr_noperm+0x12d/0x660 [ 257.660100][ T6644] vfs_setxattr+0x16b/0x2f0 [ 257.660141][ T6644] ? __pfx_vfs_setxattr+0x10/0x10 [ 257.660171][ T6644] ? mnt_get_write_access+0x223/0x2a0 [ 257.660201][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.660234][ T6644] filename_setxattr+0x274/0x600 [ 257.660280][ T6644] ? __pfx_filename_setxattr+0x10/0x10 [ 257.660318][ T6644] ? srso_alias_return_thunk+0x5/0xfbef5 [ 257.660345][ T6644] ? getname_flags+0x1e5/0x540 [ 257.660385][ T6644] path_setxattrat+0x364/0x3a0 [ 257.660423][ T6644] ? __pfx_path_setxattrat+0x10/0x10 [ 257.660499][ T6644] __x64_sys_lsetxattr+0xbf/0xe0 [ 257.660538][ T6644] do_syscall_64+0xfa/0x3b0 [ 257.660566][ T6644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.660590][ T6644] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 257.660621][ T6644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.660644][ T6644] RIP: 0033:0x7f3cdbf794f9 [ 257.660667][ T6644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6666] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5874] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./17/file1", [pid 5872] newfstatat(AT_FDCWD, "./17/file1", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... openat resumed>) = 4 [pid 5872] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", [pid 5872] newfstatat(4, "", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, [pid 5872] getdents64(4, [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, [pid 5872] getdents64(4, [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4 [pid 5872] close(4 [pid 5874] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5874] rmdir("./17/file1" [pid 5872] rmdir("./17/file1" [pid 5874] <... rmdir resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5874] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5872] newfstatat(AT_FDCWD, "./17/binderfs", [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./17/binderfs" [pid 5872] unlink("./17/binderfs" [pid 5874] <... unlink resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5874] getdents64(3, [pid 5872] getdents64(3, [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3 [pid 5872] close(3 [pid 5874] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5874] rmdir("./17" [pid 5872] rmdir("./17" [pid 5874] <... rmdir resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5874] mkdir("./18", 0777 [pid 5872] mkdir("./18", 0777 [pid 5874] <... mkdir resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] <... openat resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5874] <... ioctl resumed>) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5874] close(3 [ 257.660688][ T6644] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 257.660713][ T6644] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 257.660731][ T6644] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 257.660749][ T6644] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 257.660765][ T6644] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 257.660782][ T6644] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 257.660843][ T6644] [ 257.660854][ T6644] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 257.689776][ T6642] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 257.788798][ T6644] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 257.795271][ T6642] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 257.813729][ T6644] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 258.360124][ T6664] loop0: detected capacity change from 0 to 32768 [ 258.492567][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 258.496907][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 258.509759][ T6666] loop2: detected capacity change from 0 to 32768 [ 258.615367][ T6664] XFS: noikeep mount option is deprecated. [pid 5872] close(3 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6680 attached [pid 6680] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6680 [pid 6680] <... set_robust_list resumed>) = 0 [pid 6680] chdir("./18") = 0 [pid 6680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6680] setpgid(0, 0) = 0 [pid 6680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 258.682800][ T6666] XFS: noikeep mount option is deprecated. [ 258.826163][ T6664] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 259.093426][ T6666] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6680] write(3, "1000", 4) = 4 [pid 6680] close(3) = 0 [pid 6680] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6680] write(1, "executing program\n", 18) = 18 [pid 6680] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 259.142898][ T6664] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 259.154118][ T6666] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6680] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6686 attached => {parent_tid=[6686]}, 88) = 6686 [pid 6680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6680] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6680] <... futex resumed>) = 0 [pid 6686] <... rseq resumed>) = 0 [pid 6686] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6680] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6686] memfd_create("syzkaller", 0 [pid 5872] <... close resumed>) = 0 [pid 6686] <... memfd_create resumed>) = 3 [pid 6686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6686] <... mmap resumed>) = 0x7f3cd3a00000 ./strace-static-x86_64: Process 6687 attached [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6687 [pid 6687] set_robust_list(0x55555d962760, 24) = 0 [pid 6687] chdir("./18") = 0 [ 259.192816][ T6664] XFS (loop0): Starting recovery (logdev: internal) [pid 6687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6687] setpgid(0, 0) = 0 [pid 6687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6687] write(3, "1000", 4) = 4 [pid 6687] close(3) = 0 [pid 6687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6687] write(1, "executing program\n", 18executing program ) = 18 [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... mount resumed>) = 0 [pid 6687] <... futex resumed>) = 0 [pid 6687] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6664] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6687] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6664] <... openat resumed>) = 3 [pid 6687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6664] chdir("./file1" [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] <... chdir resumed>) = 0 [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6664] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6687] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6664] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6687] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6664] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... mprotect resumed>) = 0 [pid 6664] <... futex resumed>) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6687] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6664] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6688 attached [pid 6664] <... openat resumed>) = 4 [pid 6688] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6687] <... clone3 resumed> => {parent_tid=[6688]}, 88) = 6688 [pid 6664] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... rseq resumed>) = 0 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], [pid 6664] <... futex resumed>) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6688] set_robust_list(0x7f3cdbf259a0, 24 [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] <... mount resumed>) = 0 [pid 6664] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... set_robust_list resumed>) = 0 [pid 6687] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], [pid 6687] <... futex resumed>) = 0 [pid 6666] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6664] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6666] <... openat resumed>) = 3 [pid 6666] chdir("./file1") = 0 [pid 6666] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6688] memfd_create("syzkaller", 0 [pid 6666] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6688] <... memfd_create resumed>) = 3 [pid 6666] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6666] <... futex resumed>) = 1 [pid 6665] <... futex resumed>) = 0 [ 259.256256][ T6666] XFS (loop2): Starting recovery (logdev: internal) [ 259.271900][ T6664] XFS (loop0): Ending recovery (logdev: internal) [ 259.294302][ T6666] XFS (loop2): Ending recovery (logdev: internal) [pid 6666] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6665] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... pwritev2 resumed>) = 65007 [pid 6666] <... openat resumed>) = 4 [pid 6664] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6664] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6664] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] <... futex resumed>) = 0 [pid 6665] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6666] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6666] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6665] <... futex resumed>) = 0 [ 259.343307][ T6664] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 259.369367][ T6666] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 259.383724][ T6664] XFS (loop0): Unmount and run xfs_repair [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6666] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6664] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... futex resumed>) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6664] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 259.390655][ T6666] XFS (loop2): Unmount and run xfs_repair [pid 6666] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] <... futex resumed>) = 0 [pid 6686] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6665] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6663] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 259.414312][ T6664] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 259.438221][ T6666] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 259.456029][ T6664] CPU: 1 UID: 0 PID: 6664 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 259.456061][ T6664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.456077][ T6664] Call Trace: [ 259.456087][ T6664] [ 259.456099][ T6664] dump_stack_lvl+0x189/0x250 [ 259.456138][ T6664] ? __pfx__xfs_alert_tag+0x10/0x10 [ 259.456175][ T6664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.456209][ T6664] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 259.456256][ T6664] xfs_corruption_error+0x122/0x170 [ 259.456294][ T6664] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 259.456328][ T6664] xfs_alloc_fixup_trees+0x95e/0xd20 [ 259.456358][ T6664] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 259.456399][ T6664] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 259.456430][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.456460][ T6664] ? rcu_is_watching+0x15/0xb0 [ 259.456490][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.456519][ T6664] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 259.456550][ T6664] ? rcu_is_watching+0x15/0xb0 [ 259.456590][ T6664] xfs_alloc_cur_finish+0xd3/0x4b0 [ 259.456624][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.456654][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.456688][ T6664] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 259.456745][ T6664] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 259.456776][ T6664] ? xfs_group_grab+0x28/0x480 [ 259.456818][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.456846][ T6664] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 259.456880][ T6664] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 259.456935][ T6664] xfs_alloc_vextent_start_ag+0x388/0x850 [ 259.456974][ T6664] xfs_bmapi_allocate+0x188e/0x2e00 [ 259.457038][ T6664] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 259.457071][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.457122][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.457150][ T6664] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 259.457175][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.457203][ T6664] ? xfs_iext_prev+0x35a/0x370 [ 259.457241][ T6664] ? xfs_iext_get_extent+0x1bb/0x370 [ 259.457272][ T6664] xfs_bmapi_write+0x7df/0x1260 [ 259.457333][ T6664] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 259.457411][ T6664] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 259.457452][ T6664] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 259.457483][ T6664] ? kasan_save_track+0x4f/0x80 [ 259.457509][ T6664] ? kasan_save_track+0x3e/0x80 [ 259.457534][ T6664] ? kasan_save_free_info+0x46/0x50 [ 259.457571][ T6664] ? kmem_cache_free+0x18f/0x400 [ 259.457600][ T6664] ? __xfs_trans_commit+0x3e0/0xbd0 [ 259.457625][ T6664] ? xfs_trans_roll+0x130/0x450 [ 259.457649][ T6664] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 259.457689][ T6664] xfs_attr_set_iter+0x2d4/0x4b70 [ 259.457724][ T6664] ? filename_setxattr+0x274/0x600 [ 259.457757][ T6664] ? path_setxattrat+0x364/0x3a0 [ 259.457779][ T6664] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 259.457830][ T6664] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 259.457893][ T6664] ? kasan_quarantine_put+0xdd/0x220 [ 259.457919][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.457948][ T6664] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.457988][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458022][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458050][ T6664] ? kmem_cache_free+0x18f/0x400 [ 259.458079][ T6664] ? __xfs_trans_commit+0x3e0/0xbd0 [ 259.458110][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458138][ T6664] ? __xfs_trans_commit+0x4c7/0xbd0 [ 259.458181][ T6664] xfs_attr_finish_item+0xed/0x320 [ 259.458222][ T6664] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 259.458260][ T6664] xfs_defer_finish_one+0x5c8/0xcf0 [ 259.458319][ T6664] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 259.458369][ T6664] xfs_defer_finish_noroll+0x910/0x12d0 [ 259.458408][ T6664] ? xfs_trans_commit+0x10b/0x1c0 [ 259.458440][ T6664] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 259.458475][ T6664] ? inode_set_ctime_current+0x740/0xb40 [ 259.458523][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458552][ T6664] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 259.458593][ T6664] xfs_trans_commit+0x10b/0x1c0 [ 259.458620][ T6664] ? __pfx_xfs_trans_commit+0x10/0x10 [ 259.458653][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458681][ T6664] ? xfs_trans_log_inode+0x12c/0x1a0 [ 259.458722][ T6664] xfs_attr_set+0xdc6/0x1210 [ 259.458771][ T6664] ? __pfx_xfs_attr_set+0x10/0x10 [ 259.458811][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.458840][ T6664] ? __lock_acquire+0xab9/0xd20 [ 259.458877][ T6664] ? xfs_da_hashname+0x59d/0x740 [ 259.458915][ T6664] ? do_raw_spin_lock+0x121/0x290 [ 259.458959][ T6664] ? xfs_attr_change+0x2ac/0x390 [ 259.458993][ T6664] xfs_xattr_set+0x14d/0x250 [pid 6688] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6686] <... write resumed>) = 16777216 [ 259.459026][ T6664] ? __pfx_xfs_xattr_set+0x10/0x10 [ 259.459071][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459099][ T6664] ? evm_protect_xattr+0x4d4/0xa90 [ 259.459126][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459154][ T6664] ? rcu_is_watching+0x15/0xb0 [ 259.459188][ T6664] ? __pfx_evm_protect_xattr+0x10/0x10 [ 259.459217][ T6664] ? __pfx_xfs_xattr_set+0x10/0x10 [ 259.459245][ T6664] __vfs_setxattr+0x43c/0x480 [ 259.459294][ T6664] __vfs_setxattr_noperm+0x12d/0x660 [ 259.459338][ T6664] vfs_setxattr+0x16b/0x2f0 [pid 6688] <... write resumed>) = 16777216 [pid 6686] munmap(0x7f3cd3a00000, 138412032 [pid 6666] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6688] munmap(0x7f3cd3a00000, 138412032 [pid 6666] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] exit_group(0 [pid 6666] <... futex resumed>) = ? [pid 6665] <... exit_group resumed>) = ? [pid 6666] +++ exited with 0 +++ [pid 6665] +++ exited with 0 +++ [ 259.459379][ T6664] ? __pfx_vfs_setxattr+0x10/0x10 [ 259.459409][ T6664] ? mnt_get_write_access+0x223/0x2a0 [ 259.459440][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459474][ T6664] filename_setxattr+0x274/0x600 [ 259.459520][ T6664] ? __pfx_filename_setxattr+0x10/0x10 [ 259.459558][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459586][ T6664] ? getname_flags+0x1e5/0x540 [ 259.459628][ T6664] path_setxattrat+0x364/0x3a0 [ 259.459664][ T6664] ? __pfx_path_setxattrat+0x10/0x10 [pid 6686] <... munmap resumed>) = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6665, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=86 /* 0.86 s */} --- [pid 6686] <... openat resumed>) = 4 [pid 6688] <... munmap resumed>) = 0 [pid 6686] ioctl(4, LOOP_SET_FD, 3 [pid 5873] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6688] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6664] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 259.459730][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459757][ T6664] ? rcu_is_watching+0x15/0xb0 [ 259.459794][ T6664] __x64_sys_lsetxattr+0xbf/0xe0 [ 259.459834][ T6664] do_syscall_64+0xfa/0x3b0 [ 259.459858][ T6664] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.459905][ T6664] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.459929][ T6664] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.459958][ T6664] ? exc_page_fault+0x9f/0xf0 [ 259.459998][ T6664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.460022][ T6664] RIP: 0033:0x7f3cdbf794f9 [pid 6664] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] exit_group(0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6663] <... exit_group resumed>) = ? [pid 5873] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6664] +++ exited with 0 +++ [pid 6663] +++ exited with 0 +++ [pid 6688] <... openat resumed>) = 4 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6663, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=104 /* 1.04 s */} --- [ 259.460044][ T6664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 259.460065][ T6664] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 259.460090][ T6664] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 259.460109][ T6664] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6688] ioctl(4, LOOP_SET_FD, 3 [pid 6686] <... ioctl resumed>) = 0 [pid 6686] close(3) = 0 [pid 6686] close(4) = 0 [pid 6686] mkdir("./file1", 0777) = 0 [ 259.460128][ T6664] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 259.460144][ T6664] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 259.460161][ T6664] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 259.460200][ T6664] [ 259.517185][ T6666] CPU: 0 UID: 0 PID: 6666 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 259.517217][ T6666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.517233][ T6666] Call Trace: [ 259.517244][ T6666] [ 259.517255][ T6666] dump_stack_lvl+0x189/0x250 [ 259.517290][ T6666] ? __pfx__xfs_alert_tag+0x10/0x10 [ 259.517328][ T6666] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.517362][ T6666] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 259.517409][ T6666] xfs_corruption_error+0x122/0x170 [ 259.517447][ T6666] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 259.517481][ T6666] xfs_alloc_fixup_trees+0x95e/0xd20 [ 259.517510][ T6666] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 259.517550][ T6666] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 259.517581][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.517608][ T6666] ? rcu_is_watching+0x15/0xb0 [ 259.517639][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.517666][ T6666] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 259.517700][ T6666] ? rcu_is_watching+0x15/0xb0 [ 259.517739][ T6666] xfs_alloc_cur_finish+0xd3/0x4b0 [ 259.517768][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.517798][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.517831][ T6666] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 259.517888][ T6666] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 259.517917][ T6666] ? xfs_group_grab+0x28/0x480 [ 259.517953][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.517980][ T6666] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 259.518014][ T6666] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 259.518060][ T6666] xfs_alloc_vextent_start_ag+0x388/0x850 [ 259.518099][ T6666] xfs_bmapi_allocate+0x188e/0x2e00 [ 259.518168][ T6666] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 259.518200][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6686] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 259.518250][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.518277][ T6666] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 259.518301][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.518328][ T6666] ? xfs_iext_prev+0x35a/0x370 [ 259.518366][ T6666] ? xfs_iext_get_extent+0x1bb/0x370 [ 259.518397][ T6666] xfs_bmapi_write+0x7df/0x1260 [ 259.518455][ T6666] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 259.518533][ T6666] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 259.518573][ T6666] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [pid 5871] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6688] <... ioctl resumed>) = 0 [pid 6688] close(3) = 0 [pid 6688] close(4) = 0 [pid 6688] mkdir("./file1", 0777) = 0 [ 259.518604][ T6666] ? kasan_save_track+0x4f/0x80 [ 259.518629][ T6666] ? kasan_save_track+0x3e/0x80 [ 259.518654][ T6666] ? kasan_save_free_info+0x46/0x50 [ 259.518690][ T6666] ? kmem_cache_free+0x18f/0x400 [ 259.518718][ T6666] ? __xfs_trans_commit+0x3e0/0xbd0 [ 259.518743][ T6666] ? xfs_trans_roll+0x130/0x450 [ 259.518766][ T6666] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 259.518805][ T6666] xfs_attr_set_iter+0x2d4/0x4b70 [ 259.518838][ T6666] ? filename_setxattr+0x274/0x600 [ 259.518870][ T6666] ? path_setxattrat+0x364/0x3a0 [ 259.518892][ T6666] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 259.518943][ T6666] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 259.518999][ T6666] ? kasan_quarantine_put+0xdd/0x220 [ 259.519025][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519052][ T6666] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.519091][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519125][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519158][ T6666] ? kmem_cache_free+0x18f/0x400 [ 259.519185][ T6666] ? __xfs_trans_commit+0x3e0/0xbd0 [ 259.519216][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519244][ T6666] ? __xfs_trans_commit+0x4c7/0xbd0 [ 259.519287][ T6666] xfs_attr_finish_item+0xed/0x320 [ 259.519327][ T6666] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 259.519363][ T6666] xfs_defer_finish_one+0x5c8/0xcf0 [ 259.519422][ T6666] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 259.519471][ T6666] xfs_defer_finish_noroll+0x910/0x12d0 [ 259.519509][ T6666] ? xfs_trans_commit+0x10b/0x1c0 [ 259.519541][ T6666] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 259.519574][ T6666] ? inode_set_ctime_current+0x740/0xb40 [ 259.519621][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519648][ T6666] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 259.519687][ T6666] xfs_trans_commit+0x10b/0x1c0 [ 259.519714][ T6666] ? __pfx_xfs_trans_commit+0x10/0x10 [ 259.519746][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519773][ T6666] ? xfs_trans_log_inode+0x12c/0x1a0 [ 259.519813][ T6666] xfs_attr_set+0xdc6/0x1210 [ 259.519861][ T6666] ? __pfx_xfs_attr_set+0x10/0x10 [ 259.519895][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.519923][ T6666] ? __lock_acquire+0xab9/0xd20 [ 259.519959][ T6666] ? xfs_da_hashname+0x59d/0x740 [ 259.519990][ T6666] ? do_raw_spin_lock+0x121/0x290 [ 259.520033][ T6666] ? xfs_attr_change+0x2ac/0x390 [ 259.520067][ T6666] xfs_xattr_set+0x14d/0x250 [ 259.520099][ T6666] ? __pfx_xfs_xattr_set+0x10/0x10 [ 259.520148][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.520176][ T6666] ? evm_protect_xattr+0x4d4/0xa90 [ 259.520203][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.520230][ T6666] ? rcu_is_watching+0x15/0xb0 [ 259.520264][ T6666] ? __pfx_evm_protect_xattr+0x10/0x10 [ 259.520291][ T6666] ? __pfx_xfs_xattr_set+0x10/0x10 [ 259.520318][ T6666] __vfs_setxattr+0x43c/0x480 [ 259.520368][ T6666] __vfs_setxattr_noperm+0x12d/0x660 [ 259.520410][ T6666] vfs_setxattr+0x16b/0x2f0 [ 259.520451][ T6666] ? __pfx_vfs_setxattr+0x10/0x10 [ 259.520481][ T6666] ? mnt_get_write_access+0x223/0x2a0 [ 259.520511][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.520545][ T6666] filename_setxattr+0x274/0x600 [ 259.520592][ T6666] ? __pfx_filename_setxattr+0x10/0x10 [ 259.520630][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.520657][ T6666] ? getname_flags+0x1e5/0x540 [ 259.520698][ T6666] path_setxattrat+0x364/0x3a0 [ 259.520734][ T6666] ? __pfx_path_setxattrat+0x10/0x10 [ 259.520799][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.520844][ T6666] ? rcu_is_watching+0x15/0xb0 [ 259.520880][ T6666] __x64_sys_lsetxattr+0xbf/0xe0 [ 259.520920][ T6666] do_syscall_64+0xfa/0x3b0 [pid 6688] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./17/file1") = 0 [pid 5873] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./17/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./17") = 0 [pid 5873] mkdir("./18", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 259.520944][ T6666] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.520981][ T6666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.521004][ T6666] ? srso_alias_return_thunk+0x5/0xfbef5 [ 259.521032][ T6666] ? exc_page_fault+0x9f/0xf0 [ 259.521071][ T6666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.521095][ T6666] RIP: 0033:0x7f3cdbf794f9 [ 259.521115][ T6666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 259.521136][ T6666] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 259.521166][ T6666] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 259.521185][ T6666] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 259.521203][ T6666] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 259.521219][ T6666] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 259.521236][ T6666] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 259.521274][ T6666] [ 259.521383][ T6666] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 259.638851][ T6664] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 259.807228][ T6666] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 259.929761][ T6664] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 259.942559][ T6666] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 259.964978][ T6664] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 260.035839][ T6686] loop3: detected capacity change from 0 to 32768 [ 260.110596][ T6688] loop1: detected capacity change from 0 to 32768 [ 260.129061][ T6686] XFS: noikeep mount option is deprecated. [ 260.137966][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.407241][ T6688] XFS: noikeep mount option is deprecated. [pid 5873] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./17/file1") = 0 [pid 5871] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./17/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./17") = 0 [pid 5871] mkdir("./18", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 260.467932][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.591366][ T6686] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.596252][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.601674][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.651419][ T6686] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 260.689453][ T6688] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 260.750703][ T6686] XFS (loop3): Starting recovery (logdev: internal) [ 260.905141][ T6688] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 261.003912][ T6686] XFS (loop3): Ending recovery (logdev: internal) [pid 5871] close(3 [pid 6686] <... mount resumed>) = 0 [pid 6686] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6686] chdir("./file1") = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... futex resumed>) = 0 [pid 6680] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = 1 [pid 6686] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6680] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6686] <... openat resumed>) = 4 [pid 6686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... futex resumed>) = 0 [pid 6680] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = 1 [pid 6686] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6680] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6686] <... pwritev2 resumed>) = 65007 [pid 5873] <... close resumed>) = 0 [pid 6686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6686] <... futex resumed>) = 1 [pid 6686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... futex resumed>) = 0 [pid 6680] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6708 ./strace-static-x86_64: Process 6708 attached [pid 6686] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = 1 [pid 6686] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6680] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] set_robust_list(0x55555d962760, 24) = 0 [pid 6708] chdir("./18") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [ 261.095315][ T6688] XFS (loop1): Starting recovery (logdev: internal) [ 261.111068][ T6686] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6708] write(1, "executing program\n", 18) = 18 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6708] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6709]}, 88) = 6709 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6708] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6709 attached ) = 0 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6709] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] <... mount resumed>) = 0 [pid 6688] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6688] <... openat resumed>) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6688] chdir("./file1" [pid 6709] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6688] <... chdir resumed>) = 0 [pid 6688] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6688] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6687] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6687] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6680] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6688] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6680] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6688] <... openat resumed>) = 4 [pid 6680] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6688] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] <... mprotect resumed>) = 0 [pid 6686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6680] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6680] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6687] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [ 261.144230][ T6688] XFS (loop1): Ending recovery (logdev: internal) [ 261.159163][ T6686] XFS (loop3): Unmount and run xfs_repair [pid 6680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6688] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6688] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6680] <... clone3 resumed> => {parent_tid=[6710]}, 88) = 6710 [pid 6680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6680] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6710 attached [pid 6710] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6710] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6710] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6688] <... pwritev2 resumed>) = 65007 [pid 6688] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6687] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 executing program [pid 6688] <... futex resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6688] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040./strace-static-x86_64: Process 6711 attached [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] set_robust_list(0x55555d962760, 24) = 0 [pid 6711] chdir("./18") = 0 [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6711] setpgid(0, 0) = 0 [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6711] write(3, "1000", 4) = 4 [pid 6711] close(3) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6711] write(1, "executing program\n", 18) = 18 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6711] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6712 attached => {parent_tid=[6712]}, 88) = 6712 [ 261.191498][ T6710] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 261.208735][ T6688] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 261.224874][ T6688] XFS (loop1): Unmount and run xfs_repair [pid 6711] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6711 [pid 6712] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6712] <... rseq resumed>) = 0 [pid 6711] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] set_robust_list(0x7f3cdbf259a0, 24 [pid 6711] <... futex resumed>) = 0 [pid 6712] <... set_robust_list resumed>) = 0 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6688] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6688] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 261.228513][ T6710] CPU: 0 UID: 0 PID: 6710 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 261.228546][ T6710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.228562][ T6710] Call Trace: [ 261.228573][ T6710] [ 261.228584][ T6710] dump_stack_lvl+0x189/0x250 [ 261.228620][ T6710] ? __pfx__xfs_alert_tag+0x10/0x10 [ 261.228658][ T6710] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.228692][ T6710] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 261.228739][ T6710] xfs_corruption_error+0x122/0x170 [ 261.228778][ T6710] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 6687] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] memfd_create("syzkaller", 0 [pid 6680] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6712] <... memfd_create resumed>) = 3 [pid 6687] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 261.228812][ T6710] xfs_alloc_fixup_trees+0x95e/0xd20 [ 261.228841][ T6710] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 261.228882][ T6710] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 261.228912][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.228941][ T6710] ? rcu_is_watching+0x15/0xb0 [ 261.228971][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229003][ T6710] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 261.229034][ T6710] ? rcu_is_watching+0x15/0xb0 [ 261.229073][ T6710] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 6709] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 261.229110][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229140][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229174][ T6710] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 261.229231][ T6710] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 261.229260][ T6710] ? xfs_group_grab+0x28/0x480 [ 261.229296][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229323][ T6710] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 261.229357][ T6710] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 261.229404][ T6710] xfs_alloc_vextent_start_ag+0x388/0x850 [ 261.229443][ T6710] xfs_bmapi_allocate+0x188e/0x2e00 [ 261.229506][ T6710] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 261.229539][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229588][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229615][ T6710] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 261.229639][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.229666][ T6710] ? xfs_iext_prev+0x35a/0x370 [ 261.229704][ T6710] ? xfs_iext_get_extent+0x1bb/0x370 [ 261.229734][ T6710] xfs_bmapi_write+0x7df/0x1260 [ 261.229793][ T6710] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 261.229869][ T6710] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 261.229910][ T6710] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 261.229940][ T6710] ? kasan_save_track+0x4f/0x80 [ 261.229966][ T6710] ? kasan_save_track+0x3e/0x80 [ 261.229990][ T6710] ? kasan_save_free_info+0x46/0x50 [ 261.230026][ T6710] ? kmem_cache_free+0x18f/0x400 [ 261.230054][ T6710] ? __xfs_trans_commit+0x3e0/0xbd0 [ 261.230079][ T6710] ? xfs_trans_roll+0x130/0x450 [ 261.230108][ T6710] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 261.230147][ T6710] xfs_attr_set_iter+0x2d4/0x4b70 [ 261.230181][ T6710] ? filename_setxattr+0x274/0x600 [ 261.230213][ T6710] ? path_setxattrat+0x364/0x3a0 [ 261.230235][ T6710] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 261.230289][ T6710] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 261.230345][ T6710] ? kasan_quarantine_put+0xdd/0x220 [ 261.230371][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.230401][ T6710] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.230441][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.230474][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.230502][ T6710] ? kmem_cache_free+0x18f/0x400 [ 261.230529][ T6710] ? __xfs_trans_commit+0x3e0/0xbd0 [ 261.230560][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.230588][ T6710] ? __xfs_trans_commit+0x4c7/0xbd0 [ 261.230614][ T6710] ? xfs_trans_dup+0xc3/0x5f0 [ 261.230651][ T6710] xfs_attr_finish_item+0xed/0x320 [ 261.230695][ T6710] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 261.230732][ T6710] xfs_defer_finish_one+0x5c8/0xcf0 [ 261.230790][ T6710] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 261.230838][ T6710] xfs_defer_finish_noroll+0x910/0x12d0 [ 261.230877][ T6710] ? xfs_trans_commit+0x10b/0x1c0 [ 261.230910][ T6710] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 261.230944][ T6710] ? inode_set_ctime_current+0x740/0xb40 [ 261.230991][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231019][ T6710] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 261.231060][ T6710] xfs_trans_commit+0x10b/0x1c0 [ 261.231091][ T6710] ? __pfx_xfs_trans_commit+0x10/0x10 [pid 6710] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6710] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] exit_group(0 [pid 6710] <... futex resumed>) = ? [pid 6680] <... exit_group resumed>) = ? [pid 6710] +++ exited with 0 +++ [ 261.231124][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231152][ T6710] ? xfs_trans_log_inode+0x12c/0x1a0 [ 261.231190][ T6710] xfs_attr_set+0xdc6/0x1210 [ 261.231239][ T6710] ? __pfx_xfs_attr_set+0x10/0x10 [ 261.231273][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231300][ T6710] ? __lock_acquire+0xab9/0xd20 [ 261.231336][ T6710] ? xfs_da_hashname+0x59d/0x740 [ 261.231368][ T6710] ? do_raw_spin_lock+0x121/0x290 [ 261.231410][ T6710] ? xfs_attr_change+0x2ac/0x390 [ 261.231444][ T6710] xfs_xattr_set+0x14d/0x250 [pid 6687] exit_group(0) = ? [pid 6712] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6686] <... futex resumed>) = ? [ 261.231476][ T6710] ? __pfx_xfs_xattr_set+0x10/0x10 [ 261.231520][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231548][ T6710] ? evm_protect_xattr+0x4d4/0xa90 [ 261.231574][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231601][ T6710] ? rcu_is_watching+0x15/0xb0 [ 261.231635][ T6710] ? __pfx_evm_protect_xattr+0x10/0x10 [ 261.231662][ T6710] ? __pfx_xfs_xattr_set+0x10/0x10 [ 261.231689][ T6710] __vfs_setxattr+0x43c/0x480 [ 261.231737][ T6710] __vfs_setxattr_noperm+0x12d/0x660 [ 261.231779][ T6710] vfs_setxattr+0x16b/0x2f0 [pid 6686] +++ exited with 0 +++ [pid 6680] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6680, si_uid=0, si_status=0, si_utime=0, si_stime=80 /* 0.80 s */} --- [pid 5874] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 261.231820][ T6710] ? __pfx_vfs_setxattr+0x10/0x10 [ 261.231849][ T6710] ? mnt_get_write_access+0x223/0x2a0 [ 261.231879][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.231912][ T6710] filename_setxattr+0x274/0x600 [ 261.231959][ T6710] ? __pfx_filename_setxattr+0x10/0x10 [ 261.231996][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.232023][ T6710] ? getname_flags+0x1e5/0x540 [ 261.232063][ T6710] path_setxattrat+0x364/0x3a0 [ 261.232107][ T6710] ? __pfx_path_setxattrat+0x10/0x10 [pid 5874] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6709] <... write resumed>) = 16777216 [ 261.232171][ T6710] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.232198][ T6710] ? rcu_is_watching+0x15/0xb0 [ 261.232235][ T6710] __x64_sys_lsetxattr+0xbf/0xe0 [ 261.232275][ T6710] do_syscall_64+0xfa/0x3b0 [ 261.232301][ T6710] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.232325][ T6710] ? __switch_to_asm+0x39/0x70 [ 261.232357][ T6710] ? __switch_to_asm+0x33/0x70 [ 261.232395][ T6710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.232419][ T6710] RIP: 0033:0x7f3cdbf794f9 [ 261.232441][ T6710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 261.232461][ T6710] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 261.232487][ T6710] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 261.232505][ T6710] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 261.232523][ T6710] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 6709] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 261.232539][ T6710] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 261.232556][ T6710] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 261.232595][ T6710] [ 261.238139][ T6710] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 261.281812][ T6688] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 261.318538][ T6710] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 261.320641][ T6688] CPU: 1 UID: 0 PID: 6688 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 261.320674][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.320690][ T6688] Call Trace: [ 261.320701][ T6688] [ 261.320712][ T6688] dump_stack_lvl+0x189/0x250 [ 261.320746][ T6688] ? __pfx__xfs_alert_tag+0x10/0x10 [ 261.320783][ T6688] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.320848][ T6688] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 261.320895][ T6688] xfs_corruption_error+0x122/0x170 [ 261.320934][ T6688] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 261.320968][ T6688] xfs_alloc_fixup_trees+0x95e/0xd20 [ 261.320997][ T6688] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 261.321037][ T6688] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 261.321068][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321096][ T6688] ? rcu_is_watching+0x15/0xb0 [ 261.321126][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321154][ T6688] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6709] ioctl(4, LOOP_SET_FD, 3 [pid 6688] <... lsetxattr resumed>) = ? [pid 6688] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ [pid 6712] <... write resumed>) = 16777216 [pid 6709] <... ioctl resumed>) = 0 [pid 6712] munmap(0x7f3cd3a00000, 138412032 [pid 6709] close(3) = 0 [pid 6709] close(4) = 0 [pid 6709] mkdir("./file1", 0777 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6687, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=110 /* 1.10 s */} --- [pid 6709] <... mkdir resumed>) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 261.321184][ T6688] ? rcu_is_watching+0x15/0xb0 [ 261.321223][ T6688] xfs_alloc_cur_finish+0xd3/0x4b0 [ 261.321252][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321282][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321315][ T6688] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 261.321372][ T6688] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 261.321401][ T6688] ? xfs_group_grab+0x28/0x480 [ 261.321436][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321464][ T6688] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6709] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6712] <... munmap resumed>) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 261.321497][ T6688] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 261.321544][ T6688] xfs_alloc_vextent_start_ag+0x388/0x850 [ 261.321583][ T6688] xfs_bmapi_allocate+0x188e/0x2e00 [ 261.321646][ T6688] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 261.321678][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321728][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321756][ T6688] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 261.321779][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.321806][ T6688] ? xfs_iext_prev+0x35a/0x370 [ 261.321852][ T6688] ? xfs_iext_get_extent+0x1bb/0x370 [ 261.321882][ T6688] xfs_bmapi_write+0x7df/0x1260 [ 261.321940][ T6688] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 261.322018][ T6688] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 261.322058][ T6688] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 261.322088][ T6688] ? kasan_save_track+0x4f/0x80 [ 261.322114][ T6688] ? kasan_save_track+0x3e/0x80 [ 261.322138][ T6688] ? kasan_save_free_info+0x46/0x50 [ 261.322174][ T6688] ? kmem_cache_free+0x18f/0x400 [ 261.322202][ T6688] ? __xfs_trans_commit+0x3e0/0xbd0 [ 261.322227][ T6688] ? xfs_trans_roll+0x130/0x450 [ 261.322250][ T6688] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 261.322288][ T6688] xfs_attr_set_iter+0x2d4/0x4b70 [ 261.322322][ T6688] ? filename_setxattr+0x274/0x600 [ 261.322355][ T6688] ? path_setxattrat+0x364/0x3a0 [ 261.322376][ T6688] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 261.322427][ T6688] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 261.322483][ T6688] ? kasan_quarantine_put+0xdd/0x220 [ 261.322508][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6712] close(3) = 0 [pid 6712] close(4) = 0 [pid 6712] mkdir("./file1", 0777) = 0 [ 261.322536][ T6688] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.322575][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.322609][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.322636][ T6688] ? kmem_cache_free+0x18f/0x400 [ 261.322663][ T6688] ? __xfs_trans_commit+0x3e0/0xbd0 [ 261.322694][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.322721][ T6688] ? __xfs_trans_commit+0x4c7/0xbd0 [ 261.322764][ T6688] xfs_attr_finish_item+0xed/0x320 [ 261.322804][ T6688] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 261.322845][ T6688] xfs_defer_finish_one+0x5c8/0xcf0 [ 261.322904][ T6688] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 261.322952][ T6688] xfs_defer_finish_noroll+0x910/0x12d0 [ 261.322990][ T6688] ? xfs_trans_commit+0x10b/0x1c0 [ 261.323022][ T6688] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 261.323055][ T6688] ? inode_set_ctime_current+0x740/0xb40 [ 261.323101][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.323128][ T6688] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 261.323168][ T6688] xfs_trans_commit+0x10b/0x1c0 [ 261.323193][ T6688] ? __pfx_xfs_trans_commit+0x10/0x10 [ 261.323225][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.323253][ T6688] ? xfs_trans_log_inode+0x12c/0x1a0 [ 261.323292][ T6688] xfs_attr_set+0xdc6/0x1210 [ 261.323340][ T6688] ? __pfx_xfs_attr_set+0x10/0x10 [ 261.323373][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.323400][ T6688] ? __lock_acquire+0xab9/0xd20 [ 261.323436][ T6688] ? xfs_da_hashname+0x59d/0x740 [ 261.323467][ T6688] ? do_raw_spin_lock+0x121/0x290 [ 261.323509][ T6688] ? xfs_attr_change+0x2ac/0x390 [ 261.323543][ T6688] xfs_xattr_set+0x14d/0x250 [ 261.323574][ T6688] ? __pfx_xfs_xattr_set+0x10/0x10 [ 261.323618][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.323646][ T6688] ? evm_protect_xattr+0x4d4/0xa90 [ 261.323673][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.323700][ T6688] ? rcu_is_watching+0x15/0xb0 [ 261.323733][ T6688] ? __pfx_evm_protect_xattr+0x10/0x10 [ 261.323761][ T6688] ? __pfx_xfs_xattr_set+0x10/0x10 [ 261.323788][ T6688] __vfs_setxattr+0x43c/0x480 [pid 6712] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 261.323845][ T6688] __vfs_setxattr_noperm+0x12d/0x660 [ 261.323888][ T6688] vfs_setxattr+0x16b/0x2f0 [ 261.323928][ T6688] ? __pfx_vfs_setxattr+0x10/0x10 [ 261.323958][ T6688] ? mnt_get_write_access+0x223/0x2a0 [ 261.323988][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.324022][ T6688] filename_setxattr+0x274/0x600 [ 261.324068][ T6688] ? __pfx_filename_setxattr+0x10/0x10 [ 261.324105][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.324133][ T6688] ? getname_flags+0x1e5/0x540 [ 261.324173][ T6688] path_setxattrat+0x364/0x3a0 [pid 5874] newfstatat(AT_FDCWD, "./18/file1", [pid 5872] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(AT_FDCWD, "./18/file1", [pid 5874] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] newfstatat(4, "", [pid 5872] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] getdents64(4, [pid 5872] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] <... openat resumed>) = 4 [pid 5874] getdents64(4, [pid 5872] newfstatat(4, "", [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] close(4 [pid 5872] getdents64(4, [pid 5874] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] rmdir("./18/file1" [pid 5872] getdents64(4, [pid 5874] <... rmdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 5874] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] rmdir("./18/file1" [pid 5874] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5872] <... rmdir resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./18/binderfs") = 0 [pid 5872] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] getdents64(3, [pid 5872] newfstatat(AT_FDCWD, "./18/binderfs", [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] close(3 [pid 5872] unlink("./18/binderfs" [pid 5874] <... close resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5874] rmdir("./18") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./18") = 0 [pid 5874] mkdir("./19", 0777) = 0 [ 261.324210][ T6688] ? __pfx_path_setxattrat+0x10/0x10 [ 261.324275][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.324302][ T6688] ? rcu_is_watching+0x15/0xb0 [ 261.324338][ T6688] __x64_sys_lsetxattr+0xbf/0xe0 [ 261.324377][ T6688] do_syscall_64+0xfa/0x3b0 [ 261.324401][ T6688] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.324438][ T6688] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.324461][ T6688] ? srso_alias_return_thunk+0x5/0xfbef5 [ 261.324488][ T6688] ? exc_page_fault+0x9f/0xf0 [pid 5872] mkdir("./19", 0777 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... mkdir resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 261.324527][ T6688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.324551][ T6688] RIP: 0033:0x7f3cdbf794f9 [ 261.324572][ T6688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 261.324593][ T6688] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 261.324619][ T6688] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 261.324637][ T6688] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 261.324656][ T6688] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 261.324672][ T6688] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 261.324688][ T6688] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 261.324726][ T6688] [ 261.324737][ T6688] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 261.325635][ T6710] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 261.404896][ T6688] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 261.907812][ T6709] loop2: detected capacity change from 0 to 32768 [ 261.909275][ T6688] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 261.918927][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 262.073903][ T6709] XFS: noikeep mount option is deprecated. [ 262.129724][ T6712] loop0: detected capacity change from 0 to 32768 [ 262.209010][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 262.268108][ T6712] XFS: noikeep mount option is deprecated. [ 262.406545][ T6709] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 262.498066][ T6712] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 262.762687][ T6709] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6728 attached [pid 6728] set_robust_list(0x55555d962760, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6728 [pid 6728] <... set_robust_list resumed>) = 0 [pid 6728] chdir("./19") = 0 [pid 6728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 262.806350][ T6709] XFS (loop2): Starting recovery (logdev: internal) [pid 6728] setpgid(0, 0) = 0 [pid 6728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6728] write(3, "1000", 4) = 4 [pid 6728] close(3) = 0 [pid 6728] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6728] write(1, "executing program\n", 18) = 18 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6728] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6731]}, 88) = 6731 ./strace-static-x86_64: Process 6731 attached [pid 6728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6728] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6731] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6731] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5874] <... close resumed>) = 0 [ 262.885482][ T6709] XFS (loop2): Ending recovery (logdev: internal) [ 262.910571][ T6712] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6732 ./strace-static-x86_64: Process 6732 attached [pid 6731] memfd_create("syzkaller", 0 [pid 6709] <... mount resumed>) = 0 [pid 6732] set_robust_list(0x55555d962760, 24 [pid 6709] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] chdir("./file1") = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6709] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... futex resumed>) = 0 [pid 6731] <... memfd_create resumed>) = 3 [pid 6708] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... set_robust_list resumed>) = 0 [pid 6731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6732] chdir("./19" [pid 6731] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... chdir resumed>) = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6709] <... openat resumed>) = 4 [pid 6732] <... prctl resumed>) = 0 [pid 6709] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] setpgid(0, 0) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 262.931698][ T6712] XFS (loop0): Starting recovery (logdev: internal) [pid 6709] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6709] <... pwritev2 resumed>) = 65007 [pid 6709] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6732] <... openat resumed>) = 3 [pid 6709] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] write(3, "1000", 4 [pid 6709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] <... futex resumed>) = 0 [pid 6732] <... write resumed>) = 4 [pid 6709] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] close(3) = 0 [pid 6712] <... mount resumed>) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs" [pid 6712] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6732] <... symlink resumed>) = 0 [pid 6712] <... openat resumed>) = 3 [pid 6712] chdir("./file1" [pid 6732] write(1, "executing program\n", 18executing program [pid 6712] <... chdir resumed>) = 0 [pid 6732] <... write resumed>) = 18 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6712] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6711] <... futex resumed>) = 0 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6712] <... openat resumed>) = 4 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6712] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6712] <... futex resumed>) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6732] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6712] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] <... mprotect resumed>) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6733 attached [pid 6733] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6732] <... clone3 resumed> => {parent_tid=[6733]}, 88) = 6733 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], [pid 6711] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6732] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] <... rseq resumed>) = 0 [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 0 [pid 6711] <... futex resumed>) = 1 [pid 6709] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6733] set_robust_list(0x7f3cdbf259a0, 24 [pid 6712] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... set_robust_list resumed>) = 0 [pid 6712] <... pwritev2 resumed>) = 65007 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], [pid 6712] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6712] <... futex resumed>) = 0 [pid 6711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6709] <... futex resumed>) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0 [pid 6712] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 262.959539][ T6712] XFS (loop0): Ending recovery (logdev: internal) [ 262.972850][ T6709] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 262.997244][ T6709] XFS (loop2): Unmount and run xfs_repair [pid 6711] <... futex resumed>) = 0 [pid 6709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] <... futex resumed>) = 0 [pid 6733] <... memfd_create resumed>) = 3 [pid 6712] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6708] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 263.017863][ T6712] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 263.032376][ T6709] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 263.042344][ T6712] XFS (loop0): Unmount and run xfs_repair [pid 6712] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6712] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 0 [ 263.056855][ T6709] CPU: 0 UID: 0 PID: 6709 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 263.056888][ T6709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.056904][ T6709] Call Trace: [ 263.056914][ T6709] [ 263.056924][ T6709] dump_stack_lvl+0x189/0x250 [ 263.056968][ T6709] ? __pfx__xfs_alert_tag+0x10/0x10 [ 263.057006][ T6709] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.057041][ T6709] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 263.057089][ T6709] xfs_corruption_error+0x122/0x170 [ 263.057129][ T6709] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 263.057164][ T6709] xfs_alloc_fixup_trees+0x95e/0xd20 [ 263.057193][ T6709] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 263.057235][ T6709] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 263.057266][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057296][ T6709] ? rcu_is_watching+0x15/0xb0 [ 263.057327][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057355][ T6709] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 263.057387][ T6709] ? rcu_is_watching+0x15/0xb0 [pid 6712] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6731] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 263.057427][ T6709] xfs_alloc_cur_finish+0xd3/0x4b0 [ 263.057457][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057488][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057523][ T6709] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 263.057580][ T6709] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 263.057611][ T6709] ? xfs_group_grab+0x28/0x480 [ 263.057648][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057676][ T6709] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 263.057711][ T6709] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 263.057759][ T6709] xfs_alloc_vextent_start_ag+0x388/0x850 [ 263.057799][ T6709] xfs_bmapi_allocate+0x188e/0x2e00 [ 263.057864][ T6709] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 263.057898][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057953][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.057982][ T6709] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 263.058006][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.058035][ T6709] ? xfs_iext_prev+0x35a/0x370 [ 263.058073][ T6709] ? xfs_iext_get_extent+0x1bb/0x370 [ 263.058105][ T6709] xfs_bmapi_write+0x7df/0x1260 [ 263.058165][ T6709] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 263.058244][ T6709] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 263.058287][ T6709] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 263.058318][ T6709] ? kasan_save_track+0x4f/0x80 [ 263.058344][ T6709] ? kasan_save_track+0x3e/0x80 [ 263.058371][ T6709] ? kasan_save_free_info+0x46/0x50 [ 263.058409][ T6709] ? kmem_cache_free+0x18f/0x400 [ 263.058438][ T6709] ? __xfs_trans_commit+0x3e0/0xbd0 [ 263.058465][ T6709] ? xfs_trans_roll+0x130/0x450 [pid 6733] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6709] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 263.058493][ T6709] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 263.058534][ T6709] xfs_attr_set_iter+0x2d4/0x4b70 [ 263.058569][ T6709] ? filename_setxattr+0x274/0x600 [ 263.058603][ T6709] ? path_setxattrat+0x364/0x3a0 [ 263.058625][ T6709] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 263.058678][ T6709] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 263.058736][ T6709] ? kasan_quarantine_put+0xdd/0x220 [ 263.058764][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.058793][ T6709] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6709] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 263.058836][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.058870][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.058899][ T6709] ? kmem_cache_free+0x18f/0x400 [ 263.058929][ T6709] ? __xfs_trans_commit+0x3e0/0xbd0 [ 263.058968][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.058996][ T6709] ? __xfs_trans_commit+0x4c7/0xbd0 [ 263.059040][ T6709] xfs_attr_finish_item+0xed/0x320 [ 263.059081][ T6709] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 263.059120][ T6709] xfs_defer_finish_one+0x5c8/0xcf0 [pid 6709] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] exit_group(0 [pid 6709] <... futex resumed>) = ? [pid 6708] <... exit_group resumed>) = ? [pid 6709] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=68 /* 0.68 s */} --- [ 263.059182][ T6709] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 263.059233][ T6709] xfs_defer_finish_noroll+0x910/0x12d0 [ 263.059274][ T6709] ? xfs_trans_commit+0x10b/0x1c0 [ 263.059306][ T6709] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 263.059341][ T6709] ? inode_set_ctime_current+0x740/0xb40 [ 263.059389][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.059419][ T6709] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 263.059461][ T6709] xfs_trans_commit+0x10b/0x1c0 [ 263.059488][ T6709] ? __pfx_xfs_trans_commit+0x10/0x10 [pid 5873] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 263.059521][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.059550][ T6709] ? xfs_trans_log_inode+0x12c/0x1a0 [ 263.059592][ T6709] xfs_attr_set+0xdc6/0x1210 [ 263.059642][ T6709] ? __pfx_xfs_attr_set+0x10/0x10 [ 263.059677][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.059707][ T6709] ? __lock_acquire+0xab9/0xd20 [ 263.059745][ T6709] ? xfs_da_hashname+0x59d/0x740 [ 263.059777][ T6709] ? do_raw_spin_lock+0x121/0x290 [ 263.059821][ T6709] ? xfs_attr_change+0x2ac/0x390 [ 263.059856][ T6709] xfs_xattr_set+0x14d/0x250 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6731] <... write resumed>) = 16777216 [ 263.059889][ T6709] ? __pfx_xfs_xattr_set+0x10/0x10 [ 263.059940][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.059970][ T6709] ? evm_protect_xattr+0x4d4/0xa90 [ 263.059997][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.060025][ T6709] ? rcu_is_watching+0x15/0xb0 [ 263.060058][ T6709] ? __pfx_evm_protect_xattr+0x10/0x10 [ 263.060087][ T6709] ? __pfx_xfs_xattr_set+0x10/0x10 [ 263.060114][ T6709] __vfs_setxattr+0x43c/0x480 [ 263.060165][ T6709] __vfs_setxattr_noperm+0x12d/0x660 [ 263.060209][ T6709] vfs_setxattr+0x16b/0x2f0 [pid 6731] munmap(0x7f3cd3a00000, 138412032 [pid 6711] exit_group(0) = ? [ 263.060252][ T6709] ? __pfx_vfs_setxattr+0x10/0x10 [ 263.060282][ T6709] ? mnt_get_write_access+0x223/0x2a0 [ 263.060314][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.060349][ T6709] filename_setxattr+0x274/0x600 [ 263.060397][ T6709] ? __pfx_filename_setxattr+0x10/0x10 [ 263.060436][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.060465][ T6709] ? getname_flags+0x1e5/0x540 [ 263.060508][ T6709] path_setxattrat+0x364/0x3a0 [ 263.060544][ T6709] ? __pfx_path_setxattrat+0x10/0x10 [pid 6731] <... munmap resumed>) = 0 [pid 6731] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 263.060612][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.060642][ T6709] ? rcu_is_watching+0x15/0xb0 [ 263.060680][ T6709] __x64_sys_lsetxattr+0xbf/0xe0 [ 263.060721][ T6709] do_syscall_64+0xfa/0x3b0 [ 263.060745][ T6709] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.060785][ T6709] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.060809][ T6709] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.060851][ T6709] ? exc_page_fault+0x9f/0xf0 [ 263.060892][ T6709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.060918][ T6709] RIP: 0033:0x7f3cdbf794f9 [pid 6731] ioctl(4, LOOP_SET_FD, 3 [pid 6733] <... write resumed>) = 16777216 [pid 6731] <... ioctl resumed>) = 0 [pid 6712] <... lsetxattr resumed>) = ? [pid 6733] munmap(0x7f3cd3a00000, 138412032 [pid 6731] close(3) = 0 [pid 6731] close(4) = 0 [pid 6731] mkdir("./file1", 0777) = 0 [ 263.060943][ T6709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 263.060965][ T6709] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 263.060992][ T6709] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 263.061011][ T6709] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 263.061030][ T6709] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 263.061047][ T6709] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 263.061064][ T6709] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 263.061104][ T6709] [ 263.061114][ T6709] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 263.089730][ T6712] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6731] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6733] <... munmap resumed>) = 0 [pid 6712] +++ exited with 0 +++ [pid 6711] +++ exited with 0 +++ [pid 6733] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6711, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=121 /* 1.21 s */} --- [pid 6733] <... openat resumed>) = 4 [pid 5871] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6733] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6733] <... ioctl resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6733] close(3) = 0 [pid 6733] close(4) = 0 [pid 6733] mkdir("./file1", 0777) = 0 [ 263.138169][ T6709] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 263.144491][ T6712] CPU: 1 UID: 0 PID: 6712 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 263.144521][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.144537][ T6712] Call Trace: [ 263.144547][ T6712] [ 263.144559][ T6712] dump_stack_lvl+0x189/0x250 [ 263.144591][ T6712] ? __pfx__xfs_alert_tag+0x10/0x10 [ 263.144629][ T6712] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.144664][ T6712] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 263.144711][ T6712] xfs_corruption_error+0x122/0x170 [ 263.144750][ T6712] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 263.144785][ T6712] xfs_alloc_fixup_trees+0x95e/0xd20 [ 263.144814][ T6712] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 263.144856][ T6712] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 263.144887][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.144915][ T6712] ? rcu_is_watching+0x15/0xb0 [ 263.144945][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.144973][ T6712] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 263.145005][ T6712] ? rcu_is_watching+0x15/0xb0 [ 263.145045][ T6712] xfs_alloc_cur_finish+0xd3/0x4b0 [ 263.145074][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145105][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145140][ T6712] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 263.145202][ T6712] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 263.145232][ T6712] ? xfs_group_grab+0x28/0x480 [ 263.145269][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145297][ T6712] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 263.145330][ T6712] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 263.145379][ T6712] xfs_alloc_vextent_start_ag+0x388/0x850 [ 263.145418][ T6712] xfs_bmapi_allocate+0x188e/0x2e00 [ 263.145482][ T6712] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 263.145514][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145568][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145596][ T6712] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 263.145619][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.145646][ T6712] ? xfs_iext_prev+0x35a/0x370 [ 263.145684][ T6712] ? xfs_iext_get_extent+0x1bb/0x370 [ 263.145715][ T6712] xfs_bmapi_write+0x7df/0x1260 [ 263.145774][ T6712] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 263.145852][ T6712] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 263.145892][ T6712] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 263.145922][ T6712] ? kasan_save_track+0x4f/0x80 [ 263.145948][ T6712] ? kasan_save_track+0x3e/0x80 [ 263.145972][ T6712] ? kasan_save_free_info+0x46/0x50 [ 263.146009][ T6712] ? kmem_cache_free+0x18f/0x400 [ 263.146036][ T6712] ? __xfs_trans_commit+0x3e0/0xbd0 [ 263.146061][ T6712] ? xfs_trans_roll+0x130/0x450 [ 263.146084][ T6712] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 263.146123][ T6712] xfs_attr_set_iter+0x2d4/0x4b70 [ 263.146157][ T6712] ? filename_setxattr+0x274/0x600 [ 263.146194][ T6712] ? path_setxattrat+0x364/0x3a0 [ 263.146216][ T6712] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 263.146267][ T6712] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 263.146323][ T6712] ? kasan_quarantine_put+0xdd/0x220 [ 263.146349][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.146376][ T6712] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.146415][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.146449][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.146477][ T6712] ? kmem_cache_free+0x18f/0x400 [ 263.146504][ T6712] ? __xfs_trans_commit+0x3e0/0xbd0 [ 263.146535][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.146563][ T6712] ? __xfs_trans_commit+0x4c7/0xbd0 [ 263.146589][ T6712] ? xfs_trans_dup+0xc3/0x5f0 [ 263.146628][ T6712] xfs_attr_finish_item+0xed/0x320 [ 263.146667][ T6712] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 263.146704][ T6712] xfs_defer_finish_one+0x5c8/0xcf0 [ 263.146763][ T6712] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 263.146812][ T6712] xfs_defer_finish_noroll+0x910/0x12d0 [ 263.146851][ T6712] ? xfs_trans_commit+0x10b/0x1c0 [ 263.146882][ T6712] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 263.146915][ T6712] ? inode_set_ctime_current+0x740/0xb40 [pid 6733] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./18/file1") = 0 [pid 5873] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./18/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./18") = 0 [pid 5873] mkdir("./19", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 263.146962][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.146989][ T6712] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 263.147029][ T6712] xfs_trans_commit+0x10b/0x1c0 [ 263.147055][ T6712] ? __pfx_xfs_trans_commit+0x10/0x10 [ 263.147087][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147115][ T6712] ? xfs_trans_log_inode+0x12c/0x1a0 [ 263.147154][ T6712] xfs_attr_set+0xdc6/0x1210 [ 263.147206][ T6712] ? __pfx_xfs_attr_set+0x10/0x10 [ 263.147240][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147267][ T6712] ? __lock_acquire+0xab9/0xd20 [ 263.147303][ T6712] ? xfs_da_hashname+0x59d/0x740 [ 263.147335][ T6712] ? do_raw_spin_lock+0x121/0x290 [ 263.147377][ T6712] ? xfs_attr_change+0x2ac/0x390 [ 263.147411][ T6712] xfs_xattr_set+0x14d/0x250 [ 263.147442][ T6712] ? __pfx_xfs_xattr_set+0x10/0x10 [ 263.147487][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147514][ T6712] ? evm_protect_xattr+0x4d4/0xa90 [ 263.147541][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147569][ T6712] ? rcu_is_watching+0x15/0xb0 [ 263.147602][ T6712] ? __pfx_evm_protect_xattr+0x10/0x10 [ 263.147630][ T6712] ? __pfx_xfs_xattr_set+0x10/0x10 [ 263.147657][ T6712] __vfs_setxattr+0x43c/0x480 [ 263.147705][ T6712] __vfs_setxattr_noperm+0x12d/0x660 [ 263.147748][ T6712] vfs_setxattr+0x16b/0x2f0 [ 263.147789][ T6712] ? __pfx_vfs_setxattr+0x10/0x10 [ 263.147819][ T6712] ? mnt_get_write_access+0x223/0x2a0 [ 263.147849][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147883][ T6712] filename_setxattr+0x274/0x600 [pid 5873] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./18/file1") = 0 [pid 5871] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./18/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./18") = 0 [pid 5871] mkdir("./19", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 263.147928][ T6712] ? __pfx_filename_setxattr+0x10/0x10 [ 263.147966][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.147994][ T6712] ? getname_flags+0x1e5/0x540 [ 263.148034][ T6712] path_setxattrat+0x364/0x3a0 [ 263.148070][ T6712] ? __pfx_path_setxattrat+0x10/0x10 [ 263.148135][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.148163][ T6712] ? rcu_is_watching+0x15/0xb0 [ 263.148204][ T6712] __x64_sys_lsetxattr+0xbf/0xe0 [ 263.148244][ T6712] do_syscall_64+0xfa/0x3b0 [ 263.148268][ T6712] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.148305][ T6712] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.148329][ T6712] ? srso_alias_return_thunk+0x5/0xfbef5 [ 263.148357][ T6712] ? exc_page_fault+0x9f/0xf0 [ 263.148399][ T6712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.148423][ T6712] RIP: 0033:0x7f3cdbf794f9 [ 263.148444][ T6712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 263.148465][ T6712] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 263.148489][ T6712] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 263.148508][ T6712] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 263.148525][ T6712] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 263.148542][ T6712] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 263.148558][ T6712] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 263.148597][ T6712] [ 263.148978][ T6712] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 263.188621][ T6709] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 263.257718][ T6712] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 263.642551][ T6731] loop1: detected capacity change from 0 to 32768 [ 263.644316][ T6712] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 263.652265][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 263.709179][ T6731] XFS: noikeep mount option is deprecated. [ 263.778611][ T6733] loop3: detected capacity change from 0 to 32768 [ 263.811414][ T6733] XFS: noikeep mount option is deprecated. [ 263.871327][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 264.174055][ T6731] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 264.219641][ T6733] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] close(3 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6750 attached [pid 6750] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6750 [pid 6750] <... set_robust_list resumed>) = 0 [pid 6750] chdir("./19") = 0 [pid 6750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6750] setpgid(0, 0) = 0 [pid 6750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6750] write(3, "1000", 4) = 4 [pid 6750] close(3) = 0 [pid 6750] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6750] write(1, "executing program\n", 18) = 18 [ 264.376353][ T6731] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6750] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6750] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6751 attached => {parent_tid=[6751]}, 88) = 6751 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6750] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6750] <... futex resumed>) = 0 [pid 6751] set_robust_list(0x7f3cdbf259a0, 24 [ 264.637824][ T6731] XFS (loop1): Starting recovery (logdev: internal) [ 264.654207][ T6733] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 264.667273][ T6731] XFS (loop1): Ending recovery (logdev: internal) [ 264.673706][ T6733] XFS (loop3): Starting recovery (logdev: internal) [pid 6750] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6751] <... set_robust_list resumed>) = 0 [pid 6751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6751] memfd_create("syzkaller", 0 [pid 6733] <... mount resumed>) = 0 [pid 6751] <... memfd_create resumed>) = 3 [pid 6733] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6733] <... openat resumed>) = 3 [pid 6731] <... mount resumed>) = 0 [pid 6731] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6731] chdir("./file1") = 0 [pid 6731] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6731] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] chdir("./file1") = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6733] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] <... futex resumed>) = 0 [pid 6733] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... futex resumed>) = 1 [ 264.686503][ T6733] XFS (loop3): Ending recovery (logdev: internal) [pid 6731] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] <... futex resumed>) = 0 [pid 6733] <... openat resumed>) = 4 [pid 6733] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] <... futex resumed>) = 0 [pid 6733] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6728] <... futex resumed>) = 1 [pid 6731] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... openat resumed>) = 4 [pid 6731] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... pwritev2 resumed>) = 65007 [pid 6731] <... futex resumed>) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6733] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6731] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6728] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] <... futex resumed>) = 0 [pid 6733] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... pwritev2 resumed>) = 65007 [pid 6731] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6752 ./strace-static-x86_64: Process 6752 attached [pid 6733] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6752] set_robust_list(0x55555d962760, 24 [pid 6733] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... set_robust_list resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6752] chdir("./19" [pid 6733] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... chdir resumed>) = 0 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6733] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6732] <... futex resumed>) = 0 [ 264.740319][ T6733] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 264.747150][ T6731] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 264.765313][ T6733] XFS (loop3): Unmount and run xfs_repair [ 264.772149][ T6731] XFS (loop1): Unmount and run xfs_repair [pid 6732] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6752] <... prctl resumed>) = 0 [pid 6731] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6728] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... futex resumed>) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [ 264.786727][ T6733] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 264.800752][ T6733] CPU: 1 UID: 0 PID: 6733 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 264.800783][ T6733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.800800][ T6733] Call Trace: [ 264.800810][ T6733] [ 264.800821][ T6733] dump_stack_lvl+0x189/0x250 [pid 6731] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0executing program [pid 6752] setpgid(0, 0 [pid 6751] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6752] <... setpgid resumed>) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6732] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] <... openat resumed>) = 3 [pid 6752] write(3, "1000", 4) = 4 [pid 6752] close(3) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6752] write(1, "executing program\n", 18) = 18 [pid 6752] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6752] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6753 attached [pid 6753] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6753] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6753] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... clone3 resumed> => {parent_tid=[6753]}, 88) = 6753 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] <... futex resumed>) = 1 [pid 6752] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] <... futex resumed>) = 0 [pid 6753] memfd_create("syzkaller", 0) = 3 [ 264.800881][ T6733] ? __pfx__xfs_alert_tag+0x10/0x10 [ 264.800919][ T6733] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.800953][ T6733] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 264.801001][ T6733] xfs_corruption_error+0x122/0x170 [ 264.801040][ T6733] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 264.801074][ T6733] xfs_alloc_fixup_trees+0x95e/0xd20 [ 264.801103][ T6733] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 264.801152][ T6733] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 264.801184][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 264.801213][ T6733] ? rcu_is_watching+0x15/0xb0 [ 264.801242][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801270][ T6733] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 264.801302][ T6733] ? rcu_is_watching+0x15/0xb0 [ 264.801340][ T6733] xfs_alloc_cur_finish+0xd3/0x4b0 [ 264.801369][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801400][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801434][ T6733] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 264.801491][ T6733] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 264.801520][ T6733] ? xfs_group_grab+0x28/0x480 [ 264.801557][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801585][ T6733] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 264.801619][ T6733] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 264.801666][ T6733] xfs_alloc_vextent_start_ag+0x388/0x850 [ 264.801704][ T6733] xfs_bmapi_allocate+0x188e/0x2e00 [ 264.801768][ T6733] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 264.801801][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801851][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801879][ T6733] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 264.801903][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.801930][ T6733] ? xfs_iext_prev+0x35a/0x370 [ 264.801968][ T6733] ? xfs_iext_get_extent+0x1bb/0x370 [ 264.801999][ T6733] xfs_bmapi_write+0x7df/0x1260 [ 264.802057][ T6733] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 264.802140][ T6733] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 264.802181][ T6733] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 264.802211][ T6733] ? kasan_save_track+0x4f/0x80 [ 264.802237][ T6733] ? kasan_save_track+0x3e/0x80 [pid 6733] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6733] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 264.802261][ T6733] ? kasan_save_free_info+0x46/0x50 [ 264.802298][ T6733] ? kmem_cache_free+0x18f/0x400 [ 264.802326][ T6733] ? __xfs_trans_commit+0x3e0/0xbd0 [ 264.802352][ T6733] ? xfs_trans_roll+0x130/0x450 [ 264.802375][ T6733] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 264.802415][ T6733] xfs_attr_set_iter+0x2d4/0x4b70 [ 264.802449][ T6733] ? filename_setxattr+0x274/0x600 [ 264.802482][ T6733] ? path_setxattrat+0x364/0x3a0 [ 264.802504][ T6733] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 264.802556][ T6733] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 264.802612][ T6733] ? kasan_quarantine_put+0xdd/0x220 [ 264.802638][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.802666][ T6733] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.802706][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.802740][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.802768][ T6733] ? kmem_cache_free+0x18f/0x400 [ 264.802796][ T6733] ? __xfs_trans_commit+0x3e0/0xbd0 [ 264.802827][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.802855][ T6733] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 6733] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 264.802898][ T6733] xfs_attr_finish_item+0xed/0x320 [ 264.802938][ T6733] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 264.802975][ T6733] xfs_defer_finish_one+0x5c8/0xcf0 [ 264.803035][ T6733] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 264.803083][ T6733] xfs_defer_finish_noroll+0x910/0x12d0 [ 264.803122][ T6733] ? xfs_trans_commit+0x10b/0x1c0 [ 264.803157][ T6733] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 264.803191][ T6733] ? inode_set_ctime_current+0x740/0xb40 [ 264.803238][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6753] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6728] exit_group(0) = ? [ 264.803266][ T6733] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 264.803306][ T6733] xfs_trans_commit+0x10b/0x1c0 [ 264.803331][ T6733] ? __pfx_xfs_trans_commit+0x10/0x10 [ 264.803363][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.803390][ T6733] ? xfs_trans_log_inode+0x12c/0x1a0 [ 264.803431][ T6733] xfs_attr_set+0xdc6/0x1210 [ 264.803479][ T6733] ? __pfx_xfs_attr_set+0x10/0x10 [ 264.803513][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.803541][ T6733] ? __lock_acquire+0xab9/0xd20 [ 264.803576][ T6733] ? xfs_da_hashname+0x59d/0x740 [ 264.803608][ T6733] ? do_raw_spin_lock+0x121/0x290 [ 264.803650][ T6733] ? xfs_attr_change+0x2ac/0x390 [ 264.803684][ T6733] xfs_xattr_set+0x14d/0x250 [ 264.803715][ T6733] ? __pfx_xfs_xattr_set+0x10/0x10 [ 264.803760][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.803788][ T6733] ? evm_protect_xattr+0x4d4/0xa90 [ 264.803814][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.803842][ T6733] ? rcu_is_watching+0x15/0xb0 [ 264.803875][ T6733] ? __pfx_evm_protect_xattr+0x10/0x10 [ 264.803903][ T6733] ? __pfx_xfs_xattr_set+0x10/0x10 [ 264.803930][ T6733] __vfs_setxattr+0x43c/0x480 [ 264.803978][ T6733] __vfs_setxattr_noperm+0x12d/0x660 [ 264.804021][ T6733] vfs_setxattr+0x16b/0x2f0 [ 264.804062][ T6733] ? __pfx_vfs_setxattr+0x10/0x10 [ 264.804091][ T6733] ? mnt_get_write_access+0x223/0x2a0 [ 264.804121][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.804158][ T6733] filename_setxattr+0x274/0x600 [ 264.804205][ T6733] ? __pfx_filename_setxattr+0x10/0x10 [ 264.804243][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6751] <... write resumed>) = 16777216 [ 264.804271][ T6733] ? getname_flags+0x1e5/0x540 [ 264.804311][ T6733] path_setxattrat+0x364/0x3a0 [ 264.804347][ T6733] ? __pfx_path_setxattrat+0x10/0x10 [ 264.804412][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.804440][ T6733] ? rcu_is_watching+0x15/0xb0 [ 264.804475][ T6733] __x64_sys_lsetxattr+0xbf/0xe0 [ 264.804516][ T6733] do_syscall_64+0xfa/0x3b0 [ 264.804539][ T6733] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.804577][ T6733] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.804600][ T6733] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.804628][ T6733] ? exc_page_fault+0x9f/0xf0 [ 264.804667][ T6733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.804691][ T6733] RIP: 0033:0x7f3cdbf794f9 [ 264.804712][ T6733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 264.804733][ T6733] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 264.804758][ T6733] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 264.804777][ T6733] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 264.804795][ T6733] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 264.804812][ T6733] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 264.804828][ T6733] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 264.804866][ T6733] [ 264.804876][ T6733] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 6751] munmap(0x7f3cd3a00000, 138412032) = 0 [ 264.812043][ T6731] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 264.972572][ T6733] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 264.979690][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 264.979722][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.979738][ T6731] Call Trace: [ 264.979748][ T6731] [pid 6732] exit_group(0) = ? [pid 6733] <... futex resumed>) = ? [pid 6751] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6733] +++ exited with 0 +++ [pid 6732] +++ exited with 0 +++ [pid 6751] <... openat resumed>) = 4 [pid 6751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6751] close(3) = 0 [pid 6751] close(4) = 0 [pid 6751] mkdir("./file1", 0777) = 0 [ 264.979759][ T6731] dump_stack_lvl+0x189/0x250 [ 264.979793][ T6731] ? __pfx__xfs_alert_tag+0x10/0x10 [ 264.979831][ T6731] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.979865][ T6731] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 264.979917][ T6731] xfs_corruption_error+0x122/0x170 [ 264.979956][ T6731] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 264.979991][ T6731] xfs_alloc_fixup_trees+0x95e/0xd20 [ 264.980019][ T6731] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 264.980060][ T6731] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 264.980090][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980117][ T6731] ? rcu_is_watching+0x15/0xb0 [ 264.980147][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980175][ T6731] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 264.980206][ T6731] ? rcu_is_watching+0x15/0xb0 [ 264.980244][ T6731] xfs_alloc_cur_finish+0xd3/0x4b0 [ 264.980274][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980303][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980336][ T6731] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6751] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6753] <... write resumed>) = 16777216 [pid 6731] <... lsetxattr resumed>) = ? [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=63 /* 0.63 s */} --- [pid 6753] munmap(0x7f3cd3a00000, 138412032 [pid 5874] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 264.980393][ T6731] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 264.980422][ T6731] ? xfs_group_grab+0x28/0x480 [ 264.980458][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980486][ T6731] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 264.980518][ T6731] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 264.980566][ T6731] xfs_alloc_vextent_start_ag+0x388/0x850 [ 264.980605][ T6731] xfs_bmapi_allocate+0x188e/0x2e00 [ 264.980669][ T6731] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 264.980701][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6731] +++ exited with 0 +++ [pid 6728] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6728, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=135 /* 1.35 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6753] <... munmap resumed>) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 264.980750][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980778][ T6731] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 264.980801][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.980847][ T6731] ? xfs_iext_prev+0x35a/0x370 [ 264.980890][ T6731] ? xfs_iext_get_extent+0x1bb/0x370 [ 264.980921][ T6731] xfs_bmapi_write+0x7df/0x1260 [ 264.980980][ T6731] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 264.981057][ T6731] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 6753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6753] close(3) = 0 [pid 6753] close(4) = 0 [pid 6753] mkdir("./file1", 0777) = 0 [ 264.981098][ T6731] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 264.981128][ T6731] ? kasan_save_track+0x4f/0x80 [ 264.981153][ T6731] ? kasan_save_track+0x3e/0x80 [ 264.981177][ T6731] ? kasan_save_free_info+0x46/0x50 [ 264.981214][ T6731] ? kmem_cache_free+0x18f/0x400 [ 264.981242][ T6731] ? __xfs_trans_commit+0x3e0/0xbd0 [ 264.981266][ T6731] ? xfs_trans_roll+0x130/0x450 [ 264.981289][ T6731] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 264.981329][ T6731] xfs_attr_set_iter+0x2d4/0x4b70 [ 264.981362][ T6731] ? filename_setxattr+0x274/0x600 [ 264.981395][ T6731] ? path_setxattrat+0x364/0x3a0 [ 264.981416][ T6731] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 264.981467][ T6731] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 264.981523][ T6731] ? kasan_quarantine_put+0xdd/0x220 [ 264.981548][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.981576][ T6731] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.981617][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.981650][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.981677][ T6731] ? kmem_cache_free+0x18f/0x400 [ 264.981705][ T6731] ? __xfs_trans_commit+0x3e0/0xbd0 [ 264.981736][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.981763][ T6731] ? __xfs_trans_commit+0x4c7/0xbd0 [ 264.981789][ T6731] ? xfs_trans_dup+0xc3/0x5f0 [ 264.981828][ T6731] xfs_attr_finish_item+0xed/0x320 [ 264.981867][ T6731] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 264.981907][ T6731] xfs_defer_finish_one+0x5c8/0xcf0 [ 264.981966][ T6731] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 264.982014][ T6731] xfs_defer_finish_noroll+0x910/0x12d0 [pid 6753] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 264.982054][ T6731] ? xfs_trans_commit+0x10b/0x1c0 [ 264.982087][ T6731] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 264.982123][ T6731] ? inode_set_ctime_current+0x740/0xb40 [ 264.982170][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.982198][ T6731] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 264.982238][ T6731] xfs_trans_commit+0x10b/0x1c0 [ 264.982263][ T6731] ? __pfx_xfs_trans_commit+0x10/0x10 [ 264.982295][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.982323][ T6731] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5874] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./19/file1") = 0 [pid 5874] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./19/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./19") = 0 [pid 5874] mkdir("./20", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 264.982362][ T6731] xfs_attr_set+0xdc6/0x1210 [ 264.982410][ T6731] ? __pfx_xfs_attr_set+0x10/0x10 [ 264.982443][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.982471][ T6731] ? __lock_acquire+0xab9/0xd20 [ 264.982507][ T6731] ? xfs_da_hashname+0x59d/0x740 [ 264.982538][ T6731] ? do_raw_spin_lock+0x121/0x290 [ 264.982580][ T6731] ? xfs_attr_change+0x2ac/0x390 [ 264.982614][ T6731] xfs_xattr_set+0x14d/0x250 [ 264.982646][ T6731] ? __pfx_xfs_xattr_set+0x10/0x10 [ 264.982690][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.982717][ T6731] ? evm_protect_xattr+0x4d4/0xa90 [ 264.982743][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.982771][ T6731] ? rcu_is_watching+0x15/0xb0 [ 264.982804][ T6731] ? __pfx_evm_protect_xattr+0x10/0x10 [ 264.982832][ T6731] ? __pfx_xfs_xattr_set+0x10/0x10 [ 264.982859][ T6731] __vfs_setxattr+0x43c/0x480 [ 264.982911][ T6731] __vfs_setxattr_noperm+0x12d/0x660 [ 264.982953][ T6731] vfs_setxattr+0x16b/0x2f0 [ 264.982994][ T6731] ? __pfx_vfs_setxattr+0x10/0x10 [ 264.983024][ T6731] ? mnt_get_write_access+0x223/0x2a0 [ 264.983054][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.983087][ T6731] filename_setxattr+0x274/0x600 [ 264.983133][ T6731] ? __pfx_filename_setxattr+0x10/0x10 [ 264.983171][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.983198][ T6731] ? getname_flags+0x1e5/0x540 [ 264.983239][ T6731] path_setxattrat+0x364/0x3a0 [ 264.983275][ T6731] ? __pfx_path_setxattrat+0x10/0x10 [ 264.983339][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.983366][ T6731] ? rcu_is_watching+0x15/0xb0 [ 264.983401][ T6731] __x64_sys_lsetxattr+0xbf/0xe0 [ 264.983440][ T6731] do_syscall_64+0xfa/0x3b0 [ 264.983464][ T6731] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.983501][ T6731] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.983524][ T6731] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.983551][ T6731] ? exc_page_fault+0x9f/0xf0 [ 264.983591][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.983615][ T6731] RIP: 0033:0x7f3cdbf794f9 [pid 5874] close(3 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 5874] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6767 attached [ 264.983636][ T6731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 264.983657][ T6731] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 264.983682][ T6731] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 264.983701][ T6731] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 264.983718][ T6731] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 6767] set_robust_list(0x55555d962760, 24) = 0 [pid 6767] chdir("./20") = 0 [pid 6767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6767] setpgid(0, 0) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6767 [pid 6767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6767] write(3, "1000", 4) = 4 [pid 6767] close(3) = 0 [pid 6767] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6767] write(1, "executing program\n", 18) = 18 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6767] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6767] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6770]}, 88) = 6770 [pid 6767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [ 264.983734][ T6731] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 264.983751][ T6731] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 264.983789][ T6731] [ 264.983839][ T6731] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 265.036841][ T6733] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 265.041877][ T6731] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 5872] rmdir("./19/file1") = 0 [pid 5872] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./19/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./19") = 0 [pid 5872] mkdir("./20", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 265.526016][ T6751] loop2: detected capacity change from 0 to 32768 [ 265.527618][ T6731] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 265.551631][ T6751] XFS: noikeep mount option is deprecated. [ 265.743943][ T6753] loop0: detected capacity change from 0 to 32768 [ 265.749896][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 265.785240][ T6753] XFS: noikeep mount option is deprecated. [ 265.789392][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6770 attached ) = 0 [pid 6770] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5872] close(3 [pid 6770] <... rseq resumed>) = 0 [pid 6770] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6770] memfd_create("syzkaller", 0) = 3 [ 265.823373][ T6751] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 265.926327][ T6753] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 266.080906][ T6751] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 266.299115][ T6753] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 266.312378][ T6751] XFS (loop2): Starting recovery (logdev: internal) [pid 6770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6751] <... mount resumed>) = 0 [pid 6751] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6751] chdir("./file1") = 0 [ 266.368826][ T6753] XFS (loop0): Starting recovery (logdev: internal) [ 266.403208][ T6751] XFS (loop2): Ending recovery (logdev: internal) [pid 6751] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6751] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6751] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6750] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... openat resumed>) = 4 [pid 6751] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6753] <... mount resumed>) = 0 [pid 6753] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6753] chdir("./file1") = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6753] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6752] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6753] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6753] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6752] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... pwritev2 resumed>) = 65007 [pid 6751] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 266.437378][ T6753] XFS (loop0): Ending recovery (logdev: internal) [pid 6750] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... pwritev2 resumed>) = 65007 [pid 6751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6751] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6752] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6750] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6750] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6750] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6772]}, 88) = 6772 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6750] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6772 attached [pid 6751] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6772] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6751] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6772] set_robust_list(0x7f3cdbf049a0, 24 [pid 6770] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6772] <... set_robust_list resumed>) = 0 [pid 6772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 266.485425][ T6751] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 266.485441][ T6753] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 266.485486][ T6753] XFS (loop0): Unmount and run xfs_repair [ 266.515636][ T6751] XFS (loop2): Unmount and run xfs_repair [pid 6772] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6753] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6752] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6753] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6753] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6750] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] <... clone3 resumed> => {parent_tid=[6773]}, 88) = 6773 ./strace-static-x86_64: Process 6773 attached [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6773] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6773] <... rseq resumed>) = 0 [pid 6773] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6773] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6752] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 266.560468][ T6772] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 266.597929][ T6772] CPU: 1 UID: 0 PID: 6772 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 266.597967][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.597982][ T6772] Call Trace: [ 266.597993][ T6772] [ 266.598003][ T6772] dump_stack_lvl+0x189/0x250 [ 266.598039][ T6772] ? __pfx__xfs_alert_tag+0x10/0x10 [ 266.598077][ T6772] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.598119][ T6772] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 266.598166][ T6772] xfs_corruption_error+0x122/0x170 [ 266.598206][ T6772] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 266.598241][ T6772] xfs_alloc_fixup_trees+0x95e/0xd20 [ 266.598269][ T6772] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 266.598301][ T6773] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 266.598315][ T6772] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 266.598345][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.598372][ T6772] ? rcu_is_watching+0x15/0xb0 [ 266.598398][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.598423][ T6772] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6773] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 266.598455][ T6772] ? rcu_is_watching+0x15/0xb0 [ 266.598494][ T6772] xfs_alloc_cur_finish+0xd3/0x4b0 [ 266.598526][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.598556][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.598590][ T6772] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 266.598647][ T6772] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 266.598676][ T6772] ? xfs_group_grab+0x28/0x480 [ 266.598712][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.598739][ T6772] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 266.598773][ T6772] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 266.598820][ T6772] xfs_alloc_vextent_start_ag+0x388/0x850 [ 266.598858][ T6772] xfs_bmapi_allocate+0x188e/0x2e00 [ 266.598921][ T6772] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 266.598953][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599003][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599030][ T6772] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 266.599054][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599081][ T6772] ? xfs_iext_prev+0x35a/0x370 [pid 5872] <... close resumed>) = 0 [ 266.599123][ T6772] ? xfs_iext_get_extent+0x1bb/0x370 [ 266.599154][ T6772] xfs_bmapi_write+0x7df/0x1260 [ 266.599212][ T6772] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 266.599290][ T6772] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 266.599331][ T6772] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 266.599361][ T6772] ? kasan_save_track+0x4f/0x80 [ 266.599386][ T6772] ? kasan_save_track+0x3e/0x80 [ 266.599410][ T6772] ? kasan_save_free_info+0x46/0x50 [ 266.599446][ T6772] ? kmem_cache_free+0x18f/0x400 [pid 6772] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6770] <... write resumed>) = 16777216 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6772] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [ 266.599475][ T6772] ? __xfs_trans_commit+0x3e0/0xbd0 [ 266.599500][ T6772] ? xfs_trans_roll+0x130/0x450 [ 266.599523][ T6772] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 266.599562][ T6772] xfs_attr_set_iter+0x2d4/0x4b70 [ 266.599596][ T6772] ? filename_setxattr+0x274/0x600 [ 266.599629][ T6772] ? path_setxattrat+0x364/0x3a0 [ 266.599651][ T6772] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 266.599702][ T6772] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 266.599758][ T6772] ? kasan_quarantine_put+0xdd/0x220 [ 266.599784][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6770] munmap(0x7f3cd3a00000, 138412032 [pid 6750] exit_group(0 [pid 6772] <... futex resumed>) = ? [pid 6751] <... futex resumed>) = ? [pid 6750] <... exit_group resumed>) = ? [pid 6772] +++ exited with 0 +++ [pid 6751] +++ exited with 0 +++ [pid 6750] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6750, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=107 /* 1.07 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 266.599812][ T6772] ? lockdep_hardirqs_on+0x9c/0x150 [ 266.599851][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599885][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599912][ T6772] ? kmem_cache_free+0x18f/0x400 [ 266.599940][ T6772] ? __xfs_trans_commit+0x3e0/0xbd0 [ 266.599971][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.599998][ T6772] ? __xfs_trans_commit+0x4c7/0xbd0 [ 266.600045][ T6772] xfs_attr_finish_item+0xed/0x320 [ 266.600084][ T6772] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 5873] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6770] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6774 attached [pid 6770] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6774] set_robust_list(0x55555d962760, 24 [pid 6770] <... openat resumed>) = 4 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6774 [pid 6774] <... set_robust_list resumed>) = 0 [pid 6774] chdir("./20" [pid 6770] ioctl(4, LOOP_SET_FD, 3 [pid 6774] <... chdir resumed>) = 0 [pid 6773] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6773] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] setpgid(0, 0 [pid 6773] <... futex resumed>) = 0 [ 266.600125][ T6772] xfs_defer_finish_one+0x5c8/0xcf0 [ 266.600184][ T6772] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 266.600233][ T6772] xfs_defer_finish_noroll+0x910/0x12d0 [ 266.600272][ T6772] ? xfs_trans_commit+0x10b/0x1c0 [ 266.600303][ T6772] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 266.600336][ T6772] ? inode_set_ctime_current+0x740/0xb40 [ 266.600383][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.600411][ T6772] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 266.600451][ T6772] xfs_trans_commit+0x10b/0x1c0 [pid 6773] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... setpgid resumed>) = 0 [pid 6770] <... ioctl resumed>) = 0 [pid 6770] close(3) = 0 [pid 6770] close(4) = 0 [pid 6770] mkdir("./file1", 0777) = 0 [ 266.600477][ T6772] ? __pfx_xfs_trans_commit+0x10/0x10 [ 266.600509][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.600536][ T6772] ? xfs_trans_log_inode+0x12c/0x1a0 [ 266.600576][ T6772] xfs_attr_set+0xdc6/0x1210 [ 266.600624][ T6772] ? __pfx_xfs_attr_set+0x10/0x10 [ 266.600657][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.600684][ T6772] ? __lock_acquire+0xab9/0xd20 [ 266.600720][ T6772] ? xfs_da_hashname+0x59d/0x740 [ 266.600752][ T6772] ? do_raw_spin_lock+0x121/0x290 [ 266.600793][ T6772] ? xfs_attr_change+0x2ac/0x390 [pid 6770] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6752] exit_group(0 [pid 6774] <... openat resumed>) = 3 [pid 6773] <... futex resumed>) = ? [pid 6752] <... exit_group resumed>) = ? [pid 6774] write(3, "1000", 4 [pid 6773] +++ exited with 0 +++ [pid 6774] <... write resumed>) = 4 [pid 6774] close(3) = 0 [pid 6774] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6774] write(1, "executing program\n", 18) = 18 [pid 6774] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6774] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6775]}, 88) = 6775 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6775 attached [pid 6775] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6775] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6775] memfd_create("syzkaller", 0) = 3 [pid 6775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 266.600827][ T6772] xfs_xattr_set+0x14d/0x250 [ 266.600883][ T6772] ? __pfx_xfs_xattr_set+0x10/0x10 [ 266.600926][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.600954][ T6772] ? evm_protect_xattr+0x4d4/0xa90 [ 266.600980][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.601007][ T6772] ? rcu_is_watching+0x15/0xb0 [ 266.601040][ T6772] ? __pfx_evm_protect_xattr+0x10/0x10 [ 266.601067][ T6772] ? __pfx_xfs_xattr_set+0x10/0x10 [ 266.601094][ T6772] __vfs_setxattr+0x43c/0x480 [ 266.601150][ T6772] __vfs_setxattr_noperm+0x12d/0x660 [ 266.601193][ T6772] vfs_setxattr+0x16b/0x2f0 [ 266.601233][ T6772] ? __pfx_vfs_setxattr+0x10/0x10 [ 266.601263][ T6772] ? mnt_get_write_access+0x223/0x2a0 [ 266.601293][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.601326][ T6772] filename_setxattr+0x274/0x600 [ 266.601373][ T6772] ? __pfx_filename_setxattr+0x10/0x10 [ 266.601410][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.601438][ T6772] ? getname_flags+0x1e5/0x540 [pid 6753] <... futex resumed>) = ? [pid 6753] +++ exited with 0 +++ [pid 6752] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6752, si_uid=0, si_status=0, si_utime=0, si_stime=83 /* 0.83 s */} --- [pid 5871] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 266.601478][ T6772] path_setxattrat+0x364/0x3a0 [ 266.601515][ T6772] ? __pfx_path_setxattrat+0x10/0x10 [ 266.601580][ T6772] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.601607][ T6772] ? rcu_is_watching+0x15/0xb0 [ 266.601643][ T6772] __x64_sys_lsetxattr+0xbf/0xe0 [ 266.601682][ T6772] do_syscall_64+0xfa/0x3b0 [ 266.601709][ T6772] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.601731][ T6772] ? __switch_to_asm+0x39/0x70 [ 266.601764][ T6772] ? __switch_to_asm+0x33/0x70 [ 266.601801][ T6772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.601825][ T6772] RIP: 0033:0x7f3cdbf794f9 [ 266.601846][ T6772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 266.601866][ T6772] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 266.601891][ T6772] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 266.601910][ T6772] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 5871] newfstatat(3, "", [pid 6775] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 266.601928][ T6772] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 266.601944][ T6772] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 266.601960][ T6772] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 266.601998][ T6772] [ 266.607381][ T6772] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 266.619303][ T6773] CPU: 0 UID: 0 PID: 6773 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 5871] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./19/file1") = 0 [pid 5873] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./19/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./19") = 0 [pid 5873] mkdir("./20", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 266.619338][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.619354][ T6773] Call Trace: [ 266.619365][ T6773] [ 266.619376][ T6773] dump_stack_lvl+0x189/0x250 [ 266.619410][ T6773] ? __pfx__xfs_alert_tag+0x10/0x10 [ 266.619447][ T6773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.619482][ T6773] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 266.619528][ T6773] xfs_corruption_error+0x122/0x170 [ 266.619566][ T6773] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 266.619601][ T6773] xfs_alloc_fixup_trees+0x95e/0xd20 [ 266.619629][ T6773] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 266.619670][ T6773] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 266.619701][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.619729][ T6773] ? rcu_is_watching+0x15/0xb0 [ 266.619758][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.619786][ T6773] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 266.619816][ T6773] ? rcu_is_watching+0x15/0xb0 [ 266.619862][ T6773] xfs_alloc_cur_finish+0xd3/0x4b0 [ 266.619891][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.619921][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.619954][ T6773] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 266.620011][ T6773] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 266.620040][ T6773] ? xfs_group_grab+0x28/0x480 [ 266.620076][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.620103][ T6773] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 266.620136][ T6773] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 266.620184][ T6773] xfs_alloc_vextent_start_ag+0x388/0x850 [ 266.620222][ T6773] xfs_bmapi_allocate+0x188e/0x2e00 [ 266.620286][ T6773] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 266.620318][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.620371][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.620399][ T6773] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 266.620422][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.620449][ T6773] ? xfs_iext_prev+0x35a/0x370 [ 266.620487][ T6773] ? xfs_iext_get_extent+0x1bb/0x370 [ 266.620517][ T6773] xfs_bmapi_write+0x7df/0x1260 [ 266.620576][ T6773] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 266.620653][ T6773] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 266.620693][ T6773] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 266.620723][ T6773] ? kasan_save_track+0x4f/0x80 [ 266.620749][ T6773] ? kasan_save_track+0x3e/0x80 [ 266.620773][ T6773] ? kasan_save_free_info+0x46/0x50 [ 266.620809][ T6773] ? kmem_cache_free+0x18f/0x400 [ 266.620863][ T6773] ? __xfs_trans_commit+0x3e0/0xbd0 [ 266.620888][ T6773] ? xfs_trans_roll+0x130/0x450 [ 266.620911][ T6773] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 266.620949][ T6773] xfs_attr_set_iter+0x2d4/0x4b70 [ 266.620983][ T6773] ? filename_setxattr+0x274/0x600 [ 266.621015][ T6773] ? path_setxattrat+0x364/0x3a0 [ 266.621036][ T6773] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 266.621088][ T6773] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 266.621145][ T6773] ? kasan_quarantine_put+0xdd/0x220 [ 266.621171][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621199][ T6773] ? lockdep_hardirqs_on+0x9c/0x150 [ 266.621239][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621272][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621299][ T6773] ? kmem_cache_free+0x18f/0x400 [ 266.621327][ T6773] ? __xfs_trans_commit+0x3e0/0xbd0 [ 266.621358][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621385][ T6773] ? __xfs_trans_commit+0x4c7/0xbd0 [ 266.621428][ T6773] xfs_attr_finish_item+0xed/0x320 [ 266.621468][ T6773] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 266.621504][ T6773] xfs_defer_finish_one+0x5c8/0xcf0 [ 266.621564][ T6773] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 266.621612][ T6773] xfs_defer_finish_noroll+0x910/0x12d0 [pid 5873] close(3 [pid 6775] <... write resumed>) = 16777216 [ 266.621650][ T6773] ? xfs_trans_commit+0x10b/0x1c0 [ 266.621682][ T6773] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 266.621715][ T6773] ? inode_set_ctime_current+0x740/0xb40 [ 266.621761][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621789][ T6773] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 266.621828][ T6773] xfs_trans_commit+0x10b/0x1c0 [ 266.621862][ T6773] ? __pfx_xfs_trans_commit+0x10/0x10 [ 266.621893][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.621921][ T6773] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 6775] munmap(0x7f3cd3a00000, 138412032 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6776 attached [pid 6776] set_robust_list(0x55555d962760, 24 [pid 6775] <... munmap resumed>) = 0 [pid 6776] <... set_robust_list resumed>) = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6776 [pid 6776] chdir("./20" [pid 6775] <... openat resumed>) = 4 [pid 6776] <... chdir resumed>) = 0 [pid 6776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6775] ioctl(4, LOOP_SET_FD, 3 [pid 6776] <... prctl resumed>) = 0 [pid 6776] setpgid(0, 0) = 0 [ 266.621960][ T6773] xfs_attr_set+0xdc6/0x1210 [ 266.622008][ T6773] ? __pfx_xfs_attr_set+0x10/0x10 [ 266.622041][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622068][ T6773] ? __lock_acquire+0xab9/0xd20 [ 266.622104][ T6773] ? xfs_da_hashname+0x59d/0x740 [ 266.622135][ T6773] ? do_raw_spin_lock+0x121/0x290 [ 266.622177][ T6773] ? xfs_attr_change+0x2ac/0x390 [ 266.622211][ T6773] xfs_xattr_set+0x14d/0x250 [ 266.622243][ T6773] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6775] <... ioctl resumed>) = 0 [pid 6775] close(3) = 0 [pid 6775] close(4) = 0 [pid 6775] mkdir("./file1", 0777) = 0 [ 266.622287][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622314][ T6773] ? evm_protect_xattr+0x4d4/0xa90 [ 266.622341][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622368][ T6773] ? rcu_is_watching+0x15/0xb0 [ 266.622402][ T6773] ? __pfx_evm_protect_xattr+0x10/0x10 [ 266.622430][ T6773] ? __pfx_xfs_xattr_set+0x10/0x10 [ 266.622458][ T6773] __vfs_setxattr+0x43c/0x480 [ 266.622506][ T6773] __vfs_setxattr_noperm+0x12d/0x660 [ 266.622549][ T6773] vfs_setxattr+0x16b/0x2f0 [ 266.622590][ T6773] ? __pfx_vfs_setxattr+0x10/0x10 [pid 6775] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6776] write(3, "1000", 4) = 4 [pid 6776] close(3) = 0 [pid 6776] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6776] write(1, "executing program\n", 18) = 18 [pid 6776] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6776] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6776] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6776] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6783]}, 88) = 6783 [ 266.622619][ T6773] ? mnt_get_write_access+0x223/0x2a0 [ 266.622649][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622682][ T6773] filename_setxattr+0x274/0x600 [ 266.622728][ T6773] ? __pfx_filename_setxattr+0x10/0x10 [ 266.622766][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622793][ T6773] ? getname_flags+0x1e5/0x540 [ 266.622834][ T6773] path_setxattrat+0x364/0x3a0 [ 266.622875][ T6773] ? __pfx_path_setxattrat+0x10/0x10 [ 266.622940][ T6773] ? srso_alias_return_thunk+0x5/0xfbef5 [ 266.622967][ T6773] ? rcu_is_watching+0x15/0xb0 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6776] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 266.623003][ T6773] __x64_sys_lsetxattr+0xbf/0xe0 [ 266.623042][ T6773] do_syscall_64+0xfa/0x3b0 [ 266.623069][ T6773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.623092][ T6773] ? __switch_to_asm+0x39/0x70 [ 266.623127][ T6773] ? __switch_to_asm+0x33/0x70 [ 266.623164][ T6773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.623188][ T6773] RIP: 0033:0x7f3cdbf794f9 [pid 6776] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6783 attached [pid 6783] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5871] <... umount2 resumed>) = 0 [pid 6783] <... rseq resumed>) = 0 [ 266.623209][ T6773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 266.623230][ T6773] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 266.623255][ T6773] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 266.623273][ T6773] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 266.623291][ T6773] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 266.623308][ T6773] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 5871] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6783] set_robust_list(0x7f3cdbf259a0, 24 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6783] <... set_robust_list resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./19/file1", [pid 6783] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6783] memfd_create("syzkaller", 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 6783] <... memfd_create resumed>) = 3 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 6783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6783] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5871] close(4) = 0 [pid 5871] rmdir("./19/file1") = 0 [pid 5871] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./19/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./19") = 0 [ 266.623325][ T6773] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 266.623362][ T6773] [ 266.666551][ T6773] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 266.740483][ T6772] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 266.786431][ T6773] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 266.845462][ T6772] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 266.849565][ T6773] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 266.976541][ T6770] loop3: detected capacity change from 0 to 32768 [ 266.984347][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 267.060817][ T6770] XFS: noikeep mount option is deprecated. [ 267.740180][ T6775] loop1: detected capacity change from 0 to 32768 [pid 5871] mkdir("./20", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 267.758887][ T6770] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 267.789703][ T6775] XFS: noikeep mount option is deprecated. [ 267.799887][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 268.034225][ T6770] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] close(3 [ 268.139563][ T6770] XFS (loop3): Starting recovery (logdev: internal) [ 268.168506][ T6775] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6783] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6770] <... mount resumed>) = 0 [pid 6770] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6770] chdir("./file1") = 0 [pid 6770] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6770] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6770] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6767] <... futex resumed>) = 1 [pid 6770] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6770] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] <... futex resumed>) = 0 [pid 6770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... pwritev2 resumed>) = 65007 [pid 6770] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 268.230015][ T6770] XFS (loop3): Ending recovery (logdev: internal) [ 268.265533][ T6775] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6770] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040) = -1 EUCLEAN (Structure needs cleaning) [pid 6770] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6770] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6767] <... futex resumed>) = 1 [pid 6770] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 268.295397][ T6770] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 268.308904][ T6770] XFS (loop3): Unmount and run xfs_repair [ 268.319121][ T6770] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 268.344474][ T6775] XFS (loop1): Starting recovery (logdev: internal) [ 268.347675][ T6770] CPU: 0 UID: 0 PID: 6770 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 268.347706][ T6770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.347722][ T6770] Call Trace: [ 268.347733][ T6770] [ 268.347743][ T6770] dump_stack_lvl+0x189/0x250 [ 268.347778][ T6770] ? __pfx__xfs_alert_tag+0x10/0x10 [ 268.347815][ T6770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.347849][ T6770] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 268.347896][ T6770] xfs_corruption_error+0x122/0x170 [ 268.347934][ T6770] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 268.347969][ T6770] xfs_alloc_fixup_trees+0x95e/0xd20 [ 268.347997][ T6770] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 268.348038][ T6770] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 268.348069][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.348097][ T6770] ? rcu_is_watching+0x15/0xb0 [ 268.348128][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] <... close resumed>) = 0 [ 268.348159][ T6770] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 268.348190][ T6770] ? rcu_is_watching+0x15/0xb0 [ 268.348229][ T6770] xfs_alloc_cur_finish+0xd3/0x4b0 [ 268.348258][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.348288][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.348322][ T6770] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 268.348378][ T6770] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 268.348407][ T6770] ? xfs_group_grab+0x28/0x480 [ 268.348444][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6783] <... write resumed>) = 16777216 [pid 6775] <... mount resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 268.348472][ T6770] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 268.348505][ T6770] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 268.348552][ T6770] xfs_alloc_vextent_start_ag+0x388/0x850 [ 268.348591][ T6770] xfs_bmapi_allocate+0x188e/0x2e00 [ 268.348654][ T6770] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 268.348686][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.348736][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.348764][ T6770] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 268.348787][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6783] munmap(0x7f3cd3a00000, 138412032 [pid 6775] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6775] chdir("./file1") = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6775] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 268.348814][ T6770] ? xfs_iext_prev+0x35a/0x370 [ 268.348852][ T6770] ? xfs_iext_get_extent+0x1bb/0x370 [ 268.348882][ T6770] xfs_bmapi_write+0x7df/0x1260 [ 268.348941][ T6770] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 268.349018][ T6770] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 268.349059][ T6770] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 268.349089][ T6770] ? kasan_save_track+0x4f/0x80 [ 268.349115][ T6770] ? kasan_save_track+0x3e/0x80 [ 268.349143][ T6770] ? kasan_save_free_info+0x46/0x50 [ 268.349179][ T6770] ? kmem_cache_free+0x18f/0x400 [pid 6775] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6794 attached [pid 6783] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6774] <... futex resumed>) = 0 [pid 6794] set_robust_list(0x55555d962760, 24 [pid 6783] <... openat resumed>) = 4 [pid 6774] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... set_robust_list resumed>) = 0 [pid 6783] ioctl(4, LOOP_SET_FD, 3 [pid 6775] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6794 [pid 6794] chdir("./20" [pid 6775] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6794] <... chdir resumed>) = 0 [pid 6775] <... openat resumed>) = 4 [pid 6774] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6774] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6775] <... pwritev2 resumed>) = 65007 [pid 6794] <... prctl resumed>) = 0 [pid 6775] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] setpgid(0, 0 [pid 6775] <... futex resumed>) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6794] <... setpgid resumed>) = 0 [pid 6775] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6774] <... futex resumed>) = 0 [pid 6794] <... openat resumed>) = 3 [pid 6775] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6774] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] write(3, "1000", 4 [pid 6783] <... ioctl resumed>) = 0 [pid 6770] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6783] close(3) = 0 [ 268.349207][ T6770] ? __xfs_trans_commit+0x3e0/0xbd0 [ 268.349232][ T6770] ? xfs_trans_roll+0x130/0x450 [ 268.349255][ T6770] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 268.349295][ T6770] xfs_attr_set_iter+0x2d4/0x4b70 [ 268.349328][ T6770] ? filename_setxattr+0x274/0x600 [ 268.349361][ T6770] ? path_setxattrat+0x364/0x3a0 [ 268.349383][ T6770] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 268.349434][ T6770] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 268.349490][ T6770] ? kasan_quarantine_put+0xdd/0x220 [pid 6783] close(4 [pid 6770] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... close resumed>) = 0 [pid 6783] mkdir("./file1", 0777) = 0 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 268.349515][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.349543][ T6770] ? lockdep_hardirqs_on+0x9c/0x150 [ 268.349582][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.349616][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.349643][ T6770] ? kmem_cache_free+0x18f/0x400 [ 268.349671][ T6770] ? __xfs_trans_commit+0x3e0/0xbd0 [ 268.349702][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.349729][ T6770] ? __xfs_trans_commit+0x4c7/0xbd0 [ 268.349772][ T6770] xfs_attr_finish_item+0xed/0x320 [pid 6783] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6794] <... write resumed>) = 4 [pid 6767] exit_group(0) = ? [pid 6770] <... futex resumed>) = ? [pid 6770] +++ exited with 0 +++ [pid 6767] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6767, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=133 /* 1.33 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 6794] close(3) = 0 [ 268.349812][ T6770] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 268.349849][ T6770] xfs_defer_finish_one+0x5c8/0xcf0 [ 268.349907][ T6770] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 268.349955][ T6770] xfs_defer_finish_noroll+0x910/0x12d0 [ 268.349994][ T6770] ? xfs_trans_commit+0x10b/0x1c0 [ 268.350025][ T6770] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 268.350058][ T6770] ? inode_set_ctime_current+0x740/0xb40 [ 268.350105][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.350137][ T6770] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 268.350177][ T6770] xfs_trans_commit+0x10b/0x1c0 [ 268.350202][ T6770] ? __pfx_xfs_trans_commit+0x10/0x10 [ 268.350234][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.350262][ T6770] ? xfs_trans_log_inode+0x12c/0x1a0 [ 268.350301][ T6770] xfs_attr_set+0xdc6/0x1210 [ 268.350348][ T6770] ? __pfx_xfs_attr_set+0x10/0x10 [ 268.350382][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.350409][ T6770] ? __lock_acquire+0xab9/0xd20 [ 268.350447][ T6770] ? xfs_da_hashname+0x59d/0x740 [ 268.350478][ T6770] ? do_raw_spin_lock+0x121/0x290 [ 268.350520][ T6770] ? xfs_attr_change+0x2ac/0x390 [ 268.350554][ T6770] xfs_xattr_set+0x14d/0x250 [ 268.350586][ T6770] ? __pfx_xfs_xattr_set+0x10/0x10 [ 268.350629][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.350657][ T6770] ? evm_protect_xattr+0x4d4/0xa90 [ 268.350684][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.350711][ T6770] ? rcu_is_watching+0x15/0xb0 [ 268.350744][ T6770] ? __pfx_evm_protect_xattr+0x10/0x10 [ 268.350771][ T6770] ? __pfx_xfs_xattr_set+0x10/0x10 executing program [pid 6794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6794] write(1, "executing program\n", 18 [pid 6774] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... restart_syscall resumed>) = 0 [pid 6794] <... write resumed>) = 18 [pid 6774] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6794] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6774] <... mmap resumed>) = 0x7f3cdbee4000 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6794] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6774] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 5874] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6774] <... mprotect resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5874] newfstatat(3, "", [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6774] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6794] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 5874] getdents64(3, [pid 6794] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6794] <... mprotect resumed>) = 0 [pid 6774] <... clone3 resumed> => {parent_tid=[6799]}, 88) = 6799 [pid 5874] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6774] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6774] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 268.350798][ T6770] __vfs_setxattr+0x43c/0x480 [ 268.350845][ T6770] __vfs_setxattr_noperm+0x12d/0x660 [ 268.350887][ T6770] vfs_setxattr+0x16b/0x2f0 [ 268.350928][ T6770] ? __pfx_vfs_setxattr+0x10/0x10 [ 268.350957][ T6770] ? mnt_get_write_access+0x223/0x2a0 [ 268.350987][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.351020][ T6770] filename_setxattr+0x274/0x600 [ 268.351067][ T6770] ? __pfx_filename_setxattr+0x10/0x10 [ 268.351106][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.351141][ T6770] ? getname_flags+0x1e5/0x540 [pid 6774] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] <... clone3 resumed> => {parent_tid=[6800]}, 88) = 6800 ./strace-static-x86_64: Process 6800 attached ./strace-static-x86_64: Process 6799 attached [pid 6775] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6800] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6799] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6774] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6775] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6800] <... rseq resumed>) = 0 [pid 6800] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6800] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6799] <... rseq resumed>) = 0 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6799] set_robust_list(0x7f3cdbf049a0, 24 [pid 6794] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... futex resumed>) = 0 [pid 6799] <... set_robust_list resumed>) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6800] memfd_create("syzkaller", 0 [pid 6799] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6800] <... memfd_create resumed>) = 3 [pid 6799] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 268.351183][ T6770] path_setxattrat+0x364/0x3a0 [ 268.351219][ T6770] ? __pfx_path_setxattrat+0x10/0x10 [ 268.351295][ T6770] __x64_sys_lsetxattr+0xbf/0xe0 [ 268.351334][ T6770] do_syscall_64+0xfa/0x3b0 [ 268.351358][ T6770] ? lockdep_hardirqs_on+0x9c/0x150 [ 268.351395][ T6770] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.351419][ T6770] ? srso_alias_return_thunk+0x5/0xfbef5 [ 268.351447][ T6770] ? exc_page_fault+0x9f/0xf0 [ 268.351486][ T6770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6799] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6800] <... mmap resumed>) = 0x7f3cd3a00000 [ 268.351510][ T6770] RIP: 0033:0x7f3cdbf794f9 [ 268.351531][ T6770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 268.351551][ T6770] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 268.351577][ T6770] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 268.351596][ T6770] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 268.351613][ T6770] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 268.351629][ T6770] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 268.351646][ T6770] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 268.351685][ T6770] [ 268.351694][ T6770] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 268.445285][ T6775] XFS (loop1): Ending recovery (logdev: internal) [ 268.491706][ T6770] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 268.610717][ T6783] loop2: detected capacity change from 0 to 32768 [ 268.612067][ T6770] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 268.635945][ T6775] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 268.650491][ T6783] XFS: noikeep mount option is deprecated. [ 268.873844][ T6783] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 268.875585][ T6775] XFS (loop1): Unmount and run xfs_repair [ 268.914051][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 268.942868][ T6799] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 269.013390][ T6783] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 269.019052][ T6799] CPU: 1 UID: 0 PID: 6799 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 269.019083][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.019098][ T6799] Call Trace: [ 269.019109][ T6799] [ 269.019119][ T6799] dump_stack_lvl+0x189/0x250 [ 269.019156][ T6799] ? __pfx__xfs_alert_tag+0x10/0x10 [ 269.019194][ T6799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.019227][ T6799] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 269.019275][ T6799] xfs_corruption_error+0x122/0x170 [ 269.019313][ T6799] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 269.019348][ T6799] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 6800] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6783] <... mount resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 6783] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./20/file1", [pid 6783] <... openat resumed>) = 3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6783] chdir("./file1") = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6783] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6783] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5874] <... openat resumed>) = 4 [pid 6783] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] newfstatat(4, "", [pid 6783] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./20/file1") = 0 [pid 5874] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./20/binderfs") = 0 [ 269.019377][ T6799] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 269.019418][ T6799] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 269.019448][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.019477][ T6799] ? rcu_is_watching+0x15/0xb0 [ 269.019508][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.019536][ T6799] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 269.019567][ T6799] ? rcu_is_watching+0x15/0xb0 [ 269.019607][ T6799] xfs_alloc_cur_finish+0xd3/0x4b0 [ 269.019637][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.019667][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.019701][ T6799] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 269.019759][ T6799] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 269.019789][ T6799] ? xfs_group_grab+0x28/0x480 [ 269.019826][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.019859][ T6799] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 269.019893][ T6799] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 269.019942][ T6799] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./20") = 0 [pid 5874] mkdir("./21", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = 0 [pid 6776] <... futex resumed>) = 1 [pid 6783] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6776] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... openat resumed>) = 4 [pid 6783] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6783] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6776] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... pwritev2 resumed>) = 65007 [pid 6783] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... futex resumed>) = 1 [ 269.019981][ T6799] xfs_bmapi_allocate+0x188e/0x2e00 [ 269.020047][ T6799] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 269.020080][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.020129][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.020157][ T6799] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 269.020181][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.020209][ T6799] ? xfs_iext_prev+0x35a/0x370 [ 269.020247][ T6799] ? xfs_iext_get_extent+0x1bb/0x370 [ 269.020278][ T6799] xfs_bmapi_write+0x7df/0x1260 [ 269.020338][ T6799] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 269.020417][ T6799] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 269.020459][ T6799] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 269.020489][ T6799] ? kasan_save_track+0x4f/0x80 [ 269.020515][ T6799] ? kasan_save_track+0x3e/0x80 [ 269.020540][ T6799] ? kasan_save_free_info+0x46/0x50 [ 269.020576][ T6799] ? kmem_cache_free+0x18f/0x400 [ 269.020604][ T6799] ? __xfs_trans_commit+0x3e0/0xbd0 [ 269.020629][ T6799] ? xfs_trans_roll+0x130/0x450 [ 269.020652][ T6799] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 269.020691][ T6799] xfs_attr_set_iter+0x2d4/0x4b70 [ 269.020725][ T6799] ? filename_setxattr+0x274/0x600 [ 269.020758][ T6799] ? path_setxattrat+0x364/0x3a0 [ 269.020779][ T6799] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 269.020831][ T6799] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 269.020922][ T6799] ? kasan_quarantine_put+0xdd/0x220 [ 269.020948][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.020976][ T6799] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.021018][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021052][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021079][ T6799] ? kmem_cache_free+0x18f/0x400 [ 269.021107][ T6799] ? __xfs_trans_commit+0x3e0/0xbd0 [ 269.021138][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021166][ T6799] ? __xfs_trans_commit+0x4c7/0xbd0 [ 269.021208][ T6799] xfs_attr_finish_item+0xed/0x320 [ 269.021248][ T6799] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 269.021285][ T6799] xfs_defer_finish_one+0x5c8/0xcf0 [ 269.021344][ T6799] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 269.021393][ T6799] xfs_defer_finish_noroll+0x910/0x12d0 [ 269.021431][ T6799] ? xfs_trans_commit+0x10b/0x1c0 [ 269.021463][ T6799] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 269.021496][ T6799] ? inode_set_ctime_current+0x740/0xb40 [ 269.021543][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021570][ T6799] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 269.021609][ T6799] xfs_trans_commit+0x10b/0x1c0 [ 269.021636][ T6799] ? __pfx_xfs_trans_commit+0x10/0x10 [ 269.021668][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021695][ T6799] ? xfs_trans_log_inode+0x12c/0x1a0 [ 269.021735][ T6799] xfs_attr_set+0xdc6/0x1210 [ 269.021783][ T6799] ? __pfx_xfs_attr_set+0x10/0x10 [ 269.021816][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.021849][ T6799] ? __lock_acquire+0xab9/0xd20 [ 269.021885][ T6799] ? xfs_da_hashname+0x59d/0x740 [ 269.021916][ T6799] ? do_raw_spin_lock+0x121/0x290 [ 269.021958][ T6799] ? xfs_attr_change+0x2ac/0x390 [ 269.021992][ T6799] xfs_xattr_set+0x14d/0x250 [ 269.022025][ T6799] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6783] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6799] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6776] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6776] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6776] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6805]}, 88) = 6805 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6776] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] exit_group(0 [pid 6799] <... futex resumed>) = ? [pid 6774] <... exit_group resumed>) = ? [pid 6799] +++ exited with 0 +++ [pid 6775] <... futex resumed>) = ? [pid 6775] +++ exited with 0 +++ [pid 6774] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6774, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=126 /* 1.26 s */} --- [pid 5872] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6800] <... write resumed>) = 16777216 [pid 6800] munmap(0x7f3cd3a00000, 138412032./strace-static-x86_64: Process 6805 attached [pid 6805] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [ 269.022069][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.022095][ T6799] ? evm_protect_xattr+0x4d4/0xa90 [ 269.022121][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.022149][ T6799] ? rcu_is_watching+0x15/0xb0 [ 269.022182][ T6799] ? __pfx_evm_protect_xattr+0x10/0x10 [ 269.022209][ T6799] ? __pfx_xfs_xattr_set+0x10/0x10 [ 269.022236][ T6799] __vfs_setxattr+0x43c/0x480 [ 269.022285][ T6799] __vfs_setxattr_noperm+0x12d/0x660 [ 269.022327][ T6799] vfs_setxattr+0x16b/0x2f0 [ 269.022368][ T6799] ? __pfx_vfs_setxattr+0x10/0x10 [pid 6805] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6800] <... munmap resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 6805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 269.022398][ T6799] ? mnt_get_write_access+0x223/0x2a0 [ 269.022428][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.022461][ T6799] filename_setxattr+0x274/0x600 [ 269.022507][ T6799] ? __pfx_filename_setxattr+0x10/0x10 [ 269.022544][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.022572][ T6799] ? getname_flags+0x1e5/0x540 [ 269.022612][ T6799] path_setxattrat+0x364/0x3a0 [ 269.022649][ T6799] ? __pfx_path_setxattrat+0x10/0x10 [ 269.022714][ T6799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.022741][ T6799] ? rcu_is_watching+0x15/0xb0 [pid 6805] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6806 attached [pid 6800] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6806 [pid 6806] set_robust_list(0x55555d962760, 24 [pid 6800] <... openat resumed>) = 4 [pid 6806] <... set_robust_list resumed>) = 0 [pid 6806] chdir("./21" [pid 6800] ioctl(4, LOOP_SET_FD, 3 [pid 6806] <... chdir resumed>) = 0 [pid 6806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6806] setpgid(0, 0) = 0 [pid 6806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6806] write(3, "1000", 4) = 4 [pid 6806] close(3) = 0 [pid 6806] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6806] write(1, "executing program\n", 18) = 18 [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 269.022776][ T6799] __x64_sys_lsetxattr+0xbf/0xe0 [ 269.022816][ T6799] do_syscall_64+0xfa/0x3b0 [ 269.022850][ T6799] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.022874][ T6799] ? __switch_to_asm+0x39/0x70 [ 269.022906][ T6799] ? __switch_to_asm+0x33/0x70 [ 269.022943][ T6799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.022968][ T6799] RIP: 0033:0x7f3cdbf794f9 [pid 6806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6806] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6807]}, 88) = 6807 [pid 6806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6806] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 269.022990][ T6799] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 269.023011][ T6799] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 269.023037][ T6799] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 269.023055][ T6799] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 269.023073][ T6799] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 269.023089][ T6799] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6800] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6807 attached [pid 6807] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6807] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] memfd_create("syzkaller", 0) = 3 [pid 6807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6783] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6783] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 269.023105][ T6799] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 269.023144][ T6799] [ 269.023154][ T6799] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 269.113550][ T6783] XFS (loop2): Starting recovery (logdev: internal) [ 269.121276][ T6799] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 269.178685][ T6783] XFS (loop2): Ending recovery (logdev: internal) [ 269.182194][ T6799] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 269.347626][ T6783] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 269.726208][ T6800] loop0: detected capacity change from 0 to 32768 [ 269.727740][ T6783] XFS (loop2): Unmount and run xfs_repair [ 269.758386][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6783] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6800] close(3) = 0 [pid 6800] close(4) = 0 [pid 6800] mkdir("./file1", 0777) = 0 [ 269.902396][ T6805] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 269.926594][ T6800] XFS: noikeep mount option is deprecated. [ 269.928368][ T6805] CPU: 0 UID: 0 PID: 6805 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 269.928401][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.928417][ T6805] Call Trace: [ 269.928429][ T6805] [ 269.928439][ T6805] dump_stack_lvl+0x189/0x250 [ 269.928476][ T6805] ? __pfx__xfs_alert_tag+0x10/0x10 [ 269.928514][ T6805] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.928548][ T6805] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 269.928595][ T6805] xfs_corruption_error+0x122/0x170 [ 269.928634][ T6805] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 269.928669][ T6805] xfs_alloc_fixup_trees+0x95e/0xd20 [ 269.928697][ T6805] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 269.928738][ T6805] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 269.928768][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.928797][ T6805] ? rcu_is_watching+0x15/0xb0 [ 269.928828][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.928865][ T6805] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 269.928896][ T6805] ? rcu_is_watching+0x15/0xb0 [ 269.928935][ T6805] xfs_alloc_cur_finish+0xd3/0x4b0 [ 269.928965][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.928994][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.929028][ T6805] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 269.929085][ T6805] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 269.929113][ T6805] ? xfs_group_grab+0x28/0x480 [ 269.929150][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.929177][ T6805] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 269.929210][ T6805] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 269.929257][ T6805] xfs_alloc_vextent_start_ag+0x388/0x850 [ 269.929300][ T6805] xfs_bmapi_allocate+0x188e/0x2e00 [ 269.929363][ T6805] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 269.929395][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.929445][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.929472][ T6805] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 269.929495][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.929523][ T6805] ? xfs_iext_prev+0x35a/0x370 [ 269.929561][ T6805] ? xfs_iext_get_extent+0x1bb/0x370 [ 269.929591][ T6805] xfs_bmapi_write+0x7df/0x1260 [ 269.929650][ T6805] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 269.929727][ T6805] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 6800] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6807] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6776] exit_group(0) = ? [pid 6783] <... futex resumed>) = ? [pid 6783] +++ exited with 0 +++ [ 269.929768][ T6805] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 269.929798][ T6805] ? kasan_save_track+0x4f/0x80 [ 269.929825][ T6805] ? kasan_save_track+0x3e/0x80 [ 269.929855][ T6805] ? kasan_save_free_info+0x46/0x50 [ 269.929891][ T6805] ? kmem_cache_free+0x18f/0x400 [ 269.929919][ T6805] ? __xfs_trans_commit+0x3e0/0xbd0 [ 269.929944][ T6805] ? xfs_trans_roll+0x130/0x450 [ 269.929967][ T6805] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 269.930006][ T6805] xfs_attr_set_iter+0x2d4/0x4b70 [ 269.930041][ T6805] ? filename_setxattr+0x274/0x600 [ 269.930073][ T6805] ? path_setxattrat+0x364/0x3a0 [ 269.930095][ T6805] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 269.930146][ T6805] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 269.930201][ T6805] ? kasan_quarantine_put+0xdd/0x220 [ 269.930227][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930255][ T6805] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.930294][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930328][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930355][ T6805] ? kmem_cache_free+0x18f/0x400 [pid 6807] <... write resumed>) = 16777216 [ 269.930383][ T6805] ? __xfs_trans_commit+0x3e0/0xbd0 [ 269.930414][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930441][ T6805] ? __xfs_trans_commit+0x4c7/0xbd0 [ 269.930484][ T6805] xfs_attr_finish_item+0xed/0x320 [ 269.930524][ T6805] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 269.930560][ T6805] xfs_defer_finish_one+0x5c8/0xcf0 [ 269.930620][ T6805] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 269.930668][ T6805] xfs_defer_finish_noroll+0x910/0x12d0 [ 269.930706][ T6805] ? xfs_trans_commit+0x10b/0x1c0 [pid 6807] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6807] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 269.930738][ T6805] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 269.930771][ T6805] ? inode_set_ctime_current+0x740/0xb40 [ 269.930817][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930851][ T6805] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 269.930890][ T6805] xfs_trans_commit+0x10b/0x1c0 [ 269.930917][ T6805] ? __pfx_xfs_trans_commit+0x10/0x10 [ 269.930949][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.930976][ T6805] ? xfs_trans_log_inode+0x12c/0x1a0 [ 269.931016][ T6805] xfs_attr_set+0xdc6/0x1210 [ 269.931064][ T6805] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6807] close(3 [pid 5872] getdents64(4, [pid 6807] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6807] close(4 [pid 5872] getdents64(4, [pid 6807] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6807] mkdir("./file1", 0777 [pid 5872] close(4 [pid 6807] <... mkdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6807] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] rmdir("./20/file1") = 0 [pid 5872] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6805] <... lsetxattr resumed>) = ? [pid 5872] unlink("./20/binderfs" [pid 6805] +++ exited with 0 +++ [pid 6776] +++ exited with 0 +++ [ 269.931097][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.931124][ T6805] ? __lock_acquire+0xab9/0xd20 [ 269.931160][ T6805] ? xfs_da_hashname+0x59d/0x740 [ 269.931191][ T6805] ? do_raw_spin_lock+0x121/0x290 [ 269.931233][ T6805] ? xfs_attr_change+0x2ac/0x390 [ 269.931267][ T6805] xfs_xattr_set+0x14d/0x250 [ 269.931299][ T6805] ? __pfx_xfs_xattr_set+0x10/0x10 [ 269.931343][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.931370][ T6805] ? evm_protect_xattr+0x4d4/0xa90 [ 269.931397][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.931425][ T6805] ? rcu_is_watching+0x15/0xb0 [ 269.931459][ T6805] ? __pfx_evm_protect_xattr+0x10/0x10 [ 269.931487][ T6805] ? __pfx_xfs_xattr_set+0x10/0x10 [ 269.931514][ T6805] __vfs_setxattr+0x43c/0x480 [ 269.931562][ T6805] __vfs_setxattr_noperm+0x12d/0x660 [ 269.931605][ T6805] vfs_setxattr+0x16b/0x2f0 [ 269.931646][ T6805] ? __pfx_vfs_setxattr+0x10/0x10 [ 269.931675][ T6805] ? mnt_get_write_access+0x223/0x2a0 [ 269.931705][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] <... unlink resumed>) = 0 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6776, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=119 /* 1.19 s */} --- [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 5873] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./20" [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... rmdir resumed>) = 0 [pid 5873] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] mkdir("./21", 0777 [pid 5873] <... openat resumed>) = 3 [pid 5872] <... mkdir resumed>) = 0 [pid 5873] newfstatat(3, "", [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5873] getdents64(3, [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] <... ioctl resumed>) = 0 [pid 5873] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 269.931739][ T6805] filename_setxattr+0x274/0x600 [ 269.931785][ T6805] ? __pfx_filename_setxattr+0x10/0x10 [ 269.931823][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.931855][ T6805] ? getname_flags+0x1e5/0x540 [ 269.931896][ T6805] path_setxattrat+0x364/0x3a0 [ 269.931932][ T6805] ? __pfx_path_setxattrat+0x10/0x10 [ 269.931997][ T6805] ? srso_alias_return_thunk+0x5/0xfbef5 [ 269.932024][ T6805] ? rcu_is_watching+0x15/0xb0 [ 269.932059][ T6805] __x64_sys_lsetxattr+0xbf/0xe0 [ 269.932099][ T6805] do_syscall_64+0xfa/0x3b0 [ 269.932126][ T6805] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.932149][ T6805] ? __switch_to_asm+0x39/0x70 [ 269.932182][ T6805] ? __switch_to_asm+0x33/0x70 [ 269.932219][ T6805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.932243][ T6805] RIP: 0033:0x7f3cdbf794f9 [ 269.932265][ T6805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 269.932286][ T6805] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 269.932313][ T6805] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 269.932331][ T6805] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 269.932349][ T6805] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 269.932365][ T6805] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 269.932382][ T6805] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 269.932420][ T6805] [ 269.961655][ T6805] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 270.331280][ T6807] loop3: detected capacity change from 0 to 32768 [ 270.334533][ T6805] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 270.362438][ T6800] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 270.365263][ T6805] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 270.394278][ T6807] XFS: noikeep mount option is deprecated. [ 270.679401][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 270.711059][ T6800] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3 [pid 5873] <... umount2 resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5873] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./20/file1", [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./20/file1"./strace-static-x86_64: Process 6824 attached ) = 0 [pid 5873] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6824] set_robust_list(0x55555d962760, 24 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6824] <... set_robust_list resumed>) = 0 [pid 5873] newfstatat(AT_FDCWD, "./20/binderfs", [pid 6824] chdir("./21" [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6824 [pid 5873] unlink("./20/binderfs") = 0 [pid 5873] getdents64(3, [pid 6824] <... chdir resumed>) = 0 [ 270.730917][ T6807] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 270.747479][ T6800] XFS (loop0): Starting recovery (logdev: internal) [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] close(3 [pid 6824] setpgid(0, 0) = 0 [pid 5873] <... close resumed>) = 0 [pid 5873] rmdir("./20") = 0 [pid 5873] mkdir("./21", 0777 [pid 6824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5873] <... mkdir resumed>) = 0 [pid 6824] <... openat resumed>) = 3 [pid 6800] <... mount resumed>) = 0 [pid 6800] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6824] write(3, "1000", 4 [pid 6800] <... openat resumed>) = 3 [pid 5873] <... openat resumed>) = 3 [pid 6824] <... write resumed>) = 4 [pid 6800] chdir("./file1" [pid 5873] ioctl(3, LOOP_CLR_FD [pid 6824] close(3 [pid 5873] <... ioctl resumed>) = 0 [pid 6800] <... chdir resumed>) = 0 [pid 6824] <... close resumed>) = 0 [pid 6800] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] close(3 [pid 6824] symlink("/dev/binderfs", "./binderfs" [pid 6800] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6824] <... symlink resumed>) = 0 [pid 6800] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6800] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... futex resumed>) = 0 [pid 6800] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6794] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 6824] write(1, "executing program\n", 18) = 18 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [ 270.779818][ T6800] XFS (loop0): Ending recovery (logdev: internal) [ 270.795579][ T6807] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6824] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6800] <... openat resumed>) = 4 [pid 6824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6800] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... clone3 resumed> => {parent_tid=[6825]}, 88) = 6825 [pid 6800] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6825 attached [pid 6824] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] <... futex resumed>) = 0 [pid 6825] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... rseq resumed>) = 0 [pid 6824] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... futex resumed>) = 0 [ 270.828162][ T6807] XFS (loop3): Starting recovery (logdev: internal) [pid 6825] set_robust_list(0x7f3cdbf259a0, 24 [pid 6824] <... futex resumed>) = 0 [pid 6800] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6825] <... set_robust_list resumed>) = 0 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6825] memfd_create("syzkaller", 0) = 3 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6800] <... pwritev2 resumed>) = 65007 [pid 6800] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6800] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 270.874590][ T6807] XFS (loop3): Ending recovery (logdev: internal) [pid 6794] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... mount resumed>) = 0 [pid 6807] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6807] chdir("./file1") = 0 [pid 6807] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6807] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... openat resumed>) = 4 [pid 6807] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6807] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6806] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6807] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... close resumed>) = 0 [pid 6807] <... pwritev2 resumed>) = 65007 [pid 6800] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 270.919955][ T6800] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 270.941642][ T6800] XFS (loop0): Unmount and run xfs_repair [pid 6807] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6807] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6806] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... futex resumed>) = 0 [pid 6807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6806] <... futex resumed>) = 0 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6807] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6794] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6800] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6800] <... futex resumed>) = 0 [pid 6800] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6826 [pid 6794] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 6826 attached [pid 6807] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6827 attached [pid 6826] set_robust_list(0x55555d962760, 24 [pid 6807] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6826] <... set_robust_list resumed>) = 0 [pid 6807] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6794] <... clone3 resumed> => {parent_tid=[6827]}, 88) = 6827 [pid 6827] <... rseq resumed>) = 0 [pid 6826] chdir("./21" [pid 6807] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6806] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [ 270.979569][ T6807] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 270.996192][ T6807] XFS (loop3): Unmount and run xfs_repair [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] set_robust_list(0x7f3cdbf049a0, 24 [pid 6826] <... chdir resumed>) = 0 [pid 6806] <... futex resumed>) = 0 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] <... set_robust_list resumed>) = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6806] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 6826] <... prctl resumed>) = 0 [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] setpgid(0, 0 [pid 6827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] <... setpgid resumed>) = 0 [pid 6827] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 271.017351][ T6807] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 271.034309][ T6807] CPU: 1 UID: 0 PID: 6807 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 271.034345][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.034361][ T6807] Call Trace: [ 271.034372][ T6807] [ 271.034382][ T6807] dump_stack_lvl+0x189/0x250 [ 271.034419][ T6807] ? __pfx__xfs_alert_tag+0x10/0x10 [ 271.034456][ T6807] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.034491][ T6807] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 271.034538][ T6807] xfs_corruption_error+0x122/0x170 [ 271.034578][ T6807] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 271.034613][ T6807] xfs_alloc_fixup_trees+0x95e/0xd20 [ 271.034642][ T6807] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 271.034683][ T6807] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 271.034714][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.034743][ T6807] ? rcu_is_watching+0x15/0xb0 [ 271.034773][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6825] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216executing program [pid 6826] <... openat resumed>) = 3 [pid 6806] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6826] write(3, "1000", 4) = 4 [pid 6826] close(3) = 0 [pid 6826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6826] write(1, "executing program\n", 18) = 18 [pid 6826] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6826] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6828]}, 88) = 6828 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6826] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 271.034786][ T6827] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 271.034801][ T6807] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 271.034833][ T6807] ? rcu_is_watching+0x15/0xb0 [ 271.034870][ T6807] xfs_alloc_cur_finish+0xd3/0x4b0 [ 271.034898][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.034928][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.034961][ T6807] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 271.035017][ T6807] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [pid 6826] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6828 attached [ 271.035047][ T6807] ? xfs_group_grab+0x28/0x480 [ 271.035082][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.035110][ T6807] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 271.035149][ T6807] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 271.035196][ T6807] xfs_alloc_vextent_start_ag+0x388/0x850 [ 271.035235][ T6807] xfs_bmapi_allocate+0x188e/0x2e00 [ 271.035298][ T6807] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 271.035330][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.035380][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.035407][ T6807] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 271.035431][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.035458][ T6807] ? xfs_iext_prev+0x35a/0x370 [ 271.035496][ T6807] ? xfs_iext_get_extent+0x1bb/0x370 [ 271.035527][ T6807] xfs_bmapi_write+0x7df/0x1260 [ 271.035585][ T6807] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 271.035663][ T6807] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 271.035703][ T6807] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 271.035733][ T6807] ? kasan_save_track+0x4f/0x80 [pid 6828] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6807] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6828] <... rseq resumed>) = 0 [pid 6828] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6828] memfd_create("syzkaller", 0) = 3 [pid 6828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6807] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] exit_group(0) = ? [ 271.035759][ T6807] ? kasan_save_track+0x3e/0x80 [ 271.035783][ T6807] ? kasan_save_free_info+0x46/0x50 [ 271.035820][ T6807] ? kmem_cache_free+0x18f/0x400 [ 271.035848][ T6807] ? __xfs_trans_commit+0x3e0/0xbd0 [ 271.035873][ T6807] ? xfs_trans_roll+0x130/0x450 [ 271.035896][ T6807] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 271.035935][ T6807] xfs_attr_set_iter+0x2d4/0x4b70 [ 271.035969][ T6807] ? filename_setxattr+0x274/0x600 [ 271.036003][ T6807] ? path_setxattrat+0x364/0x3a0 [ 271.036024][ T6807] ? __x64_sys_lsetxattr+0xbf/0xe0 [pid 6807] <... futex resumed>) = ? [pid 6807] +++ exited with 0 +++ [pid 6806] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6806, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=79 /* 0.79 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 271.036075][ T6807] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 271.036136][ T6807] ? kasan_quarantine_put+0xdd/0x220 [ 271.036162][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.036190][ T6807] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.036230][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.036264][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.036291][ T6807] ? kmem_cache_free+0x18f/0x400 [ 271.036319][ T6807] ? __xfs_trans_commit+0x3e0/0xbd0 [ 271.036350][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6825] <... write resumed>) = 16777216 [ 271.036378][ T6807] ? __xfs_trans_commit+0x4c7/0xbd0 [ 271.036421][ T6807] xfs_attr_finish_item+0xed/0x320 [ 271.036460][ T6807] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 271.036496][ T6807] xfs_defer_finish_one+0x5c8/0xcf0 [ 271.036555][ T6807] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 271.036603][ T6807] xfs_defer_finish_noroll+0x910/0x12d0 [ 271.036642][ T6807] ? xfs_trans_commit+0x10b/0x1c0 [ 271.036673][ T6807] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 271.036707][ T6807] ? inode_set_ctime_current+0x740/0xb40 [pid 6825] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 271.036753][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.036783][ T6807] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 271.036822][ T6807] xfs_trans_commit+0x10b/0x1c0 [ 271.036848][ T6807] ? __pfx_xfs_trans_commit+0x10/0x10 [ 271.036879][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.036906][ T6807] ? xfs_trans_log_inode+0x12c/0x1a0 [ 271.036946][ T6807] xfs_attr_set+0xdc6/0x1210 [ 271.036994][ T6807] ? __pfx_xfs_attr_set+0x10/0x10 [ 271.037036][ T6807] ? xfs_attr_change+0x73/0x390 [ 271.037064][ T6807] ? xfs_da_hashname+0x59d/0x740 [ 271.037105][ T6807] ? xfs_attr_change+0x2ac/0x390 [ 271.037143][ T6807] xfs_xattr_set+0x14d/0x250 [ 271.037175][ T6807] ? __pfx_xfs_xattr_set+0x10/0x10 [ 271.037219][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.037246][ T6807] ? evm_protect_xattr+0x4d4/0xa90 [ 271.037273][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.037300][ T6807] ? rcu_is_watching+0x15/0xb0 [ 271.037334][ T6807] ? __pfx_evm_protect_xattr+0x10/0x10 [ 271.037361][ T6807] ? __pfx_xfs_xattr_set+0x10/0x10 [ 271.037388][ T6807] __vfs_setxattr+0x43c/0x480 [ 271.037435][ T6807] __vfs_setxattr_noperm+0x12d/0x660 [ 271.037478][ T6807] vfs_setxattr+0x16b/0x2f0 [ 271.037519][ T6807] ? __pfx_vfs_setxattr+0x10/0x10 [ 271.037548][ T6807] ? mnt_get_write_access+0x223/0x2a0 [ 271.037577][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.037611][ T6807] filename_setxattr+0x274/0x600 [ 271.037657][ T6807] ? __pfx_filename_setxattr+0x10/0x10 [ 271.037694][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.037722][ T6807] ? getname_flags+0x1e5/0x540 [pid 6825] ioctl(4, LOOP_SET_FD, 3 [pid 6828] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6827] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6827] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] exit_group(0 [pid 6827] <... futex resumed>) = ? [pid 6794] <... exit_group resumed>) = ? [pid 6827] +++ exited with 0 +++ [pid 6800] <... futex resumed>) = ? [pid 6800] +++ exited with 0 +++ [pid 6794] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6794, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=73 /* 0.73 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 271.037762][ T6807] path_setxattrat+0x364/0x3a0 [ 271.037798][ T6807] ? __pfx_path_setxattrat+0x10/0x10 [ 271.037862][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.037889][ T6807] ? rcu_is_watching+0x15/0xb0 [ 271.037925][ T6807] __x64_sys_lsetxattr+0xbf/0xe0 [ 271.037964][ T6807] do_syscall_64+0xfa/0x3b0 [ 271.037988][ T6807] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.038025][ T6807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.038049][ T6807] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.038076][ T6807] ? exc_page_fault+0x9f/0xf0 [ 271.038121][ T6807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.038145][ T6807] RIP: 0033:0x7f3cdbf794f9 [ 271.038167][ T6807] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 271.038188][ T6807] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 271.038213][ T6807] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 271.038232][ T6807] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 271.038250][ T6807] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 271.038267][ T6807] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 271.038284][ T6807] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 271.038322][ T6807] [ 271.038423][ T6807] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 271.067011][ T6827] CPU: 0 UID: 0 PID: 6827 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 5871] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6828] <... write resumed>) = 16777216 [pid 6825] <... ioctl resumed>) = 0 [ 271.067044][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.067060][ T6827] Call Trace: [ 271.067071][ T6827] [ 271.067081][ T6827] dump_stack_lvl+0x189/0x250 [ 271.067117][ T6827] ? __pfx__xfs_alert_tag+0x10/0x10 [ 271.067154][ T6827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.067189][ T6827] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 271.067235][ T6827] xfs_corruption_error+0x122/0x170 [ 271.067273][ T6827] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 6828] munmap(0x7f3cd3a00000, 138412032 [pid 6825] close(3) = 0 [pid 6825] close(4) = 0 [pid 6825] mkdir("./file1", 0777) = 0 [pid 6825] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6828] <... munmap resumed>) = 0 [ 271.067308][ T6827] xfs_alloc_fixup_trees+0x95e/0xd20 [ 271.067337][ T6827] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 271.067378][ T6827] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 271.067408][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.067436][ T6827] ? rcu_is_watching+0x15/0xb0 [ 271.067466][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.067493][ T6827] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 271.067524][ T6827] ? rcu_is_watching+0x15/0xb0 [ 271.067563][ T6827] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 6828] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 271.067592][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.067622][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.067656][ T6827] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 271.067712][ T6827] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 271.067741][ T6827] ? xfs_group_grab+0x28/0x480 [ 271.067777][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.067804][ T6827] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 271.067837][ T6827] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 271.067890][ T6827] xfs_alloc_vextent_start_ag+0x388/0x850 [ 271.067929][ T6827] xfs_bmapi_allocate+0x188e/0x2e00 [ 271.067993][ T6827] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 271.068024][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.068074][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.068101][ T6827] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 271.068124][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.068152][ T6827] ? xfs_iext_prev+0x35a/0x370 [ 271.068189][ T6827] ? xfs_iext_get_extent+0x1bb/0x370 [ 271.068220][ T6827] xfs_bmapi_write+0x7df/0x1260 [ 271.068278][ T6827] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 271.068354][ T6827] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 271.068395][ T6827] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 271.068425][ T6827] ? kasan_save_track+0x4f/0x80 [ 271.068451][ T6827] ? kasan_save_track+0x3e/0x80 [ 271.068474][ T6827] ? kasan_save_free_info+0x46/0x50 [ 271.068511][ T6827] ? kmem_cache_free+0x18f/0x400 [ 271.068538][ T6827] ? __xfs_trans_commit+0x3e0/0xbd0 [ 271.068563][ T6827] ? xfs_trans_roll+0x130/0x450 [ 271.068586][ T6827] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 6828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 6828] close(3) = 0 [pid 6828] close(4) = 0 [pid 6828] mkdir("./file1", 0777) = 0 [ 271.068626][ T6827] xfs_attr_set_iter+0x2d4/0x4b70 [ 271.068661][ T6827] ? filename_setxattr+0x274/0x600 [ 271.068693][ T6827] ? path_setxattrat+0x364/0x3a0 [ 271.068714][ T6827] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 271.068765][ T6827] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 271.068826][ T6827] ? kasan_quarantine_put+0xdd/0x220 [ 271.068852][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.068886][ T6827] ? lockdep_hardirqs_on+0x9c/0x150 [ 271.068926][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6828] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./21/file1", [pid 5871] newfstatat(AT_FDCWD, "./20/file1", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... openat resumed>) = 4 [pid 5871] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", [pid 5871] newfstatat(4, "", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, [pid 5871] getdents64(4, [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, [pid 5871] getdents64(4, [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4 [pid 5871] close(4 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5874] rmdir("./21/file1" [pid 5871] rmdir("./20/file1" [pid 5874] <... rmdir resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5874] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5871] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./21/binderfs" [pid 5871] unlink("./20/binderfs" [pid 5874] <... unlink resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5874] getdents64(3, [pid 5871] getdents64(3, [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3 [pid 5871] close(3 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5874] rmdir("./21") = 0 [pid 5871] rmdir("./20" [pid 5874] mkdir("./22", 0777) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] mkdir("./21", 0777 [pid 5874] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 5871] <... mkdir resumed>) = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] close(3 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 271.068959][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.068987][ T6827] ? kmem_cache_free+0x18f/0x400 [ 271.069014][ T6827] ? __xfs_trans_commit+0x3e0/0xbd0 [ 271.069046][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.069073][ T6827] ? __xfs_trans_commit+0x4c7/0xbd0 [ 271.069115][ T6827] xfs_attr_finish_item+0xed/0x320 [ 271.069155][ T6827] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 271.069191][ T6827] xfs_defer_finish_one+0x5c8/0xcf0 [ 271.069251][ T6827] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 271.069299][ T6827] xfs_defer_finish_noroll+0x910/0x12d0 [ 271.069338][ T6827] ? xfs_trans_commit+0x10b/0x1c0 [ 271.069369][ T6827] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 271.069402][ T6827] ? inode_set_ctime_current+0x740/0xb40 [ 271.069448][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.069476][ T6827] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 271.069515][ T6827] xfs_trans_commit+0x10b/0x1c0 [ 271.069542][ T6827] ? __pfx_xfs_trans_commit+0x10/0x10 [ 271.069573][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.069600][ T6827] ? xfs_trans_log_inode+0x12c/0x1a0 [ 271.069640][ T6827] xfs_attr_set+0xdc6/0x1210 [ 271.069688][ T6827] ? __pfx_xfs_attr_set+0x10/0x10 [ 271.069721][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.069748][ T6827] ? __lock_acquire+0xab9/0xd20 [ 271.069785][ T6827] ? xfs_da_hashname+0x59d/0x740 [ 271.069816][ T6827] ? do_raw_spin_lock+0x121/0x290 [ 271.069857][ T6827] ? xfs_attr_change+0x2ac/0x390 [ 271.069900][ T6827] xfs_xattr_set+0x14d/0x250 [ 271.069932][ T6827] ? __pfx_xfs_xattr_set+0x10/0x10 [ 271.069976][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.070004][ T6827] ? evm_protect_xattr+0x4d4/0xa90 [ 271.070031][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.070058][ T6827] ? rcu_is_watching+0x15/0xb0 [ 271.070091][ T6827] ? __pfx_evm_protect_xattr+0x10/0x10 [ 271.070119][ T6827] ? __pfx_xfs_xattr_set+0x10/0x10 [ 271.070146][ T6827] __vfs_setxattr+0x43c/0x480 [ 271.070195][ T6827] __vfs_setxattr_noperm+0x12d/0x660 [ 271.070238][ T6827] vfs_setxattr+0x16b/0x2f0 [ 271.070279][ T6827] ? __pfx_vfs_setxattr+0x10/0x10 [ 271.070309][ T6827] ? mnt_get_write_access+0x223/0x2a0 [ 271.070339][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.070372][ T6827] filename_setxattr+0x274/0x600 [ 271.070418][ T6827] ? __pfx_filename_setxattr+0x10/0x10 [ 271.070456][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.070483][ T6827] ? getname_flags+0x1e5/0x540 [ 271.070525][ T6827] path_setxattrat+0x364/0x3a0 [ 271.070561][ T6827] ? __pfx_path_setxattrat+0x10/0x10 [ 271.070626][ T6827] ? srso_alias_return_thunk+0x5/0xfbef5 [ 271.070653][ T6827] ? rcu_is_watching+0x15/0xb0 [ 271.070689][ T6827] __x64_sys_lsetxattr+0xbf/0xe0 [ 271.070729][ T6827] do_syscall_64+0xfa/0x3b0 [ 271.070757][ T6827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.070780][ T6827] ? __switch_to_asm+0x39/0x70 [ 271.070813][ T6827] ? __switch_to_asm+0x33/0x70 [ 271.070850][ T6827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.070880][ T6827] RIP: 0033:0x7f3cdbf794f9 [ 271.070904][ T6827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 271.070925][ T6827] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 271.070951][ T6827] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 271.070970][ T6827] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 271.070987][ T6827] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 271.071003][ T6827] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 271.071020][ T6827] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 271.071058][ T6827] [ 271.071069][ T6827] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 271.076309][ T6807] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 271.169672][ T6827] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 5871] close(3 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6836 [ 271.176553][ T6807] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 271.187248][ T6827] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 271.462998][ T6825] loop1: detected capacity change from 0 to 32768 [ 271.715607][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 271.768658][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 271.810060][ T6825] XFS: noikeep mount option is deprecated. [ 271.868413][ T6828] loop2: detected capacity change from 0 to 32768 [ 272.015969][ T6825] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 272.082081][ T6828] XFS: noikeep mount option is deprecated. ./strace-static-x86_64: Process 6836 attached [pid 5871] <... close resumed>) = 0 [pid 6836] set_robust_list(0x55555d962760, 24 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6836] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6838 attached [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6838 [pid 6836] chdir("./22" [pid 6838] set_robust_list(0x55555d962760, 24) = 0 [pid 6836] <... chdir resumed>) = 0 [pid 6838] chdir("./21" [pid 6836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6838] <... chdir resumed>) = 0 [pid 6838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6836] setpgid(0, 0 [pid 6838] <... prctl resumed>) = 0 [pid 6836] <... setpgid resumed>) = 0 [pid 6838] setpgid(0, 0 [pid 6836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6838] <... setpgid resumed>) = 0 [pid 6838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6838] write(3, "1000", 4 [pid 6836] write(3, "1000", 4 [pid 6838] <... write resumed>) = 4 [pid 6836] <... write resumed>) = 4 [pid 6838] close(3 [pid 6836] close(3 [pid 6838] <... close resumed>) = 0 [pid 6836] <... close resumed>) = 0 [pid 6838] symlink("/dev/binderfs", "./binderfs" [ 272.606496][ T6825] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 272.631473][ T6825] XFS (loop1): Starting recovery (logdev: internal) [pid 6836] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 6838] <... symlink resumed>) = 0 [pid 6836] <... symlink resumed>) = 0 [pid 6838] write(1, "executing program\n", 18 [pid 6836] write(1, "executing program\n", 18 [pid 6838] <... write resumed>) = 18 [pid 6836] <... write resumed>) = 18 [pid 6838] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = 0 [pid 6836] <... futex resumed>) = 0 [pid 6838] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6836] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6838] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6842]}, 88) = 6842 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6838] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6836] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6842 attached [pid 6825] <... mount resumed>) = 0 [pid 6842] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6825] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6842] <... rseq resumed>) = 0 [pid 6842] set_robust_list(0x7f3cdbf259a0, 24 [pid 6836] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6825] <... openat resumed>) = 3 [pid 6842] <... set_robust_list resumed>) = 0 [pid 6842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6836] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6825] chdir("./file1" [pid 6842] memfd_create("syzkaller", 0 [pid 6836] <... mprotect resumed>) = 0 [pid 6825] <... chdir resumed>) = 0 [pid 6842] <... memfd_create resumed>) = 3 [pid 6825] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 272.654082][ T6825] XFS (loop1): Ending recovery (logdev: internal) [pid 6836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6825] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6842] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6825] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6836] <... clone3 resumed> => {parent_tid=[6846]}, 88) = 6846 [pid 6825] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6824] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6846 attached [pid 6836] rt_sigprocmask(SIG_SETMASK, [], [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6825] <... openat resumed>) = 4 [pid 6846] <... rseq resumed>) = 0 [pid 6836] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] set_robust_list(0x7f3cdbf259a0, 24 [pid 6825] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... set_robust_list resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], [pid 6825] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] memfd_create("syzkaller", 0) = 3 [pid 6846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6825] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6825] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6825] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 272.684922][ T6828] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 272.715326][ T6828] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6824] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6825] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6825] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6824] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 272.745382][ T6825] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 272.780437][ T6828] XFS (loop2): Starting recovery (logdev: internal) [ 272.788118][ T6825] XFS (loop1): Unmount and run xfs_repair [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6825] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 272.812484][ T6825] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 272.827144][ T6825] CPU: 1 UID: 0 PID: 6825 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 272.827181][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 272.827198][ T6825] Call Trace: [ 272.827207][ T6825] [ 272.827218][ T6825] dump_stack_lvl+0x189/0x250 [ 272.827255][ T6825] ? __pfx__xfs_alert_tag+0x10/0x10 [ 272.827293][ T6825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.827327][ T6825] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 272.827375][ T6825] xfs_corruption_error+0x122/0x170 [ 272.827413][ T6825] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 272.827448][ T6825] xfs_alloc_fixup_trees+0x95e/0xd20 [ 272.827477][ T6825] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 272.827518][ T6825] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 6824] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6828] <... mount resumed>) = 0 [pid 6828] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6828] chdir("./file1") = 0 [pid 6828] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6828] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6828] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6828] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... futex resumed>) = 1 [ 272.827549][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.827577][ T6825] ? rcu_is_watching+0x15/0xb0 [ 272.827607][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.827635][ T6825] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 272.827666][ T6825] ? rcu_is_watching+0x15/0xb0 [ 272.827705][ T6825] xfs_alloc_cur_finish+0xd3/0x4b0 [ 272.827735][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.827765][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.827798][ T6825] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 272.827855][ T6825] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 272.827894][ T6825] ? xfs_group_grab+0x28/0x480 [ 272.827930][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.827958][ T6825] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 272.827991][ T6825] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 272.828039][ T6825] xfs_alloc_vextent_start_ag+0x388/0x850 [ 272.828078][ T6825] xfs_bmapi_allocate+0x188e/0x2e00 [ 272.828142][ T6825] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 272.828174][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.828222][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.828249][ T6825] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 272.828272][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.828300][ T6825] ? xfs_iext_prev+0x35a/0x370 [ 272.828338][ T6825] ? xfs_iext_get_extent+0x1bb/0x370 [ 272.828369][ T6825] xfs_bmapi_write+0x7df/0x1260 [ 272.828428][ T6825] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 272.828505][ T6825] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 272.828547][ T6825] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [pid 6828] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6828] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6828] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6826] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 272.828577][ T6825] ? kasan_save_track+0x4f/0x80 [ 272.828603][ T6825] ? kasan_save_track+0x3e/0x80 [ 272.828628][ T6825] ? kasan_save_free_info+0x46/0x50 [ 272.828665][ T6825] ? kmem_cache_free+0x18f/0x400 [ 272.828693][ T6825] ? __xfs_trans_commit+0x3e0/0xbd0 [ 272.828719][ T6825] ? xfs_trans_roll+0x130/0x450 [ 272.828743][ T6825] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 272.828788][ T6825] xfs_attr_set_iter+0x2d4/0x4b70 [ 272.828824][ T6825] ? filename_setxattr+0x274/0x600 [ 272.828858][ T6825] ? path_setxattrat+0x364/0x3a0 [ 272.828886][ T6825] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 272.828937][ T6825] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 272.828994][ T6825] ? kasan_quarantine_put+0xdd/0x220 [ 272.829020][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829049][ T6825] ? lockdep_hardirqs_on+0x9c/0x150 [ 272.829089][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829123][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829150][ T6825] ? kmem_cache_free+0x18f/0x400 [ 272.829178][ T6825] ? __xfs_trans_commit+0x3e0/0xbd0 [ 272.829209][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829237][ T6825] ? __xfs_trans_commit+0x4c7/0xbd0 [ 272.829281][ T6825] xfs_attr_finish_item+0xed/0x320 [ 272.829321][ T6825] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 272.829358][ T6825] xfs_defer_finish_one+0x5c8/0xcf0 [ 272.829419][ T6825] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 272.829469][ T6825] xfs_defer_finish_noroll+0x910/0x12d0 [ 272.829508][ T6825] ? xfs_trans_commit+0x10b/0x1c0 [ 272.829540][ T6825] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 6826] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... write resumed>) = 16777216 [pid 6826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6825] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6842] munmap(0x7f3cd3a00000, 138412032 [pid 6825] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 272.829573][ T6825] ? inode_set_ctime_current+0x740/0xb40 [ 272.829620][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829648][ T6825] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 272.829686][ T6825] xfs_trans_commit+0x10b/0x1c0 [ 272.829712][ T6825] ? __pfx_xfs_trans_commit+0x10/0x10 [ 272.829743][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829771][ T6825] ? xfs_trans_log_inode+0x12c/0x1a0 [ 272.829812][ T6825] xfs_attr_set+0xdc6/0x1210 [ 272.829861][ T6825] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6825] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6842] <... munmap resumed>) = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6824] exit_group(0 [pid 6842] <... openat resumed>) = 4 [pid 6824] <... exit_group resumed>) = ? [ 272.829903][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.829931][ T6825] ? __lock_acquire+0xab9/0xd20 [ 272.829967][ T6825] ? xfs_da_hashname+0x59d/0x740 [ 272.830000][ T6825] ? do_raw_spin_lock+0x121/0x290 [ 272.830042][ T6825] ? xfs_attr_change+0x2ac/0x390 [ 272.830076][ T6825] xfs_xattr_set+0x14d/0x250 [ 272.830108][ T6825] ? __pfx_xfs_xattr_set+0x10/0x10 [ 272.830152][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.830180][ T6825] ? evm_protect_xattr+0x4d4/0xa90 [ 272.830207][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6842] ioctl(4, LOOP_SET_FD, 3 [pid 6828] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6826] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6825] <... futex resumed>) = ? [pid 6826] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6825] +++ exited with 0 +++ [pid 6824] +++ exited with 0 +++ [pid 6826] <... mprotect resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6824, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=95 /* 0.95 s */} --- [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6849]}, 88) = 6849 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6826] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 6826] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6828] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6828] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6828] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 272.830235][ T6825] ? rcu_is_watching+0x15/0xb0 [ 272.830269][ T6825] ? __pfx_evm_protect_xattr+0x10/0x10 [ 272.830301][ T6825] ? __pfx_xfs_xattr_set+0x10/0x10 [ 272.830329][ T6825] __vfs_setxattr+0x43c/0x480 [ 272.830378][ T6825] __vfs_setxattr_noperm+0x12d/0x660 [ 272.830422][ T6825] vfs_setxattr+0x16b/0x2f0 [ 272.830466][ T6825] ? __pfx_vfs_setxattr+0x10/0x10 [ 272.830496][ T6825] ? mnt_get_write_access+0x223/0x2a0 [ 272.830527][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.830561][ T6825] filename_setxattr+0x274/0x600 [pid 5872] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 272.830608][ T6825] ? __pfx_filename_setxattr+0x10/0x10 [ 272.830646][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.830674][ T6825] ? getname_flags+0x1e5/0x540 [ 272.830715][ T6825] path_setxattrat+0x364/0x3a0 [ 272.830752][ T6825] ? __pfx_path_setxattrat+0x10/0x10 [ 272.830816][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.830844][ T6825] ? rcu_is_watching+0x15/0xb0 [ 272.830886][ T6825] __x64_sys_lsetxattr+0xbf/0xe0 [ 272.830927][ T6825] do_syscall_64+0xfa/0x3b0 [pid 6846] <... write resumed>) = 16777216 [ 272.830952][ T6825] ? lockdep_hardirqs_on+0x9c/0x150 [ 272.830991][ T6825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.831014][ T6825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 272.831042][ T6825] ? exc_page_fault+0x9f/0xf0 [ 272.831083][ T6825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.831106][ T6825] RIP: 0033:0x7f3cdbf794f9 [ 272.831130][ T6825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6846] munmap(0x7f3cd3a00000, 138412032) = 0 ./strace-static-x86_64: Process 6849 attached [pid 6846] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6849] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6846] <... openat resumed>) = 4 [pid 6849] <... rseq resumed>) = 0 [ 272.831151][ T6825] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 272.831178][ T6825] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 272.831197][ T6825] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 272.831216][ T6825] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 272.831232][ T6825] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 272.831248][ T6825] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [pid 6849] set_robust_list(0x7f3cdbf049a0, 24 [pid 6846] ioctl(4, LOOP_SET_FD, 3 [pid 6849] <... set_robust_list resumed>) = 0 [ 272.831287][ T6825] [ 272.831313][ T6825] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 272.847740][ T6828] XFS (loop2): Ending recovery (logdev: internal) [ 272.858915][ T6825] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 272.970860][ T6828] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6849] rt_sigprocmask(SIG_SETMASK, [], [pid 6842] <... ioctl resumed>) = 0 [pid 6849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] close(3 [pid 6849] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6842] <... close resumed>) = 0 [pid 6842] close(4) = 0 [ 273.074268][ T6825] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 273.186905][ T6828] XFS (loop2): Unmount and run xfs_repair [ 273.272473][ T6842] loop0: detected capacity change from 0 to 32768 [ 273.519254][ T6846] loop3: detected capacity change from 0 to 32768 [ 273.589430][ T6849] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 273.604737][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6842] mkdir("./file1", 0777) = 0 [pid 6842] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6846] <... ioctl resumed>) = 0 [pid 6846] close(3) = 0 [ 273.614131][ T6842] XFS: noikeep mount option is deprecated. [ 273.614635][ T6849] CPU: 0 UID: 0 PID: 6849 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 273.614666][ T6849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.614682][ T6849] Call Trace: [ 273.614693][ T6849] [ 273.614703][ T6849] dump_stack_lvl+0x189/0x250 [ 273.614738][ T6849] ? __pfx__xfs_alert_tag+0x10/0x10 [ 273.614775][ T6849] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6846] close(4) = 0 [pid 6846] mkdir("./file1", 0777) = 0 [ 273.614809][ T6849] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 273.614860][ T6849] xfs_corruption_error+0x122/0x170 [ 273.614898][ T6849] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 273.614939][ T6849] xfs_alloc_fixup_trees+0x95e/0xd20 [ 273.614967][ T6849] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 273.615008][ T6849] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 273.615038][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615067][ T6849] ? rcu_is_watching+0x15/0xb0 [ 273.615097][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615124][ T6849] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 273.615155][ T6849] ? rcu_is_watching+0x15/0xb0 [ 273.615194][ T6849] xfs_alloc_cur_finish+0xd3/0x4b0 [ 273.615223][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615253][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615286][ T6849] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 273.615343][ T6849] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 273.615372][ T6849] ? xfs_group_grab+0x28/0x480 [ 273.615408][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615435][ T6849] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 273.615468][ T6849] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 273.615515][ T6849] xfs_alloc_vextent_start_ag+0x388/0x850 [ 273.615554][ T6849] xfs_bmapi_allocate+0x188e/0x2e00 [ 273.615618][ T6849] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 273.615650][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615699][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615727][ T6849] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 273.615750][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.615778][ T6849] ? xfs_iext_prev+0x35a/0x370 [ 273.615814][ T6849] ? xfs_iext_get_extent+0x1bb/0x370 [ 273.615845][ T6849] xfs_bmapi_write+0x7df/0x1260 [ 273.615903][ T6849] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 273.615985][ T6849] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 273.616026][ T6849] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 273.616056][ T6849] ? kasan_save_track+0x4f/0x80 [ 273.616082][ T6849] ? kasan_save_track+0x3e/0x80 [ 273.616106][ T6849] ? kasan_save_free_info+0x46/0x50 [ 273.616142][ T6849] ? kmem_cache_free+0x18f/0x400 [ 273.616170][ T6849] ? __xfs_trans_commit+0x3e0/0xbd0 [ 273.616194][ T6849] ? xfs_trans_roll+0x130/0x450 [ 273.616217][ T6849] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 273.616256][ T6849] xfs_attr_set_iter+0x2d4/0x4b70 [ 273.616290][ T6849] ? filename_setxattr+0x274/0x600 [ 273.616322][ T6849] ? path_setxattrat+0x364/0x3a0 [ 273.616344][ T6849] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 273.616395][ T6849] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 273.616451][ T6849] ? kasan_quarantine_put+0xdd/0x220 [pid 6846] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6849] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6849] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] exit_group(0 [pid 6849] <... futex resumed>) = 0 [pid 6828] <... futex resumed>) = ? [pid 6826] <... exit_group resumed>) = ? [pid 6849] +++ exited with 0 +++ [pid 6828] +++ exited with 0 +++ [pid 6826] +++ exited with 0 +++ [pid 5872] <... umount2 resumed>) = 0 [ 273.616476][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.616504][ T6849] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.616543][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.616577][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.616604][ T6849] ? kmem_cache_free+0x18f/0x400 [ 273.616631][ T6849] ? __xfs_trans_commit+0x3e0/0xbd0 [ 273.616662][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.616689][ T6849] ? __xfs_trans_commit+0x4c7/0xbd0 [ 273.616732][ T6849] xfs_attr_finish_item+0xed/0x320 [pid 5872] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6826, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=144 /* 1.44 s */} --- [pid 5873] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./21/file1") = 0 [ 273.616771][ T6849] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 273.616808][ T6849] xfs_defer_finish_one+0x5c8/0xcf0 [ 273.616866][ T6849] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 273.616915][ T6849] xfs_defer_finish_noroll+0x910/0x12d0 [ 273.616957][ T6849] ? xfs_trans_commit+0x10b/0x1c0 [ 273.616989][ T6849] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 273.617022][ T6849] ? inode_set_ctime_current+0x740/0xb40 [ 273.617068][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617095][ T6849] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 5872] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./21/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./21") = 0 [pid 5872] mkdir("./22", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 273.617135][ T6849] xfs_trans_commit+0x10b/0x1c0 [ 273.617161][ T6849] ? __pfx_xfs_trans_commit+0x10/0x10 [ 273.617192][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617219][ T6849] ? xfs_trans_log_inode+0x12c/0x1a0 [ 273.617259][ T6849] xfs_attr_set+0xdc6/0x1210 [ 273.617307][ T6849] ? __pfx_xfs_attr_set+0x10/0x10 [ 273.617340][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617368][ T6849] ? __lock_acquire+0xab9/0xd20 [ 273.617404][ T6849] ? xfs_da_hashname+0x59d/0x740 [ 273.617435][ T6849] ? do_raw_spin_lock+0x121/0x290 [ 273.617477][ T6849] ? xfs_attr_change+0x2ac/0x390 [ 273.617510][ T6849] xfs_xattr_set+0x14d/0x250 [ 273.617542][ T6849] ? __pfx_xfs_xattr_set+0x10/0x10 [ 273.617586][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617613][ T6849] ? evm_protect_xattr+0x4d4/0xa90 [ 273.617640][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617668][ T6849] ? rcu_is_watching+0x15/0xb0 [ 273.617700][ T6849] ? __pfx_evm_protect_xattr+0x10/0x10 [ 273.617728][ T6849] ? __pfx_xfs_xattr_set+0x10/0x10 [ 273.617755][ T6849] __vfs_setxattr+0x43c/0x480 [ 273.617803][ T6849] __vfs_setxattr_noperm+0x12d/0x660 [ 273.617845][ T6849] vfs_setxattr+0x16b/0x2f0 [ 273.617886][ T6849] ? __pfx_vfs_setxattr+0x10/0x10 [ 273.617916][ T6849] ? mnt_get_write_access+0x223/0x2a0 [ 273.617950][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.617984][ T6849] filename_setxattr+0x274/0x600 [ 273.618030][ T6849] ? __pfx_filename_setxattr+0x10/0x10 [ 273.618068][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.618095][ T6849] ? getname_flags+0x1e5/0x540 [ 273.618135][ T6849] path_setxattrat+0x364/0x3a0 [ 273.618172][ T6849] ? __pfx_path_setxattrat+0x10/0x10 [ 273.618237][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.618274][ T6849] __x64_sys_lsetxattr+0xbf/0xe0 [ 273.618313][ T6849] do_syscall_64+0xfa/0x3b0 [ 273.618337][ T6849] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.618373][ T6849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.618397][ T6849] ? srso_alias_return_thunk+0x5/0xfbef5 [ 273.618424][ T6849] ? exc_page_fault+0x9f/0xf0 [ 273.618463][ T6849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.618486][ T6849] RIP: 0033:0x7f3cdbf794f9 [ 273.618508][ T6849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 273.618528][ T6849] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 273.618554][ T6849] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 273.618572][ T6849] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 273.618590][ T6849] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 273.618606][ T6849] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 273.618623][ T6849] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 273.618661][ T6849] [ 273.619078][ T6849] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 273.682820][ T6846] XFS: noikeep mount option is deprecated. [pid 5872] close(3) = 0 [ 273.685607][ T6849] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 273.852309][ T6842] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 273.853953][ T6849] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 273.927740][ T6846] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 273.961346][ T6842] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6866 attached [pid 6866] set_robust_list(0x55555d962760, 24 [pid 5873] <... umount2 resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6866 [pid 6866] <... set_robust_list resumed>) = 0 [pid 5873] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6866] chdir("./22" [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./21/file1", [pid 6866] <... chdir resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5873] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6866] <... prctl resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6866] setpgid(0, 0 [pid 5873] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6866] <... setpgid resumed>) = 0 [pid 6866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5873] newfstatat(4, "", [pid 6866] <... openat resumed>) = 3 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6866] write(3, "1000", 4 [pid 5873] getdents64(4, [pid 6866] <... write resumed>) = 4 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6866] close(3 [pid 5873] close(4 [pid 6866] <... close resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 6866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] rmdir("./21/file1") = 0 executing program [pid 6866] write(1, "executing program\n", 18) = 18 [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5873] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6866] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5873] newfstatat(AT_FDCWD, "./21/binderfs", [pid 6866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6866] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5873] unlink("./21/binderfs" [pid 6866] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5873] <... unlink resumed>) = 0 [pid 6866] <... mprotect resumed>) = 0 [ 274.026144][ T6846] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 274.038092][ T6842] XFS (loop0): Starting recovery (logdev: internal) [ 274.080477][ T6846] XFS (loop3): Starting recovery (logdev: internal) [ 274.149135][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 274.365871][ T6846] XFS (loop3): Ending recovery (logdev: internal) [pid 6866] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6846] <... mount resumed>) = 0 [pid 5873] getdents64(3, [pid 6846] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6846] <... openat resumed>) = 3 [pid 5873] close(3 [pid 6846] chdir("./file1" [pid 5873] <... close resumed>) = 0 [pid 6846] <... chdir resumed>) = 0 [pid 5873] rmdir("./21" [pid 6846] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6842] <... mount resumed>) = 0 [pid 5873] <... rmdir resumed>) = 0 [pid 6846] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6866] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6846] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] mkdir("./22", 0777 [pid 6842] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6846] <... futex resumed>) = 1 [pid 6836] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6867 attached [pid 6846] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6842] <... openat resumed>) = 3 [pid 6836] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... mkdir resumed>) = 0 [pid 6866] <... clone3 resumed> => {parent_tid=[6867]}, 88) = 6867 [pid 6846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6866] rt_sigprocmask(SIG_SETMASK, [], [pid 6846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5873] <... openat resumed>) = 3 [pid 6866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6866] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 6867] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6846] <... openat resumed>) = 4 [pid 6842] chdir("./file1" [pid 6836] <... futex resumed>) = 0 [pid 5873] close(3 [pid 6867] <... rseq resumed>) = 0 [pid 6846] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] set_robust_list(0x7f3cdbf259a0, 24 [pid 6846] <... futex resumed>) = 0 [pid 6842] <... chdir resumed>) = 0 [pid 6836] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... set_robust_list resumed>) = 0 [pid 6846] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6842] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6867] rt_sigprocmask(SIG_SETMASK, [], [pid 6836] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 0 [pid 6836] <... futex resumed>) = 1 [pid 6846] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6842] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6836] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] memfd_create("syzkaller", 0 [pid 6842] <... futex resumed>) = 1 [pid 6838] <... futex resumed>) = 0 [ 274.414255][ T6842] XFS (loop0): Ending recovery (logdev: internal) [pid 6842] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... memfd_create resumed>) = 3 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6838] <... futex resumed>) = 0 [pid 6867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6838] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6842] <... openat resumed>) = 4 [pid 6846] <... pwritev2 resumed>) = 65007 [pid 6842] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 1 [pid 6838] <... futex resumed>) = 0 [pid 6838] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 1 [pid 6842] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6838] <... futex resumed>) = 0 [pid 6836] <... futex resumed>) = 0 [pid 6838] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6836] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... pwritev2 resumed>) = 65007 [pid 6842] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6838] <... futex resumed>) = 0 [pid 6842] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6838] <... futex resumed>) = 0 [pid 6842] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6838] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6836] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6836] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6868 attached => {parent_tid=[6868]}, 88) = 6868 [pid 6836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6836] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 274.484137][ T6846] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 274.511273][ T6842] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 274.527350][ T6846] XFS (loop3): Unmount and run xfs_repair [pid 6836] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6868] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6868] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6868] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6846] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6838] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6838] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 6869 attached => {parent_tid=[6869]}, 88) = 6869 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6838] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6838] <... futex resumed>) = 0 [pid 6842] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... futex resumed>) = 0 [ 274.547199][ T6842] XFS (loop0): Unmount and run xfs_repair [ 274.560427][ T6868] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 274.596416][ T6868] CPU: 1 UID: 0 PID: 6868 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 274.596453][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.596470][ T6868] Call Trace: [ 274.596480][ T6868] [ 274.596492][ T6868] dump_stack_lvl+0x189/0x250 [ 274.596533][ T6868] ? __pfx__xfs_alert_tag+0x10/0x10 [ 274.596572][ T6868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.596607][ T6868] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 274.596654][ T6868] xfs_corruption_error+0x122/0x170 [ 274.596693][ T6868] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 274.596728][ T6868] xfs_alloc_fixup_trees+0x95e/0xd20 [ 274.596757][ T6868] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 274.596799][ T6868] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 274.596829][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.596858][ T6868] ? rcu_is_watching+0x15/0xb0 [ 274.596888][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.596916][ T6868] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 274.596947][ T6868] ? rcu_is_watching+0x15/0xb0 [ 274.596986][ T6868] xfs_alloc_cur_finish+0xd3/0x4b0 [ 274.597019][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597049][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597083][ T6868] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 274.597146][ T6868] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 274.597176][ T6868] ? xfs_group_grab+0x28/0x480 [ 274.597212][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597240][ T6868] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 274.597274][ T6868] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 274.597322][ T6868] xfs_alloc_vextent_start_ag+0x388/0x850 [ 274.597360][ T6868] xfs_bmapi_allocate+0x188e/0x2e00 [ 274.597425][ T6868] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 274.597458][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597508][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597536][ T6868] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 274.597560][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.597588][ T6868] ? xfs_iext_prev+0x35a/0x370 [ 274.597626][ T6868] ? xfs_iext_get_extent+0x1bb/0x370 [ 274.597657][ T6868] xfs_bmapi_write+0x7df/0x1260 [ 274.597716][ T6868] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 274.597794][ T6868] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 274.597835][ T6868] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 274.597866][ T6868] ? kasan_save_track+0x4f/0x80 [ 274.597891][ T6868] ? kasan_save_track+0x3e/0x80 [ 274.597916][ T6868] ? kasan_save_free_info+0x46/0x50 [ 274.597953][ T6868] ? kmem_cache_free+0x18f/0x400 [ 274.597982][ T6868] ? __xfs_trans_commit+0x3e0/0xbd0 [ 274.598007][ T6868] ? xfs_trans_roll+0x130/0x450 [ 274.598031][ T6868] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 274.598071][ T6868] xfs_attr_set_iter+0x2d4/0x4b70 [ 274.598105][ T6868] ? filename_setxattr+0x274/0x600 [ 274.598143][ T6868] ? path_setxattrat+0x364/0x3a0 [ 274.598165][ T6868] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 274.598217][ T6868] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 274.598273][ T6868] ? kasan_quarantine_put+0xdd/0x220 [ 274.598299][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.598327][ T6868] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.598367][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.598401][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.598429][ T6868] ? kmem_cache_free+0x18f/0x400 [ 274.598457][ T6868] ? __xfs_trans_commit+0x3e0/0xbd0 [ 274.598488][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.598516][ T6868] ? __xfs_trans_commit+0x4c7/0xbd0 [ 274.598543][ T6868] ? xfs_trans_dup+0xc3/0x5f0 [ 274.598582][ T6868] xfs_attr_finish_item+0xed/0x320 [ 274.598623][ T6868] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 274.598660][ T6868] xfs_defer_finish_one+0x5c8/0xcf0 [ 274.598720][ T6868] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 274.598769][ T6868] xfs_defer_finish_noroll+0x910/0x12d0 [ 274.598808][ T6868] ? xfs_trans_commit+0x10b/0x1c0 [ 274.598839][ T6868] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 274.598873][ T6868] ? inode_set_ctime_current+0x740/0xb40 [ 274.598921][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.598949][ T6868] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 274.598988][ T6868] xfs_trans_commit+0x10b/0x1c0 [ 274.599015][ T6868] ? __pfx_xfs_trans_commit+0x10/0x10 [ 274.599046][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599073][ T6868] ? xfs_trans_log_inode+0x12c/0x1a0 [ 274.599113][ T6868] xfs_attr_set+0xdc6/0x1210 [ 274.599166][ T6868] ? __pfx_xfs_attr_set+0x10/0x10 [ 274.599200][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599227][ T6868] ? __lock_acquire+0xab9/0xd20 [ 274.599263][ T6868] ? xfs_da_hashname+0x59d/0x740 [ 274.599295][ T6868] ? do_raw_spin_lock+0x121/0x290 [ 274.599338][ T6868] ? xfs_attr_change+0x2ac/0x390 [ 274.599372][ T6868] xfs_xattr_set+0x14d/0x250 [ 274.599404][ T6868] ? __pfx_xfs_xattr_set+0x10/0x10 [ 274.599448][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599476][ T6868] ? evm_protect_xattr+0x4d4/0xa90 [ 274.599503][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599532][ T6868] ? rcu_is_watching+0x15/0xb0 [ 274.599565][ T6868] ? __pfx_evm_protect_xattr+0x10/0x10 [ 274.599593][ T6868] ? __pfx_xfs_xattr_set+0x10/0x10 [ 274.599620][ T6868] __vfs_setxattr+0x43c/0x480 [ 274.599668][ T6868] __vfs_setxattr_noperm+0x12d/0x660 [ 274.599711][ T6868] vfs_setxattr+0x16b/0x2f0 [ 274.599753][ T6868] ? __pfx_vfs_setxattr+0x10/0x10 [ 274.599782][ T6868] ? mnt_get_write_access+0x223/0x2a0 [ 274.599812][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599846][ T6868] filename_setxattr+0x274/0x600 [ 274.599892][ T6868] ? __pfx_filename_setxattr+0x10/0x10 [ 274.599931][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.599958][ T6868] ? getname_flags+0x1e5/0x540 [ 274.599999][ T6868] path_setxattrat+0x364/0x3a0 [ 274.600035][ T6868] ? __pfx_path_setxattrat+0x10/0x10 [ 274.600100][ T6868] ? srso_alias_return_thunk+0x5/0xfbef5 [ 274.600132][ T6868] ? rcu_is_watching+0x15/0xb0 [ 274.600168][ T6868] __x64_sys_lsetxattr+0xbf/0xe0 [ 274.600209][ T6868] do_syscall_64+0xfa/0x3b0 [ 274.600235][ T6868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.600259][ T6868] ? __switch_to_asm+0x39/0x70 [ 274.600292][ T6868] ? __switch_to_asm+0x33/0x70 [ 274.600329][ T6868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.600353][ T6868] RIP: 0033:0x7f3cdbf794f9 [ 274.600374][ T6868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 274.600395][ T6868] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 274.600420][ T6868] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 274.600439][ T6868] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 274.600458][ T6868] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 6842] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6869] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6867] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6869] <... rseq resumed>) = 0 [pid 6869] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6869] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5873] <... close resumed>) = 0 [ 274.600474][ T6868] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 274.600491][ T6868] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 274.600530][ T6868] [ 275.272234][ T6868] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 275.280819][ T6868] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 275.297597][ T6868] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 275.307286][ T6869] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 275.321148][ T6869] CPU: 1 UID: 0 PID: 6869 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 275.321183][ T6869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 275.321200][ T6869] Call Trace: [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6870 attached [pid 6868] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6867] <... write resumed>) = 16777216 [pid 6838] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6867] munmap(0x7f3cd3a00000, 138412032 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6870 [ 275.321210][ T6869] [ 275.321221][ T6869] dump_stack_lvl+0x189/0x250 [ 275.321257][ T6869] ? __pfx__xfs_alert_tag+0x10/0x10 [ 275.321296][ T6869] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.321331][ T6869] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 275.321379][ T6869] xfs_corruption_error+0x122/0x170 [ 275.321420][ T6869] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 275.321455][ T6869] xfs_alloc_fixup_trees+0x95e/0xd20 [ 275.321485][ T6869] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 275.321526][ T6869] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 6868] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] set_robust_list(0x55555d962760, 24 [pid 6868] <... futex resumed>) = 0 [pid 6870] <... set_robust_list resumed>) = 0 [pid 6868] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] chdir("./22") = 0 [pid 6870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6870] setpgid(0, 0) = 0 [pid 6870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6870] write(3, "1000", 4) = 4 [pid 6870] close(3) = 0 [pid 6870] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6870] write(1, "executing program\n", 18) = 18 [pid 6870] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6870] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6871 attached => {parent_tid=[6871]}, 88) = 6871 [pid 6870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6870] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6871] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6871] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6871] memfd_create("syzkaller", 0 [pid 6867] <... munmap resumed>) = 0 [pid 6871] <... memfd_create resumed>) = 3 [pid 6867] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6836] exit_group(0 [pid 6868] <... futex resumed>) = ? [pid 6836] <... exit_group resumed>) = ? [pid 6868] +++ exited with 0 +++ [pid 6871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6867] <... openat resumed>) = 4 [ 275.321558][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.321588][ T6869] ? rcu_is_watching+0x15/0xb0 [ 275.321618][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.321647][ T6869] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 275.321679][ T6869] ? rcu_is_watching+0x15/0xb0 [ 275.321718][ T6869] xfs_alloc_cur_finish+0xd3/0x4b0 [ 275.321748][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.321779][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6871] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6867] ioctl(4, LOOP_SET_FD, 3 [pid 6846] <... futex resumed>) = ? [pid 6846] +++ exited with 0 +++ [pid 6836] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6836, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=59 /* 0.59 s */} --- [ 275.321813][ T6869] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 275.321870][ T6869] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 275.321900][ T6869] ? xfs_group_grab+0x28/0x480 [ 275.321937][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.321965][ T6869] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 275.321999][ T6869] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 275.322048][ T6869] xfs_alloc_vextent_start_ag+0x388/0x850 [ 275.322087][ T6869] xfs_bmapi_allocate+0x188e/0x2e00 [ 275.322158][ T6869] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6867] <... ioctl resumed>) = 0 [pid 6867] close(3) = 0 [pid 6867] close(4) = 0 [ 275.322192][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.322243][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.322271][ T6869] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 275.322295][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.322324][ T6869] ? xfs_iext_prev+0x35a/0x370 [ 275.322363][ T6869] ? xfs_iext_get_extent+0x1bb/0x370 [ 275.322394][ T6869] xfs_bmapi_write+0x7df/0x1260 [ 275.322454][ T6869] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 275.322533][ T6869] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 275.322575][ T6869] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 275.322606][ T6869] ? kasan_save_track+0x4f/0x80 [ 275.322632][ T6869] ? kasan_save_track+0x3e/0x80 [ 275.322658][ T6869] ? kasan_save_free_info+0x46/0x50 [ 275.322695][ T6869] ? kmem_cache_free+0x18f/0x400 [ 275.322725][ T6869] ? __xfs_trans_commit+0x3e0/0xbd0 [ 275.322751][ T6869] ? xfs_trans_roll+0x130/0x450 [ 275.322775][ T6869] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 275.322815][ T6869] xfs_attr_set_iter+0x2d4/0x4b70 [ 275.322850][ T6869] ? filename_setxattr+0x274/0x600 [pid 6867] mkdir("./file1", 0777) = 0 [pid 6867] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6871] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6869] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 275.322884][ T6869] ? path_setxattrat+0x364/0x3a0 [ 275.322906][ T6869] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 275.322958][ T6869] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 275.323015][ T6869] ? kasan_quarantine_put+0xdd/0x220 [ 275.323041][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323070][ T6869] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.323112][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323152][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323181][ T6869] ? kmem_cache_free+0x18f/0x400 [ 275.323209][ T6869] ? __xfs_trans_commit+0x3e0/0xbd0 [ 275.323240][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323269][ T6869] ? __xfs_trans_commit+0x4c7/0xbd0 [ 275.323312][ T6869] xfs_attr_finish_item+0xed/0x320 [ 275.323353][ T6869] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 275.323391][ T6869] xfs_defer_finish_one+0x5c8/0xcf0 [ 275.323450][ T6869] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 275.323500][ T6869] xfs_defer_finish_noroll+0x910/0x12d0 [ 275.323540][ T6869] ? xfs_trans_commit+0x10b/0x1c0 [ 275.323572][ T6869] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 275.323607][ T6869] ? inode_set_ctime_current+0x740/0xb40 [ 275.323655][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323683][ T6869] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 275.323724][ T6869] xfs_trans_commit+0x10b/0x1c0 [ 275.323751][ T6869] ? __pfx_xfs_trans_commit+0x10/0x10 [ 275.323784][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323812][ T6869] ? xfs_trans_log_inode+0x12c/0x1a0 [ 275.323853][ T6869] xfs_attr_set+0xdc6/0x1210 [ 275.323902][ T6869] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6871] <... write resumed>) = 16777216 [ 275.323936][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.323965][ T6869] ? __lock_acquire+0xab9/0xd20 [ 275.324001][ T6869] ? xfs_da_hashname+0x59d/0x740 [ 275.324034][ T6869] ? do_raw_spin_lock+0x121/0x290 [ 275.324077][ T6869] ? xfs_attr_change+0x2ac/0x390 [ 275.324112][ T6869] xfs_xattr_set+0x14d/0x250 [ 275.324152][ T6869] ? __pfx_xfs_xattr_set+0x10/0x10 [ 275.324197][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.324226][ T6869] ? evm_protect_xattr+0x4d4/0xa90 [pid 6871] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6871] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 275.324253][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.324282][ T6869] ? rcu_is_watching+0x15/0xb0 [ 275.324316][ T6869] ? __pfx_evm_protect_xattr+0x10/0x10 [ 275.324345][ T6869] ? __pfx_xfs_xattr_set+0x10/0x10 [ 275.324373][ T6869] __vfs_setxattr+0x43c/0x480 [ 275.324422][ T6869] __vfs_setxattr_noperm+0x12d/0x660 [ 275.324466][ T6869] vfs_setxattr+0x16b/0x2f0 [ 275.324508][ T6869] ? __pfx_vfs_setxattr+0x10/0x10 [ 275.324539][ T6869] ? mnt_get_write_access+0x223/0x2a0 [ 275.324570][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.324604][ T6869] filename_setxattr+0x274/0x600 [ 275.324652][ T6869] ? __pfx_filename_setxattr+0x10/0x10 [ 275.324691][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.324719][ T6869] ? getname_flags+0x1e5/0x540 [ 275.324761][ T6869] path_setxattrat+0x364/0x3a0 [ 275.324798][ T6869] ? __pfx_path_setxattrat+0x10/0x10 [ 275.324863][ T6869] ? srso_alias_return_thunk+0x5/0xfbef5 [ 275.324892][ T6869] ? rcu_is_watching+0x15/0xb0 [ 275.324928][ T6869] __x64_sys_lsetxattr+0xbf/0xe0 [ 275.324969][ T6869] do_syscall_64+0xfa/0x3b0 [ 275.324997][ T6869] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.325021][ T6869] ? __switch_to_asm+0x39/0x70 [ 275.325054][ T6869] ? __switch_to_asm+0x33/0x70 [ 275.325093][ T6869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.325117][ T6869] RIP: 0033:0x7f3cdbf794f9 [ 275.325144][ T6869] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6871] ioctl(4, LOOP_SET_FD, 3 [pid 6869] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] exit_group(0) = ? [ 275.325165][ T6869] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 275.325191][ T6869] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 275.325211][ T6869] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 275.325229][ T6869] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 275.325245][ T6869] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 275.325263][ T6869] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 275.325302][ T6869] [ 275.325313][ T6869] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 275.443582][ T6867] loop1: detected capacity change from 0 to 32768 [ 275.467961][ T6869] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 275.556688][ T6867] XFS: noikeep mount option is deprecated. [ 275.560635][ T6869] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 275.565615][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6869] +++ exited with 0 +++ [pid 6842] <... futex resumed>) = ? [pid 6842] +++ exited with 0 +++ [pid 6838] +++ exited with 0 +++ [pid 6871] <... ioctl resumed>) = 0 [pid 6871] close(3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6838, si_uid=0, si_status=0, si_utime=0, si_stime=92 /* 0.92 s */} --- [pid 6871] <... close resumed>) = 0 [pid 6871] close(4) = 0 [pid 5871] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6871] mkdir("./file1", 0777 [pid 5871] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6871] <... mkdir resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 275.821015][ T6871] loop2: detected capacity change from 0 to 32768 [ 276.091410][ T6871] XFS: noikeep mount option is deprecated. [ 276.100733][ T6867] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6871] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", [pid 5874] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./22/file1", [pid 5871] getdents64(4, [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5874] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5874] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", [pid 5871] rmdir("./21/file1" [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] getdents64(4, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5874] close(4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./22/file1") = 0 [pid 5871] unlink("./21/binderfs") = 0 [pid 5874] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5874] unlink("./22/binderfs" [pid 5871] rmdir("./21" [pid 5874] <... unlink resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [ 276.138320][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 276.168609][ T6871] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] mkdir("./22", 0777 [pid 5874] close(3 [pid 5871] <... mkdir resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./22") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] mkdir("./23", 0777 [pid 5871] <... openat resumed>) = 3 [pid 5874] <... mkdir resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 276.304593][ T6867] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 276.336244][ T6867] XFS (loop1): Starting recovery (logdev: internal) [ 276.357370][ T6871] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5874] close(3 [pid 6867] <... mount resumed>) = 0 [pid 6867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6867] chdir("./file1") = 0 [pid 6867] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6867] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6866] <... futex resumed>) = 1 [pid 6867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... openat resumed>) = 4 [pid 6867] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 276.439980][ T6867] XFS (loop1): Ending recovery (logdev: internal) [ 276.458122][ T6871] XFS (loop2): Starting recovery (logdev: internal) [pid 6867] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6867] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] <... futex resumed>) = 0 [pid 6867] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6867] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6867] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6866] <... futex resumed>) = 1 [pid 6867] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 276.538281][ T6867] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 276.571690][ T6867] XFS (loop1): Unmount and run xfs_repair [pid 6866] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 276.594505][ T6867] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 276.629199][ T6867] CPU: 0 UID: 0 PID: 6867 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 276.629238][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 276.629255][ T6867] Call Trace: [ 276.629265][ T6867] [ 276.629277][ T6867] dump_stack_lvl+0x189/0x250 [ 276.629314][ T6867] ? __pfx__xfs_alert_tag+0x10/0x10 [ 276.629352][ T6867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.629387][ T6867] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 276.629434][ T6867] xfs_corruption_error+0x122/0x170 [ 276.629473][ T6867] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6888 attached [pid 6888] set_robust_list(0x55555d962760, 24) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6888 [pid 6888] chdir("./23") = 0 [pid 6888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6888] setpgid(0, 0) = 0 [pid 6888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6888] write(3, "1000", 4) = 4 [pid 6888] close(3) = 0 [pid 6888] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 6889 attached executing program [pid 6888] write(1, "executing program\n", 18 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6889 [pid 6889] set_robust_list(0x55555d962760, 24 [pid 6888] <... write resumed>) = 18 [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... set_robust_list resumed>) = 0 [pid 6889] chdir("./22" [pid 6888] <... futex resumed>) = 0 [pid 6889] <... chdir resumed>) = 0 [pid 6889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6888] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6889] <... prctl resumed>) = 0 [pid 6888] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6889] setpgid(0, 0 [pid 6888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6889] <... setpgid resumed>) = 0 [pid 6889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6888] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 276.629508][ T6867] xfs_alloc_fixup_trees+0x95e/0xd20 [ 276.629537][ T6867] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 276.629578][ T6867] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 276.629608][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.629637][ T6867] ? rcu_is_watching+0x15/0xb0 [ 276.629668][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.629696][ T6867] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 276.629727][ T6867] ? rcu_is_watching+0x15/0xb0 [ 276.629765][ T6867] xfs_alloc_cur_finish+0xd3/0x4b0 [ 276.629795][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.629825][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.629858][ T6867] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 276.629923][ T6867] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 276.629953][ T6867] ? xfs_group_grab+0x28/0x480 [ 276.629989][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.630018][ T6867] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 276.630052][ T6867] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 276.630100][ T6867] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 6888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6889] <... openat resumed>) = 3 [pid 6889] write(3, "1000", 4 [pid 6888] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6890]}, 88) = 6890 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... write resumed>) = 4 [pid 6888] <... futex resumed>) = 0 [pid 6889] close(3 [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6889] <... close resumed>) = 0 [pid 6889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6889] write(1, "executing program\n", 18) = 18 [pid 6889] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 ./strace-static-x86_64: Process 6890 attached [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6890] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6889] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6889] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6890] <... rseq resumed>) = 0 [pid 6889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6890] set_robust_list(0x7f3cdbf259a0, 24 [pid 6889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6890] <... set_robust_list resumed>) = 0 [pid 6889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6891 attached [pid 6890] rt_sigprocmask(SIG_SETMASK, [], [pid 6891] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6889] <... clone3 resumed> => {parent_tid=[6891]}, 88) = 6891 [pid 6891] <... rseq resumed>) = 0 [pid 6890] memfd_create("syzkaller", 0 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], [pid 6891] set_robust_list(0x7f3cdbf259a0, 24 [pid 6890] <... memfd_create resumed>) = 3 [pid 6891] <... set_robust_list resumed>) = 0 [ 276.630139][ T6867] xfs_bmapi_allocate+0x188e/0x2e00 [ 276.630204][ T6867] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 276.630237][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.630292][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.630320][ T6867] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 276.630343][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.630371][ T6867] ? xfs_iext_prev+0x35a/0x370 [ 276.630412][ T6867] ? xfs_iext_get_extent+0x1bb/0x370 [ 276.630443][ T6867] xfs_bmapi_write+0x7df/0x1260 [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], [pid 6890] <... mmap resumed>) = 0x7f3cd3a00000 [pid 6891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6889] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] memfd_create("syzkaller", 0 [pid 6889] <... futex resumed>) = 0 [pid 6891] <... memfd_create resumed>) = 3 [pid 6889] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 276.630502][ T6867] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 276.630579][ T6867] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 276.630620][ T6867] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 276.630651][ T6867] ? kasan_save_track+0x4f/0x80 [ 276.630676][ T6867] ? kasan_save_track+0x3e/0x80 [ 276.630700][ T6867] ? kasan_save_free_info+0x46/0x50 [ 276.630737][ T6867] ? kmem_cache_free+0x18f/0x400 [ 276.630766][ T6867] ? __xfs_trans_commit+0x3e0/0xbd0 [ 276.630791][ T6867] ? xfs_trans_roll+0x130/0x450 [ 276.630815][ T6867] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 6871] <... mount resumed>) = 0 [pid 6871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6871] chdir("./file1") = 0 [pid 6871] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6871] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 276.630855][ T6867] xfs_attr_set_iter+0x2d4/0x4b70 [ 276.630895][ T6867] ? filename_setxattr+0x274/0x600 [ 276.630928][ T6867] ? path_setxattrat+0x364/0x3a0 [ 276.630950][ T6867] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 276.631002][ T6867] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 276.631059][ T6867] ? kasan_quarantine_put+0xdd/0x220 [ 276.631085][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.631113][ T6867] ? lockdep_hardirqs_on+0x9c/0x150 [ 276.631154][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6871] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] <... futex resumed>) = 0 [pid 6870] <... futex resumed>) = 1 [pid 6871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6870] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] <... openat resumed>) = 4 [pid 6871] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6871] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6870] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] <... pwritev2 resumed>) = 65007 [pid 6871] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6871] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6870] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 276.631187][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.631215][ T6867] ? kmem_cache_free+0x18f/0x400 [ 276.631243][ T6867] ? __xfs_trans_commit+0x3e0/0xbd0 [ 276.631274][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.631302][ T6867] ? __xfs_trans_commit+0x4c7/0xbd0 [ 276.631345][ T6867] xfs_attr_finish_item+0xed/0x320 [ 276.631385][ T6867] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 276.631423][ T6867] xfs_defer_finish_one+0x5c8/0xcf0 [ 276.631482][ T6867] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 276.631532][ T6867] xfs_defer_finish_noroll+0x910/0x12d0 [ 276.631573][ T6867] ? xfs_trans_commit+0x10b/0x1c0 [ 276.631605][ T6867] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 276.631639][ T6867] ? inode_set_ctime_current+0x740/0xb40 [ 276.631688][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.631717][ T6867] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 276.631757][ T6867] xfs_trans_commit+0x10b/0x1c0 [ 276.631784][ T6867] ? __pfx_xfs_trans_commit+0x10/0x10 [ 276.631817][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.631845][ T6867] ? xfs_trans_log_inode+0x12c/0x1a0 [ 276.631894][ T6867] xfs_attr_set+0xdc6/0x1210 [ 276.631943][ T6867] ? __pfx_xfs_attr_set+0x10/0x10 [ 276.631977][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.632005][ T6867] ? __lock_acquire+0xab9/0xd20 [ 276.632041][ T6867] ? xfs_da_hashname+0x59d/0x740 [ 276.632074][ T6867] ? do_raw_spin_lock+0x121/0x290 [ 276.632118][ T6867] ? xfs_attr_change+0x2ac/0x390 [ 276.632152][ T6867] xfs_xattr_set+0x14d/0x250 [ 276.632184][ T6867] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 6870] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6890] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6870] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6867] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6870] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6870] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6892]}, 88) = 6892 [pid 6870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6870] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6892 attached [pid 6870] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] exit_group(0 [pid 6867] <... futex resumed>) = ? [pid 6866] <... exit_group resumed>) = ? [pid 6892] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6867] +++ exited with 0 +++ [pid 6866] +++ exited with 0 +++ [pid 6892] <... rseq resumed>) = 0 [pid 6892] set_robust_list(0x7f3cdbf049a0, 24 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6866, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=70 /* 0.70 s */} --- [pid 6892] <... set_robust_list resumed>) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6892] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 276.632230][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.632258][ T6867] ? evm_protect_xattr+0x4d4/0xa90 [ 276.632285][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.632313][ T6867] ? rcu_is_watching+0x15/0xb0 [ 276.632346][ T6867] ? __pfx_evm_protect_xattr+0x10/0x10 [ 276.632373][ T6867] ? __pfx_xfs_xattr_set+0x10/0x10 [ 276.632400][ T6867] __vfs_setxattr+0x43c/0x480 [ 276.632448][ T6867] __vfs_setxattr_noperm+0x12d/0x660 [ 276.632491][ T6867] vfs_setxattr+0x16b/0x2f0 [ 276.632532][ T6867] ? __pfx_vfs_setxattr+0x10/0x10 [pid 5872] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 276.632562][ T6867] ? mnt_get_write_access+0x223/0x2a0 [ 276.632591][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.632625][ T6867] filename_setxattr+0x274/0x600 [ 276.632671][ T6867] ? __pfx_filename_setxattr+0x10/0x10 [ 276.632709][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.632737][ T6867] ? getname_flags+0x1e5/0x540 [ 276.632777][ T6867] path_setxattrat+0x364/0x3a0 [ 276.632814][ T6867] ? __pfx_path_setxattrat+0x10/0x10 [ 276.632895][ T6867] __x64_sys_lsetxattr+0xbf/0xe0 [ 276.632936][ T6867] do_syscall_64+0xfa/0x3b0 [ 276.632961][ T6867] ? lockdep_hardirqs_on+0x9c/0x150 [ 276.633000][ T6867] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.633024][ T6867] ? srso_alias_return_thunk+0x5/0xfbef5 [ 276.633052][ T6867] ? exc_page_fault+0x9f/0xf0 [ 276.633091][ T6867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.633115][ T6867] RIP: 0033:0x7f3cdbf794f9 [ 276.633136][ T6867] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 276.633157][ T6867] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 276.633184][ T6867] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 276.633203][ T6867] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 276.633221][ T6867] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 276.633237][ T6867] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 276.633254][ T6867] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 276.633292][ T6867] [ 276.633302][ T6867] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 276.746048][ T6871] XFS (loop2): Ending recovery (logdev: internal) [ 276.812770][ T6867] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 276.970475][ T6871] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6871] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6871] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] exit_group(0) = ? [pid 6871] <... futex resumed>) = ? [pid 6871] +++ exited with 0 +++ [ 276.974947][ T6867] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 277.001408][ T6871] XFS (loop2): Unmount and run xfs_repair [ 277.358401][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 277.368644][ T6892] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 277.416528][ T6892] CPU: 0 UID: 0 PID: 6892 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 277.416566][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.416582][ T6892] Call Trace: [ 277.416594][ T6892] [ 277.416605][ T6892] dump_stack_lvl+0x189/0x250 [ 277.416644][ T6892] ? __pfx__xfs_alert_tag+0x10/0x10 [ 277.416683][ T6892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.416719][ T6892] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 277.416767][ T6892] xfs_corruption_error+0x122/0x170 [ 277.416812][ T6892] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 277.416848][ T6892] xfs_alloc_fixup_trees+0x95e/0xd20 [ 277.416878][ T6892] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 277.416920][ T6892] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 277.416951][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.416981][ T6892] ? rcu_is_watching+0x15/0xb0 [ 277.417012][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417041][ T6892] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 277.417073][ T6892] ? rcu_is_watching+0x15/0xb0 [ 277.417113][ T6892] xfs_alloc_cur_finish+0xd3/0x4b0 [ 277.417153][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417184][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417219][ T6892] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 277.417277][ T6892] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 277.417307][ T6892] ? xfs_group_grab+0x28/0x480 [ 277.417354][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417385][ T6892] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 277.417420][ T6892] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 277.417468][ T6892] xfs_alloc_vextent_start_ag+0x388/0x850 [ 277.417521][ T6892] xfs_bmapi_allocate+0x188e/0x2e00 [ 277.417591][ T6892] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 277.417625][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417675][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417704][ T6892] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 277.417728][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.417757][ T6892] ? xfs_iext_prev+0x35a/0x370 [ 277.417796][ T6892] ? xfs_iext_get_extent+0x1bb/0x370 [ 277.417827][ T6892] xfs_bmapi_write+0x7df/0x1260 [ 277.417888][ T6892] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 277.417967][ T6892] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 277.418009][ T6892] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 277.418041][ T6892] ? kasan_save_track+0x4f/0x80 [ 277.418068][ T6892] ? kasan_save_track+0x3e/0x80 [ 277.418093][ T6892] ? kasan_save_free_info+0x46/0x50 [ 277.418131][ T6892] ? kmem_cache_free+0x18f/0x400 [ 277.418165][ T6892] ? __xfs_trans_commit+0x3e0/0xbd0 [ 277.418191][ T6892] ? xfs_trans_roll+0x130/0x450 [ 277.418216][ T6892] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 277.418257][ T6892] xfs_attr_set_iter+0x2d4/0x4b70 [ 277.418293][ T6892] ? filename_setxattr+0x274/0x600 [ 277.418327][ T6892] ? path_setxattrat+0x364/0x3a0 [ 277.418349][ T6892] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 277.418402][ T6892] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 277.418460][ T6892] ? kasan_quarantine_put+0xdd/0x220 [ 277.418486][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.418516][ T6892] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.418557][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.418591][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.418620][ T6892] ? kmem_cache_free+0x18f/0x400 [ 277.418648][ T6892] ? __xfs_trans_commit+0x3e0/0xbd0 [ 277.418680][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.418709][ T6892] ? __xfs_trans_commit+0x4c7/0xbd0 [ 277.418753][ T6892] xfs_attr_finish_item+0xed/0x320 [ 277.418793][ T6892] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 277.418831][ T6892] xfs_defer_finish_one+0x5c8/0xcf0 [ 277.418892][ T6892] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 277.418942][ T6892] xfs_defer_finish_noroll+0x910/0x12d0 [ 277.418983][ T6892] ? xfs_trans_commit+0x10b/0x1c0 [ 277.419016][ T6892] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 277.419050][ T6892] ? inode_set_ctime_current+0x740/0xb40 [ 277.419099][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.419128][ T6892] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 277.419176][ T6892] xfs_trans_commit+0x10b/0x1c0 [ 277.419203][ T6892] ? __pfx_xfs_trans_commit+0x10/0x10 [ 277.419236][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.419265][ T6892] ? xfs_trans_log_inode+0x12c/0x1a0 [ 277.419306][ T6892] xfs_attr_set+0xdc6/0x1210 [ 277.419357][ T6892] ? __pfx_xfs_attr_set+0x10/0x10 [ 277.419392][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.419421][ T6892] ? __lock_acquire+0xab9/0xd20 [ 277.419458][ T6892] ? xfs_da_hashname+0x59d/0x740 [ 277.419491][ T6892] ? do_raw_spin_lock+0x121/0x290 [ 277.419534][ T6892] ? xfs_attr_change+0x2ac/0x390 [ 277.419570][ T6892] xfs_xattr_set+0x14d/0x250 [ 277.419604][ T6892] ? __pfx_xfs_xattr_set+0x10/0x10 [ 277.419649][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.419677][ T6892] ? evm_protect_xattr+0x4d4/0xa90 [ 277.419705][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.419733][ T6892] ? rcu_is_watching+0x15/0xb0 [ 277.419768][ T6892] ? __pfx_evm_protect_xattr+0x10/0x10 [ 277.419796][ T6892] ? __pfx_xfs_xattr_set+0x10/0x10 [ 277.419824][ T6892] __vfs_setxattr+0x43c/0x480 [ 277.419874][ T6892] __vfs_setxattr_noperm+0x12d/0x660 [ 277.419917][ T6892] vfs_setxattr+0x16b/0x2f0 [ 277.419960][ T6892] ? __pfx_vfs_setxattr+0x10/0x10 [ 277.419990][ T6892] ? mnt_get_write_access+0x223/0x2a0 [ 277.420021][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.420055][ T6892] filename_setxattr+0x274/0x600 [ 277.420103][ T6892] ? __pfx_filename_setxattr+0x10/0x10 [ 277.420147][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.420175][ T6892] ? getname_flags+0x1e5/0x540 [ 277.420217][ T6892] path_setxattrat+0x364/0x3a0 [ 277.420255][ T6892] ? __pfx_path_setxattrat+0x10/0x10 [ 277.420320][ T6892] ? srso_alias_return_thunk+0x5/0xfbef5 [ 277.420349][ T6892] ? rcu_is_watching+0x15/0xb0 [ 277.420386][ T6892] __x64_sys_lsetxattr+0xbf/0xe0 [ 277.420427][ T6892] do_syscall_64+0xfa/0x3b0 [ 277.420454][ T6892] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.420477][ T6892] ? __switch_to_asm+0x39/0x70 [ 277.420511][ T6892] ? __switch_to_asm+0x33/0x70 [ 277.420549][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.420574][ T6892] RIP: 0033:0x7f3cdbf794f9 [ 277.420598][ T6892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 277.420619][ T6892] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 277.420646][ T6892] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 277.420665][ T6892] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 277.420684][ T6892] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 277.420701][ T6892] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 5872] <... umount2 resumed>) = 0 [pid 6891] <... write resumed>) = 16777216 [pid 6890] <... write resumed>) = 16777216 [pid 6891] munmap(0x7f3cd3a00000, 138412032 [pid 6890] munmap(0x7f3cd3a00000, 138412032 [ 277.420718][ T6892] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 277.420757][ T6892] [ 278.093270][ T6892] XFS (loop2): Corruption detected. Unmount and run xfs_repair [pid 5872] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6892] <... lsetxattr resumed>) = ? [pid 5872] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 6892] +++ exited with 0 +++ [pid 6890] <... munmap resumed>) = 0 [pid 6870] +++ exited with 0 +++ [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6870, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=102 /* 1.02 s */} --- [pid 6890] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 5872] getdents64(4, [pid 6890] <... openat resumed>) = 4 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6891] <... munmap resumed>) = 0 [pid 6890] ioctl(4, LOOP_SET_FD, 3 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 6891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... restart_syscall resumed>) = 0 [pid 6891] <... openat resumed>) = 4 [ 278.109162][ T6892] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 278.126401][ T6892] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 278.160729][ T6890] loop3: detected capacity change from 0 to 32768 [ 278.163270][ T6891] loop0: detected capacity change from 0 to 32768 [pid 6891] ioctl(4, LOOP_SET_FD, 3 [pid 5873] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./22/file1") = 0 [pid 5872] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./22/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./22") = 0 [pid 5872] mkdir("./23", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6890] <... ioctl resumed>) = 0 [pid 5873] <... openat resumed>) = 3 [pid 6890] close(3 [pid 5873] newfstatat(3, "", [pid 6890] <... close resumed>) = 0 [pid 6890] close(4) = 0 [pid 6890] mkdir("./file1", 0777) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6890] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6891] <... ioctl resumed>) = 0 [pid 6891] close(3) = 0 [pid 6891] close(4) = 0 [pid 6891] mkdir("./file1", 0777) = 0 [ 278.200231][ T6890] XFS: noikeep mount option is deprecated. [ 278.239054][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 278.265959][ T6891] XFS: noikeep mount option is deprecated. [ 278.294727][ T6890] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6891] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 6905 ./strace-static-x86_64: Process 6905 attached [ 278.314772][ T6891] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] <... umount2 resumed>) = 0 [pid 6905] set_robust_list(0x55555d962760, 24) = 0 [pid 6905] chdir("./23") = 0 [pid 6905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6905] setpgid(0, 0) = 0 [pid 6905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6905] write(3, "1000", 4) = 4 [pid 6905] close(3) = 0 [pid 6905] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6905] write(1, "executing program\n", 18) = 18 [pid 5873] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] newfstatat(AT_FDCWD, "./22/file1", [pid 6905] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6905] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5873] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6905] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5873] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... openat resumed>) = 4 [pid 6905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6905] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5873] getdents64(4, [pid 6905] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6905] <... mprotect resumed>) = 0 [pid 5873] getdents64(4, [pid 6905] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./22/file1") = 0 [pid 6905] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5873] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6910 attached [pid 5873] newfstatat(AT_FDCWD, "./22/binderfs", [pid 6910] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6905] <... clone3 resumed> => {parent_tid=[6910]}, 88) = 6910 [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6910] <... rseq resumed>) = 0 [pid 6905] rt_sigprocmask(SIG_SETMASK, [], [pid 6910] set_robust_list(0x7f3cdbf259a0, 24 [pid 6905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] unlink("./22/binderfs" [pid 6910] <... set_robust_list resumed>) = 0 [pid 6905] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... unlink resumed>) = 0 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], [pid 6905] <... futex resumed>) = 0 [pid 5873] getdents64(3, [pid 6910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6910] memfd_create("syzkaller", 0 [pid 5873] close(3) = 0 [pid 6910] <... memfd_create resumed>) = 3 [pid 6910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5873] rmdir("./22") = 0 [pid 5873] mkdir("./23", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [ 278.495784][ T6891] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 278.529682][ T6890] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 278.580835][ T6891] XFS (loop0): Starting recovery (logdev: internal) [ 278.608766][ T6890] XFS (loop3): Starting recovery (logdev: internal) [ 278.662718][ T6891] XFS (loop0): Ending recovery (logdev: internal) [pid 6910] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6891] <... mount resumed>) = 0 [pid 6891] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6891] chdir("./file1") = 0 [pid 6891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6910] <... write resumed>) = 16777216 [pid 6891] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6910] munmap(0x7f3cd3a00000, 138412032 [pid 6890] <... mount resumed>) = 0 [pid 6890] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6890] chdir("./file1") = 0 [pid 6890] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6891] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6891] <... futex resumed>) = 1 [pid 6890] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... futex resumed>) = 0 [pid 6890] <... futex resumed>) = 1 [pid 6889] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6889] <... futex resumed>) = 0 [pid 6888] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 0 [ 278.703631][ T6890] XFS (loop3): Ending recovery (logdev: internal) [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6891] <... openat resumed>) = 4 [pid 6890] <... openat resumed>) = 4 [pid 6891] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] <... futex resumed>) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6890] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6910] <... munmap resumed>) = 0 [pid 6890] <... pwritev2 resumed>) = 65007 [pid 6890] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6890] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6888] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6888] <... futex resumed>) = 0 [pid 6910] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6890] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... openat resumed>) = 4 [pid 6910] ioctl(4, LOOP_SET_FD, 3 [pid 6891] <... pwritev2 resumed>) = 65007 [pid 6891] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5873] <... close resumed>) = 0 [ 278.786620][ T6890] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 278.820377][ T6891] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6890] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6890] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6890] <... futex resumed>) = 0 [pid 6888] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6911 attached [pid 6911] set_robust_list(0x55555d962760, 24) = 0 [pid 6890] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6911] chdir("./23") = 0 [pid 6910] <... ioctl resumed>) = 0 [pid 6889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6911 [pid 6910] close(3 [pid 6889] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6910] <... close resumed>) = 0 [pid 6889] <... futex resumed>) = 0 [ 278.829913][ T6890] XFS (loop3): Unmount and run xfs_repair [ 278.839222][ T6910] loop1: detected capacity change from 0 to 32768 [ 278.861210][ T6890] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 278.874971][ T6891] XFS (loop0): Unmount and run xfs_repair [pid 6911] <... prctl resumed>) = 0 [pid 6910] close(4 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6911] setpgid(0, 0 [pid 6910] <... close resumed>) = 0 [pid 6889] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6911] <... setpgid resumed>) = 0 [pid 6910] mkdir("./file1", 0777 [pid 6889] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6910] <... mkdir resumed>) = 0 [pid 6891] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6889] <... mprotect resumed>) = 0 [pid 6910] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6891] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6911] <... openat resumed>) = 3 [pid 6889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 6888] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6911] write(3, "1000", 4) = 4 [pid 6889] <... clone3 resumed> => {parent_tid=[6912]}, 88) = 6912 ./strace-static-x86_64: Process 6912 attached [pid 6911] close(3 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], [pid 6911] <... close resumed>) = 0 [pid 6889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6912] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6911] symlink("/dev/binderfs", "./binderfs" [pid 6889] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... rseq resumed>) = 0 [pid 6911] <... symlink resumed>) = 0 [pid 6889] <... futex resumed>) = 0 executing program [pid 6912] set_robust_list(0x7f3cdbf049a0, 24 [pid 6911] write(1, "executing program\n", 18 [pid 6889] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... set_robust_list resumed>) = 0 [pid 6911] <... write resumed>) = 18 [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6911] <... futex resumed>) = 0 [pid 6912] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6911] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [ 278.882796][ T6890] CPU: 0 UID: 0 PID: 6890 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 278.882829][ T6890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.882846][ T6890] Call Trace: [ 278.882857][ T6890] [ 278.882867][ T6890] dump_stack_lvl+0x189/0x250 [ 278.882903][ T6890] ? __pfx__xfs_alert_tag+0x10/0x10 [ 278.882941][ T6890] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.882976][ T6890] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 6911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6891] <... futex resumed>) = 0 [pid 6911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6911] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6913]}, 88) = 6913 [pid 6911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6911] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 278.883024][ T6890] xfs_corruption_error+0x122/0x170 [ 278.883064][ T6890] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 278.883099][ T6890] xfs_alloc_fixup_trees+0x95e/0xd20 [ 278.883128][ T6890] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 278.883170][ T6890] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 278.883201][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883236][ T6890] ? rcu_is_watching+0x15/0xb0 [ 278.883268][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883296][ T6890] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6913 attached [pid 6891] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 278.883328][ T6890] ? rcu_is_watching+0x15/0xb0 [ 278.883368][ T6890] xfs_alloc_cur_finish+0xd3/0x4b0 [ 278.883399][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883430][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883464][ T6890] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 278.883522][ T6890] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 278.883553][ T6890] ? xfs_group_grab+0x28/0x480 [ 278.883589][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883617][ T6890] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 278.883651][ T6890] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 278.883703][ T6890] xfs_alloc_vextent_start_ag+0x388/0x850 [ 278.883743][ T6890] xfs_bmapi_allocate+0x188e/0x2e00 [ 278.883807][ T6890] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 278.883842][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883893][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883922][ T6890] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 278.883946][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.883974][ T6890] ? xfs_iext_prev+0x35a/0x370 [ 278.884013][ T6890] ? xfs_iext_get_extent+0x1bb/0x370 [ 278.884043][ T6890] xfs_bmapi_write+0x7df/0x1260 [ 278.884101][ T6890] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 278.884172][ T6890] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 278.884210][ T6890] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 278.884244][ T6890] ? kasan_save_track+0x4f/0x80 [ 278.884269][ T6890] ? kasan_save_track+0x3e/0x80 [ 278.884292][ T6890] ? kasan_save_free_info+0x46/0x50 [ 278.884328][ T6890] ? kmem_cache_free+0x18f/0x400 [ 278.884356][ T6890] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 6913] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6913] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] memfd_create("syzkaller", 0) = 3 [pid 6913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 278.884378][ T6890] ? xfs_trans_roll+0x130/0x450 [ 278.884402][ T6890] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 278.884442][ T6890] xfs_attr_set_iter+0x2d4/0x4b70 [ 278.884475][ T6890] ? filename_setxattr+0x274/0x600 [ 278.884506][ T6890] ? path_setxattrat+0x364/0x3a0 [ 278.884526][ T6890] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 278.884577][ T6890] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 278.884630][ T6890] ? kasan_quarantine_put+0xdd/0x220 [ 278.884654][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6888] exit_group(0) = ? [ 278.884682][ T6890] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.884720][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.884752][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.884779][ T6890] ? kmem_cache_free+0x18f/0x400 [ 278.884806][ T6890] ? __xfs_trans_commit+0x3e0/0xbd0 [ 278.884835][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.884863][ T6890] ? __xfs_trans_commit+0x4c7/0xbd0 [ 278.884906][ T6890] xfs_attr_finish_item+0xed/0x320 [ 278.884945][ T6890] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 278.884980][ T6890] xfs_defer_finish_one+0x5c8/0xcf0 [ 278.885039][ T6890] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 278.885088][ T6890] xfs_defer_finish_noroll+0x910/0x12d0 [ 278.885126][ T6890] ? xfs_trans_commit+0x10b/0x1c0 [ 278.885168][ T6910] XFS: noikeep mount option is deprecated. [ 278.885158][ T6890] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 278.885192][ T6890] ? inode_set_ctime_current+0x740/0xb40 [ 278.885245][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.885273][ T6890] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 278.885312][ T6890] xfs_trans_commit+0x10b/0x1c0 [ 278.885338][ T6890] ? __pfx_xfs_trans_commit+0x10/0x10 [ 278.885371][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.885398][ T6890] ? xfs_trans_log_inode+0x12c/0x1a0 [ 278.885438][ T6890] xfs_attr_set+0xdc6/0x1210 [ 278.885486][ T6890] ? __pfx_xfs_attr_set+0x10/0x10 [ 278.885519][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.885547][ T6890] ? __lock_acquire+0xab9/0xd20 [ 278.885583][ T6890] ? xfs_da_hashname+0x59d/0x740 [ 278.885615][ T6890] ? do_raw_spin_lock+0x121/0x290 [ 278.885657][ T6890] ? xfs_attr_change+0x2ac/0x390 [ 278.885691][ T6890] xfs_xattr_set+0x14d/0x250 [ 278.885723][ T6890] ? __pfx_xfs_xattr_set+0x10/0x10 [ 278.885767][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.885795][ T6890] ? evm_protect_xattr+0x4d4/0xa90 [ 278.885822][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.885850][ T6890] ? rcu_is_watching+0x15/0xb0 [ 278.885883][ T6890] ? __pfx_evm_protect_xattr+0x10/0x10 [ 278.885911][ T6890] ? __pfx_xfs_xattr_set+0x10/0x10 [ 278.885938][ T6890] __vfs_setxattr+0x43c/0x480 [pid 6913] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6890] <... lsetxattr resumed>) = ? [pid 6890] +++ exited with 0 +++ [pid 6888] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6888, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=73 /* 0.73 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 278.885986][ T6890] __vfs_setxattr_noperm+0x12d/0x660 [ 278.886029][ T6890] vfs_setxattr+0x16b/0x2f0 [ 278.886071][ T6890] ? __pfx_vfs_setxattr+0x10/0x10 [ 278.886101][ T6890] ? mnt_get_write_access+0x223/0x2a0 [ 278.886132][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.886166][ T6890] filename_setxattr+0x274/0x600 [ 278.886212][ T6890] ? __pfx_filename_setxattr+0x10/0x10 [ 278.886255][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.886283][ T6890] ? getname_flags+0x1e5/0x540 [ 278.886323][ T6890] path_setxattrat+0x364/0x3a0 [ 278.886359][ T6890] ? __pfx_path_setxattrat+0x10/0x10 [ 278.886425][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.886453][ T6890] ? rcu_is_watching+0x15/0xb0 [ 278.886489][ T6890] __x64_sys_lsetxattr+0xbf/0xe0 [ 278.886530][ T6890] do_syscall_64+0xfa/0x3b0 [ 278.886554][ T6890] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.886592][ T6890] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.886615][ T6890] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.886643][ T6890] ? exc_page_fault+0x9f/0xf0 [ 278.886684][ T6890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.886708][ T6890] RIP: 0033:0x7f3cdbf794f9 [ 278.886730][ T6890] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 278.886751][ T6890] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 278.886779][ T6890] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 278.886797][ T6890] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 278.886815][ T6890] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 278.886832][ T6890] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 278.886849][ T6890] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 278.886888][ T6890] [ 278.887045][ T6890] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 5874] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6912] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6913] <... write resumed>) = 16777216 [pid 6912] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] munmap(0x7f3cd3a00000, 138412032 [pid 6912] <... futex resumed>) = 0 [pid 6889] exit_group(0 [pid 6912] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... exit_group resumed>) = ? [pid 6912] <... futex resumed>) = ? [pid 6912] +++ exited with 0 +++ [pid 6891] <... futex resumed>) = ? [pid 6891] +++ exited with 0 +++ [pid 6889] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6889, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=58 /* 0.58 s */} --- [ 278.933184][ T6912] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 278.936517][ T6890] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 278.978603][ T6912] CPU: 1 UID: 0 PID: 6912 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 278.978636][ T6912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.978651][ T6912] Call Trace: [ 278.978661][ T6912] [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 278.978672][ T6912] dump_stack_lvl+0x189/0x250 [ 278.978706][ T6912] ? __pfx__xfs_alert_tag+0x10/0x10 [ 278.978742][ T6912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.978781][ T6912] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 278.978828][ T6912] xfs_corruption_error+0x122/0x170 [ 278.978866][ T6912] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 278.978901][ T6912] xfs_alloc_fixup_trees+0x95e/0xd20 [ 278.978930][ T6912] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 278.978977][ T6912] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 5871] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6913] <... munmap resumed>) = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 278.979008][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979038][ T6912] ? rcu_is_watching+0x15/0xb0 [ 278.979069][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979097][ T6912] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 278.979129][ T6912] ? rcu_is_watching+0x15/0xb0 [ 278.979168][ T6912] xfs_alloc_cur_finish+0xd3/0x4b0 [ 278.979198][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979228][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979262][ T6912] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./23/file1") = 0 [pid 5874] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 278.979319][ T6912] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 278.979349][ T6912] ? xfs_group_grab+0x28/0x480 [ 278.979385][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979413][ T6912] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 278.979447][ T6912] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 278.979494][ T6912] xfs_alloc_vextent_start_ag+0x388/0x850 [ 278.979534][ T6912] xfs_bmapi_allocate+0x188e/0x2e00 [ 278.979598][ T6912] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 278.979631][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6913] close(3 [pid 5874] unlink("./23/binderfs" [pid 6913] <... close resumed>) = 0 [pid 5874] <... unlink resumed>) = 0 [pid 6913] close(4 [pid 5874] getdents64(3, [pid 6913] <... close resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6913] mkdir("./file1", 0777 [pid 5874] close(3 [pid 6913] <... mkdir resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./23") = 0 [pid 6913] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] mkdir("./24", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 278.979684][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979712][ T6912] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 278.979736][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.979764][ T6912] ? xfs_iext_prev+0x35a/0x370 [ 278.979802][ T6912] ? xfs_iext_get_extent+0x1bb/0x370 [ 278.979833][ T6912] xfs_bmapi_write+0x7df/0x1260 [ 278.979892][ T6912] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 278.979976][ T6912] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 278.980017][ T6912] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 278.980048][ T6912] ? kasan_save_track+0x4f/0x80 [ 278.980073][ T6912] ? kasan_save_track+0x3e/0x80 [ 278.980098][ T6912] ? kasan_save_free_info+0x46/0x50 [ 278.980135][ T6912] ? kmem_cache_free+0x18f/0x400 [ 278.980163][ T6912] ? __xfs_trans_commit+0x3e0/0xbd0 [ 278.980188][ T6912] ? xfs_trans_roll+0x130/0x450 [ 278.980211][ T6912] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 278.980251][ T6912] xfs_attr_set_iter+0x2d4/0x4b70 [ 278.980285][ T6912] ? filename_setxattr+0x274/0x600 [ 278.980317][ T6912] ? path_setxattrat+0x364/0x3a0 [ 278.980339][ T6912] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 278.980390][ T6912] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 278.980447][ T6912] ? kasan_quarantine_put+0xdd/0x220 [ 278.980473][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.980502][ T6912] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.980541][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.980575][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.980603][ T6912] ? kmem_cache_free+0x18f/0x400 [ 278.980630][ T6912] ? __xfs_trans_commit+0x3e0/0xbd0 [ 278.980662][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.980690][ T6912] ? __xfs_trans_commit+0x4c7/0xbd0 [ 278.980733][ T6912] xfs_attr_finish_item+0xed/0x320 [ 278.980773][ T6912] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 278.980810][ T6912] xfs_defer_finish_one+0x5c8/0xcf0 [ 278.980883][ T6912] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 278.980933][ T6912] xfs_defer_finish_noroll+0x910/0x12d0 [ 278.980978][ T6912] ? xfs_trans_commit+0x10b/0x1c0 [ 278.981010][ T6912] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 278.981044][ T6912] ? inode_set_ctime_current+0x740/0xb40 [ 278.981091][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.981119][ T6912] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 278.981159][ T6912] xfs_trans_commit+0x10b/0x1c0 [ 278.981185][ T6912] ? __pfx_xfs_trans_commit+0x10/0x10 [ 278.981217][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.981245][ T6912] ? xfs_trans_log_inode+0x12c/0x1a0 [ 278.981285][ T6912] xfs_attr_set+0xdc6/0x1210 [ 278.981334][ T6912] ? __pfx_xfs_attr_set+0x10/0x10 [ 278.981368][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.981396][ T6912] ? __lock_acquire+0xab9/0xd20 [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 278.981432][ T6912] ? xfs_da_hashname+0x59d/0x740 [ 278.981464][ T6912] ? do_raw_spin_lock+0x121/0x290 [ 278.981507][ T6912] ? xfs_attr_change+0x2ac/0x390 [ 278.981542][ T6912] xfs_xattr_set+0x14d/0x250 [ 278.981574][ T6912] ? __pfx_xfs_xattr_set+0x10/0x10 [ 278.981618][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.981647][ T6912] ? evm_protect_xattr+0x4d4/0xa90 [ 278.981673][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.981701][ T6912] ? rcu_is_watching+0x15/0xb0 [pid 5871] openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./22/file1") = 0 [pid 5871] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./22/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./22") = 0 [pid 5871] mkdir("./23", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6922 [ 278.981734][ T6912] ? __pfx_evm_protect_xattr+0x10/0x10 [ 278.981763][ T6912] ? __pfx_xfs_xattr_set+0x10/0x10 [ 278.981790][ T6912] __vfs_setxattr+0x43c/0x480 [ 278.981838][ T6912] __vfs_setxattr_noperm+0x12d/0x660 [ 278.981882][ T6912] vfs_setxattr+0x16b/0x2f0 [ 278.981924][ T6912] ? __pfx_vfs_setxattr+0x10/0x10 [ 278.981954][ T6912] ? mnt_get_write_access+0x223/0x2a0 [ 278.981990][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.982024][ T6912] filename_setxattr+0x274/0x600 [ 278.982071][ T6912] ? __pfx_filename_setxattr+0x10/0x10 [ 278.982109][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.982137][ T6912] ? getname_flags+0x1e5/0x540 [ 278.982178][ T6912] path_setxattrat+0x364/0x3a0 [ 278.982215][ T6912] ? __pfx_path_setxattrat+0x10/0x10 [ 278.982281][ T6912] ? srso_alias_return_thunk+0x5/0xfbef5 [ 278.982309][ T6912] ? rcu_is_watching+0x15/0xb0 [ 278.982345][ T6912] __x64_sys_lsetxattr+0xbf/0xe0 [ 278.982386][ T6912] do_syscall_64+0xfa/0x3b0 [ 278.982412][ T6912] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.982435][ T6912] ? __switch_to_asm+0x39/0x70 [ 278.982467][ T6912] ? __switch_to_asm+0x33/0x70 [ 278.982504][ T6912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.982529][ T6912] RIP: 0033:0x7f3cdbf794f9 [ 278.982549][ T6912] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 278.982569][ T6912] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 278.982594][ T6912] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 ./strace-static-x86_64: Process 6922 attached [pid 6922] set_robust_list(0x55555d962760, 24) = 0 [pid 6922] chdir("./24") = 0 [pid 6922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6922] setpgid(0, 0) = 0 [pid 6922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6922] write(3, "1000", 4) = 4 [pid 6922] close(3) = 0 executing program [pid 6922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6922] write(1, "executing program\n", 18) = 18 [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6922] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6924]}, 88) = 6924 [pid 6922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6922] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 278.982613][ T6912] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 278.982631][ T6912] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 278.982648][ T6912] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 278.982665][ T6912] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 278.982703][ T6912] [ 279.002904][ T6912] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 279.021050][ T6890] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 279.266565][ T6912] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 279.405948][ T6910] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 279.410636][ T6912] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 279.453298][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... close resumed>) = 0 ./strace-static-x86_64: Process 6924 attached [pid 6910] <... mount resumed>) = 0 [pid 6924] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6910] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6924] set_robust_list(0x7f3cdbf259a0, 24 [pid 6910] <... openat resumed>) = 3 [pid 6924] <... set_robust_list resumed>) = 0 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6924] memfd_create("syzkaller", 0 [pid 6910] chdir("./file1" [pid 6924] <... memfd_create resumed>) = 3 [pid 6910] <... chdir resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6910] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 6927 attached [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6927 [pid 6927] set_robust_list(0x55555d962760, 24 [pid 6910] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 279.683320][ T6910] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 279.705391][ T6913] loop2: detected capacity change from 0 to 32768 [ 279.720751][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 279.733004][ T6910] XFS (loop1): Starting recovery (logdev: internal) [ 279.813237][ T6913] XFS: noikeep mount option is deprecated. [ 279.825628][ T6910] XFS (loop1): Ending recovery (logdev: internal) [pid 6910] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6910] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6910] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6905] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... pwritev2 resumed>) = 65007 [pid 6927] <... set_robust_list resumed>) = 0 [pid 6910] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6927] chdir("./23" [pid 6910] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6905] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6905] <... futex resumed>) = 0 [pid 6910] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... chdir resumed>) = 0 [pid 6927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6910] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6927] <... prctl resumed>) = 0 [pid 6910] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] setpgid(0, 0 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... setpgid resumed>) = 0 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 280.438228][ T6910] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 280.450471][ T6910] XFS (loop1): Unmount and run xfs_repair [ 280.455735][ T6913] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6910] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6927] write(3, "1000", 4) = 4 [pid 6927] close(3) = 0 [pid 6927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6927] write(1, "executing program\n", 18executing program [ 280.489752][ T6910] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 280.507557][ T6910] CPU: 0 UID: 0 PID: 6910 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 280.507592][ T6910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.507610][ T6910] Call Trace: ) = 18 [pid 6924] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6905] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 280.507620][ T6910] [ 280.507632][ T6910] dump_stack_lvl+0x189/0x250 [ 280.507669][ T6910] ? __pfx__xfs_alert_tag+0x10/0x10 [ 280.507708][ T6910] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.507742][ T6910] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 280.507788][ T6910] xfs_corruption_error+0x122/0x170 [ 280.507828][ T6910] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 280.507863][ T6910] xfs_alloc_fixup_trees+0x95e/0xd20 [ 280.507905][ T6910] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 280.507950][ T6910] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6927] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6933]}, 88) = 6933 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6927] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 280.507981][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508011][ T6910] ? rcu_is_watching+0x15/0xb0 [ 280.508043][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508071][ T6910] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 280.508103][ T6910] ? rcu_is_watching+0x15/0xb0 [ 280.508142][ T6910] xfs_alloc_cur_finish+0xd3/0x4b0 [ 280.508174][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508205][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508239][ T6910] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6933 attached [pid 6933] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6933] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6933] memfd_create("syzkaller", 0) = 3 [pid 6933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 280.508297][ T6910] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 280.508327][ T6910] ? xfs_group_grab+0x28/0x480 [ 280.508365][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508393][ T6910] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 280.508429][ T6910] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 280.508477][ T6910] xfs_alloc_vextent_start_ag+0x388/0x850 [ 280.508516][ T6910] xfs_bmapi_allocate+0x188e/0x2e00 [ 280.508582][ T6910] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 280.508616][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6910] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6910] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6905] exit_group(0 [pid 6910] <... futex resumed>) = ? [pid 6905] <... exit_group resumed>) = ? [pid 6910] +++ exited with 0 +++ [pid 6905] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6905, si_uid=0, si_status=0, si_utime=0, si_stime=106 /* 1.06 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 280.508667][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508695][ T6910] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 280.508720][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.508747][ T6910] ? xfs_iext_prev+0x35a/0x370 [ 280.508784][ T6910] ? xfs_iext_get_extent+0x1bb/0x370 [ 280.508815][ T6910] xfs_bmapi_write+0x7df/0x1260 [ 280.508874][ T6910] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 280.508949][ T6910] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 280.508986][ T6910] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 280.509013][ T6910] ? kasan_save_track+0x4f/0x80 [ 280.509036][ T6910] ? kasan_save_track+0x3e/0x80 [ 280.509057][ T6910] ? kasan_save_free_info+0x46/0x50 [ 280.509090][ T6910] ? kmem_cache_free+0x18f/0x400 [ 280.509116][ T6910] ? __xfs_trans_commit+0x3e0/0xbd0 [ 280.509139][ T6910] ? xfs_trans_roll+0x130/0x450 [ 280.509159][ T6910] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 280.509194][ T6910] xfs_attr_set_iter+0x2d4/0x4b70 [ 280.509225][ T6910] ? filename_setxattr+0x274/0x600 [ 280.509254][ T6910] ? path_setxattrat+0x364/0x3a0 [ 280.509274][ T6910] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 280.509319][ T6910] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 280.509369][ T6910] ? kasan_quarantine_put+0xdd/0x220 [ 280.509391][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.509416][ T6910] ? lockdep_hardirqs_on+0x9c/0x150 [ 280.509452][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.509482][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.509506][ T6910] ? kmem_cache_free+0x18f/0x400 [ 280.509531][ T6910] ? __xfs_trans_commit+0x3e0/0xbd0 [ 280.509558][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.509583][ T6910] ? __xfs_trans_commit+0x4c7/0xbd0 [ 280.509621][ T6910] xfs_attr_finish_item+0xed/0x320 [ 280.509657][ T6910] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 280.509689][ T6910] xfs_defer_finish_one+0x5c8/0xcf0 [ 280.509742][ T6910] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 280.509784][ T6910] xfs_defer_finish_noroll+0x910/0x12d0 [ 280.509819][ T6910] ? xfs_trans_commit+0x10b/0x1c0 [ 280.509847][ T6910] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 5872] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 280.509876][ T6910] ? inode_set_ctime_current+0x740/0xb40 [ 280.509923][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.509948][ T6910] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 280.509983][ T6910] xfs_trans_commit+0x10b/0x1c0 [ 280.510006][ T6910] ? __pfx_xfs_trans_commit+0x10/0x10 [ 280.510035][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510059][ T6910] ? xfs_trans_log_inode+0x12c/0x1a0 [ 280.510095][ T6910] xfs_attr_set+0xdc6/0x1210 [ 280.510138][ T6910] ? __pfx_xfs_attr_set+0x10/0x10 [pid 6933] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6924] <... write resumed>) = 16777216 [ 280.510168][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510192][ T6910] ? __lock_acquire+0xab9/0xd20 [ 280.510225][ T6910] ? xfs_da_hashname+0x59d/0x740 [ 280.510253][ T6910] ? do_raw_spin_lock+0x121/0x290 [ 280.510290][ T6910] ? xfs_attr_change+0x2ac/0x390 [ 280.510320][ T6910] xfs_xattr_set+0x14d/0x250 [ 280.510348][ T6910] ? __pfx_xfs_xattr_set+0x10/0x10 [ 280.510388][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510412][ T6910] ? evm_protect_xattr+0x4d4/0xa90 [ 280.510436][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510461][ T6910] ? rcu_is_watching+0x15/0xb0 [ 280.510490][ T6910] ? __pfx_evm_protect_xattr+0x10/0x10 [ 280.510514][ T6910] ? __pfx_xfs_xattr_set+0x10/0x10 [ 280.510538][ T6910] __vfs_setxattr+0x43c/0x480 [ 280.510581][ T6910] __vfs_setxattr_noperm+0x12d/0x660 [ 280.510620][ T6910] vfs_setxattr+0x16b/0x2f0 [ 280.510656][ T6910] ? __pfx_vfs_setxattr+0x10/0x10 [ 280.510682][ T6910] ? mnt_get_write_access+0x223/0x2a0 [ 280.510708][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510738][ T6910] filename_setxattr+0x274/0x600 [pid 6924] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 280.510778][ T6910] ? __pfx_filename_setxattr+0x10/0x10 [ 280.510811][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510836][ T6910] ? getname_flags+0x1e5/0x540 [ 280.510872][ T6910] path_setxattrat+0x364/0x3a0 [ 280.510909][ T6910] ? __pfx_path_setxattrat+0x10/0x10 [ 280.510965][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.510989][ T6910] ? rcu_is_watching+0x15/0xb0 [ 280.511020][ T6910] __x64_sys_lsetxattr+0xbf/0xe0 [ 280.511056][ T6910] do_syscall_64+0xfa/0x3b0 [ 280.511077][ T6910] ? lockdep_hardirqs_on+0x9c/0x150 [ 280.511111][ T6910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.511131][ T6910] ? srso_alias_return_thunk+0x5/0xfbef5 [ 280.511155][ T6910] ? exc_page_fault+0x9f/0xf0 [ 280.511191][ T6910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.511211][ T6910] RIP: 0033:0x7f3cdbf794f9 [ 280.511232][ T6910] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 280.511249][ T6910] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 280.511272][ T6910] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 280.511288][ T6910] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 280.511303][ T6910] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 280.511317][ T6910] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 280.511332][ T6910] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 280.511365][ T6910] [pid 6924] ioctl(4, LOOP_SET_FD, 3 [pid 6933] <... write resumed>) = 16777216 [pid 6913] <... mount resumed>) = 0 [pid 6933] munmap(0x7f3cd3a00000, 138412032 [pid 6913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6913] chdir("./file1") = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6913] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = 0 [pid 6911] <... futex resumed>) = 1 [pid 6913] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] <... openat resumed>) = 4 [pid 6913] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6911] <... futex resumed>) = 0 [pid 6913] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6911] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6911] <... futex resumed>) = 0 [pid 6913] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] <... pwritev2 resumed>) = 65007 [pid 6913] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6911] <... futex resumed>) = 0 [pid 6913] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6911] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 280.511645][ T6910] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 280.549730][ T6913] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 280.555018][ T6910] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 280.576002][ T6913] XFS (loop2): Starting recovery (logdev: internal) [ 280.578181][ T6910] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [pid 6933] <... munmap resumed>) = 0 [pid 6924] <... ioctl resumed>) = 0 [pid 6913] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6924] close(3 [pid 6913] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6933] <... openat resumed>) = 4 [pid 6924] <... close resumed>) = 0 [pid 6913] <... futex resumed>) = 0 [pid 6911] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] close(4 [pid 6913] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6911] <... futex resumed>) = 0 [pid 6933] ioctl(4, LOOP_SET_FD, 3 [pid 6924] <... close resumed>) = 0 [pid 6911] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 280.608195][ T6913] XFS (loop2): Ending recovery (logdev: internal) [ 281.062841][ T6924] loop3: detected capacity change from 0 to 32768 [ 281.230121][ T6913] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 281.232740][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 281.252293][ T6913] XFS (loop2): Unmount and run xfs_repair [ 281.273053][ T6933] loop0: detected capacity change from 0 to 32768 [pid 6924] mkdir("./file1", 0777) = 0 [ 281.287204][ T6913] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 281.303599][ T6913] CPU: 1 UID: 0 PID: 6913 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 281.303632][ T6913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.303648][ T6913] Call Trace: [ 281.303658][ T6913] [ 281.303668][ T6913] dump_stack_lvl+0x189/0x250 [pid 6924] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6933] <... ioctl resumed>) = 0 [pid 6911] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 281.303706][ T6913] ? __pfx__xfs_alert_tag+0x10/0x10 [ 281.303743][ T6913] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.303778][ T6913] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 281.303825][ T6913] xfs_corruption_error+0x122/0x170 [ 281.303863][ T6913] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 281.303898][ T6913] xfs_alloc_fixup_trees+0x95e/0xd20 [ 281.303926][ T6913] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 281.303974][ T6913] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 281.304007][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6933] close(3) = 0 [pid 6933] close(4) = 0 [pid 6933] mkdir("./file1", 0777) = 0 [ 281.304035][ T6913] ? rcu_is_watching+0x15/0xb0 [ 281.304065][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304092][ T6913] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 281.304123][ T6913] ? rcu_is_watching+0x15/0xb0 [ 281.304162][ T6913] xfs_alloc_cur_finish+0xd3/0x4b0 [ 281.304191][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304219][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304253][ T6913] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 281.304306][ T6913] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 281.304334][ T6913] ? xfs_group_grab+0x28/0x480 [ 281.304371][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304399][ T6913] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 281.304430][ T6913] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 281.304469][ T6913] xfs_alloc_vextent_start_ag+0x388/0x850 [ 281.304502][ T6913] xfs_bmapi_allocate+0x188e/0x2e00 [ 281.304564][ T6913] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 281.304596][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304646][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304674][ T6913] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 281.304697][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.304725][ T6913] ? xfs_iext_prev+0x35a/0x370 [ 281.304763][ T6913] ? xfs_iext_get_extent+0x1bb/0x370 [ 281.304790][ T6913] xfs_bmapi_write+0x7df/0x1260 [ 281.304843][ T6913] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 281.304912][ T6913] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 281.304949][ T6913] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 281.304983][ T6913] ? kasan_save_track+0x4f/0x80 [ 281.305007][ T6913] ? kasan_save_track+0x3e/0x80 [ 281.305029][ T6913] ? kasan_save_free_info+0x46/0x50 [ 281.305061][ T6913] ? kmem_cache_free+0x18f/0x400 [ 281.305087][ T6913] ? __xfs_trans_commit+0x3e0/0xbd0 [ 281.305110][ T6913] ? xfs_trans_roll+0x130/0x450 [ 281.305131][ T6913] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 281.305167][ T6913] xfs_attr_set_iter+0x2d4/0x4b70 [ 281.305198][ T6913] ? filename_setxattr+0x274/0x600 [ 281.305229][ T6913] ? path_setxattrat+0x364/0x3a0 [ 281.305248][ T6913] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 281.305295][ T6913] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 281.305347][ T6913] ? kasan_quarantine_put+0xdd/0x220 [ 281.305371][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.305397][ T6913] ? lockdep_hardirqs_on+0x9c/0x150 [ 281.305434][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.305466][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.305491][ T6913] ? kmem_cache_free+0x18f/0x400 [ 281.305517][ T6913] ? __xfs_trans_commit+0x3e0/0xbd0 [ 281.305546][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.305572][ T6913] ? __xfs_trans_commit+0x4c7/0xbd0 [ 281.305612][ T6913] xfs_attr_finish_item+0xed/0x320 [ 281.305649][ T6913] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 281.305684][ T6913] xfs_defer_finish_one+0x5c8/0xcf0 [ 281.305740][ T6913] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 281.305786][ T6913] xfs_defer_finish_noroll+0x910/0x12d0 [ 281.305822][ T6913] ? xfs_trans_commit+0x10b/0x1c0 [ 281.305852][ T6913] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 281.305882][ T6913] ? inode_set_ctime_current+0x740/0xb40 [pid 6933] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6913] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5872] <... umount2 resumed>) = 0 [pid 6913] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6913] <... futex resumed>) = 0 [pid 6911] exit_group(0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6911] <... exit_group resumed>) = ? [pid 5872] newfstatat(AT_FDCWD, "./23/file1", [pid 6913] +++ exited with 0 +++ [pid 6911] +++ exited with 0 +++ [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6911, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=115 /* 1.15 s */} --- [ 281.305927][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.305960][ T6913] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 281.305998][ T6913] xfs_trans_commit+0x10b/0x1c0 [ 281.306023][ T6913] ? __pfx_xfs_trans_commit+0x10/0x10 [ 281.306053][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.306079][ T6913] ? xfs_trans_log_inode+0x12c/0x1a0 [ 281.306118][ T6913] xfs_attr_set+0xdc6/0x1210 [ 281.306164][ T6913] ? __pfx_xfs_attr_set+0x10/0x10 [ 281.306195][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] getdents64(4, [pid 5873] <... openat resumed>) = 3 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] newfstatat(3, "", [pid 5872] getdents64(4, [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 5873] getdents64(3, [pid 5872] <... close resumed>) = 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] rmdir("./23/file1" [pid 5873] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... rmdir resumed>) = 0 [ 281.306221][ T6913] ? __lock_acquire+0xab9/0xd20 [ 281.306257][ T6913] ? xfs_da_hashname+0x59d/0x740 [ 281.306287][ T6913] ? do_raw_spin_lock+0x121/0x290 [ 281.306328][ T6913] ? xfs_attr_change+0x2ac/0x390 [ 281.306360][ T6913] xfs_xattr_set+0x14d/0x250 [ 281.306390][ T6913] ? __pfx_xfs_xattr_set+0x10/0x10 [ 281.306432][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.306459][ T6913] ? evm_protect_xattr+0x4d4/0xa90 [ 281.306484][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./23/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./23") = 0 [pid 5872] mkdir("./24", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 281.306510][ T6913] ? rcu_is_watching+0x15/0xb0 [ 281.306543][ T6913] ? __pfx_evm_protect_xattr+0x10/0x10 [ 281.306569][ T6913] ? __pfx_xfs_xattr_set+0x10/0x10 [ 281.306595][ T6913] __vfs_setxattr+0x43c/0x480 [ 281.306642][ T6913] __vfs_setxattr_noperm+0x12d/0x660 [ 281.306683][ T6913] vfs_setxattr+0x16b/0x2f0 [ 281.306722][ T6913] ? __pfx_vfs_setxattr+0x10/0x10 [ 281.306750][ T6913] ? mnt_get_write_access+0x223/0x2a0 [ 281.306782][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.306815][ T6913] filename_setxattr+0x274/0x600 [ 281.306859][ T6913] ? __pfx_filename_setxattr+0x10/0x10 [ 281.306896][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.306922][ T6913] ? getname_flags+0x1e5/0x540 [ 281.306967][ T6913] path_setxattrat+0x364/0x3a0 [ 281.307004][ T6913] ? __pfx_path_setxattrat+0x10/0x10 [ 281.307066][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.307092][ T6913] ? rcu_is_watching+0x15/0xb0 [ 281.307127][ T6913] __x64_sys_lsetxattr+0xbf/0xe0 [ 281.307164][ T6913] do_syscall_64+0xfa/0x3b0 [ 281.307186][ T6913] ? lockdep_hardirqs_on+0x9c/0x150 [ 281.307222][ T6913] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.307243][ T6913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 281.307269][ T6913] ? exc_page_fault+0x9f/0xf0 [ 281.307307][ T6913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.307331][ T6913] RIP: 0033:0x7f3cdbf794f9 [ 281.307352][ T6913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 281.307373][ T6913] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 281.307398][ T6913] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 281.307415][ T6913] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 281.307433][ T6913] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 281.307447][ T6913] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 281.307463][ T6913] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 281.307502][ T6913] [pid 5872] close(3 [pid 6924] <... mount resumed>) = 0 [pid 6924] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6924] chdir("./file1") = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6924] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 6924] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 6924] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 281.357821][ T6924] XFS: noikeep mount option is deprecated. [ 281.370415][ T6913] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 281.436986][ T6933] XFS: noikeep mount option is deprecated. [ 281.459490][ T6913] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 281.595020][ T6924] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6924] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 281.600759][ T6913] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 281.685204][ T6933] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 281.716249][ T6924] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 281.762103][ T6933] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 281.793275][ T6924] XFS (loop3): Starting recovery (logdev: internal) [ 281.890472][ T6933] XFS (loop0): Starting recovery (logdev: internal) [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6922] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 6950 attached [pid 6933] <... mount resumed>) = 0 [pid 6924] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6950] set_robust_list(0x55555d962760, 24 [pid 6933] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 6950] <... set_robust_list resumed>) = 0 [pid 6933] <... openat resumed>) = 3 [pid 6924] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6950 [pid 6950] chdir("./24" [pid 6924] <... futex resumed>) = 0 [pid 6933] chdir("./file1" [pid 6922] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... umount2 resumed>) = 0 [pid 6950] <... chdir resumed>) = 0 [pid 6933] <... chdir resumed>) = 0 [pid 6924] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6922] <... futex resumed>) = 0 [pid 5873] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6933] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6922] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6950] <... prctl resumed>) = 0 [pid 6950] setpgid(0, 0) = 0 [pid 5873] newfstatat(AT_FDCWD, "./23/file1", [pid 6950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6950] write(3, "1000", 4) = 4 [pid 5873] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] close(3) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6950] symlink("/dev/binderfs", "./binderfs" [pid 6933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6950] <... symlink resumed>) = 0 [pid 5873] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6950] write(1, "executing program\n", 18executing program ) = 18 [pid 6933] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... openat resumed>) = 4 [ 281.925463][ T6924] XFS (loop3): Ending recovery (logdev: internal) [ 281.991416][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 282.019766][ T6924] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 282.110897][ T6933] XFS (loop0): Ending recovery (logdev: internal) [ 282.121176][ T6924] XFS (loop3): Unmount and run xfs_repair [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6950] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 1 [pid 6927] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] newfstatat(4, "", [pid 6933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6927] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6950] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6933] <... openat resumed>) = 4 [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] getdents64(4, [pid 6933] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6933] <... futex resumed>) = 0 [pid 6927] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] getdents64(4, [pid 6933] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6927] <... futex resumed>) = 0 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6933] <... pwritev2 resumed>) = 65007 [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] close(4 [pid 6933] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... close resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6927] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [ 282.159057][ T6924] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 282.174879][ T6924] CPU: 0 UID: 0 PID: 6924 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 282.174912][ T6924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.174928][ T6924] Call Trace: [ 282.174939][ T6924] [pid 5873] rmdir("./23/file1" [pid 6933] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6927] <... futex resumed>) = 0 [pid 5873] <... rmdir resumed>) = 0 [pid 6950] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6922] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6933] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6933] <... futex resumed>) = 1 [pid 6927] <... futex resumed>) = 0 [pid 5873] newfstatat(AT_FDCWD, "./23/binderfs", [pid 6950] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6933] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6927] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6950] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6927] <... futex resumed>) = 0 [pid 5873] unlink("./23/binderfs" [pid 6950] <... mprotect resumed>) = 0 [pid 6927] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... unlink resumed>) = 0 [pid 6950] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5873] getdents64(3, [pid 6950] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5873] close(3) = 0 [pid 6950] <... clone3 resumed> => {parent_tid=[6951]}, 88) = 6951 [ 282.174949][ T6924] dump_stack_lvl+0x189/0x250 [ 282.174985][ T6924] ? __pfx__xfs_alert_tag+0x10/0x10 [ 282.175023][ T6924] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.175058][ T6924] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 282.175106][ T6924] xfs_corruption_error+0x122/0x170 [ 282.175145][ T6924] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 282.175180][ T6924] xfs_alloc_fixup_trees+0x95e/0xd20 [ 282.175211][ T6924] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 282.175264][ T6924] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] rmdir("./23" [pid 6950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6950] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... rmdir resumed>) = 0 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] mkdir("./24", 0777./strace-static-x86_64: Process 6951 attached ) = 0 [pid 6951] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6951] set_robust_list(0x7f3cdbf259a0, 24 [pid 5873] <... openat resumed>) = 3 [pid 6951] <... set_robust_list resumed>) = 0 [pid 6951] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] ioctl(3, LOOP_CLR_FD [pid 6951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... ioctl resumed>) = 0 [pid 6951] memfd_create("syzkaller", 0 [pid 5873] close(3 [pid 6951] <... memfd_create resumed>) = 3 [pid 6951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6927] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 282.175295][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175324][ T6924] ? rcu_is_watching+0x15/0xb0 [ 282.175355][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175382][ T6924] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 282.175415][ T6924] ? rcu_is_watching+0x15/0xb0 [ 282.175454][ T6924] xfs_alloc_cur_finish+0xd3/0x4b0 [ 282.175484][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175514][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175546][ T6924] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 282.175602][ T6924] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 282.175631][ T6924] ? xfs_group_grab+0x28/0x480 [ 282.175668][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175694][ T6924] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 282.175727][ T6924] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 282.175772][ T6924] xfs_alloc_vextent_start_ag+0x388/0x850 [ 282.175811][ T6924] xfs_bmapi_allocate+0x188e/0x2e00 [ 282.175874][ T6924] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 282.175912][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175963][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.175993][ T6924] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 282.176113][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.176156][ T6924] ? xfs_iext_prev+0x35a/0x370 [ 282.176206][ T6924] ? xfs_iext_get_extent+0x1bb/0x370 [ 282.176241][ T6924] xfs_bmapi_write+0x7df/0x1260 [ 282.176319][ T6924] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 282.176426][ T6924] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 282.176479][ T6924] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 282.176520][ T6924] ? kasan_save_track+0x4f/0x80 [ 282.176560][ T6924] ? kasan_save_track+0x3e/0x80 [ 282.176594][ T6924] ? kasan_save_free_info+0x46/0x50 [ 282.176653][ T6924] ? kmem_cache_free+0x18f/0x400 [ 282.176698][ T6924] ? __xfs_trans_commit+0x3e0/0xbd0 [ 282.176735][ T6924] ? xfs_trans_roll+0x130/0x450 [ 282.176778][ T6924] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 282.176831][ T6924] xfs_attr_set_iter+0x2d4/0x4b70 [ 282.176916][ T6924] ? filename_setxattr+0x274/0x600 [ 282.176965][ T6924] ? path_setxattrat+0x364/0x3a0 [ 282.176997][ T6924] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 282.177070][ T6924] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 282.177141][ T6924] ? kasan_quarantine_put+0xdd/0x220 [ 282.177170][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.177215][ T6924] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.177270][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.177316][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.177353][ T6924] ? kmem_cache_free+0x18f/0x400 [ 282.177393][ T6924] ? __xfs_trans_commit+0x3e0/0xbd0 [ 282.177439][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.177474][ T6924] ? __xfs_trans_commit+0x4c7/0xbd0 [ 282.177538][ T6924] xfs_attr_finish_item+0xed/0x320 [ 282.177592][ T6924] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 282.177649][ T6924] xfs_defer_finish_one+0x5c8/0xcf0 [ 282.177719][ T6924] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 282.177773][ T6924] xfs_defer_finish_noroll+0x910/0x12d0 [ 282.177811][ T6924] ? xfs_trans_commit+0x10b/0x1c0 [ 282.177843][ T6924] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 282.177901][ T6924] ? inode_set_ctime_current+0x740/0xb40 [ 282.177961][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.177992][ T6924] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 282.178038][ T6924] xfs_trans_commit+0x10b/0x1c0 [ 282.178063][ T6924] ? __pfx_xfs_trans_commit+0x10/0x10 [ 282.178094][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.178122][ T6924] ? xfs_trans_log_inode+0x12c/0x1a0 [ 282.178165][ T6924] xfs_attr_set+0xdc6/0x1210 [ 282.178222][ T6924] ? __pfx_xfs_attr_set+0x10/0x10 [ 282.178260][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.178292][ T6924] ? __lock_acquire+0xab9/0xd20 [ 282.178332][ T6924] ? xfs_da_hashname+0x59d/0x740 [ 282.178368][ T6924] ? do_raw_spin_lock+0x121/0x290 [ 282.178416][ T6924] ? xfs_attr_change+0x2ac/0x390 [ 282.178452][ T6924] xfs_xattr_set+0x14d/0x250 [ 282.178488][ T6924] ? __pfx_xfs_xattr_set+0x10/0x10 [ 282.178539][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.178570][ T6924] ? evm_protect_xattr+0x4d4/0xa90 [ 282.178599][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.178632][ T6924] ? rcu_is_watching+0x15/0xb0 [ 282.178669][ T6924] ? __pfx_evm_protect_xattr+0x10/0x10 [ 282.178698][ T6924] ? __pfx_xfs_xattr_set+0x10/0x10 [ 282.178725][ T6924] __vfs_setxattr+0x43c/0x480 [ 282.178775][ T6924] __vfs_setxattr_noperm+0x12d/0x660 [ 282.178820][ T6924] vfs_setxattr+0x16b/0x2f0 [ 282.178860][ T6924] ? __pfx_vfs_setxattr+0x10/0x10 [ 282.178911][ T6924] ? mnt_get_write_access+0x223/0x2a0 [ 282.178942][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.178977][ T6924] filename_setxattr+0x274/0x600 [ 282.179028][ T6924] ? __pfx_filename_setxattr+0x10/0x10 [ 282.179070][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.179099][ T6924] ? getname_flags+0x1e5/0x540 [ 282.179140][ T6924] path_setxattrat+0x364/0x3a0 [ 282.179176][ T6924] ? __pfx_path_setxattrat+0x10/0x10 [ 282.179241][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.179269][ T6924] ? rcu_is_watching+0x15/0xb0 [ 282.179308][ T6924] __x64_sys_lsetxattr+0xbf/0xe0 [ 282.179349][ T6924] do_syscall_64+0xfa/0x3b0 [ 282.179375][ T6924] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.179414][ T6924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.179439][ T6924] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.179469][ T6924] ? exc_page_fault+0x9f/0xf0 [ 282.179510][ T6924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.179535][ T6924] RIP: 0033:0x7f3cdbf794f9 [ 282.179559][ T6924] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 executing program [pid 6924] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6924] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6922] exit_group(0 [pid 6924] <... futex resumed>) = ? [pid 6922] <... exit_group resumed>) = ? [pid 6924] +++ exited with 0 +++ [pid 6922] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6922, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=97 /* 0.97 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] exit_group(0) = ? [pid 6951] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6952 attached [pid 6952] set_robust_list(0x55555d962760, 24) = 0 [pid 6952] chdir("./24") = 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6952 [pid 6952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6952] setpgid(0, 0) = 0 [pid 6952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6952] write(3, "1000", 4) = 4 [pid 6952] close(3) = 0 [pid 6952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6952] write(1, "executing program\n", 18) = 18 [pid 6952] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6952] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 6953 attached => {parent_tid=[6953]}, 88) = 6953 [pid 6953] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6952] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6953] <... rseq resumed>) = 0 [pid 6953] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] memfd_create("syzkaller", 0) = 3 [pid 6953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 282.179580][ T6924] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 282.179605][ T6924] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 282.179623][ T6924] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 282.179643][ T6924] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 282.179659][ T6924] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 282.179676][ T6924] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 282.179715][ T6924] [ 282.192500][ T6933] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 282.203152][ T6924] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 282.206536][ T6933] XFS (loop0): Unmount and run xfs_repair [ 282.222780][ T6924] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 282.243408][ T6933] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 282.246684][ T6924] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 282.305654][ T6933] CPU: 1 UID: 0 PID: 6933 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 282.305690][ T6933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.305706][ T6933] Call Trace: [ 282.305717][ T6933] [ 282.305728][ T6933] dump_stack_lvl+0x189/0x250 [ 282.305766][ T6933] ? __pfx__xfs_alert_tag+0x10/0x10 [ 282.305804][ T6933] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6951] <... write resumed>) = 16777216 [pid 6951] munmap(0x7f3cd3a00000, 138412032 [ 282.305838][ T6933] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 282.305885][ T6933] xfs_corruption_error+0x122/0x170 [ 282.305924][ T6933] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 282.305959][ T6933] xfs_alloc_fixup_trees+0x95e/0xd20 [ 282.305988][ T6933] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 282.306029][ T6933] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 282.306059][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306088][ T6933] ? rcu_is_watching+0x15/0xb0 [ 282.306118][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6953] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6951] <... munmap resumed>) = 0 [pid 6951] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 282.306151][ T6933] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 282.306182][ T6933] ? rcu_is_watching+0x15/0xb0 [ 282.306221][ T6933] xfs_alloc_cur_finish+0xd3/0x4b0 [ 282.306250][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306280][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306314][ T6933] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 282.306371][ T6933] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 282.306400][ T6933] ? xfs_group_grab+0x28/0x480 [ 282.306436][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306463][ T6933] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 282.306497][ T6933] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 282.306544][ T6933] xfs_alloc_vextent_start_ag+0x388/0x850 [ 282.306583][ T6933] xfs_bmapi_allocate+0x188e/0x2e00 [ 282.306647][ T6933] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 282.306683][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306733][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306760][ T6933] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 282.306784][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.306812][ T6933] ? xfs_iext_prev+0x35a/0x370 [ 282.306851][ T6933] ? xfs_iext_get_extent+0x1bb/0x370 [ 282.306882][ T6933] xfs_bmapi_write+0x7df/0x1260 [ 282.306941][ T6933] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 282.307018][ T6933] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 282.307060][ T6933] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 282.307090][ T6933] ? kasan_save_track+0x4f/0x80 [ 282.307116][ T6933] ? kasan_save_track+0x3e/0x80 [ 282.307145][ T6933] ? kasan_save_free_info+0x46/0x50 [ 282.307181][ T6933] ? kmem_cache_free+0x18f/0x400 [ 282.307209][ T6933] ? __xfs_trans_commit+0x3e0/0xbd0 [ 282.307234][ T6933] ? xfs_trans_roll+0x130/0x450 [ 282.307257][ T6933] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 282.307297][ T6933] xfs_attr_set_iter+0x2d4/0x4b70 [ 282.307332][ T6933] ? filename_setxattr+0x274/0x600 [ 282.307365][ T6933] ? path_setxattrat+0x364/0x3a0 [ 282.307387][ T6933] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 282.307438][ T6933] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 282.307494][ T6933] ? kasan_quarantine_put+0xdd/0x220 [pid 6951] ioctl(4, LOOP_SET_FD, 3) = 0 [ 282.307520][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.307548][ T6933] ? lockdep_hardirqs_on+0x9c/0x150 [ 282.307587][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.307621][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.307649][ T6933] ? kmem_cache_free+0x18f/0x400 [ 282.307677][ T6933] ? __xfs_trans_commit+0x3e0/0xbd0 [ 282.307708][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.307735][ T6933] ? __xfs_trans_commit+0x4c7/0xbd0 [ 282.307778][ T6933] xfs_attr_finish_item+0xed/0x320 [pid 6951] close(3) = 0 [pid 6951] close(4) = 0 [pid 6951] mkdir("./file1", 0777) = 0 [pid 6951] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6953] <... write resumed>) = 16777216 [ 282.307818][ T6933] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 282.307855][ T6933] xfs_defer_finish_one+0x5c8/0xcf0 [ 282.307914][ T6933] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 282.307962][ T6933] xfs_defer_finish_noroll+0x910/0x12d0 [ 282.308001][ T6933] ? xfs_trans_commit+0x10b/0x1c0 [ 282.308033][ T6933] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 282.308066][ T6933] ? inode_set_ctime_current+0x740/0xb40 [ 282.308113][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.308145][ T6933] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 6933] <... lsetxattr resumed>) = ? [pid 6953] munmap(0x7f3cd3a00000, 138412032 [pid 6933] +++ exited with 0 +++ [pid 6927] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6927, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=122 /* 1.22 s */} --- [pid 6953] <... munmap resumed>) = 0 [pid 5871] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 282.308185][ T6933] xfs_trans_commit+0x10b/0x1c0 [ 282.308211][ T6933] ? __pfx_xfs_trans_commit+0x10/0x10 [ 282.308244][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.308271][ T6933] ? xfs_trans_log_inode+0x12c/0x1a0 [ 282.308311][ T6933] xfs_attr_set+0xdc6/0x1210 [ 282.308360][ T6933] ? __pfx_xfs_attr_set+0x10/0x10 [ 282.308393][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.308421][ T6933] ? __lock_acquire+0xab9/0xd20 [ 282.308457][ T6933] ? xfs_da_hashname+0x59d/0x740 [pid 6953] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 6953] close(3) = 0 [ 282.308488][ T6933] ? do_raw_spin_lock+0x121/0x290 [ 282.308530][ T6933] ? xfs_attr_change+0x2ac/0x390 [ 282.308564][ T6933] xfs_xattr_set+0x14d/0x250 [ 282.308596][ T6933] ? __pfx_xfs_xattr_set+0x10/0x10 [ 282.308640][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.308667][ T6933] ? evm_protect_xattr+0x4d4/0xa90 [ 282.308695][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.308722][ T6933] ? rcu_is_watching+0x15/0xb0 [ 282.308755][ T6933] ? __pfx_evm_protect_xattr+0x10/0x10 [ 282.308783][ T6933] ? __pfx_xfs_xattr_set+0x10/0x10 [ 282.308811][ T6933] __vfs_setxattr+0x43c/0x480 [ 282.308858][ T6933] __vfs_setxattr_noperm+0x12d/0x660 [ 282.308901][ T6933] vfs_setxattr+0x16b/0x2f0 [ 282.308942][ T6933] ? __pfx_vfs_setxattr+0x10/0x10 [ 282.308972][ T6933] ? mnt_get_write_access+0x223/0x2a0 [ 282.309002][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.309036][ T6933] filename_setxattr+0x274/0x600 [ 282.309083][ T6933] ? __pfx_filename_setxattr+0x10/0x10 [ 282.309121][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.309154][ T6933] ? getname_flags+0x1e5/0x540 [ 282.309195][ T6933] path_setxattrat+0x364/0x3a0 [ 282.309231][ T6933] ? __pfx_path_setxattrat+0x10/0x10 [ 282.309296][ T6933] ? srso_alias_return_thunk+0x5/0xfbef5 [ 282.309324][ T6933] ? rcu_is_watching+0x15/0xb0 [ 282.309360][ T6933] __x64_sys_lsetxattr+0xbf/0xe0 [ 282.309400][ T6933] do_syscall_64+0xfa/0x3b0 [ 282.309428][ T6933] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.309450][ T6933] ? asm_common_interrupt+0x26/0x40 [pid 6953] close(4) = 0 [pid 5874] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6953] mkdir("./file1", 0777) = 0 [pid 6953] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 282.309480][ T6933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.309504][ T6933] RIP: 0033:0x7f3cdbf794f9 [ 282.309525][ T6933] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 282.309546][ T6933] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 282.309572][ T6933] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [ 282.309590][ T6933] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 282.309609][ T6933] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 282.309626][ T6933] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 282.309642][ T6933] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 282.309681][ T6933] [ 282.332295][ T6933] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 283.022582][ T6951] loop1: detected capacity change from 0 to 32768 [pid 5874] close(4) = 0 [pid 5874] rmdir("./24/file1") = 0 [pid 5874] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./24/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./24") = 0 [ 283.181893][ T6933] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 283.189523][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 283.191866][ T6933] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 283.241668][ T6951] XFS: noikeep mount option is deprecated. [ 283.357904][ T6953] loop2: detected capacity change from 0 to 32768 [pid 5874] mkdir("./25", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 283.380025][ T6951] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 283.400772][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 283.559456][ T6953] XFS: noikeep mount option is deprecated. [ 283.591027][ T6951] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 283.648634][ T6953] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 283.661029][ T6951] XFS (loop1): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6951] <... mount resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] newfstatat(AT_FDCWD, "./23/file1", [pid 6951] chdir("./file1" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6951] <... chdir resumed>) = 0 [pid 5871] umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6951] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6951] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 4 [pid 6951] <... futex resumed>) = 1 [pid 6950] <... futex resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 6951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6950] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] <... openat resumed>) = 4 [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6951] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6951] <... futex resumed>) = 0 [pid 6950] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./23/file1") = 0 [pid 5871] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./23/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./23") = 0 [pid 6951] <... pwritev2 resumed>) = 65007 [pid 6951] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = 0 [pid 6951] <... futex resumed>) = 1 [pid 6951] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6950] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [ 283.720751][ T6951] XFS (loop1): Ending recovery (logdev: internal) [ 283.744590][ T6953] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] mkdir("./24", 0777) = 0 [pid 6950] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 283.780829][ T6951] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 283.817222][ T6951] XFS (loop1): Unmount and run xfs_repair [pid 5871] close(3 [pid 6951] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6951] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6951] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6951] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6953] <... mount resumed>) = 0 [pid 6950] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6953] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6953] chdir("./file1") = 0 [pid 6953] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6953] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [ 283.824832][ T6953] XFS (loop2): Starting recovery (logdev: internal) [ 283.850476][ T6951] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 283.867707][ T6953] XFS (loop2): Ending recovery (logdev: internal) [pid 6953] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6952] <... futex resumed>) = 0 [pid 6952] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... openat resumed>) = 4 [pid 6953] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6953] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6952] <... futex resumed>) = 0 [pid 6953] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6952] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... pwritev2 resumed>) = 65007 [pid 6953] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6953] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 283.893282][ T6951] CPU: 1 UID: 0 PID: 6951 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 283.893318][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.893335][ T6951] Call Trace: [ 283.893346][ T6951] [ 283.893357][ T6951] dump_stack_lvl+0x189/0x250 [ 283.893394][ T6951] ? __pfx__xfs_alert_tag+0x10/0x10 [ 283.893432][ T6951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.893466][ T6951] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 283.893514][ T6951] xfs_corruption_error+0x122/0x170 [ 283.893555][ T6951] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 283.893590][ T6951] xfs_alloc_fixup_trees+0x95e/0xd20 [ 283.893618][ T6951] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 283.893659][ T6951] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 283.893693][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.893722][ T6951] ? rcu_is_watching+0x15/0xb0 [ 283.893753][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.893781][ T6951] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6952] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 283.893814][ T6951] ? rcu_is_watching+0x15/0xb0 [ 283.893855][ T6951] xfs_alloc_cur_finish+0xd3/0x4b0 [ 283.893885][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.893916][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.893950][ T6951] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 283.894008][ T6951] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 283.894037][ T6951] ? xfs_group_grab+0x28/0x480 [ 283.894074][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.894103][ T6951] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 283.894136][ T6951] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 283.894194][ T6951] xfs_alloc_vextent_start_ag+0x388/0x850 [ 283.894234][ T6951] xfs_bmapi_allocate+0x188e/0x2e00 [ 283.894299][ T6951] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 283.894341][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.894392][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.894420][ T6951] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 283.894444][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.894472][ T6951] ? xfs_iext_prev+0x35a/0x370 [pid 6952] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... close resumed>) = 0 [pid 6952] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6952] <... futex resumed>) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6952] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 6970 [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6971]}, 88) = 6971 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6952] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 283.894510][ T6951] ? xfs_iext_get_extent+0x1bb/0x370 [ 283.894541][ T6951] xfs_bmapi_write+0x7df/0x1260 [ 283.894602][ T6951] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 283.894680][ T6951] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 283.894727][ T6951] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 283.894758][ T6951] ? kasan_save_track+0x4f/0x80 [ 283.894785][ T6951] ? kasan_save_track+0x3e/0x80 [ 283.894811][ T6951] ? kasan_save_free_info+0x46/0x50 [ 283.894855][ T6951] ? kmem_cache_free+0x18f/0x400 [pid 6952] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6971 attached ./strace-static-x86_64: Process 6970 attached [pid 6971] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 6970] set_robust_list(0x55555d962760, 24 [pid 6971] <... rseq resumed>) = 0 [pid 6970] <... set_robust_list resumed>) = 0 [pid 6971] set_robust_list(0x7f3cdbf049a0, 24 [pid 6970] chdir("./25" [pid 6971] <... set_robust_list resumed>) = 0 [pid 6970] <... chdir resumed>) = 0 [pid 6971] rt_sigprocmask(SIG_SETMASK, [], [pid 6970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6970] <... prctl resumed>) = 0 [pid 6971] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6970] setpgid(0, 0) = 0 [pid 6970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6970] write(3, "1000", 4) = 4 [pid 6970] close(3) = 0 [pid 6970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] <... close resumed>) = 0 executing program [pid 6970] write(1, "executing program\n", 18 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6972 attached [pid 6970] <... write resumed>) = 18 [pid 6952] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6972] set_robust_list(0x55555d962760, 24 [pid 6970] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6972 [pid 6972] <... set_robust_list resumed>) = 0 [pid 6970] <... futex resumed>) = 0 [pid 6972] chdir("./24" [pid 6970] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 6972] <... chdir resumed>) = 0 [pid 6970] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6972] prctl(PR_SET_PDEATHSIG, SIGKILL [ 283.894884][ T6951] ? __xfs_trans_commit+0x3e0/0xbd0 [ 283.894909][ T6951] ? xfs_trans_roll+0x130/0x450 [ 283.894933][ T6951] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 283.894973][ T6951] xfs_attr_set_iter+0x2d4/0x4b70 [ 283.895009][ T6951] ? filename_setxattr+0x274/0x600 [ 283.895044][ T6951] ? path_setxattrat+0x364/0x3a0 [ 283.895066][ T6951] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 283.895119][ T6951] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 283.895186][ T6951] ? kasan_quarantine_put+0xdd/0x220 [ 283.895214][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6972] <... prctl resumed>) = 0 [pid 6970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6953] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 283.895242][ T6951] ? lockdep_hardirqs_on+0x9c/0x150 [ 283.895284][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.895318][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.895346][ T6951] ? kmem_cache_free+0x18f/0x400 [ 283.895373][ T6951] ? __xfs_trans_commit+0x3e0/0xbd0 [ 283.895404][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.895431][ T6951] ? __xfs_trans_commit+0x4c7/0xbd0 [ 283.895474][ T6951] xfs_attr_finish_item+0xed/0x320 [ 283.895520][ T6951] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 6953] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] setpgid(0, 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6970] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6973]}, 88) = 6973 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6970] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6972] <... setpgid resumed>) = 0 [pid 6972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6972] write(3, "1000", 4) = 4 [pid 6972] close(3) = 0 [pid 6972] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6972] write(1, "executing program\n", 18) = 18 [pid 6972] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 ./strace-static-x86_64: Process 6973 attached [pid 6972] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6973] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 6972] <... mprotect resumed>) = 0 [pid 6973] <... rseq resumed>) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6973] set_robust_list(0x7f3cdbf259a0, 24 [pid 6972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6973] <... set_robust_list resumed>) = 0 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] memfd_create("syzkaller", 0 [pid 6972] <... clone3 resumed> => {parent_tid=[6974]}, 88) = 6974 [pid 6973] <... memfd_create resumed>) = 3 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6951] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6951] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] exit_group(0) = ? ./strace-static-x86_64: Process 6974 attached [pid 6951] +++ exited with 0 +++ [pid 6950] +++ exited with 0 +++ [ 283.895559][ T6951] xfs_defer_finish_one+0x5c8/0xcf0 [ 283.895620][ T6951] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 283.895670][ T6951] xfs_defer_finish_noroll+0x910/0x12d0 [ 283.895710][ T6951] ? xfs_trans_commit+0x10b/0x1c0 [ 283.895743][ T6951] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 283.895777][ T6951] ? inode_set_ctime_current+0x740/0xb40 [ 283.895826][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.895855][ T6951] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 283.895901][ T6951] xfs_trans_commit+0x10b/0x1c0 [pid 6974] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6950, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=79 /* 0.79 s */} --- [pid 6974] <... rseq resumed>) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6974] set_robust_list(0x7f3cdbf259a0, 24 [pid 5872] <... restart_syscall resumed>) = 0 [pid 6974] <... set_robust_list resumed>) = 0 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6974] memfd_create("syzkaller", 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6974] <... memfd_create resumed>) = 3 [pid 6974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6974] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 283.895928][ T6951] ? __pfx_xfs_trans_commit+0x10/0x10 [ 283.895961][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.895989][ T6951] ? xfs_trans_log_inode+0x12c/0x1a0 [ 283.896031][ T6951] xfs_attr_set+0xdc6/0x1210 [ 283.896081][ T6951] ? __pfx_xfs_attr_set+0x10/0x10 [ 283.896116][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.896144][ T6951] ? __lock_acquire+0xab9/0xd20 [ 283.896190][ T6951] ? xfs_da_hashname+0x59d/0x740 [ 283.896224][ T6951] ? do_raw_spin_lock+0x121/0x290 [ 283.896266][ T6951] ? xfs_attr_change+0x2ac/0x390 [ 283.896301][ T6951] xfs_xattr_set+0x14d/0x250 [ 283.896335][ T6951] ? __pfx_xfs_xattr_set+0x10/0x10 [ 283.896378][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.896407][ T6951] ? evm_protect_xattr+0x4d4/0xa90 [ 283.896433][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.896462][ T6951] ? rcu_is_watching+0x15/0xb0 [ 283.896496][ T6951] ? __pfx_evm_protect_xattr+0x10/0x10 [ 283.896525][ T6951] ? __pfx_xfs_xattr_set+0x10/0x10 [ 283.896553][ T6951] __vfs_setxattr+0x43c/0x480 [ 283.896608][ T6951] __vfs_setxattr_noperm+0x12d/0x660 [pid 5872] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6952] exit_group(0 [pid 6953] <... futex resumed>) = ? [pid 6952] <... exit_group resumed>) = ? [pid 6953] +++ exited with 0 +++ [ 283.896651][ T6951] vfs_setxattr+0x16b/0x2f0 [ 283.896694][ T6951] ? __pfx_vfs_setxattr+0x10/0x10 [ 283.896725][ T6951] ? mnt_get_write_access+0x223/0x2a0 [ 283.896755][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.896789][ T6951] filename_setxattr+0x274/0x600 [ 283.896835][ T6951] ? __pfx_filename_setxattr+0x10/0x10 [ 283.896874][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.896903][ T6951] ? getname_flags+0x1e5/0x540 [ 283.896945][ T6951] path_setxattrat+0x364/0x3a0 [ 283.896982][ T6951] ? __pfx_path_setxattrat+0x10/0x10 [ 283.897048][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.897077][ T6951] ? rcu_is_watching+0x15/0xb0 [ 283.897113][ T6951] __x64_sys_lsetxattr+0xbf/0xe0 [ 283.897163][ T6951] do_syscall_64+0xfa/0x3b0 [ 283.897188][ T6951] ? lockdep_hardirqs_on+0x9c/0x150 [ 283.897228][ T6951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.897251][ T6951] ? srso_alias_return_thunk+0x5/0xfbef5 [ 283.897280][ T6951] ? exc_page_fault+0x9f/0xf0 [ 283.897321][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.897346][ T6951] RIP: 0033:0x7f3cdbf794f9 [ 283.897373][ T6951] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 283.897395][ T6951] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 283.897421][ T6951] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 283.897441][ T6951] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6974] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 283.897459][ T6951] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 283.897476][ T6951] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 283.897493][ T6951] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 283.897531][ T6951] [ 283.908849][ T6953] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 283.970386][ T6951] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 284.013117][ T6953] XFS (loop2): Unmount and run xfs_repair [ 284.197882][ T6951] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 284.209067][ T6971] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 284.219691][ T6951] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 284.224209][ T6971] CPU: 0 UID: 0 PID: 6971 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 284.224243][ T6971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 284.224260][ T6971] Call Trace: [ 284.224271][ T6971] [ 284.224282][ T6971] dump_stack_lvl+0x189/0x250 [ 284.224319][ T6971] ? __pfx__xfs_alert_tag+0x10/0x10 [ 284.224357][ T6971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.224392][ T6971] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 284.224440][ T6971] xfs_corruption_error+0x122/0x170 [ 284.224480][ T6971] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 284.224515][ T6971] xfs_alloc_fixup_trees+0x95e/0xd20 [ 284.224545][ T6971] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 284.224586][ T6971] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 284.224617][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.224646][ T6971] ? rcu_is_watching+0x15/0xb0 [ 284.224677][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.224705][ T6971] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 284.224736][ T6971] ? rcu_is_watching+0x15/0xb0 [ 284.224774][ T6971] xfs_alloc_cur_finish+0xd3/0x4b0 [ 284.224803][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.224833][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.224866][ T6971] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 284.224929][ T6971] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 284.224958][ T6971] ? xfs_group_grab+0x28/0x480 [ 284.224994][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.225022][ T6971] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 284.225055][ T6971] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 284.225102][ T6971] xfs_alloc_vextent_start_ag+0x388/0x850 [ 284.225141][ T6971] xfs_bmapi_allocate+0x188e/0x2e00 [ 284.225205][ T6971] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 284.225241][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.225290][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.225317][ T6971] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 284.225341][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.225369][ T6971] ? xfs_iext_prev+0x35a/0x370 [ 284.225406][ T6971] ? xfs_iext_get_extent+0x1bb/0x370 [ 284.225437][ T6971] xfs_bmapi_write+0x7df/0x1260 [ 284.225495][ T6971] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 284.225572][ T6971] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 284.225613][ T6971] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 284.225643][ T6971] ? kasan_save_track+0x4f/0x80 [ 284.225669][ T6971] ? kasan_save_track+0x3e/0x80 [ 284.225694][ T6971] ? kasan_save_free_info+0x46/0x50 [ 284.225730][ T6971] ? kmem_cache_free+0x18f/0x400 [ 284.225757][ T6971] ? __xfs_trans_commit+0x3e0/0xbd0 [ 284.225782][ T6971] ? xfs_trans_roll+0x130/0x450 [ 284.225805][ T6971] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 284.225845][ T6971] xfs_attr_set_iter+0x2d4/0x4b70 [ 284.225878][ T6971] ? filename_setxattr+0x274/0x600 [ 284.225915][ T6971] ? path_setxattrat+0x364/0x3a0 [ 284.225937][ T6971] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 284.225988][ T6971] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 284.226044][ T6971] ? kasan_quarantine_put+0xdd/0x220 [ 284.226069][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226097][ T6971] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.226136][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226170][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6973] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6974] <... write resumed>) = 16777216 [ 284.226197][ T6971] ? kmem_cache_free+0x18f/0x400 [ 284.226225][ T6971] ? __xfs_trans_commit+0x3e0/0xbd0 [ 284.226256][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226283][ T6971] ? __xfs_trans_commit+0x4c7/0xbd0 [ 284.226309][ T6971] ? xfs_trans_dup+0xc3/0x5f0 [ 284.226347][ T6971] xfs_attr_finish_item+0xed/0x320 [ 284.226386][ T6971] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 284.226423][ T6971] xfs_defer_finish_one+0x5c8/0xcf0 [ 284.226482][ T6971] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 284.226530][ T6971] xfs_defer_finish_noroll+0x910/0x12d0 [pid 6974] munmap(0x7f3cd3a00000, 138412032 [pid 6973] <... write resumed>) = 16777216 [pid 6973] munmap(0x7f3cd3a00000, 138412032 [pid 6974] <... munmap resumed>) = 0 [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 284.226569][ T6971] ? xfs_trans_commit+0x10b/0x1c0 [ 284.226600][ T6971] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 284.226633][ T6971] ? inode_set_ctime_current+0x740/0xb40 [ 284.226680][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226708][ T6971] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 284.226747][ T6971] xfs_trans_commit+0x10b/0x1c0 [ 284.226773][ T6971] ? __pfx_xfs_trans_commit+0x10/0x10 [ 284.226805][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226833][ T6971] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 6974] ioctl(4, LOOP_SET_FD, 3 [pid 6973] <... munmap resumed>) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6974] <... ioctl resumed>) = 0 [pid 6974] close(3) = 0 [pid 6974] close(4) = 0 [pid 6974] mkdir("./file1", 0777) = 0 [ 284.226872][ T6971] xfs_attr_set+0xdc6/0x1210 [ 284.226923][ T6971] ? __pfx_xfs_attr_set+0x10/0x10 [ 284.226956][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.226983][ T6971] ? __lock_acquire+0xab9/0xd20 [ 284.227019][ T6971] ? xfs_da_hashname+0x59d/0x740 [ 284.227050][ T6971] ? do_raw_spin_lock+0x121/0x290 [ 284.227092][ T6971] ? xfs_attr_change+0x2ac/0x390 [ 284.227126][ T6971] xfs_xattr_set+0x14d/0x250 [ 284.227158][ T6971] ? __pfx_xfs_xattr_set+0x10/0x10 [ 284.227202][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6974] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6973] <... openat resumed>) = 4 [ 284.227229][ T6971] ? evm_protect_xattr+0x4d4/0xa90 [ 284.227255][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.227283][ T6971] ? rcu_is_watching+0x15/0xb0 [ 284.227316][ T6971] ? __pfx_evm_protect_xattr+0x10/0x10 [ 284.227344][ T6971] ? __pfx_xfs_xattr_set+0x10/0x10 [ 284.227371][ T6971] __vfs_setxattr+0x43c/0x480 [ 284.227419][ T6971] __vfs_setxattr_noperm+0x12d/0x660 [ 284.227462][ T6971] vfs_setxattr+0x16b/0x2f0 [ 284.227503][ T6971] ? __pfx_vfs_setxattr+0x10/0x10 [ 284.227532][ T6971] ? mnt_get_write_access+0x223/0x2a0 [ 284.227562][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.227596][ T6971] filename_setxattr+0x274/0x600 [ 284.227642][ T6971] ? __pfx_filename_setxattr+0x10/0x10 [ 284.227680][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [ 284.227707][ T6971] ? getname_flags+0x1e5/0x540 [ 284.227747][ T6971] path_setxattrat+0x364/0x3a0 [ 284.227783][ T6971] ? __pfx_path_setxattrat+0x10/0x10 [ 284.227847][ T6971] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6973] ioctl(4, LOOP_SET_FD, 3 [pid 6971] <... lsetxattr resumed>) = ? [pid 6971] +++ exited with 0 +++ [pid 6952] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6952, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=155 /* 1.55 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 284.227874][ T6971] ? rcu_is_watching+0x15/0xb0 [ 284.227913][ T6971] __x64_sys_lsetxattr+0xbf/0xe0 [ 284.227953][ T6971] do_syscall_64+0xfa/0x3b0 [ 284.227979][ T6971] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.228003][ T6971] ? __switch_to_asm+0x39/0x70 [ 284.228034][ T6971] ? __switch_to_asm+0x33/0x70 [ 284.228072][ T6971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.228095][ T6971] RIP: 0033:0x7f3cdbf794f9 [ 284.228117][ T6971] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 284.228138][ T6971] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 284.228164][ T6971] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 284.228183][ T6971] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 284.228200][ T6971] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 284.228216][ T6971] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [pid 5873] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6973] <... ioctl resumed>) = 0 [pid 6973] close(3) = 0 [pid 6973] close(4) = 0 [pid 6973] mkdir("./file1", 0777) = 0 [ 284.228233][ T6971] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 284.228271][ T6971] [ 284.228650][ T6971] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 285.053717][ T6974] loop0: detected capacity change from 0 to 32768 [ 285.063091][ T6971] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 285.099053][ T6974] XFS: noikeep mount option is deprecated. [pid 6973] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./24/file1") = 0 [pid 5872] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 285.103402][ T6971] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 285.140461][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 285.209213][ T6973] loop3: detected capacity change from 0 to 32768 [ 285.310779][ T6974] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 285.330674][ T6973] XFS: noikeep mount option is deprecated. [ 285.355338][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./24/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./24") = 0 [ 285.428738][ T6974] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 285.451425][ T6974] XFS (loop0): Starting recovery (logdev: internal) [ 285.465173][ T6973] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] mkdir("./25", 0777 [pid 5873] <... umount2 resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5873] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./24/file1", [pid 5872] <... openat resumed>) = 3 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5873] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... ioctl resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] close(3 [pid 5873] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6974] <... mount resumed>) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./24/file1" [pid 6974] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5873] <... rmdir resumed>) = 0 [pid 6974] <... openat resumed>) = 3 [pid 5873] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6974] chdir("./file1" [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 285.496156][ T6974] XFS (loop0): Ending recovery (logdev: internal) [pid 6974] <... chdir resumed>) = 0 [pid 5873] newfstatat(AT_FDCWD, "./24/binderfs", [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6974] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6974] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5873] unlink("./24/binderfs") = 0 [pid 6974] <... openat resumed>) = 4 [pid 5873] getdents64(3, [pid 6974] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6974] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6972] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 6972] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] close(3) = 0 [pid 5873] rmdir("./24") = 0 [pid 5873] mkdir("./25", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6974] <... pwritev2 resumed>) = 65007 [pid 5873] ioctl(3, LOOP_CLR_FD [pid 6974] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... ioctl resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6972] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 285.559188][ T6973] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 285.594490][ T6974] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5873] close(3 [pid 6974] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6972] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6974] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6972] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 6974] <... futex resumed>) = 0 [pid 6972] <... mprotect resumed>) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6974] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6991]}, 88) = 6991 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6972] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6991 attached [pid 6991] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6991] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 285.628690][ T6974] XFS (loop0): Unmount and run xfs_repair [ 285.659862][ T6973] XFS (loop3): Starting recovery (logdev: internal) [pid 6991] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 285.677660][ T6991] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 285.711195][ T6991] CPU: 1 UID: 0 PID: 6991 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 285.711231][ T6991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.711249][ T6991] Call Trace: [ 285.711259][ T6991] [ 285.711271][ T6991] dump_stack_lvl+0x189/0x250 [ 285.711307][ T6991] ? __pfx__xfs_alert_tag+0x10/0x10 [ 285.711345][ T6991] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.711380][ T6991] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 285.711428][ T6991] xfs_corruption_error+0x122/0x170 [ 285.711466][ T6991] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 285.711501][ T6991] xfs_alloc_fixup_trees+0x95e/0xd20 [ 285.711531][ T6991] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 285.711572][ T6991] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 285.711602][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.711631][ T6991] ? rcu_is_watching+0x15/0xb0 [ 285.711662][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.711690][ T6991] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 285.711721][ T6991] ? rcu_is_watching+0x15/0xb0 [ 285.711760][ T6991] xfs_alloc_cur_finish+0xd3/0x4b0 [ 285.711790][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.711820][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.711854][ T6991] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 285.711912][ T6991] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 285.711942][ T6991] ? xfs_group_grab+0x28/0x480 [ 285.711979][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.712008][ T6991] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 285.712041][ T6991] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 285.712090][ T6991] xfs_alloc_vextent_start_ag+0x388/0x850 [ 285.712129][ T6991] xfs_bmapi_allocate+0x188e/0x2e00 [ 285.712199][ T6991] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 285.712236][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.712286][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.712313][ T6991] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 285.712337][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.712365][ T6991] ? xfs_iext_prev+0x35a/0x370 [ 285.712403][ T6991] ? xfs_iext_get_extent+0x1bb/0x370 [ 285.712434][ T6991] xfs_bmapi_write+0x7df/0x1260 [ 285.712493][ T6991] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 285.712571][ T6991] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 285.712612][ T6991] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 285.712643][ T6991] ? kasan_save_track+0x4f/0x80 [ 285.712669][ T6991] ? kasan_save_track+0x3e/0x80 [ 285.712694][ T6991] ? kasan_save_free_info+0x46/0x50 [ 285.712751][ T6991] ? kmem_cache_free+0x18f/0x400 [ 285.712783][ T6991] ? __xfs_trans_commit+0x3e0/0xbd0 [ 285.712809][ T6991] ? xfs_trans_roll+0x130/0x450 [ 285.712833][ T6991] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 285.712873][ T6991] xfs_attr_set_iter+0x2d4/0x4b70 [ 285.712909][ T6991] ? filename_setxattr+0x274/0x600 [ 285.712943][ T6991] ? path_setxattrat+0x364/0x3a0 [ 285.712965][ T6991] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 285.713017][ T6991] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 285.713074][ T6991] ? kasan_quarantine_put+0xdd/0x220 [ 285.713100][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713129][ T6991] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.713173][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713207][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713234][ T6991] ? kmem_cache_free+0x18f/0x400 [ 285.713262][ T6991] ? __xfs_trans_commit+0x3e0/0xbd0 [ 285.713293][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713322][ T6991] ? __xfs_trans_commit+0x4c7/0xbd0 [ 285.713365][ T6991] xfs_attr_finish_item+0xed/0x320 [ 285.713405][ T6991] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 285.713442][ T6991] xfs_defer_finish_one+0x5c8/0xcf0 [ 285.713503][ T6991] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 285.713552][ T6991] xfs_defer_finish_noroll+0x910/0x12d0 [ 285.713592][ T6991] ? xfs_trans_commit+0x10b/0x1c0 [ 285.713624][ T6991] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 285.713659][ T6991] ? inode_set_ctime_current+0x740/0xb40 [ 285.713707][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713736][ T6991] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 285.713776][ T6991] xfs_trans_commit+0x10b/0x1c0 [ 285.713803][ T6991] ? __pfx_xfs_trans_commit+0x10/0x10 [ 285.713835][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.713863][ T6991] ? xfs_trans_log_inode+0x12c/0x1a0 [ 285.713903][ T6991] xfs_attr_set+0xdc6/0x1210 [ 285.713951][ T6991] ? __pfx_xfs_attr_set+0x10/0x10 [ 285.713985][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714013][ T6991] ? __lock_acquire+0xab9/0xd20 [ 285.714050][ T6991] ? xfs_da_hashname+0x59d/0x740 [ 285.714082][ T6991] ? do_raw_spin_lock+0x121/0x290 [ 285.714125][ T6991] ? xfs_attr_change+0x2ac/0x390 [ 285.714163][ T6991] xfs_xattr_set+0x14d/0x250 [ 285.714196][ T6991] ? __pfx_xfs_xattr_set+0x10/0x10 [ 285.714239][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714267][ T6991] ? evm_protect_xattr+0x4d4/0xa90 [ 285.714294][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714321][ T6991] ? rcu_is_watching+0x15/0xb0 [ 285.714356][ T6991] ? __pfx_evm_protect_xattr+0x10/0x10 [ 285.714384][ T6991] ? __pfx_xfs_xattr_set+0x10/0x10 [ 285.714412][ T6991] __vfs_setxattr+0x43c/0x480 [ 285.714462][ T6991] __vfs_setxattr_noperm+0x12d/0x660 [ 285.714505][ T6991] vfs_setxattr+0x16b/0x2f0 [ 285.714548][ T6991] ? __pfx_vfs_setxattr+0x10/0x10 [ 285.714577][ T6991] ? mnt_get_write_access+0x223/0x2a0 [ 285.714607][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714641][ T6991] filename_setxattr+0x274/0x600 [ 285.714688][ T6991] ? __pfx_filename_setxattr+0x10/0x10 [ 285.714726][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714754][ T6991] ? getname_flags+0x1e5/0x540 [ 285.714794][ T6991] path_setxattrat+0x364/0x3a0 [ 285.714831][ T6991] ? __pfx_path_setxattrat+0x10/0x10 [ 285.714896][ T6991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.714923][ T6991] ? rcu_is_watching+0x15/0xb0 [ 285.714959][ T6991] __x64_sys_lsetxattr+0xbf/0xe0 [ 285.714999][ T6991] do_syscall_64+0xfa/0x3b0 [ 285.715036][ T6991] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.715062][ T6991] ? __switch_to_asm+0x39/0x70 [ 285.715095][ T6991] ? __switch_to_asm+0x33/0x70 [ 285.715133][ T6991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.715162][ T6991] RIP: 0033:0x7f3cdbf794f9 [ 285.715184][ T6991] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 285.715206][ T6991] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 285.715232][ T6991] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 285.715251][ T6991] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 285.715269][ T6991] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 285.715286][ T6991] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 285.715304][ T6991] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 285.715343][ T6991] [ 286.379598][ T6991] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 5873] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6993 attached ./strace-static-x86_64: Process 6992 attached [pid 6991] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 6992 [pid 6993] set_robust_list(0x55555d962760, 24 [pid 6992] set_robust_list(0x55555d962760, 24 [pid 6991] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 6993 [pid 6993] <... set_robust_list resumed>) = 0 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6991] <... futex resumed>) = 0 [pid 6972] exit_group(0 [pid 6993] chdir("./25" [pid 6992] chdir("./25" [pid 6974] <... futex resumed>) = ? [pid 6972] <... exit_group resumed>) = ? [pid 6993] <... chdir resumed>) = 0 [pid 6992] <... chdir resumed>) = 0 [pid 6974] +++ exited with 0 +++ [pid 6993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6993] setpgid(0, 0) = 0 [pid 6993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6993] write(3, "1000", 4) = 4 [pid 6993] close(3) = 0 [pid 6993] symlink("/dev/binderfs", "./binderfs" [pid 6991] +++ exited with 0 +++ [pid 6992] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6972] +++ exited with 0 +++ [pid 6992] <... prctl resumed>) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6972, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=48 /* 0.48 s */} --- [pid 6993] <... symlink resumed>) = 0 [pid 6992] setpgid(0, 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6992] <... setpgid resumed>) = 0 executing program [pid 6993] write(1, "executing program\n", 18) = 18 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6993] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5871] <... restart_syscall resumed>) = 0 [pid 6993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6992] <... openat resumed>) = 3 [pid 6973] <... mount resumed>) = 0 [pid 6993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6992] write(3, "1000", 4 [pid 6973] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5871] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6973] <... openat resumed>) = 3 [pid 5871] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6993] <... mmap resumed>) = 0x7f3cdbf05000 [pid 6992] <... write resumed>) = 4 [pid 5871] <... openat resumed>) = 3 [pid 6993] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6992] close(3 [pid 6973] chdir("./file1" [pid 6993] <... mprotect resumed>) = 0 [pid 6992] <... close resumed>) = 0 [pid 6973] <... chdir resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 6992] symlink("/dev/binderfs", "./binderfs" [pid 6973] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 6993] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6992] <... symlink resumed>) = 0 [pid 6973] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6993] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] getdents64(3, [pid 6993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6992] write(1, "executing program\n", 18 [pid 6973] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... write resumed>) = 18 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 6992] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 5871] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6970] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6970] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6994 attached [pid 6993] <... clone3 resumed> => {parent_tid=[6994]}, 88) = 6994 [ 286.403792][ T6991] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 286.421663][ T6991] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 286.445751][ T6973] XFS (loop3): Ending recovery (logdev: internal) [pid 6993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6993] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6992] <... futex resumed>) = 0 [pid 6992] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6992] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 6994] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6992] <... mprotect resumed>) = 0 [pid 6994] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6973] <... openat resumed>) = 4 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], [pid 6992] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 6994] memfd_create("syzkaller", 0 [pid 6973] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6995 attached [pid 6994] <... memfd_create resumed>) = 3 [pid 6992] <... clone3 resumed> => {parent_tid=[6995]}, 88) = 6995 [pid 6973] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6970] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6992] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... mmap resumed>) = 0x7f3cd3a00000 [ 286.476383][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 286.511027][ T6973] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 6995] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6973] <... pwritev2 resumed>) = 65007 [pid 5871] <... openat resumed>) = 4 [pid 6973] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 6973] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] <... futex resumed>) = 0 [pid 6973] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6970] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./24/file1") = 0 [pid 5871] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./24/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./24") = 0 [pid 5871] mkdir("./25", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6970] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6970] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6970] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[6996]}, 88) = 6996 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6996 attached [pid 6970] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6996] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 6996] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 6996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6996] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6973] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6973] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6995] <... rseq resumed>) = 0 [pid 6995] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6995] memfd_create("syzkaller", 0) = 3 [pid 6995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5871] <... close resumed>) = 0 [ 286.563356][ T6973] XFS (loop3): Unmount and run xfs_repair [ 286.589592][ T6996] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 286.638290][ T6996] CPU: 1 UID: 0 PID: 6996 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 286.638329][ T6996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.638346][ T6996] Call Trace: [ 286.638357][ T6996] [ 286.638369][ T6996] dump_stack_lvl+0x189/0x250 [ 286.638409][ T6996] ? __pfx__xfs_alert_tag+0x10/0x10 [ 286.638447][ T6996] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.638483][ T6996] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 286.638532][ T6996] xfs_corruption_error+0x122/0x170 [ 286.638572][ T6996] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 286.638608][ T6996] xfs_alloc_fixup_trees+0x95e/0xd20 [ 286.638638][ T6996] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 286.638680][ T6996] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 286.638712][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.638742][ T6996] ? rcu_is_watching+0x15/0xb0 [ 286.638773][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.638802][ T6996] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 286.638834][ T6996] ? rcu_is_watching+0x15/0xb0 [ 286.638874][ T6996] xfs_alloc_cur_finish+0xd3/0x4b0 [ 286.638904][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.638935][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.638970][ T6996] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 286.639027][ T6996] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 286.639059][ T6996] ? xfs_group_grab+0x28/0x480 [ 286.639096][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.639125][ T6996] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6970] exit_group(0 [pid 6973] <... futex resumed>) = ? [pid 6970] <... exit_group resumed>) = ? [pid 6973] +++ exited with 0 +++ [ 286.639159][ T6996] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 286.639220][ T6996] xfs_alloc_vextent_start_ag+0x388/0x850 [ 286.639260][ T6996] xfs_bmapi_allocate+0x188e/0x2e00 [ 286.639326][ T6996] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 286.639360][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.639411][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.639440][ T6996] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 286.639464][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.639493][ T6996] ? xfs_iext_prev+0x35a/0x370 [ 286.639531][ T6996] ? xfs_iext_get_extent+0x1bb/0x370 [ 286.639563][ T6996] xfs_bmapi_write+0x7df/0x1260 [ 286.639623][ T6996] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 286.639704][ T6996] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 286.639749][ T6996] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 286.639780][ T6996] ? kasan_save_track+0x4f/0x80 [ 286.639807][ T6996] ? kasan_save_track+0x3e/0x80 [ 286.639832][ T6996] ? kasan_save_free_info+0x46/0x50 [ 286.639870][ T6996] ? kmem_cache_free+0x18f/0x400 [ 286.639899][ T6996] ? __xfs_trans_commit+0x3e0/0xbd0 [ 286.639926][ T6996] ? xfs_trans_roll+0x130/0x450 [ 286.639950][ T6996] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 286.639991][ T6996] xfs_attr_set_iter+0x2d4/0x4b70 [ 286.640027][ T6996] ? filename_setxattr+0x274/0x600 [ 286.640061][ T6996] ? path_setxattrat+0x364/0x3a0 [ 286.640084][ T6996] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 286.640137][ T6996] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 286.640201][ T6996] ? kasan_quarantine_put+0xdd/0x220 [ 286.640228][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 6994] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 286.640257][ T6996] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.640298][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.640333][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.640361][ T6996] ? kmem_cache_free+0x18f/0x400 [ 286.640390][ T6996] ? __xfs_trans_commit+0x3e0/0xbd0 [ 286.640421][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.640450][ T6996] ? __xfs_trans_commit+0x4c7/0xbd0 [ 286.640494][ T6996] xfs_attr_finish_item+0xed/0x320 [ 286.640536][ T6996] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 286.640574][ T6996] xfs_defer_finish_one+0x5c8/0xcf0 [ 286.640635][ T6996] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 286.640685][ T6996] xfs_defer_finish_noroll+0x910/0x12d0 [ 286.640725][ T6996] ? xfs_trans_commit+0x10b/0x1c0 [ 286.640758][ T6996] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 286.640792][ T6996] ? inode_set_ctime_current+0x740/0xb40 [ 286.640841][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.640870][ T6996] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 286.640937][ T6996] xfs_trans_commit+0x10b/0x1c0 [ 286.640964][ T6996] ? __pfx_xfs_trans_commit+0x10/0x10 [ 286.640997][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641026][ T6996] ? xfs_trans_log_inode+0x12c/0x1a0 [ 286.641068][ T6996] xfs_attr_set+0xdc6/0x1210 [ 286.641118][ T6996] ? __pfx_xfs_attr_set+0x10/0x10 [ 286.641153][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641185][ T6996] ? __lock_acquire+0xab9/0xd20 [ 286.641221][ T6996] ? xfs_da_hashname+0x59d/0x740 [ 286.641253][ T6996] ? do_raw_spin_lock+0x121/0x290 [ 286.641295][ T6996] ? xfs_attr_change+0x2ac/0x390 [ 286.641329][ T6996] xfs_xattr_set+0x14d/0x250 [ 286.641361][ T6996] ? __pfx_xfs_xattr_set+0x10/0x10 [ 286.641404][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641432][ T6996] ? evm_protect_xattr+0x4d4/0xa90 [ 286.641459][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641487][ T6996] ? rcu_is_watching+0x15/0xb0 [ 286.641521][ T6996] ? __pfx_evm_protect_xattr+0x10/0x10 [ 286.641549][ T6996] ? __pfx_xfs_xattr_set+0x10/0x10 [ 286.641576][ T6996] __vfs_setxattr+0x43c/0x480 [ 286.641625][ T6996] __vfs_setxattr_noperm+0x12d/0x660 [pid 6995] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 6997 ./strace-static-x86_64: Process 6997 attached [pid 6997] set_robust_list(0x55555d962760, 24) = 0 [pid 6997] chdir("./25") = 0 [pid 6997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 286.641668][ T6996] vfs_setxattr+0x16b/0x2f0 [ 286.641709][ T6996] ? __pfx_vfs_setxattr+0x10/0x10 [ 286.641739][ T6996] ? mnt_get_write_access+0x223/0x2a0 [ 286.641769][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641803][ T6996] filename_setxattr+0x274/0x600 [ 286.641849][ T6996] ? __pfx_filename_setxattr+0x10/0x10 [ 286.641887][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.641915][ T6996] ? getname_flags+0x1e5/0x540 [ 286.641955][ T6996] path_setxattrat+0x364/0x3a0 [ 286.641991][ T6996] ? __pfx_path_setxattrat+0x10/0x10 [ 286.642056][ T6996] ? srso_alias_return_thunk+0x5/0xfbef5 [ 286.642084][ T6996] ? rcu_is_watching+0x15/0xb0 [ 286.642121][ T6996] __x64_sys_lsetxattr+0xbf/0xe0 [ 286.642161][ T6996] do_syscall_64+0xfa/0x3b0 [ 286.642196][ T6996] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.642220][ T6996] ? __switch_to_asm+0x39/0x70 [ 286.642253][ T6996] ? __switch_to_asm+0x33/0x70 [ 286.642292][ T6996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.642317][ T6996] RIP: 0033:0x7f3cdbf794f9 [pid 6997] setpgid(0, 0) = 0 [pid 6994] <... write resumed>) = 16777216 [pid 6997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6997] write(3, "1000", 4) = 4 [pid 6997] close(3) = 0 executing program [pid 6997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6997] write(1, "executing program\n", 18) = 18 [pid 6997] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 6997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6994] munmap(0x7f3cd3a00000, 138412032 [pid 6997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 6997] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[6998]}, 88) = 6998 [pid 6997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6997] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 286.642339][ T6996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 286.642360][ T6996] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 286.642387][ T6996] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 286.642406][ T6996] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 6997] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6994] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6998 attached [pid 6998] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 6998] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 6998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6998] memfd_create("syzkaller", 0) = 3 [pid 6998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 6994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 286.642425][ T6996] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 286.642441][ T6996] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 286.642457][ T6996] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 286.642496][ T6996] [ 286.642855][ T6996] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 6994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6995] <... write resumed>) = 16777216 [pid 6994] close(3) = 0 [pid 6994] close(4) = 0 [pid 6994] mkdir("./file1", 0777) = 0 [pid 6994] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 287.342077][ T6994] loop1: detected capacity change from 0 to 32768 [ 287.362593][ T6996] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 287.368963][ T6994] XFS: noikeep mount option is deprecated. [pid 6995] munmap(0x7f3cd3a00000, 138412032 [pid 6996] <... lsetxattr resumed>) = ? [ 287.399224][ T6996] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 287.416545][ T6994] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6995] <... munmap resumed>) = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6995] close(3 [pid 6996] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ [pid 6995] <... close resumed>) = 0 [pid 6995] close(4 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6970, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=120 /* 1.20 s */} --- [pid 6995] <... close resumed>) = 0 [pid 6995] mkdir("./file1", 0777 [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 6995] <... mkdir resumed>) = 0 [pid 5874] <... restart_syscall resumed>) = 0 [ 287.452767][ T6994] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 287.477642][ T6995] loop2: detected capacity change from 0 to 32768 [pid 6995] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 287.510745][ T6995] XFS: noikeep mount option is deprecated. [ 287.539382][ T6994] XFS (loop1): Starting recovery (logdev: internal) [pid 6998] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6994] <... mount resumed>) = 0 [pid 6994] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6994] chdir("./file1") = 0 [pid 6994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] <... umount2 resumed>) = 0 [ 287.558465][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 287.599652][ T6994] XFS (loop1): Ending recovery (logdev: internal) [pid 6994] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... futex resumed>) = 0 [pid 6994] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5874] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6994] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] getdents64(4, [pid 6994] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, [pid 6993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 6993] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] close(4 [pid 6993] <... futex resumed>) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6994] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5874] <... close resumed>) = 0 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] rmdir("./25/file1") = 0 [pid 5874] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6994] <... pwritev2 resumed>) = 65007 [pid 5874] unlink("./25/binderfs" [pid 6994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... unlink resumed>) = 0 [pid 6994] <... futex resumed>) = 1 [pid 6993] <... futex resumed>) = 0 [pid 5874] getdents64(3, [pid 6994] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6993] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 287.641377][ T6995] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 6998] <... write resumed>) = 16777216 [pid 6993] <... futex resumed>) = 0 [pid 5874] close(3) = 0 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] rmdir("./25") = 0 [pid 6998] munmap(0x7f3cd3a00000, 138412032 [pid 5874] mkdir("./26", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 287.700587][ T6994] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 5874] close(3 [pid 6994] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6993] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.748313][ T6994] XFS (loop1): Unmount and run xfs_repair [ 287.778557][ T6995] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... futex resumed>) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6994] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6993] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=36000000} [pid 6998] <... munmap resumed>) = 0 [pid 6993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 287.795604][ T6994] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 287.806501][ T6995] XFS (loop2): Starting recovery (logdev: internal) [ 287.834804][ T6998] loop0: detected capacity change from 0 to 32768 [ 287.841499][ T6994] CPU: 1 UID: 0 PID: 6994 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 287.841533][ T6994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.841551][ T6994] Call Trace: [ 287.841563][ T6994] [ 287.841574][ T6994] dump_stack_lvl+0x189/0x250 [ 287.841611][ T6994] ? __pfx__xfs_alert_tag+0x10/0x10 [ 287.841650][ T6994] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.841685][ T6994] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 287.841732][ T6994] xfs_corruption_error+0x122/0x170 [pid 6998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6995] <... mount resumed>) = 0 [pid 6995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6998] close(3 [pid 6995] chdir("./file1" [pid 6998] <... close resumed>) = 0 [pid 6995] <... chdir resumed>) = 0 [pid 6998] close(4 [pid 6995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6998] <... close resumed>) = 0 [pid 6995] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6998] mkdir("./file1", 0777 [pid 6995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6998] <... mkdir resumed>) = 0 [pid 6995] <... futex resumed>) = 1 [ 287.841769][ T6994] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 287.841802][ T6994] xfs_alloc_fixup_trees+0x95e/0xd20 [ 287.841831][ T6994] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 287.841871][ T6994] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 287.841899][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.841936][ T6994] ? rcu_is_watching+0x15/0xb0 [ 287.841964][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.841991][ T6994] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 6998] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 6995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6992] <... futex resumed>) = 0 [ 287.842022][ T6994] ? rcu_is_watching+0x15/0xb0 [ 287.842059][ T6994] xfs_alloc_cur_finish+0xd3/0x4b0 [ 287.842089][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842118][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842151][ T6994] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 287.842207][ T6994] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 287.842236][ T6994] ? xfs_group_grab+0x28/0x480 [ 287.842272][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842299][ T6995] XFS (loop2): Ending recovery (logdev: internal) [pid 6992] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... futex resumed>) = 0 [pid 6992] <... futex resumed>) = 1 [pid 6995] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 6992] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6995] <... openat resumed>) = 4 [pid 6995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6992] <... futex resumed>) = 0 [pid 6995] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 6992] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6995] <... pwritev2 resumed>) = 65007 [pid 6995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6992] <... futex resumed>) = 0 [pid 6995] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6992] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.842299][ T6994] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 287.842332][ T6994] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 287.842375][ T6994] xfs_alloc_vextent_start_ag+0x388/0x850 [ 287.842415][ T6994] xfs_bmapi_allocate+0x188e/0x2e00 [ 287.842478][ T6994] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 287.842515][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842564][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842592][ T6994] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 287.842615][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.842643][ T6994] ? xfs_iext_prev+0x35a/0x370 [ 287.842680][ T6994] ? xfs_iext_get_extent+0x1bb/0x370 [ 287.842711][ T6994] xfs_bmapi_write+0x7df/0x1260 [ 287.842769][ T6994] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 287.842846][ T6994] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 287.842888][ T6994] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 287.842923][ T6994] ? kasan_save_track+0x4f/0x80 [ 287.842948][ T6994] ? kasan_save_track+0x3e/0x80 [ 287.842972][ T6994] ? kasan_save_free_info+0x46/0x50 [pid 6992] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] <... close resumed>) = 0 [pid 6994] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6994] <... futex resumed>) = 0 [pid 6993] exit_group(0) = ? [pid 6992] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6992] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 6992] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7016]}, 88) = 7016 [pid 6992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6992] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.843008][ T6994] ? kmem_cache_free+0x18f/0x400 [ 287.843037][ T6994] ? __xfs_trans_commit+0x3e0/0xbd0 [ 287.843062][ T6994] ? xfs_trans_roll+0x130/0x450 [ 287.843085][ T6994] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 287.843125][ T6994] xfs_attr_set_iter+0x2d4/0x4b70 [ 287.843159][ T6994] ? filename_setxattr+0x274/0x600 [ 287.843192][ T6994] ? path_setxattrat+0x364/0x3a0 [ 287.843213][ T6994] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 287.843265][ T6994] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 287.843320][ T6994] ? kasan_quarantine_put+0xdd/0x220 [pid 6992] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7017 attached ./strace-static-x86_64: Process 7016 attached [pid 6994] +++ exited with 0 +++ [pid 6993] +++ exited with 0 +++ [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7017 [pid 7017] set_robust_list(0x55555d962760, 24 [pid 7016] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6993, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=54 /* 0.54 s */} --- [pid 7017] <... set_robust_list resumed>) = 0 [pid 7016] <... rseq resumed>) = 0 [pid 7017] chdir("./26" [pid 7016] set_robust_list(0x7f3cdbf049a0, 24 [pid 7017] <... chdir resumed>) = 0 [pid 7016] <... set_robust_list resumed>) = 0 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], [pid 7017] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7017] <... prctl resumed>) = 0 [pid 7016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7017] setpgid(0, 0 [pid 7016] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7017] <... setpgid resumed>) = 0 [pid 7017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7017] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7017] write(3, "1000", 4 [pid 5872] getdents64(3, [pid 7017] <... write resumed>) = 4 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7017] close(3) = 0 [pid 7017] symlink("/dev/binderfs", "./binderfs" [pid 6992] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7017] <... symlink resumed>) = 0 [ 287.843346][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.843373][ T6994] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.843413][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.843446][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.843474][ T6994] ? kmem_cache_free+0x18f/0x400 [ 287.843500][ T6994] ? __xfs_trans_commit+0x3e0/0xbd0 [ 287.843531][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.843558][ T6994] ? __xfs_trans_commit+0x4c7/0xbd0 [ 287.843601][ T6994] xfs_attr_finish_item+0xed/0x320 [pid 7017] write(1, "executing program\n", 18executing program ) = 18 [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7017] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7017] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7021]}, 88) = 7021 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7017] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7021 attached [ 287.843641][ T6994] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 287.843678][ T6994] xfs_defer_finish_one+0x5c8/0xcf0 [ 287.843738][ T6994] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 287.843786][ T6994] xfs_defer_finish_noroll+0x910/0x12d0 [ 287.843824][ T6994] ? xfs_trans_commit+0x10b/0x1c0 [ 287.843856][ T6994] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 287.843889][ T6994] ? inode_set_ctime_current+0x740/0xb40 [ 287.843941][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.843967][ T6994] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 7021] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7021] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7021] memfd_create("syzkaller", 0) = 3 [pid 7021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 287.844006][ T6994] xfs_trans_commit+0x10b/0x1c0 [ 287.844032][ T6994] ? __pfx_xfs_trans_commit+0x10/0x10 [ 287.844064][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844091][ T6994] ? xfs_trans_log_inode+0x12c/0x1a0 [ 287.844130][ T6994] xfs_attr_set+0xdc6/0x1210 [ 287.844177][ T6994] ? __pfx_xfs_attr_set+0x10/0x10 [ 287.844210][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844237][ T6994] ? __lock_acquire+0xab9/0xd20 [ 287.844272][ T6994] ? xfs_da_hashname+0x59d/0x740 [ 287.844304][ T6994] ? do_raw_spin_lock+0x121/0x290 [ 287.844345][ T6994] ? xfs_attr_change+0x2ac/0x390 [ 287.844379][ T6994] xfs_xattr_set+0x14d/0x250 [ 287.844411][ T6994] ? __pfx_xfs_xattr_set+0x10/0x10 [ 287.844455][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844482][ T6994] ? evm_protect_xattr+0x4d4/0xa90 [ 287.844509][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844536][ T6994] ? rcu_is_watching+0x15/0xb0 [ 287.844568][ T6994] ? __pfx_evm_protect_xattr+0x10/0x10 [ 287.844595][ T6994] ? __pfx_xfs_xattr_set+0x10/0x10 [ 287.844623][ T6994] __vfs_setxattr+0x43c/0x480 [pid 6995] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6995] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.844670][ T6994] __vfs_setxattr_noperm+0x12d/0x660 [ 287.844713][ T6994] vfs_setxattr+0x16b/0x2f0 [ 287.844754][ T6994] ? __pfx_vfs_setxattr+0x10/0x10 [ 287.844783][ T6994] ? mnt_get_write_access+0x223/0x2a0 [ 287.844813][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844846][ T6994] filename_setxattr+0x274/0x600 [ 287.844892][ T6994] ? __pfx_filename_setxattr+0x10/0x10 [ 287.844934][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.844962][ T6994] ? getname_flags+0x1e5/0x540 [ 287.845002][ T6994] path_setxattrat+0x364/0x3a0 [ 287.845038][ T6994] ? __pfx_path_setxattrat+0x10/0x10 [ 287.845102][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.845130][ T6994] ? rcu_is_watching+0x15/0xb0 [ 287.845165][ T6994] __x64_sys_lsetxattr+0xbf/0xe0 [ 287.845205][ T6994] do_syscall_64+0xfa/0x3b0 [ 287.845229][ T6994] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.845266][ T6994] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.845289][ T6994] ? srso_alias_return_thunk+0x5/0xfbef5 [ 287.845316][ T6994] ? exc_page_fault+0x9f/0xf0 [pid 6995] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 287.845355][ T6994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.845379][ T6994] RIP: 0033:0x7f3cdbf794f9 [ 287.845401][ T6994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 287.845422][ T6994] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 287.845447][ T6994] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [pid 7021] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 6992] exit_group(0) = ? [ 287.845466][ T6994] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 287.845484][ T6994] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 287.845500][ T6994] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 287.845517][ T6994] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 287.845555][ T6994] [ 287.869799][ T6994] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 287.940868][ T6998] XFS: noikeep mount option is deprecated. [ 287.983521][ T6994] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 288.030487][ T6995] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 288.033846][ T6994] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 288.039132][ T6995] XFS (loop2): Unmount and run xfs_repair [ 288.287520][ T6998] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7021] <... write resumed>) = 16777216 [pid 6995] <... futex resumed>) = ? [pid 6995] +++ exited with 0 +++ [ 288.367608][ T7016] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 288.478838][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 288.481280][ T7016] CPU: 0 UID: 0 PID: 7016 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 288.481313][ T7016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.481329][ T7016] Call Trace: [ 288.481340][ T7016] [ 288.481351][ T7016] dump_stack_lvl+0x189/0x250 [pid 7021] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7021] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 288.481388][ T7016] ? __pfx__xfs_alert_tag+0x10/0x10 [ 288.481425][ T7016] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.481460][ T7016] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 288.481507][ T7016] xfs_corruption_error+0x122/0x170 [ 288.481546][ T7016] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 288.481581][ T7016] xfs_alloc_fixup_trees+0x95e/0xd20 [ 288.481610][ T7016] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 288.481650][ T7016] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 288.481681][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7021] close(3) = 0 [pid 7021] close(4) = 0 [pid 7021] mkdir("./file1", 0777) = 0 [ 288.481709][ T7016] ? rcu_is_watching+0x15/0xb0 [ 288.481739][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.481766][ T7016] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 288.481797][ T7016] ? rcu_is_watching+0x15/0xb0 [ 288.481836][ T7016] xfs_alloc_cur_finish+0xd3/0x4b0 [ 288.481865][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.481895][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.481928][ T7016] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 288.481985][ T7016] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 288.482014][ T7016] ? xfs_group_grab+0x28/0x480 [ 288.482051][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.482079][ T7016] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 288.482112][ T7016] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 288.482159][ T7016] xfs_alloc_vextent_start_ag+0x388/0x850 [ 288.482204][ T7016] xfs_bmapi_allocate+0x188e/0x2e00 [ 288.482268][ T7016] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 288.482300][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.482350][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.482377][ T7016] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 288.482401][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.482428][ T7016] ? xfs_iext_prev+0x35a/0x370 [ 288.482466][ T7016] ? xfs_iext_get_extent+0x1bb/0x370 [ 288.482496][ T7016] xfs_bmapi_write+0x7df/0x1260 [ 288.482555][ T7016] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 288.482633][ T7016] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 288.482674][ T7016] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 288.482704][ T7016] ? kasan_save_track+0x4f/0x80 [ 288.482730][ T7016] ? kasan_save_track+0x3e/0x80 [pid 7021] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7016] <... lsetxattr resumed>) = ? [pid 7016] +++ exited with 0 +++ [pid 6992] +++ exited with 0 +++ [ 288.482754][ T7016] ? kasan_save_free_info+0x46/0x50 [ 288.482790][ T7016] ? kmem_cache_free+0x18f/0x400 [ 288.482819][ T7016] ? __xfs_trans_commit+0x3e0/0xbd0 [ 288.482843][ T7016] ? xfs_trans_roll+0x130/0x450 [ 288.482867][ T7016] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 288.482906][ T7016] xfs_attr_set_iter+0x2d4/0x4b70 [ 288.482939][ T7016] ? filename_setxattr+0x274/0x600 [ 288.482972][ T7016] ? path_setxattrat+0x364/0x3a0 [ 288.482993][ T7016] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 288.483044][ T7016] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6992, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=113 /* 1.13 s */} --- [pid 5873] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 288.483100][ T7016] ? kasan_quarantine_put+0xdd/0x220 [ 288.483126][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.483153][ T7016] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.483197][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.483231][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.483258][ T7016] ? kmem_cache_free+0x18f/0x400 [ 288.483286][ T7016] ? __xfs_trans_commit+0x3e0/0xbd0 [ 288.483317][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6998] <... mount resumed>) = 0 [pid 6998] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6998] chdir("./file1") = 0 [pid 6998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6998] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6998] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6997] <... futex resumed>) = 0 [pid 6997] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 6998] <... futex resumed>) = 0 [pid 5872] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6998] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 288.483344][ T7016] ? __xfs_trans_commit+0x4c7/0xbd0 [ 288.483387][ T7016] xfs_attr_finish_item+0xed/0x320 [ 288.483427][ T7016] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 288.483463][ T7016] xfs_defer_finish_one+0x5c8/0xcf0 [ 288.483523][ T7016] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 288.483571][ T7016] xfs_defer_finish_noroll+0x910/0x12d0 [ 288.483610][ T7016] ? xfs_trans_commit+0x10b/0x1c0 [ 288.483641][ T7016] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 288.483673][ T7016] ? inode_set_ctime_current+0x740/0xb40 [pid 6998] <... openat resumed>) = 4 [pid 6998] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] <... futex resumed>) = 0 [pid 6997] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6998] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5872] getdents64(4, [pid 6998] <... pwritev2 resumed>) = 65007 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 6998] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... umount2 resumed>) = 0 [pid 6998] <... futex resumed>) = 1 [pid 5872] getdents64(4, [pid 6998] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./25/file1") = 0 [ 288.483718][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.483746][ T7016] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 288.483785][ T7016] xfs_trans_commit+0x10b/0x1c0 [ 288.483811][ T7016] ? __pfx_xfs_trans_commit+0x10/0x10 [ 288.483843][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.483870][ T7016] ? xfs_trans_log_inode+0x12c/0x1a0 [ 288.483910][ T7016] xfs_attr_set+0xdc6/0x1210 [ 288.483957][ T7016] ? __pfx_xfs_attr_set+0x10/0x10 [ 288.483991][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6997] <... futex resumed>) = 0 [pid 5872] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6997] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6998] <... futex resumed>) = 0 [pid 6997] <... futex resumed>) = 1 [pid 5873] newfstatat(AT_FDCWD, "./25/file1", [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6998] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 6997] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] unlink("./25/binderfs" [pid 5873] getdents64(4, [pid 5872] <... unlink resumed>) = 0 [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, [pid 5872] getdents64(3, [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(4 [pid 5872] close(3 [pid 5873] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [ 288.484019][ T7016] ? __lock_acquire+0xab9/0xd20 [ 288.484055][ T7016] ? xfs_da_hashname+0x59d/0x740 [ 288.484086][ T7016] ? do_raw_spin_lock+0x121/0x290 [ 288.484128][ T7016] ? xfs_attr_change+0x2ac/0x390 [ 288.484162][ T7016] xfs_xattr_set+0x14d/0x250 [ 288.484200][ T7016] ? __pfx_xfs_xattr_set+0x10/0x10 [ 288.484244][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.484272][ T7016] ? evm_protect_xattr+0x4d4/0xa90 [ 288.484298][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.484325][ T7016] ? rcu_is_watching+0x15/0xb0 [pid 5873] rmdir("./25/file1" [pid 5872] rmdir("./25" [pid 5873] <... rmdir resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5873] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] mkdir("./26", 0777 [pid 5873] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5872] <... mkdir resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./25/binderfs") = 0 [pid 5873] getdents64(3, [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5873] close(3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5873] <... close resumed>) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 5873] rmdir("./25") = 0 [pid 5873] mkdir("./26", 0777) = 0 [ 288.484359][ T7016] ? __pfx_evm_protect_xattr+0x10/0x10 [ 288.484386][ T7016] ? __pfx_xfs_xattr_set+0x10/0x10 [ 288.484414][ T7016] __vfs_setxattr+0x43c/0x480 [ 288.484461][ T7016] __vfs_setxattr_noperm+0x12d/0x660 [ 288.484504][ T7016] vfs_setxattr+0x16b/0x2f0 [ 288.484545][ T7016] ? __pfx_vfs_setxattr+0x10/0x10 [ 288.484575][ T7016] ? mnt_get_write_access+0x223/0x2a0 [ 288.484605][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.484639][ T7016] filename_setxattr+0x274/0x600 [ 288.484684][ T7016] ? __pfx_filename_setxattr+0x10/0x10 [ 288.484722][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.484750][ T7016] ? getname_flags+0x1e5/0x540 [ 288.484790][ T7016] path_setxattrat+0x364/0x3a0 [ 288.484827][ T7016] ? __pfx_path_setxattrat+0x10/0x10 [ 288.484891][ T7016] ? srso_alias_return_thunk+0x5/0xfbef5 [ 288.484919][ T7016] ? rcu_is_watching+0x15/0xb0 [ 288.484955][ T7016] __x64_sys_lsetxattr+0xbf/0xe0 [ 288.484994][ T7016] do_syscall_64+0xfa/0x3b0 [ 288.485022][ T7016] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.485045][ T7016] ? __switch_to_asm+0x39/0x70 [ 288.485077][ T7016] ? __switch_to_asm+0x33/0x70 [ 288.485113][ T7016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.485137][ T7016] RIP: 0033:0x7f3cdbf794f9 [ 288.485158][ T7016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 288.485186][ T7016] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 288.485212][ T7016] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 288.485230][ T7016] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 288.485248][ T7016] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 288.485265][ T7016] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 288.485281][ T7016] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 288.485320][ T7016] [ 288.485330][ T7016] XFS (loop2): Corruption detected. Unmount and run xfs_repair [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [pid 6997] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6997] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 288.683626][ T7021] loop3: detected capacity change from 0 to 32768 [ 288.690792][ T6998] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 288.742106][ T7021] XFS: noikeep mount option is deprecated. [ 288.744405][ T7016] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 288.864422][ T6998] XFS (loop0): Starting recovery (logdev: internal) [pid 6997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6998] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 6997] <... mmap resumed>) = 0x7f3cdbee4000 [pid 6997] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7034]}, 88) = 7034 [pid 6997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6997] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7034 attached [pid 6998] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6998] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7034] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7034] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 288.867697][ T7016] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 288.892864][ T6998] XFS (loop0): Ending recovery (logdev: internal) [ 288.959850][ T7021] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 288.974590][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 289.022113][ T7021] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 289.081131][ T6998] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7034] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 6997] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 289.092388][ T7021] XFS (loop3): Starting recovery (logdev: internal) [ 289.141877][ T6998] XFS (loop0): Unmount and run xfs_repair [ 289.345404][ T7021] XFS (loop3): Ending recovery (logdev: internal) [ 289.428219][ T7034] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 289.452481][ T7034] CPU: 1 UID: 0 PID: 7034 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 289.452516][ T7034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.452531][ T7034] Call Trace: [ 289.452542][ T7034] [ 289.452553][ T7034] dump_stack_lvl+0x189/0x250 [ 289.452588][ T7034] ? __pfx__xfs_alert_tag+0x10/0x10 [ 289.452625][ T7034] ? __pfx_dump_stack_lvl+0x10/0x10 [ 289.452660][ T7034] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7021] <... mount resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7021] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 289.452707][ T7034] xfs_corruption_error+0x122/0x170 [ 289.452746][ T7034] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 289.452780][ T7034] xfs_alloc_fixup_trees+0x95e/0xd20 [ 289.452808][ T7034] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 289.452849][ T7034] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 289.452879][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.452907][ T7034] ? rcu_is_watching+0x15/0xb0 [ 289.452937][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.452975][ T7034] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 7021] chdir("./file1") = 0 [pid 7021] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7021] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = 0 [pid 7021] <... futex resumed>) = 1 [pid 7017] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7017] <... futex resumed>) = 0 [pid 7021] <... openat resumed>) = 4 [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7021] <... futex resumed>) = 0 [pid 7017] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7017] <... futex resumed>) = 0 [pid 7021] <... pwritev2 resumed>) = 65007 [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7021] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7021] <... futex resumed>) = 0 [pid 7017] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 289.453006][ T7034] ? rcu_is_watching+0x15/0xb0 [ 289.453045][ T7034] xfs_alloc_cur_finish+0xd3/0x4b0 [ 289.453074][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.453103][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.453141][ T7034] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 289.453198][ T7034] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 289.453227][ T7034] ? xfs_group_grab+0x28/0x480 [ 289.453265][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.453293][ T7034] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7017] <... futex resumed>) = 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7035 ./strace-static-x86_64: Process 7036 attached ./strace-static-x86_64: Process 7035 attached [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7036 [pid 7021] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7021] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7017] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] <... futex resumed>) = 1 [pid 7021] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7036] set_robust_list(0x55555d962760, 24 [pid 7035] set_robust_list(0x55555d962760, 24 [pid 7034] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7034] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7034] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7036] <... set_robust_list resumed>) = 0 [pid 7036] chdir("./26") = 0 [pid 7036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7035] <... set_robust_list resumed>) = 0 [pid 6997] exit_group(0 [pid 7036] <... prctl resumed>) = 0 [ 289.453327][ T7034] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 289.453375][ T7034] xfs_alloc_vextent_start_ag+0x388/0x850 [ 289.453414][ T7034] xfs_bmapi_allocate+0x188e/0x2e00 [ 289.453478][ T7034] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 289.453510][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.453560][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.453587][ T7034] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 289.453611][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7035] chdir("./26" [pid 7034] <... futex resumed>) = ? [pid 6997] <... exit_group resumed>) = ? [pid 7036] setpgid(0, 0 [pid 7034] +++ exited with 0 +++ [pid 7036] <... setpgid resumed>) = 0 [pid 7035] <... chdir resumed>) = 0 [pid 7036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7035] setpgid(0, 0) = 0 [pid 7036] write(3, "1000", 4 [pid 7035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7036] <... write resumed>) = 4 [pid 7036] close(3) = 0 [pid 7036] symlink("/dev/binderfs", "./binderfs" [pid 7035] <... openat resumed>) = 3 [pid 7035] write(3, "1000", 4 [pid 7036] <... symlink resumed>) = 0 [pid 7035] <... write resumed>) = 4 [pid 7035] close(3executing program ) = 0 [pid 7036] write(1, "executing program\n", 18) = 18 [pid 7035] symlink("/dev/binderfs", "./binderfs" [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... symlink resumed>) = 0 [pid 7036] <... futex resumed>) = 0 [pid 6998] <... futex resumed>) = ? [pid 7036] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, executing program [pid 7035] write(1, "executing program\n", 18 [pid 7036] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7035] <... write resumed>) = 18 [pid 6998] +++ exited with 0 +++ [pid 6997] +++ exited with 0 +++ [pid 7036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7035] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7035] <... futex resumed>) = 0 [pid 7036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7035] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6997, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=83 /* 0.83 s */} --- [pid 7036] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7035] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5871] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7036] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7036] <... mprotect resumed>) = 0 [pid 7036] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7036] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7017] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] newfstatat(3, "", [pid 7036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7035] <... mmap resumed>) = 0x7f3cdbf05000 ./strace-static-x86_64: Process 7037 attached [pid 7035] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7037] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7036] <... clone3 resumed> => {parent_tid=[7037]}, 88) = 7037 [pid 7035] <... mprotect resumed>) = 0 [pid 7037] <... rseq resumed>) = 0 [pid 7036] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] getdents64(3, [pid 7037] set_robust_list(0x7f3cdbf259a0, 24 [pid 7036] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 289.453638][ T7034] ? xfs_iext_prev+0x35a/0x370 [ 289.453676][ T7034] ? xfs_iext_get_extent+0x1bb/0x370 [ 289.453707][ T7034] xfs_bmapi_write+0x7df/0x1260 [ 289.453765][ T7034] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 289.453843][ T7034] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 289.453884][ T7034] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 289.453914][ T7034] ? kasan_save_track+0x4f/0x80 [ 289.453940][ T7034] ? kasan_save_track+0x3e/0x80 [ 289.453970][ T7034] ? kasan_save_free_info+0x46/0x50 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7037] <... set_robust_list resumed>) = 0 [pid 7036] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], [pid 7035] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] <... futex resumed>) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5871] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7037] memfd_create("syzkaller", 0 [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7035] <... clone3 resumed> => {parent_tid=[7038]}, 88) = 7038 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7037] <... memfd_create resumed>) = 3 [pid 7035] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7037] <... mmap resumed>) = 0x7f3cd3a00000 [ 289.454008][ T7034] ? kmem_cache_free+0x18f/0x400 [ 289.454036][ T7034] ? __xfs_trans_commit+0x3e0/0xbd0 [ 289.454061][ T7034] ? xfs_trans_roll+0x130/0x450 [ 289.454085][ T7034] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 289.454125][ T7034] xfs_attr_set_iter+0x2d4/0x4b70 [ 289.454160][ T7034] ? filename_setxattr+0x274/0x600 [ 289.454194][ T7034] ? path_setxattrat+0x364/0x3a0 [ 289.454215][ T7034] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 289.454267][ T7034] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 289.454323][ T7034] ? kasan_quarantine_put+0xdd/0x220 [ 289.454348][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.454377][ T7034] ? lockdep_hardirqs_on+0x9c/0x150 [ 289.454417][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.454450][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.454478][ T7034] ? kmem_cache_free+0x18f/0x400 [ 289.454506][ T7034] ? __xfs_trans_commit+0x3e0/0xbd0 [ 289.454537][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.454565][ T7034] ? __xfs_trans_commit+0x4c7/0xbd0 [ 289.454607][ T7034] xfs_attr_finish_item+0xed/0x320 [ 289.454647][ T7034] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 289.454684][ T7034] xfs_defer_finish_one+0x5c8/0xcf0 [ 289.454743][ T7034] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 289.454791][ T7034] xfs_defer_finish_noroll+0x910/0x12d0 [ 289.454831][ T7034] ? xfs_trans_commit+0x10b/0x1c0 [ 289.454863][ T7034] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 289.454896][ T7034] ? inode_set_ctime_current+0x740/0xb40 [ 289.454944][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7037] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216./strace-static-x86_64: Process 7038 attached [pid 7038] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7038] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7038] memfd_create("syzkaller", 0) = 3 [pid 7038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 289.454978][ T7034] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 289.455019][ T7034] xfs_trans_commit+0x10b/0x1c0 [ 289.455045][ T7034] ? __pfx_xfs_trans_commit+0x10/0x10 [ 289.455077][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.455105][ T7034] ? xfs_trans_log_inode+0x12c/0x1a0 [ 289.455144][ T7034] xfs_attr_set+0xdc6/0x1210 [ 289.455192][ T7034] ? __pfx_xfs_attr_set+0x10/0x10 [ 289.455226][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.455254][ T7034] ? __lock_acquire+0xab9/0xd20 [ 289.455289][ T7034] ? xfs_da_hashname+0x59d/0x740 [ 289.455321][ T7034] ? do_raw_spin_lock+0x121/0x290 [ 289.455363][ T7034] ? xfs_attr_change+0x2ac/0x390 [ 289.455397][ T7034] xfs_xattr_set+0x14d/0x250 [ 289.455429][ T7034] ? __pfx_xfs_xattr_set+0x10/0x10 [ 289.455473][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.455501][ T7034] ? evm_protect_xattr+0x4d4/0xa90 [ 289.455527][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.455554][ T7034] ? rcu_is_watching+0x15/0xb0 [ 289.455588][ T7034] ? __pfx_evm_protect_xattr+0x10/0x10 [ 289.455616][ T7034] ? __pfx_xfs_xattr_set+0x10/0x10 [ 289.455644][ T7034] __vfs_setxattr+0x43c/0x480 [ 289.455692][ T7034] __vfs_setxattr_noperm+0x12d/0x660 [ 289.455740][ T7034] vfs_setxattr+0x16b/0x2f0 [ 289.455782][ T7034] ? __pfx_vfs_setxattr+0x10/0x10 [ 289.455812][ T7034] ? mnt_get_write_access+0x223/0x2a0 [ 289.455843][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.455877][ T7034] filename_setxattr+0x274/0x600 [ 289.455923][ T7034] ? __pfx_filename_setxattr+0x10/0x10 [ 289.455966][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7017] exit_group(0) = ? [ 289.455994][ T7034] ? getname_flags+0x1e5/0x540 [ 289.456035][ T7034] path_setxattrat+0x364/0x3a0 [ 289.456071][ T7034] ? __pfx_path_setxattrat+0x10/0x10 [ 289.456136][ T7034] ? srso_alias_return_thunk+0x5/0xfbef5 [ 289.456164][ T7034] ? rcu_is_watching+0x15/0xb0 [ 289.456200][ T7034] __x64_sys_lsetxattr+0xbf/0xe0 [ 289.456239][ T7034] do_syscall_64+0xfa/0x3b0 [ 289.456266][ T7034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.456289][ T7034] ? __switch_to_asm+0x39/0x70 [ 289.456322][ T7034] ? __switch_to_asm+0x33/0x70 [ 289.456359][ T7034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.456383][ T7034] RIP: 0033:0x7f3cdbf794f9 [ 289.456405][ T7034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 289.456427][ T7034] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 289.456454][ T7034] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 289.456473][ T7034] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 289.456491][ T7034] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 289.456508][ T7034] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 289.456526][ T7034] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 289.456563][ T7034] [ 289.529235][ T7034] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 289.602079][ T7021] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 289.604866][ T7034] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 289.609846][ T7021] XFS (loop3): Unmount and run xfs_repair [ 289.615287][ T7034] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 289.633338][ T7021] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 7038] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7037] <... write resumed>) = 16777216 [ 290.205234][ T7021] CPU: 1 UID: 0 PID: 7021 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 290.205270][ T7021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.205286][ T7021] Call Trace: [ 290.205297][ T7021] [ 290.205307][ T7021] dump_stack_lvl+0x189/0x250 [ 290.205346][ T7021] ? __pfx__xfs_alert_tag+0x10/0x10 [ 290.205384][ T7021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.205419][ T7021] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 290.205468][ T7021] xfs_corruption_error+0x122/0x170 [ 290.205507][ T7021] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 290.205542][ T7021] xfs_alloc_fixup_trees+0x95e/0xd20 [ 290.205572][ T7021] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 290.205613][ T7021] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 290.205644][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.205673][ T7021] ? rcu_is_watching+0x15/0xb0 [ 290.205705][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.205732][ T7021] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 290.205764][ T7021] ? rcu_is_watching+0x15/0xb0 [ 290.205804][ T7021] xfs_alloc_cur_finish+0xd3/0x4b0 [ 290.205834][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.205864][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.205899][ T7021] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 290.205956][ T7021] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 290.205987][ T7021] ? xfs_group_grab+0x28/0x480 [ 290.206024][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.206052][ T7021] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 290.206086][ T7021] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 290.206134][ T7021] xfs_alloc_vextent_start_ag+0x388/0x850 [ 290.206179][ T7021] xfs_bmapi_allocate+0x188e/0x2e00 [ 290.206244][ T7021] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 290.206278][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.206328][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.206356][ T7021] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 290.206380][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.206408][ T7021] ? xfs_iext_prev+0x35a/0x370 [ 290.206447][ T7021] ? xfs_iext_get_extent+0x1bb/0x370 [ 290.206478][ T7021] xfs_bmapi_write+0x7df/0x1260 [ 290.206538][ T7021] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 290.206616][ T7021] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 290.206658][ T7021] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 290.206689][ T7021] ? kasan_save_track+0x4f/0x80 [ 290.206716][ T7021] ? kasan_save_track+0x3e/0x80 [ 290.206741][ T7021] ? kasan_save_free_info+0x46/0x50 [ 290.206783][ T7021] ? kmem_cache_free+0x18f/0x400 [ 290.206811][ T7021] ? __xfs_trans_commit+0x3e0/0xbd0 [ 290.206835][ T7021] ? xfs_trans_roll+0x130/0x450 [ 290.206858][ T7021] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 290.206899][ T7021] xfs_attr_set_iter+0x2d4/0x4b70 [ 290.206934][ T7021] ? filename_setxattr+0x274/0x600 [ 290.206968][ T7021] ? path_setxattrat+0x364/0x3a0 [ 290.206990][ T7021] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 290.207042][ T7021] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 290.207099][ T7021] ? kasan_quarantine_put+0xdd/0x220 [ 290.207125][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207154][ T7021] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.207201][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207235][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207262][ T7021] ? kmem_cache_free+0x18f/0x400 [ 290.207292][ T7021] ? __xfs_trans_commit+0x3e0/0xbd0 [ 290.207324][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207351][ T7021] ? __xfs_trans_commit+0x4c7/0xbd0 [ 290.207395][ T7021] xfs_attr_finish_item+0xed/0x320 [ 290.207435][ T7021] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 290.207473][ T7021] xfs_defer_finish_one+0x5c8/0xcf0 [ 290.207533][ T7021] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 290.207583][ T7021] xfs_defer_finish_noroll+0x910/0x12d0 [ 290.207622][ T7021] ? xfs_trans_commit+0x10b/0x1c0 [ 290.207654][ T7021] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 290.207688][ T7021] ? inode_set_ctime_current+0x740/0xb40 [ 290.207736][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207765][ T7021] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 290.207805][ T7021] xfs_trans_commit+0x10b/0x1c0 [ 290.207832][ T7021] ? __pfx_xfs_trans_commit+0x10/0x10 [ 290.207865][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.207894][ T7021] ? xfs_trans_log_inode+0x12c/0x1a0 [ 290.207934][ T7021] xfs_attr_set+0xdc6/0x1210 [ 290.207984][ T7021] ? __pfx_xfs_attr_set+0x10/0x10 [ 290.208019][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208048][ T7021] ? __lock_acquire+0xab9/0xd20 [ 290.208085][ T7021] ? xfs_da_hashname+0x59d/0x740 [ 290.208117][ T7021] ? do_raw_spin_lock+0x121/0x290 [ 290.208161][ T7021] ? xfs_attr_change+0x2ac/0x390 [ 290.208200][ T7021] xfs_xattr_set+0x14d/0x250 [ 290.208232][ T7021] ? __pfx_xfs_xattr_set+0x10/0x10 [ 290.208277][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208306][ T7021] ? evm_protect_xattr+0x4d4/0xa90 [ 290.208333][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208361][ T7021] ? rcu_is_watching+0x15/0xb0 [ 290.208396][ T7021] ? __pfx_evm_protect_xattr+0x10/0x10 [ 290.208424][ T7021] ? __pfx_xfs_xattr_set+0x10/0x10 [ 290.208452][ T7021] __vfs_setxattr+0x43c/0x480 [ 290.208502][ T7021] __vfs_setxattr_noperm+0x12d/0x660 [ 290.208546][ T7021] vfs_setxattr+0x16b/0x2f0 [ 290.208588][ T7021] ? __pfx_vfs_setxattr+0x10/0x10 [ 290.208618][ T7021] ? mnt_get_write_access+0x223/0x2a0 [ 290.208649][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208683][ T7021] filename_setxattr+0x274/0x600 [ 290.208731][ T7021] ? __pfx_filename_setxattr+0x10/0x10 [ 290.208770][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208798][ T7021] ? getname_flags+0x1e5/0x540 [ 290.208840][ T7021] path_setxattrat+0x364/0x3a0 [ 290.208877][ T7021] ? __pfx_path_setxattrat+0x10/0x10 [ 290.208943][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.208972][ T7021] ? rcu_is_watching+0x15/0xb0 [ 290.209009][ T7021] __x64_sys_lsetxattr+0xbf/0xe0 [ 290.209050][ T7021] do_syscall_64+0xfa/0x3b0 [ 290.209075][ T7021] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.209114][ T7021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.209138][ T7021] ? srso_alias_return_thunk+0x5/0xfbef5 [ 290.209167][ T7021] ? exc_page_fault+0x9f/0xf0 [ 290.209216][ T7021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.209240][ T7021] RIP: 0033:0x7f3cdbf794f9 [ 290.209263][ T7021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 290.209285][ T7021] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 290.209311][ T7021] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 290.209331][ T7021] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 290.209350][ T7021] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7037] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7037] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 290.209367][ T7021] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 290.209384][ T7021] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 290.209423][ T7021] [ 290.896162][ T7021] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 290.904848][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7037] close(3) = 0 [pid 7037] close(4) = 0 [ 290.926875][ T7037] loop1: detected capacity change from 0 to 32768 [pid 7037] mkdir("./file1", 0777) = 0 [pid 7037] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7038] <... write resumed>) = 16777216 [ 290.968730][ T7037] XFS: noikeep mount option is deprecated. [pid 7038] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7021] <... lsetxattr resumed>) = ? [pid 7038] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... umount2 resumed>) = 0 [pid 7038] <... openat resumed>) = 4 [ 291.003514][ T7021] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 291.020370][ T7021] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 5871] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7038] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 7038] <... ioctl resumed>) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./25/file1") = 0 [ 291.061972][ T7037] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 291.073678][ T7038] loop2: detected capacity change from 0 to 32768 [pid 7038] close(3 [pid 7021] +++ exited with 0 +++ [pid 7017] +++ exited with 0 +++ [pid 5871] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7038] <... close resumed>) = 0 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7017, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=110 /* 1.10 s */} --- [pid 7038] close(4) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7038] mkdir("./file1", 0777 [pid 5874] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] newfstatat(AT_FDCWD, "./25/binderfs", [pid 7038] <... mkdir resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7038] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, [pid 5871] unlink("./25/binderfs" [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./25") = 0 [pid 5871] mkdir("./26", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 291.140393][ T7038] XFS: noikeep mount option is deprecated. [ 291.179497][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 291.202843][ T7037] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 291.227780][ T7037] XFS (loop1): Starting recovery (logdev: internal) [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 291.249884][ T7037] XFS (loop1): Ending recovery (logdev: internal) [pid 5871] close(3 [pid 7037] <... mount resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] newfstatat(AT_FDCWD, "./26/file1", [pid 7037] <... openat resumed>) = 3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7037] chdir("./file1" [pid 5874] <... openat resumed>) = 4 [pid 7037] <... chdir resumed>) = 0 [pid 5874] newfstatat(4, "", [pid 7037] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7037] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4 [pid 7037] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... close resumed>) = 0 [pid 7037] <... futex resumed>) = 1 [pid 7036] <... futex resumed>) = 0 [pid 5874] rmdir("./26/file1" [pid 7037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7036] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... rmdir resumed>) = 0 [pid 7036] <... futex resumed>) = 0 [pid 5874] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./26/binderfs", [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./26/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3 [pid 7037] <... openat resumed>) = 4 [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./26" [pid 7037] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... rmdir resumed>) = 0 [pid 7037] <... futex resumed>) = 1 [pid 7036] <... futex resumed>) = 0 [pid 5874] mkdir("./27", 0777 [pid 7037] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7036] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... mkdir resumed>) = 0 [pid 7037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7036] <... futex resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7037] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 291.282879][ T7038] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] close(3 [pid 7037] <... pwritev2 resumed>) = 65007 [pid 7037] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7036] <... futex resumed>) = 0 [pid 7036] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] <... futex resumed>) = 0 [pid 7036] <... futex resumed>) = 1 [pid 7037] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7037] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7037] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] <... futex resumed>) = 0 [pid 7036] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 291.353459][ T7037] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 291.388155][ T7037] XFS (loop1): Unmount and run xfs_repair [pid 7037] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7036] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 291.408447][ T7037] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 291.444243][ T7038] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 291.467023][ T7037] CPU: 0 UID: 0 PID: 7037 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 291.467057][ T7037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.467073][ T7037] Call Trace: [ 291.467083][ T7037] [ 291.467094][ T7037] dump_stack_lvl+0x189/0x250 [ 291.467129][ T7037] ? __pfx__xfs_alert_tag+0x10/0x10 [ 291.467167][ T7037] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.467202][ T7037] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7055 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7056 [ 291.467250][ T7037] xfs_corruption_error+0x122/0x170 [ 291.467289][ T7037] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 291.467323][ T7037] xfs_alloc_fixup_trees+0x95e/0xd20 [ 291.467352][ T7037] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 291.467393][ T7037] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 291.467424][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.467452][ T7037] ? rcu_is_watching+0x15/0xb0 [ 291.467482][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.467510][ T7037] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 ./strace-static-x86_64: Process 7056 attached ./strace-static-x86_64: Process 7055 attached [ 291.467541][ T7037] ? rcu_is_watching+0x15/0xb0 [ 291.467580][ T7037] xfs_alloc_cur_finish+0xd3/0x4b0 [ 291.467609][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.467639][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.467673][ T7037] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 291.467731][ T7037] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 291.467760][ T7037] ? xfs_group_grab+0x28/0x480 [ 291.467796][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.467823][ T7037] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7056] set_robust_list(0x55555d962760, 24 [pid 7055] set_robust_list(0x55555d962760, 24 [pid 7056] <... set_robust_list resumed>) = 0 [pid 7055] <... set_robust_list resumed>) = 0 [pid 7038] <... mount resumed>) = 0 [pid 7056] chdir("./26" [pid 7055] chdir("./27" [pid 7038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7056] <... chdir resumed>) = 0 [pid 7055] <... chdir resumed>) = 0 [pid 7038] chdir("./file1" [pid 7056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7038] <... chdir resumed>) = 0 [pid 7056] <... prctl resumed>) = 0 [pid 7055] <... prctl resumed>) = 0 [pid 7038] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7056] setpgid(0, 0 [pid 7055] setpgid(0, 0 [pid 7038] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7056] <... setpgid resumed>) = 0 [pid 7055] <... setpgid resumed>) = 0 [pid 7038] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7038] <... futex resumed>) = 1 [pid 7038] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7055] <... openat resumed>) = 3 [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] write(3, "1000", 4 [pid 7038] <... futex resumed>) = 0 [pid 7035] <... futex resumed>) = 1 [pid 7056] write(3, "1000", 4 [pid 7055] <... write resumed>) = 4 [ 291.467857][ T7037] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 291.467904][ T7037] xfs_alloc_vextent_start_ag+0x388/0x850 [ 291.467943][ T7037] xfs_bmapi_allocate+0x188e/0x2e00 [ 291.468011][ T7037] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 291.468043][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.468093][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.468121][ T7037] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 291.468144][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.468171][ T7037] ? xfs_iext_prev+0x35a/0x370 [pid 7038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7035] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7056] <... write resumed>) = 4 [pid 7055] close(3 [pid 7056] close(3 [pid 7055] <... close resumed>) = 0 [pid 7056] <... close resumed>) = 0 [pid 7055] symlink("/dev/binderfs", "./binderfs" [pid 7056] symlink("/dev/binderfs", "./binderfs" [pid 7055] <... symlink resumed>) = 0 [pid 7056] <... symlink resumed>) = 0 [pid 7038] <... openat resumed>) = 4 [pid 7038] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7055] write(1, "executing program\n", 18 [pid 7056] write(1, "executing program\n", 18 [pid 7055] <... write resumed>) = 18 executing program [pid 7038] <... futex resumed>) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7056] <... write resumed>) = 18 [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7035] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... futex resumed>) = 0 [pid 7035] <... futex resumed>) = 0 [pid 7055] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7056] <... futex resumed>) = 0 [pid 7055] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7035] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7056] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7056] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [ 291.468209][ T7037] ? xfs_iext_get_extent+0x1bb/0x370 [ 291.468239][ T7037] xfs_bmapi_write+0x7df/0x1260 [ 291.468302][ T7037] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 291.468380][ T7037] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 291.468422][ T7037] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 291.468452][ T7037] ? kasan_save_track+0x4f/0x80 [ 291.468478][ T7037] ? kasan_save_track+0x3e/0x80 [ 291.468502][ T7037] ? kasan_save_free_info+0x46/0x50 [ 291.468538][ T7037] ? kmem_cache_free+0x18f/0x400 [pid 7055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7055] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7055] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7056] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7056] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7055] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7056] <... mprotect resumed>) = 0 [pid 7056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7055] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7058 attached ./strace-static-x86_64: Process 7057 attached [pid 7055] <... clone3 resumed> => {parent_tid=[7057]}, 88) = 7057 [pid 7038] <... pwritev2 resumed>) = 65007 [pid 7035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7058] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7057] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7056] <... clone3 resumed> => {parent_tid=[7058]}, 88) = 7058 [pid 7055] rt_sigprocmask(SIG_SETMASK, [], [pid 7038] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... rseq resumed>) = 0 [pid 7057] <... rseq resumed>) = 0 [pid 7056] rt_sigprocmask(SIG_SETMASK, [], [pid 7055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7038] <... futex resumed>) = 0 [pid 7035] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] set_robust_list(0x7f3cdbf259a0, 24 [pid 7057] set_robust_list(0x7f3cdbf259a0, 24 [pid 7056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7055] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7035] <... futex resumed>) = 0 [pid 7037] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7037] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7058] <... set_robust_list resumed>) = 0 [pid 7057] <... set_robust_list resumed>) = 0 [pid 7056] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... futex resumed>) = 0 [pid 7036] exit_group(0 [pid 7035] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7058] rt_sigprocmask(SIG_SETMASK, [], [pid 7057] rt_sigprocmask(SIG_SETMASK, [], [pid 7056] <... futex resumed>) = 0 [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7037] <... futex resumed>) = ? [pid 7036] <... exit_group resumed>) = ? [pid 7058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7037] +++ exited with 0 +++ [pid 7036] +++ exited with 0 +++ [ 291.468566][ T7037] ? __xfs_trans_commit+0x3e0/0xbd0 [ 291.468590][ T7037] ? xfs_trans_roll+0x130/0x450 [ 291.468613][ T7037] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 291.468652][ T7037] xfs_attr_set_iter+0x2d4/0x4b70 [ 291.468686][ T7037] ? filename_setxattr+0x274/0x600 [ 291.468719][ T7037] ? path_setxattrat+0x364/0x3a0 [ 291.468740][ T7037] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 291.468791][ T7037] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 291.468846][ T7037] ? kasan_quarantine_put+0xdd/0x220 [ 291.468871][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7058] memfd_create("syzkaller", 0 [pid 7057] memfd_create("syzkaller", 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7036, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=135 /* 1.35 s */} --- [pid 7057] <... memfd_create resumed>) = 3 [pid 5872] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7058] <... memfd_create resumed>) = 3 [pid 7057] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] <... openat resumed>) = 3 [pid 7058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] newfstatat(3, "", [pid 7058] <... mmap resumed>) = 0x7f3cd3a00000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7035] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7035] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7059 attached => {parent_tid=[7059]}, 88) = 7059 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7035] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 291.468899][ T7037] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.468938][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.468976][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.469003][ T7037] ? kmem_cache_free+0x18f/0x400 [ 291.469031][ T7037] ? __xfs_trans_commit+0x3e0/0xbd0 [ 291.469062][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.469090][ T7037] ? __xfs_trans_commit+0x4c7/0xbd0 [ 291.469132][ T7037] xfs_attr_finish_item+0xed/0x320 [ 291.469172][ T7037] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 7035] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7059] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7059] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7059] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 291.469208][ T7037] xfs_defer_finish_one+0x5c8/0xcf0 [ 291.469268][ T7037] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 291.469316][ T7037] xfs_defer_finish_noroll+0x910/0x12d0 [ 291.469355][ T7037] ? xfs_trans_commit+0x10b/0x1c0 [ 291.469387][ T7037] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 291.469419][ T7037] ? inode_set_ctime_current+0x740/0xb40 [ 291.469466][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.469494][ T7037] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 291.469534][ T7037] xfs_trans_commit+0x10b/0x1c0 [ 291.469560][ T7037] ? __pfx_xfs_trans_commit+0x10/0x10 [ 291.469592][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.469619][ T7037] ? xfs_trans_log_inode+0x12c/0x1a0 [ 291.469659][ T7037] xfs_attr_set+0xdc6/0x1210 [ 291.469708][ T7037] ? __pfx_xfs_attr_set+0x10/0x10 [ 291.469741][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.469769][ T7037] ? __lock_acquire+0xab9/0xd20 [ 291.469805][ T7037] ? xfs_da_hashname+0x59d/0x740 [ 291.469837][ T7037] ? do_raw_spin_lock+0x121/0x290 [ 291.469879][ T7037] ? xfs_attr_change+0x2ac/0x390 [ 291.469914][ T7037] xfs_xattr_set+0x14d/0x250 [ 291.469946][ T7037] ? __pfx_xfs_xattr_set+0x10/0x10 [ 291.469995][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470023][ T7037] ? evm_protect_xattr+0x4d4/0xa90 [ 291.470050][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470078][ T7037] ? rcu_is_watching+0x15/0xb0 [ 291.470112][ T7037] ? __pfx_evm_protect_xattr+0x10/0x10 [ 291.470139][ T7037] ? __pfx_xfs_xattr_set+0x10/0x10 [ 291.470167][ T7037] __vfs_setxattr+0x43c/0x480 [ 291.470215][ T7037] __vfs_setxattr_noperm+0x12d/0x660 [ 291.470258][ T7037] vfs_setxattr+0x16b/0x2f0 [ 291.470299][ T7037] ? __pfx_vfs_setxattr+0x10/0x10 [ 291.470329][ T7037] ? mnt_get_write_access+0x223/0x2a0 [ 291.470358][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470392][ T7037] filename_setxattr+0x274/0x600 [ 291.470439][ T7037] ? __pfx_filename_setxattr+0x10/0x10 [ 291.470476][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470504][ T7037] ? getname_flags+0x1e5/0x540 [ 291.470544][ T7037] path_setxattrat+0x364/0x3a0 [pid 7058] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 291.470580][ T7037] ? __pfx_path_setxattrat+0x10/0x10 [ 291.470645][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470673][ T7037] ? rcu_is_watching+0x15/0xb0 [ 291.470709][ T7037] __x64_sys_lsetxattr+0xbf/0xe0 [ 291.470749][ T7037] do_syscall_64+0xfa/0x3b0 [ 291.470774][ T7037] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.470812][ T7037] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.470836][ T7037] ? srso_alias_return_thunk+0x5/0xfbef5 [ 291.470864][ T7037] ? exc_page_fault+0x9f/0xf0 [pid 7057] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7035] exit_group(0) = ? [ 291.470905][ T7037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.470929][ T7037] RIP: 0033:0x7f3cdbf794f9 [ 291.470950][ T7037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 291.470976][ T7037] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 291.471002][ T7037] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 291.471022][ T7037] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 291.471040][ T7037] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 291.471057][ T7037] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 291.471073][ T7037] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 291.471111][ T7037] [ 291.471732][ T7037] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 291.563060][ T7038] XFS (loop2): Starting recovery (logdev: internal) [ 291.599802][ T7037] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 291.617248][ T7038] XFS (loop2): Ending recovery (logdev: internal) [ 291.622422][ T7037] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 291.745204][ T7038] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 292.211959][ T7038] XFS (loop2): Unmount and run xfs_repair [ 292.217402][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7038] <... open resumed>) = ? [pid 7038] +++ exited with 0 +++ [ 292.230517][ T7059] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 292.279746][ T7059] CPU: 0 UID: 0 PID: 7059 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 292.279783][ T7059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 292.279799][ T7059] Call Trace: [ 292.279809][ T7059] [ 292.279819][ T7059] dump_stack_lvl+0x189/0x250 [ 292.279853][ T7059] ? __pfx__xfs_alert_tag+0x10/0x10 [ 292.279891][ T7059] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.279924][ T7059] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 292.279971][ T7059] xfs_corruption_error+0x122/0x170 [ 292.280010][ T7059] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 292.280045][ T7059] xfs_alloc_fixup_trees+0x95e/0xd20 [ 292.280075][ T7059] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 292.280117][ T7059] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 292.280148][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280186][ T7059] ? rcu_is_watching+0x15/0xb0 [ 292.280216][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280244][ T7059] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 7058] <... write resumed>) = 16777216 [ 292.280274][ T7059] ? rcu_is_watching+0x15/0xb0 [ 292.280312][ T7059] xfs_alloc_cur_finish+0xd3/0x4b0 [ 292.280341][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280371][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280405][ T7059] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 292.280462][ T7059] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 292.280493][ T7059] ? xfs_group_grab+0x28/0x480 [ 292.280529][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7058] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7058] ioctl(4, LOOP_SET_FD, 3 [pid 7057] <... write resumed>) = 16777216 [ 292.280558][ T7059] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 292.280592][ T7059] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 292.280640][ T7059] xfs_alloc_vextent_start_ag+0x388/0x850 [ 292.280679][ T7059] xfs_bmapi_allocate+0x188e/0x2e00 [ 292.280746][ T7059] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 292.280780][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280831][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.280859][ T7059] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 292.280883][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7057] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7058] <... ioctl resumed>) = 0 [pid 7058] close(3) = 0 [pid 7058] close(4) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 7058] mkdir("./file1", 0777 [pid 5872] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7058] <... mkdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [ 292.280933][ T7059] ? xfs_iext_prev+0x35a/0x370 [ 292.280972][ T7059] ? xfs_iext_get_extent+0x1bb/0x370 [ 292.281003][ T7059] xfs_bmapi_write+0x7df/0x1260 [ 292.281063][ T7059] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 292.281149][ T7059] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 292.281200][ T7059] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 292.281232][ T7059] ? kasan_save_track+0x4f/0x80 [ 292.281258][ T7059] ? kasan_save_track+0x3e/0x80 [ 292.281283][ T7059] ? kasan_save_free_info+0x46/0x50 [ 292.281321][ T7059] ? kmem_cache_free+0x18f/0x400 [pid 7058] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7057] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7057] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [ 292.281350][ T7059] ? __xfs_trans_commit+0x3e0/0xbd0 [ 292.281375][ T7059] ? xfs_trans_roll+0x130/0x450 [ 292.281399][ T7059] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 292.281439][ T7059] xfs_attr_set_iter+0x2d4/0x4b70 [ 292.281475][ T7059] ? filename_setxattr+0x274/0x600 [ 292.281508][ T7059] ? path_setxattrat+0x364/0x3a0 [ 292.281530][ T7059] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 292.281583][ T7059] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 292.281641][ T7059] ? kasan_quarantine_put+0xdd/0x220 [pid 7057] <... ioctl resumed>) = 0 [pid 7057] close(3) = 0 [pid 7057] close(4) = 0 [pid 7057] mkdir("./file1", 0777) = 0 [ 292.281668][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.281696][ T7059] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.281736][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.281771][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.281799][ T7059] ? kmem_cache_free+0x18f/0x400 [ 292.281827][ T7059] ? __xfs_trans_commit+0x3e0/0xbd0 [ 292.281858][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.281887][ T7059] ? __xfs_trans_commit+0x4c7/0xbd0 [ 292.281929][ T7059] xfs_attr_finish_item+0xed/0x320 [ 292.281970][ T7059] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 292.282007][ T7059] xfs_defer_finish_one+0x5c8/0xcf0 [ 292.282068][ T7059] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 292.282118][ T7059] xfs_defer_finish_noroll+0x910/0x12d0 [ 292.282158][ T7059] ? xfs_trans_commit+0x10b/0x1c0 [ 292.282197][ T7059] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 292.282232][ T7059] ? inode_set_ctime_current+0x740/0xb40 [ 292.282280][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.282309][ T7059] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 7057] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7059] <... lsetxattr resumed>) = ? [pid 7059] +++ exited with 0 +++ [pid 7035] +++ exited with 0 +++ [pid 5872] getdents64(4, [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7035, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=103 /* 1.03 s */} --- [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./26/file1") = 0 [pid 5873] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 292.282349][ T7059] xfs_trans_commit+0x10b/0x1c0 [ 292.282376][ T7059] ? __pfx_xfs_trans_commit+0x10/0x10 [ 292.282408][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.282437][ T7059] ? xfs_trans_log_inode+0x12c/0x1a0 [ 292.282478][ T7059] xfs_attr_set+0xdc6/0x1210 [ 292.282527][ T7059] ? __pfx_xfs_attr_set+0x10/0x10 [ 292.282562][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.282590][ T7059] ? __lock_acquire+0xab9/0xd20 [ 292.282628][ T7059] ? xfs_da_hashname+0x59d/0x740 [ 292.282660][ T7059] ? do_raw_spin_lock+0x121/0x290 [ 292.282704][ T7059] ? xfs_attr_change+0x2ac/0x390 [ 292.282739][ T7059] xfs_xattr_set+0x14d/0x250 [ 292.282772][ T7059] ? __pfx_xfs_xattr_set+0x10/0x10 [ 292.282817][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.282846][ T7059] ? evm_protect_xattr+0x4d4/0xa90 [ 292.282873][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.282901][ T7059] ? rcu_is_watching+0x15/0xb0 [ 292.282935][ T7059] ? __pfx_evm_protect_xattr+0x10/0x10 [ 292.282964][ T7059] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 292.282992][ T7059] __vfs_setxattr+0x43c/0x480 [ 292.283041][ T7059] __vfs_setxattr_noperm+0x12d/0x660 [ 292.283085][ T7059] vfs_setxattr+0x16b/0x2f0 [ 292.283127][ T7059] ? __pfx_vfs_setxattr+0x10/0x10 [ 292.283158][ T7059] ? mnt_get_write_access+0x223/0x2a0 [ 292.283194][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.283228][ T7059] filename_setxattr+0x274/0x600 [ 292.283276][ T7059] ? __pfx_filename_setxattr+0x10/0x10 [ 292.283315][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.283344][ T7059] ? getname_flags+0x1e5/0x540 [pid 5873] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./26/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./26") = 0 [pid 5872] mkdir("./27", 0777) = 0 [ 292.283386][ T7059] path_setxattrat+0x364/0x3a0 [ 292.283423][ T7059] ? __pfx_path_setxattrat+0x10/0x10 [ 292.283489][ T7059] ? srso_alias_return_thunk+0x5/0xfbef5 [ 292.283518][ T7059] ? rcu_is_watching+0x15/0xb0 [ 292.283555][ T7059] __x64_sys_lsetxattr+0xbf/0xe0 [ 292.283596][ T7059] do_syscall_64+0xfa/0x3b0 [ 292.283624][ T7059] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.283648][ T7059] ? __switch_to_asm+0x39/0x70 [ 292.283681][ T7059] ? __switch_to_asm+0x33/0x70 [ 292.283720][ T7059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.283744][ T7059] RIP: 0033:0x7f3cdbf794f9 [ 292.283767][ T7059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 292.283789][ T7059] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 292.283860][ T7059] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 292.283879][ T7059] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 292.283898][ T7059] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 292.283915][ T7059] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 292.283933][ T7059] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 292.283971][ T7059] [ 292.283982][ T7059] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 292.428512][ T7058] loop0: detected capacity change from 0 to 32768 [ 292.477377][ T7059] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 292.510639][ T7058] XFS: noikeep mount option is deprecated. [ 292.562648][ T7057] loop3: detected capacity change from 0 to 32768 [ 292.573402][ T7059] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 292.614234][ T7057] XFS: noikeep mount option is deprecated. [ 292.880726][ T7058] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] close(3 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [ 293.036045][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] rmdir("./26/file1") = 0 [pid 5873] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./26/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./26") = 0 [pid 5873] mkdir("./27", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 293.087171][ T7057] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 293.138392][ T7058] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 293.200321][ T7057] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 293.230608][ T7058] XFS (loop0): Starting recovery (logdev: internal) [pid 5873] close(3 [pid 7057] <... mount resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7057] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7057] <... openat resumed>) = 3 [pid 7057] chdir("./file1"./strace-static-x86_64: Process 7076 attached [pid 7076] set_robust_list(0x55555d962760, 24 [pid 7057] <... chdir resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7076 [pid 7076] <... set_robust_list resumed>) = 0 [pid 7057] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7058] <... mount resumed>) = 0 [pid 7076] chdir("./27" [pid 7057] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... chdir resumed>) = 0 [pid 7058] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7057] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7055] <... futex resumed>) = 0 [pid 7055] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] <... prctl resumed>) = 0 [pid 7058] <... openat resumed>) = 3 [pid 7057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [ 293.256091][ T7057] XFS (loop3): Starting recovery (logdev: internal) [ 293.281298][ T7057] XFS (loop3): Ending recovery (logdev: internal) [ 293.298279][ T7058] XFS (loop0): Ending recovery (logdev: internal) [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] setpgid(0, 0 [pid 7058] chdir("./file1" [pid 7076] <... setpgid resumed>) = 0 [pid 7058] <... chdir resumed>) = 0 [pid 7057] <... openat resumed>) = 4 [pid 7058] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... close resumed>) = 0 [pid 7058] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7058] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7076] <... openat resumed>) = 3 [pid 7058] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7058] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7056] <... futex resumed>) = 0 [pid 7058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] write(3, "1000", 4 [pid 7057] <... futex resumed>) = 1 executing program [pid 7076] <... write resumed>) = 4 [pid 7057] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] close(3) = 0 [pid 7076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7076] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 7077 attached [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... openat resumed>) = 4 [pid 7055] <... futex resumed>) = 0 [pid 7077] set_robust_list(0x55555d962760, 24 [pid 7058] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7077 [pid 7077] <... set_robust_list resumed>) = 0 [pid 7076] <... futex resumed>) = 0 [pid 7058] <... futex resumed>) = 1 [pid 7057] <... futex resumed>) = 0 [pid 7056] <... futex resumed>) = 0 [pid 7055] <... futex resumed>) = 1 [pid 7076] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7058] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7057] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7056] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] chdir("./27" [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7056] <... futex resumed>) = 0 [pid 7077] <... chdir resumed>) = 0 [pid 7076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7058] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7077] <... prctl resumed>) = 0 [pid 7077] setpgid(0, 0 [pid 7076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7077] <... setpgid resumed>) = 0 [pid 7077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7076] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7077] <... openat resumed>) = 3 [pid 7077] write(3, "1000", 4 [pid 7076] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7058] <... pwritev2 resumed>) = 65007 [pid 7057] <... pwritev2 resumed>) = 65007 [pid 7076] <... mprotect resumed>) = 0 [pid 7077] <... write resumed>) = 4 [pid 7058] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] close(3 [pid 7076] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7058] <... futex resumed>) = 1 [pid 7057] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7055] <... futex resumed>) = 0 [pid 7077] <... close resumed>) = 0 [pid 7076] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7058] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7057] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7056] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] symlink("/dev/binderfs", "./binderfs" [pid 7076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7056] <... futex resumed>) = 0 [pid 7055] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7078 attached [pid 7078] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7076] <... clone3 resumed> => {parent_tid=[7078]}, 88) = 7078 [pid 7078] <... rseq resumed>) = 0 [pid 7076] rt_sigprocmask(SIG_SETMASK, [], [pid 7078] set_robust_list(0x7f3cdbf259a0, 24 [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] <... set_robust_list resumed>) = 0 [pid 7078] rt_sigprocmask(SIG_SETMASK, [], [pid 7076] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7076] <... futex resumed>) = 0 executing program [pid 7078] memfd_create("syzkaller", 0 [pid 7077] <... symlink resumed>) = 0 [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] write(1, "executing program\n", 18) = 18 [pid 7077] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7077] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7079]}, 88) = 7079 [pid 7077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7077] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7079 attached [pid 7079] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7079] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7079] memfd_create("syzkaller", 0) = 3 [pid 7078] <... memfd_create resumed>) = 3 [pid 7058] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7057] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7079] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7058] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7058] <... futex resumed>) = 1 [pid 7057] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7055] <... futex resumed>) = 0 [pid 7058] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7057] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7056] <... futex resumed>) = 0 [pid 7055] <... futex resumed>) = 0 [pid 7058] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7057] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7056] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 293.398360][ T7058] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 293.402028][ T7057] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 293.410661][ T7058] XFS (loop0): Unmount and run xfs_repair [ 293.422224][ T7057] XFS (loop3): Unmount and run xfs_repair [pid 7055] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 293.460293][ T7058] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 293.474492][ T7057] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 293.507239][ T7057] CPU: 0 UID: 0 PID: 7057 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 293.507278][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 293.507295][ T7057] Call Trace: [ 293.507305][ T7057] [ 293.507316][ T7057] dump_stack_lvl+0x189/0x250 [ 293.507354][ T7057] ? __pfx__xfs_alert_tag+0x10/0x10 [ 293.507392][ T7057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.507432][ T7057] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 293.507478][ T7057] xfs_corruption_error+0x122/0x170 [ 293.507517][ T7057] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 293.507552][ T7057] xfs_alloc_fixup_trees+0x95e/0xd20 [ 293.507581][ T7057] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 293.507622][ T7057] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 293.507652][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.507681][ T7057] ? rcu_is_watching+0x15/0xb0 [ 293.507711][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.507739][ T7057] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 293.507770][ T7057] ? rcu_is_watching+0x15/0xb0 [ 293.507809][ T7057] xfs_alloc_cur_finish+0xd3/0x4b0 [ 293.507838][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.507868][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.507902][ T7057] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 293.507964][ T7057] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 293.507993][ T7057] ? xfs_group_grab+0x28/0x480 [ 293.508029][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.508058][ T7057] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7078] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 293.508091][ T7057] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 293.508139][ T7057] xfs_alloc_vextent_start_ag+0x388/0x850 [ 293.508178][ T7057] xfs_bmapi_allocate+0x188e/0x2e00 [ 293.508243][ T7057] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 293.508276][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.508326][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.508353][ T7057] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 293.508377][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.508405][ T7057] ? xfs_iext_prev+0x35a/0x370 [ 293.508443][ T7057] ? xfs_iext_get_extent+0x1bb/0x370 [ 293.508474][ T7057] xfs_bmapi_write+0x7df/0x1260 [ 293.508533][ T7057] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 293.508612][ T7057] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 293.508653][ T7057] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 293.508684][ T7057] ? kasan_save_track+0x4f/0x80 [ 293.508709][ T7057] ? kasan_save_track+0x3e/0x80 [ 293.508734][ T7057] ? kasan_save_free_info+0x46/0x50 [ 293.508771][ T7057] ? kmem_cache_free+0x18f/0x400 [pid 7079] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7058] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7058] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7056] exit_group(0) = ? [pid 7058] +++ exited with 0 +++ [pid 7056] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7056, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=84 /* 0.84 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 293.508799][ T7057] ? __xfs_trans_commit+0x3e0/0xbd0 [ 293.508824][ T7057] ? xfs_trans_roll+0x130/0x450 [ 293.508848][ T7057] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 293.508887][ T7057] xfs_attr_set_iter+0x2d4/0x4b70 [ 293.508928][ T7057] ? filename_setxattr+0x274/0x600 [ 293.508961][ T7057] ? path_setxattrat+0x364/0x3a0 [ 293.508983][ T7057] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 293.509035][ T7057] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 293.509092][ T7057] ? kasan_quarantine_put+0xdd/0x220 [ 293.509118][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509146][ T7057] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.509186][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509220][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509248][ T7057] ? kmem_cache_free+0x18f/0x400 [ 293.509276][ T7057] ? __xfs_trans_commit+0x3e0/0xbd0 [ 293.509307][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509334][ T7057] ? __xfs_trans_commit+0x4c7/0xbd0 [ 293.509378][ T7057] xfs_attr_finish_item+0xed/0x320 [ 293.509418][ T7057] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 293.509455][ T7057] xfs_defer_finish_one+0x5c8/0xcf0 [ 293.509515][ T7057] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 293.509564][ T7057] xfs_defer_finish_noroll+0x910/0x12d0 [ 293.509603][ T7057] ? xfs_trans_commit+0x10b/0x1c0 [ 293.509635][ T7057] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 293.509669][ T7057] ? inode_set_ctime_current+0x740/0xb40 [ 293.509716][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509744][ T7057] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 293.509784][ T7057] xfs_trans_commit+0x10b/0x1c0 [pid 5871] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7055] exit_group(0) = ? [ 293.509811][ T7057] ? __pfx_xfs_trans_commit+0x10/0x10 [ 293.509843][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.509871][ T7057] ? xfs_trans_log_inode+0x12c/0x1a0 [ 293.509911][ T7057] xfs_attr_set+0xdc6/0x1210 [ 293.509970][ T7057] ? __pfx_xfs_attr_set+0x10/0x10 [ 293.510003][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510031][ T7057] ? __lock_acquire+0xab9/0xd20 [ 293.510067][ T7057] ? xfs_da_hashname+0x59d/0x740 [ 293.510099][ T7057] ? do_raw_spin_lock+0x121/0x290 [ 293.510142][ T7057] ? xfs_attr_change+0x2ac/0x390 [ 293.510176][ T7057] xfs_xattr_set+0x14d/0x250 [ 293.510207][ T7057] ? __pfx_xfs_xattr_set+0x10/0x10 [ 293.510252][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510280][ T7057] ? evm_protect_xattr+0x4d4/0xa90 [ 293.510306][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510333][ T7057] ? rcu_is_watching+0x15/0xb0 [ 293.510366][ T7057] ? __pfx_evm_protect_xattr+0x10/0x10 [ 293.510394][ T7057] ? __pfx_xfs_xattr_set+0x10/0x10 [ 293.510421][ T7057] __vfs_setxattr+0x43c/0x480 [ 293.510471][ T7057] __vfs_setxattr_noperm+0x12d/0x660 [ 293.510514][ T7057] vfs_setxattr+0x16b/0x2f0 [ 293.510555][ T7057] ? __pfx_vfs_setxattr+0x10/0x10 [ 293.510586][ T7057] ? mnt_get_write_access+0x223/0x2a0 [ 293.510616][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510650][ T7057] filename_setxattr+0x274/0x600 [ 293.510697][ T7057] ? __pfx_filename_setxattr+0x10/0x10 [ 293.510735][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510763][ T7057] ? getname_flags+0x1e5/0x540 [ 293.510804][ T7057] path_setxattrat+0x364/0x3a0 [pid 7079] <... write resumed>) = 16777216 [ 293.510840][ T7057] ? __pfx_path_setxattrat+0x10/0x10 [ 293.510905][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.510939][ T7057] ? rcu_is_watching+0x15/0xb0 [ 293.510975][ T7057] __x64_sys_lsetxattr+0xbf/0xe0 [ 293.511016][ T7057] do_syscall_64+0xfa/0x3b0 [ 293.511040][ T7057] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.511078][ T7057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.511102][ T7057] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.511130][ T7057] ? exc_page_fault+0x9f/0xf0 [ 293.511171][ T7057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.511195][ T7057] RIP: 0033:0x7f3cdbf794f9 [ 293.511218][ T7057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 293.511240][ T7057] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 293.511266][ T7057] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 293.511285][ T7057] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 7079] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7078] <... write resumed>) = 16777216 [pid 7079] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 293.511304][ T7057] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 293.511321][ T7057] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 293.511337][ T7057] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 293.511377][ T7057] [ 293.511664][ T7058] CPU: 0 UID: 0 PID: 7058 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 293.511694][ T7058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 293.511708][ T7058] Call Trace: [pid 7079] ioctl(4, LOOP_SET_FD, 3 [pid 7078] munmap(0x7f3cd3a00000, 138412032 [pid 7057] <... lsetxattr resumed>) = ? [pid 7078] <... munmap resumed>) = 0 [ 293.511718][ T7058] [ 293.511728][ T7058] dump_stack_lvl+0x189/0x250 [ 293.511759][ T7058] ? __pfx__xfs_alert_tag+0x10/0x10 [ 293.511793][ T7058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.511826][ T7058] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 293.511869][ T7058] xfs_corruption_error+0x122/0x170 [ 293.511906][ T7058] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 293.511947][ T7058] xfs_alloc_fixup_trees+0x95e/0xd20 [ 293.511975][ T7058] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7078] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7079] <... ioctl resumed>) = 0 [pid 7057] +++ exited with 0 +++ [pid 7055] +++ exited with 0 +++ [pid 7079] close(3) = 0 [pid 7079] close(4) = 0 [pid 7079] mkdir("./file1", 0777) = 0 [ 293.512015][ T7058] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 293.512044][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512073][ T7058] ? rcu_is_watching+0x15/0xb0 [ 293.512101][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512129][ T7058] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 293.512160][ T7058] ? rcu_is_watching+0x15/0xb0 [ 293.512198][ T7058] xfs_alloc_cur_finish+0xd3/0x4b0 [ 293.512227][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512258][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512291][ T7058] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 293.512347][ T7058] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 293.512375][ T7058] ? xfs_group_grab+0x28/0x480 [ 293.512409][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512437][ T7058] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 293.512469][ T7058] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 293.512515][ T7058] xfs_alloc_vextent_start_ag+0x388/0x850 [ 293.512553][ T7058] xfs_bmapi_allocate+0x188e/0x2e00 [ 293.512617][ T7058] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [pid 7079] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7078] <... openat resumed>) = 4 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7055, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=109 /* 1.09 s */} --- [pid 5874] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7078] ioctl(4, LOOP_SET_FD, 3 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 293.512649][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512698][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512726][ T7058] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 293.512750][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.512778][ T7058] ? xfs_iext_prev+0x35a/0x370 [ 293.512816][ T7058] ? xfs_iext_get_extent+0x1bb/0x370 [ 293.512846][ T7058] xfs_bmapi_write+0x7df/0x1260 [ 293.512904][ T7058] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 293.512990][ T7058] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 5874] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7078] <... ioctl resumed>) = 0 [pid 7078] close(3) = 0 [pid 5871] <... umount2 resumed>) = 0 [ 293.513032][ T7058] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 293.513062][ T7058] ? kasan_save_track+0x4f/0x80 [ 293.513092][ T7058] ? kasan_save_track+0x3e/0x80 [ 293.513116][ T7058] ? kasan_save_free_info+0x46/0x50 [ 293.513153][ T7058] ? kmem_cache_free+0x18f/0x400 [ 293.513182][ T7058] ? __xfs_trans_commit+0x3e0/0xbd0 [ 293.513207][ T7058] ? xfs_trans_roll+0x130/0x450 [ 293.513230][ T7058] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 293.513270][ T7058] xfs_attr_set_iter+0x2d4/0x4b70 [ 293.513304][ T7058] ? filename_setxattr+0x274/0x600 [pid 7078] close(4 [pid 5871] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7078] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7078] mkdir("./file1", 0777 [pid 5871] newfstatat(AT_FDCWD, "./26/file1", [pid 7078] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 293.513338][ T7058] ? path_setxattrat+0x364/0x3a0 [ 293.513359][ T7058] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 293.513412][ T7058] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 293.513469][ T7058] ? kasan_quarantine_put+0xdd/0x220 [ 293.513495][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.513524][ T7058] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.513564][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.513598][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.513626][ T7058] ? kmem_cache_free+0x18f/0x400 [ 293.513654][ T7058] ? __xfs_trans_commit+0x3e0/0xbd0 [ 293.513685][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.513714][ T7058] ? __xfs_trans_commit+0x4c7/0xbd0 [ 293.513757][ T7058] xfs_attr_finish_item+0xed/0x320 [ 293.513800][ T7058] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 293.513838][ T7058] xfs_defer_finish_one+0x5c8/0xcf0 [ 293.513900][ T7058] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 293.513960][ T7058] xfs_defer_finish_noroll+0x910/0x12d0 [ 293.514000][ T7058] ? xfs_trans_commit+0x10b/0x1c0 [pid 7078] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 293.514033][ T7058] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 293.514068][ T7058] ? inode_set_ctime_current+0x740/0xb40 [ 293.514117][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.514145][ T7058] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 293.514187][ T7058] xfs_trans_commit+0x10b/0x1c0 [ 293.514213][ T7058] ? __pfx_xfs_trans_commit+0x10/0x10 [ 293.514247][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.514276][ T7058] ? xfs_trans_log_inode+0x12c/0x1a0 [ 293.514318][ T7058] xfs_attr_set+0xdc6/0x1210 [pid 5871] openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./26/file1") = 0 [pid 5871] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./26/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./26") = 0 [pid 5871] mkdir("./27", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 293.514365][ T7058] ? __pfx_xfs_attr_set+0x10/0x10 [ 293.514400][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.514429][ T7058] ? __lock_acquire+0xab9/0xd20 [ 293.514467][ T7058] ? xfs_da_hashname+0x59d/0x740 [ 293.514499][ T7058] ? do_raw_spin_lock+0x121/0x290 [ 293.514543][ T7058] ? xfs_attr_change+0x2ac/0x390 [ 293.514579][ T7058] xfs_xattr_set+0x14d/0x250 [ 293.514612][ T7058] ? __pfx_xfs_xattr_set+0x10/0x10 [ 293.514658][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.514688][ T7058] ? evm_protect_xattr+0x4d4/0xa90 [ 293.514715][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.514744][ T7058] ? rcu_is_watching+0x15/0xb0 [ 293.514780][ T7058] ? __pfx_evm_protect_xattr+0x10/0x10 [ 293.514808][ T7058] ? __pfx_xfs_xattr_set+0x10/0x10 [ 293.514837][ T7058] __vfs_setxattr+0x43c/0x480 [ 293.514886][ T7058] __vfs_setxattr_noperm+0x12d/0x660 [ 293.514935][ T7058] vfs_setxattr+0x16b/0x2f0 [ 293.514977][ T7058] ? __pfx_vfs_setxattr+0x10/0x10 [ 293.515007][ T7058] ? mnt_get_write_access+0x223/0x2a0 [ 293.515037][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.515071][ T7058] filename_setxattr+0x274/0x600 [ 293.515117][ T7058] ? __pfx_filename_setxattr+0x10/0x10 [ 293.515156][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.515183][ T7058] ? getname_flags+0x1e5/0x540 [ 293.515225][ T7058] path_setxattrat+0x364/0x3a0 [ 293.515261][ T7058] ? __pfx_path_setxattrat+0x10/0x10 [ 293.515326][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.515354][ T7058] ? rcu_is_watching+0x15/0xb0 [ 293.515390][ T7058] __x64_sys_lsetxattr+0xbf/0xe0 [ 293.515430][ T7058] do_syscall_64+0xfa/0x3b0 [ 293.515455][ T7058] ? lockdep_hardirqs_on+0x9c/0x150 [ 293.515493][ T7058] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.515517][ T7058] ? srso_alias_return_thunk+0x5/0xfbef5 [ 293.515545][ T7058] ? exc_page_fault+0x9f/0xf0 [ 293.515585][ T7058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.515609][ T7058] RIP: 0033:0x7f3cdbf794f9 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7091 attached [pid 7091] set_robust_list(0x55555d962760, 24) = 0 [pid 7091] chdir("./27") = 0 [pid 7091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7091] setpgid(0, 0) = 0 [pid 7091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7091] write(3, "1000", 4) = 4 [pid 7091] close(3) = 0 [pid 7091] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7091] write(1, "executing program\n", 18) = 18 [pid 7091] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 293.515630][ T7058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 293.515652][ T7058] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 293.515677][ T7058] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 293.515696][ T7058] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 293.515714][ T7058] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 293.515731][ T7058] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7091] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7091 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7093]}, 88) = 7093 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7093 attached [pid 7093] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7093] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7093] memfd_create("syzkaller", 0) = 3 [ 293.515747][ T7058] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 293.515786][ T7058] [ 293.516058][ T7058] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 293.676911][ T7057] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 293.685830][ T7058] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 293.689726][ T7057] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 293.693313][ T7058] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 293.710628][ T7057] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 294.209772][ T7079] loop2: detected capacity change from 0 to 32768 [ 294.245069][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 294.290249][ T7079] XFS: noikeep mount option is deprecated. [pid 5874] <... umount2 resumed>) = 0 [ 294.359693][ T7078] loop1: detected capacity change from 0 to 32768 [ 294.416572][ T7079] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 294.434822][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 294.509890][ T7078] XFS: noikeep mount option is deprecated. [ 294.590078][ T7079] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 294.886167][ T7078] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [ 295.041000][ T7079] XFS (loop2): Starting recovery (logdev: internal) [ 295.053748][ T7078] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5874] getdents64(4, [pid 7093] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./27/file1") = 0 [pid 5874] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./27/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./27") = 0 [pid 5874] mkdir("./28", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7079] <... mount resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 295.089985][ T7078] XFS (loop1): Starting recovery (logdev: internal) [ 295.104090][ T7079] XFS (loop2): Ending recovery (logdev: internal) [pid 7079] chdir("./file1") = 0 [pid 7079] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7079] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7077] <... futex resumed>) = 0 [pid 7079] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7077] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7079] <... futex resumed>) = 0 [pid 7077] <... futex resumed>) = 1 [pid 7079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7077] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... mount resumed>) = 0 [pid 7079] <... openat resumed>) = 4 [pid 7078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7079] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... openat resumed>) = 3 [pid 7079] <... futex resumed>) = 1 [pid 7077] <... futex resumed>) = 0 [pid 7079] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7078] chdir("./file1" [pid 7077] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... chdir resumed>) = 0 [pid 7078] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7078] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7078] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] <... futex resumed>) = 0 [pid 7078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... openat resumed>) = 4 [pid 7078] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7078] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7076] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7079] <... pwritev2 resumed>) = 65007 [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7079] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7077] <... futex resumed>) = 0 [pid 7077] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7079] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7077] <... futex resumed>) = 0 [ 295.140309][ T7078] XFS (loop1): Ending recovery (logdev: internal) [pid 7077] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... pwritev2 resumed>) = 65007 [pid 7078] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7078] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7076] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7077] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7077] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7098 attached => {parent_tid=[7098]}, 88) = 7098 [pid 7079] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7098] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7077] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] <... rseq resumed>) = 0 [pid 7098] set_robust_list(0x7f3cdbf049a0, 24 [ 295.183888][ T7079] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 295.211130][ T7079] XFS (loop2): Unmount and run xfs_repair [ 295.220145][ T7078] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7079] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7098] <... set_robust_list resumed>) = 0 [pid 7079] <... futex resumed>) = 0 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], [pid 7079] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7078] <... futex resumed>) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7078] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7076] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 295.247988][ T7078] XFS (loop1): Unmount and run xfs_repair [ 295.271411][ T7078] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 295.285323][ T7098] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 295.307170][ T7078] CPU: 1 UID: 0 PID: 7078 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 295.307214][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.307231][ T7078] Call Trace: [ 295.307241][ T7078] [ 295.307252][ T7078] dump_stack_lvl+0x189/0x250 [ 295.307288][ T7078] ? __pfx__xfs_alert_tag+0x10/0x10 [ 295.307326][ T7078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.307362][ T7078] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7076] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 295.307410][ T7078] xfs_corruption_error+0x122/0x170 [ 295.307450][ T7078] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 295.307485][ T7078] xfs_alloc_fixup_trees+0x95e/0xd20 [ 295.307515][ T7078] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 295.307557][ T7078] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 295.307588][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.307617][ T7078] ? rcu_is_watching+0x15/0xb0 [ 295.307648][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.307676][ T7078] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 295.307708][ T7078] ? rcu_is_watching+0x15/0xb0 [ 295.307748][ T7078] xfs_alloc_cur_finish+0xd3/0x4b0 [ 295.307779][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.307810][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.307844][ T7078] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 295.307902][ T7078] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 295.307932][ T7078] ? xfs_group_grab+0x28/0x480 [ 295.307969][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.307995][ T7078] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 295.308028][ T7078] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 295.308075][ T7078] xfs_alloc_vextent_start_ag+0x388/0x850 [ 295.308113][ T7078] xfs_bmapi_allocate+0x188e/0x2e00 [ 295.308183][ T7078] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 295.308214][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.308265][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.308292][ T7078] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 295.308316][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.308344][ T7078] ? xfs_iext_prev+0x35a/0x370 [pid 7093] <... write resumed>) = 16777216 [pid 5874] <... close resumed>) = 0 [ 295.308382][ T7078] ? xfs_iext_get_extent+0x1bb/0x370 [ 295.308413][ T7078] xfs_bmapi_write+0x7df/0x1260 [ 295.308473][ T7078] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 295.308550][ T7078] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 295.308592][ T7078] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 295.308623][ T7078] ? kasan_save_track+0x4f/0x80 [ 295.308650][ T7078] ? kasan_save_track+0x3e/0x80 [ 295.308675][ T7078] ? kasan_save_free_info+0x46/0x50 [ 295.308710][ T7078] ? kmem_cache_free+0x18f/0x400 [pid 7093] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7093] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7099 attached [pid 7078] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 295.308739][ T7078] ? __xfs_trans_commit+0x3e0/0xbd0 [ 295.308764][ T7078] ? xfs_trans_roll+0x130/0x450 [ 295.308789][ T7078] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 295.308829][ T7078] xfs_attr_set_iter+0x2d4/0x4b70 [ 295.308865][ T7078] ? filename_setxattr+0x274/0x600 [ 295.308900][ T7078] ? path_setxattrat+0x364/0x3a0 [ 295.308922][ T7078] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 295.308974][ T7078] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 295.309032][ T7078] ? kasan_quarantine_put+0xdd/0x220 [ 295.309060][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7093] <... ioctl resumed>) = 0 [pid 7093] close(3) = 0 [pid 7093] close(4) = 0 [pid 7093] mkdir("./file1", 0777) = 0 [ 295.309084][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.309120][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309150][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309181][ T7078] ? kmem_cache_free+0x18f/0x400 [ 295.309206][ T7078] ? __xfs_trans_commit+0x3e0/0xbd0 [ 295.309234][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309259][ T7078] ? __xfs_trans_commit+0x4c7/0xbd0 [ 295.309296][ T7078] xfs_attr_finish_item+0xed/0x320 [ 295.309332][ T7078] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 295.309364][ T7078] xfs_defer_finish_one+0x5c8/0xcf0 [ 295.309417][ T7078] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 295.309460][ T7078] xfs_defer_finish_noroll+0x910/0x12d0 [ 295.309494][ T7078] ? xfs_trans_commit+0x10b/0x1c0 [ 295.309522][ T7078] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 295.309551][ T7078] ? inode_set_ctime_current+0x740/0xb40 [ 295.309593][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309617][ T7078] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 295.309653][ T7078] xfs_trans_commit+0x10b/0x1c0 [ 295.309676][ T7078] ? __pfx_xfs_trans_commit+0x10/0x10 [ 295.309704][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309729][ T7078] ? xfs_trans_log_inode+0x12c/0x1a0 [ 295.309764][ T7078] xfs_attr_set+0xdc6/0x1210 [ 295.309806][ T7078] ? __pfx_xfs_attr_set+0x10/0x10 [ 295.309836][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.309860][ T7078] ? __lock_acquire+0xab9/0xd20 [ 295.309892][ T7078] ? xfs_da_hashname+0x59d/0x740 [ 295.309920][ T7078] ? do_raw_spin_lock+0x121/0x290 [ 295.309958][ T7078] ? xfs_attr_change+0x2ac/0x390 [ 295.309988][ T7078] xfs_xattr_set+0x14d/0x250 [ 295.310016][ T7078] ? __pfx_xfs_xattr_set+0x10/0x10 [ 295.310055][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310081][ T7078] ? evm_protect_xattr+0x4d4/0xa90 [ 295.310106][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310130][ T7078] ? rcu_is_watching+0x15/0xb0 [ 295.310160][ T7078] ? __pfx_evm_protect_xattr+0x10/0x10 [ 295.310192][ T7078] ? __pfx_xfs_xattr_set+0x10/0x10 [ 295.310216][ T7078] __vfs_setxattr+0x43c/0x480 [ 295.310259][ T7078] __vfs_setxattr_noperm+0x12d/0x660 [ 295.310297][ T7078] vfs_setxattr+0x16b/0x2f0 [ 295.310334][ T7078] ? __pfx_vfs_setxattr+0x10/0x10 [ 295.310360][ T7078] ? mnt_get_write_access+0x223/0x2a0 [ 295.310386][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310416][ T7078] filename_setxattr+0x274/0x600 [ 295.310456][ T7078] ? __pfx_filename_setxattr+0x10/0x10 [ 295.310490][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310515][ T7078] ? getname_flags+0x1e5/0x540 [ 295.310551][ T7078] path_setxattrat+0x364/0x3a0 [pid 7093] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid"executing program [pid 7099] set_robust_list(0x55555d962760, 24 [pid 7098] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7078] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7099 [pid 7099] <... set_robust_list resumed>) = 0 [pid 7098] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... futex resumed>) = 0 [pid 7099] chdir("./28" [pid 7098] <... futex resumed>) = 0 [pid 7078] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] <... chdir resumed>) = 0 [pid 7099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7077] exit_group(0 [pid 7076] exit_group(0 [pid 7099] <... prctl resumed>) = 0 [pid 7079] <... futex resumed>) = ? [pid 7078] <... futex resumed>) = ? [pid 7077] <... exit_group resumed>) = ? [pid 7076] <... exit_group resumed>) = ? [pid 7099] setpgid(0, 0 [pid 7098] +++ exited with 0 +++ [pid 7079] +++ exited with 0 +++ [pid 7078] +++ exited with 0 +++ [pid 7077] +++ exited with 0 +++ [pid 7076] +++ exited with 0 +++ [pid 7099] <... setpgid resumed>) = 0 [pid 7099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7077, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=109 /* 1.09 s */} --- [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=65 /* 0.65 s */} --- [pid 7099] <... openat resumed>) = 3 [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7099] write(3, "1000", 4) = 4 [pid 7099] close(3) = 0 [pid 7099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7099] write(1, "executing program\n", 18) = 18 [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7099] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7100 attached [pid 7100] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7099] <... clone3 resumed> => {parent_tid=[7100]}, 88) = 7100 [pid 7100] <... rseq resumed>) = 0 [pid 7099] rt_sigprocmask(SIG_SETMASK, [], [pid 7100] set_robust_list(0x7f3cdbf259a0, 24 [pid 7099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... restart_syscall resumed>) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 7100] <... set_robust_list resumed>) = 0 [pid 7099] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] rt_sigprocmask(SIG_SETMASK, [], [pid 7099] <... futex resumed>) = 0 [pid 7100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7100] memfd_create("syzkaller", 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... openat resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5873] newfstatat(3, "", [pid 5872] newfstatat(3, "", [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] getdents64(3, [pid 5873] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7100] <... memfd_create resumed>) = 3 [pid 7100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 295.310582][ T7078] ? __pfx_path_setxattrat+0x10/0x10 [ 295.310639][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310664][ T7078] ? rcu_is_watching+0x15/0xb0 [ 295.310696][ T7078] __x64_sys_lsetxattr+0xbf/0xe0 [ 295.310731][ T7078] do_syscall_64+0xfa/0x3b0 [ 295.310753][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.310787][ T7078] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.310808][ T7078] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.310832][ T7078] ? exc_page_fault+0x9f/0xf0 [ 295.310868][ T7078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.310889][ T7078] RIP: 0033:0x7f3cdbf794f9 [ 295.310909][ T7078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 295.310928][ T7078] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 295.310952][ T7078] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 295.310968][ T7078] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 295.310984][ T7078] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 295.310999][ T7078] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 295.311013][ T7078] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 295.311047][ T7078] [ 295.311065][ T7078] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 295.447212][ T7098] CPU: 0 UID: 0 PID: 7098 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 295.447248][ T7098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.447263][ T7098] Call Trace: [ 295.447274][ T7098] [ 295.447285][ T7098] dump_stack_lvl+0x189/0x250 [ 295.447322][ T7098] ? __pfx__xfs_alert_tag+0x10/0x10 [ 295.447360][ T7098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.447394][ T7098] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 295.447442][ T7098] xfs_corruption_error+0x122/0x170 [ 295.447480][ T7098] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 295.447515][ T7098] xfs_alloc_fixup_trees+0x95e/0xd20 [ 295.447543][ T7098] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 295.447583][ T7098] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 295.447613][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.447642][ T7098] ? rcu_is_watching+0x15/0xb0 [ 295.447671][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.447699][ T7098] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 295.447729][ T7098] ? rcu_is_watching+0x15/0xb0 [ 295.447768][ T7098] xfs_alloc_cur_finish+0xd3/0x4b0 [ 295.447796][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7100] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 295.447826][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.447860][ T7098] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 295.447916][ T7098] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 295.447951][ T7098] ? xfs_group_grab+0x28/0x480 [ 295.447987][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.448015][ T7098] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 295.448048][ T7098] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 295.448095][ T7098] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 7100] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7100] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 295.448133][ T7098] xfs_bmapi_allocate+0x188e/0x2e00 [ 295.448196][ T7098] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 295.448228][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.448277][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.448304][ T7098] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 295.448328][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.448355][ T7098] ? xfs_iext_prev+0x35a/0x370 [ 295.448393][ T7098] ? xfs_iext_get_extent+0x1bb/0x370 [ 295.448423][ T7098] xfs_bmapi_write+0x7df/0x1260 [ 295.448482][ T7098] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 295.448559][ T7098] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 295.448600][ T7098] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 295.448629][ T7098] ? kasan_save_track+0x4f/0x80 [ 295.448655][ T7098] ? kasan_save_track+0x3e/0x80 [ 295.448680][ T7098] ? kasan_save_free_info+0x46/0x50 [ 295.448715][ T7098] ? kmem_cache_free+0x18f/0x400 [ 295.448744][ T7098] ? __xfs_trans_commit+0x3e0/0xbd0 [ 295.448768][ T7098] ? xfs_trans_roll+0x130/0x450 [ 295.448791][ T7098] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 295.448829][ T7098] xfs_attr_set_iter+0x2d4/0x4b70 [ 295.448863][ T7098] ? filename_setxattr+0x274/0x600 [ 295.448897][ T7098] ? path_setxattrat+0x364/0x3a0 [ 295.448919][ T7098] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 295.448978][ T7098] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 295.449033][ T7098] ? kasan_quarantine_put+0xdd/0x220 [ 295.449058][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449086][ T7098] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.449126][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449160][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7100] close(3) = 0 [pid 7100] close(4) = 0 [pid 7100] mkdir("./file1", 0777) = 0 [ 295.449186][ T7098] ? kmem_cache_free+0x18f/0x400 [ 295.449214][ T7098] ? __xfs_trans_commit+0x3e0/0xbd0 [ 295.449246][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449274][ T7098] ? __xfs_trans_commit+0x4c7/0xbd0 [ 295.449316][ T7098] xfs_attr_finish_item+0xed/0x320 [ 295.449355][ T7098] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 295.449391][ T7098] xfs_defer_finish_one+0x5c8/0xcf0 [ 295.449450][ T7098] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 295.449498][ T7098] xfs_defer_finish_noroll+0x910/0x12d0 [pid 7100] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 295.449537][ T7098] ? xfs_trans_commit+0x10b/0x1c0 [ 295.449568][ T7098] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 295.449600][ T7098] ? inode_set_ctime_current+0x740/0xb40 [ 295.449647][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449673][ T7098] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 295.449713][ T7098] xfs_trans_commit+0x10b/0x1c0 [ 295.449740][ T7098] ? __pfx_xfs_trans_commit+0x10/0x10 [ 295.449771][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449799][ T7098] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5873] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./27/file1") = 0 [pid 5873] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./27/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./27") = 0 [pid 5873] mkdir("./28", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... umount2 resumed>) = 0 [pid 5873] <... openat resumed>) = 3 [pid 5872] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] ioctl(3, LOOP_CLR_FD [pid 5872] newfstatat(AT_FDCWD, "./27/file1", [pid 5873] <... ioctl resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] close(3 [ 295.449839][ T7098] xfs_attr_set+0xdc6/0x1210 [ 295.449887][ T7098] ? __pfx_xfs_attr_set+0x10/0x10 [ 295.449920][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.449958][ T7098] ? __lock_acquire+0xab9/0xd20 [ 295.449994][ T7098] ? xfs_da_hashname+0x59d/0x740 [ 295.450025][ T7098] ? do_raw_spin_lock+0x121/0x290 [ 295.450066][ T7098] ? xfs_attr_change+0x2ac/0x390 [ 295.450100][ T7098] xfs_xattr_set+0x14d/0x250 [ 295.450132][ T7098] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 5872] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./27/file1") = 0 [pid 5872] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 295.450176][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.450203][ T7098] ? evm_protect_xattr+0x4d4/0xa90 [ 295.450230][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.450257][ T7098] ? rcu_is_watching+0x15/0xb0 [ 295.450291][ T7098] ? __pfx_evm_protect_xattr+0x10/0x10 [ 295.450318][ T7098] ? __pfx_xfs_xattr_set+0x10/0x10 [ 295.450346][ T7098] __vfs_setxattr+0x43c/0x480 [ 295.450394][ T7098] __vfs_setxattr_noperm+0x12d/0x660 [ 295.450437][ T7098] vfs_setxattr+0x16b/0x2f0 [pid 5872] unlink("./27/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./27") = 0 [pid 5872] mkdir("./28", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 295.450478][ T7098] ? __pfx_vfs_setxattr+0x10/0x10 [ 295.450508][ T7098] ? mnt_get_write_access+0x223/0x2a0 [ 295.450537][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.450570][ T7098] filename_setxattr+0x274/0x600 [ 295.450617][ T7098] ? __pfx_filename_setxattr+0x10/0x10 [ 295.450654][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.450682][ T7098] ? getname_flags+0x1e5/0x540 [ 295.450722][ T7098] path_setxattrat+0x364/0x3a0 [ 295.450759][ T7098] ? __pfx_path_setxattrat+0x10/0x10 [ 295.450823][ T7098] ? srso_alias_return_thunk+0x5/0xfbef5 [ 295.450850][ T7098] ? rcu_is_watching+0x15/0xb0 [ 295.450885][ T7098] __x64_sys_lsetxattr+0xbf/0xe0 [ 295.450935][ T7098] do_syscall_64+0xfa/0x3b0 [ 295.450963][ T7098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.450987][ T7098] ? __switch_to_asm+0x39/0x70 [ 295.451018][ T7098] ? __switch_to_asm+0x33/0x70 [ 295.451055][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.451079][ T7098] RIP: 0033:0x7f3cdbf794f9 [ 295.451102][ T7098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 295.451123][ T7098] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 295.451149][ T7098] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 295.451168][ T7098] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 295.451186][ T7098] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 295.451202][ T7098] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 295.451219][ T7098] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 295.451257][ T7098] [ 295.451361][ T7098] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 295.549724][ T7078] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 295.584802][ T7098] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 295.590365][ T7078] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 295.597530][ T7093] loop0: detected capacity change from 0 to 32768 [ 295.605990][ T7098] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 295.650397][ T7093] XFS: noikeep mount option is deprecated. [ 296.207195][ T7100] loop3: detected capacity change from 0 to 32768 [ 296.211485][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 296.324401][ T7100] XFS: noikeep mount option is deprecated. [ 296.343334][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 296.380539][ T7093] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 296.415622][ T7100] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 296.550789][ T7100] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... close resumed>) = 0 ./strace-static-x86_64: Process 7117 attached [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7117] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7117 ./strace-static-x86_64: Process 7118 attached [pid 7117] <... set_robust_list resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7118 [pid 7118] set_robust_list(0x55555d962760, 24 [pid 7117] chdir("./28") = 0 [pid 7117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7117] setpgid(0, 0) = 0 [pid 7118] <... set_robust_list resumed>) = 0 [pid 7117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 296.874933][ T7093] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 296.890990][ T7100] XFS (loop3): Starting recovery (logdev: internal) [ 296.895556][ T7093] XFS (loop0): Starting recovery (logdev: internal) [ 296.916624][ T7093] XFS (loop0): Ending recovery (logdev: internal) [pid 7118] chdir("./28" [pid 7117] <... openat resumed>) = 3 [pid 7093] <... mount resumed>) = 0 [pid 7117] write(3, "1000", 4) = 4 [pid 7117] close(3) = 0 [pid 7117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7118] <... chdir resumed>) = 0 [pid 7118] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7118] <... prctl resumed>) = 0 [pid 7117] write(1, "executing program\n", 18 [pid 7100] <... mount resumed>) = 0 [pid 7093] <... openat resumed>) = 3 [pid 7118] setpgid(0, 0 [pid 7100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORYexecuting program [pid 7093] chdir("./file1" [pid 7118] <... setpgid resumed>) = 0 [pid 7117] <... write resumed>) = 18 [pid 7100] <... openat resumed>) = 3 [pid 7093] <... chdir resumed>) = 0 [pid 7118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7093] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7118] <... openat resumed>) = 3 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] chdir("./file1" [pid 7093] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7118] write(3, "1000", 4 [pid 7117] <... futex resumed>) = 0 [pid 7100] <... chdir resumed>) = 0 [pid 7093] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... write resumed>) = 4 [pid 7117] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7100] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7093] <... futex resumed>) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7118] close(3 [pid 7117] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7093] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] <... close resumed>) = 0 [pid 7091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] symlink("/dev/binderfs", "./binderfs" [pid 7093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7091] <... futex resumed>) = 0 [pid 7117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 executing program [pid 7118] <... symlink resumed>) = 0 [pid 7117] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7118] write(1, "executing program\n", 18 [pid 7117] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7118] <... write resumed>) = 18 [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7118] <... futex resumed>) = 0 [pid 7100] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7093] <... openat resumed>) = 4 [pid 7118] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7100] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7117] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7100] <... futex resumed>) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7100] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7099] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7091] <... futex resumed>) = 0 [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7093] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7118] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7100] <... openat resumed>) = 4 [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7118] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7100] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7119 attached [pid 7118] <... mprotect resumed>) = 0 [pid 7100] <... futex resumed>) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7119] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7100] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... rseq resumed>) = 0 [pid 7117] <... clone3 resumed> => {parent_tid=[7119]}, 88) = 7119 [pid 7100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7099] <... futex resumed>) = 0 [pid 7119] set_robust_list(0x7f3cdbf259a0, 24 [pid 7117] rt_sigprocmask(SIG_SETMASK, [], [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... set_robust_list resumed>) = 0 [pid 7117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7100] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], [pid 7117] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7117] <... futex resumed>) = 0 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7120 attached [pid 7119] memfd_create("syzkaller", 0 [pid 7120] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7118] <... clone3 resumed> => {parent_tid=[7120]}, 88) = 7120 [pid 7120] <... rseq resumed>) = 0 [pid 7119] <... memfd_create resumed>) = 3 [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 7120] set_robust_list(0x7f3cdbf259a0, 24 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7120] <... set_robust_list resumed>) = 0 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7118] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... pwritev2 resumed>) = 65007 [pid 7093] <... pwritev2 resumed>) = 65007 [pid 7120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] <... futex resumed>) = 0 [pid 7119] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7100] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] memfd_create("syzkaller", 0 [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7100] <... futex resumed>) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7120] <... memfd_create resumed>) = 3 [ 296.925439][ T7100] XFS (loop3): Ending recovery (logdev: internal) [pid 7100] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7099] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7091] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7099] <... futex resumed>) = 0 [pid 7091] <... futex resumed>) = 0 [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7091] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7120] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7100] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 296.971120][ T7100] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 296.987594][ T7093] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 297.007608][ T7100] XFS (loop3): Unmount and run xfs_repair [pid 7100] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7099] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7093] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7091] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7091] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7121 attached => {parent_tid=[7121]}, 88) = 7121 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7091] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7121] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7093] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 297.016891][ T7093] XFS (loop0): Unmount and run xfs_repair [ 297.026029][ T7100] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 297.038651][ T7121] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 7093] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7091] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7099] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 297.057635][ T7100] CPU: 1 UID: 0 PID: 7100 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 297.057671][ T7100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.057687][ T7100] Call Trace: [ 297.057698][ T7100] [ 297.057708][ T7100] dump_stack_lvl+0x189/0x250 [ 297.057745][ T7100] ? __pfx__xfs_alert_tag+0x10/0x10 [ 297.057782][ T7100] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.057816][ T7100] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 297.057862][ T7100] xfs_corruption_error+0x122/0x170 [ 297.057901][ T7100] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 297.057936][ T7100] xfs_alloc_fixup_trees+0x95e/0xd20 [ 297.057965][ T7100] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 297.058012][ T7100] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 297.058043][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058072][ T7100] ? rcu_is_watching+0x15/0xb0 [ 297.058101][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058129][ T7100] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 297.058159][ T7100] ? rcu_is_watching+0x15/0xb0 [ 297.058198][ T7100] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 7120] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 297.058228][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058257][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058291][ T7100] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 297.058347][ T7100] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 297.058376][ T7100] ? xfs_group_grab+0x28/0x480 [ 297.058412][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058439][ T7100] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 297.058471][ T7100] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 297.058519][ T7100] xfs_alloc_vextent_start_ag+0x388/0x850 [ 297.058557][ T7100] xfs_bmapi_allocate+0x188e/0x2e00 [ 297.058620][ T7100] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 297.058652][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058701][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058729][ T7100] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 297.058753][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.058780][ T7100] ? xfs_iext_prev+0x35a/0x370 [ 297.058819][ T7100] ? xfs_iext_get_extent+0x1bb/0x370 [ 297.058849][ T7100] xfs_bmapi_write+0x7df/0x1260 [ 297.058908][ T7100] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 297.058987][ T7100] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 297.059033][ T7100] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 297.059063][ T7100] ? kasan_save_track+0x4f/0x80 [ 297.059089][ T7100] ? kasan_save_track+0x3e/0x80 [ 297.059113][ T7100] ? kasan_save_free_info+0x46/0x50 [ 297.059150][ T7100] ? kmem_cache_free+0x18f/0x400 [ 297.059179][ T7100] ? __xfs_trans_commit+0x3e0/0xbd0 [ 297.059204][ T7100] ? xfs_trans_roll+0x130/0x450 [ 297.059227][ T7100] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 297.059266][ T7100] xfs_attr_set_iter+0x2d4/0x4b70 [ 297.059301][ T7100] ? filename_setxattr+0x274/0x600 [ 297.059334][ T7100] ? path_setxattrat+0x364/0x3a0 [ 297.059356][ T7100] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 297.059408][ T7100] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 297.059465][ T7100] ? kasan_quarantine_put+0xdd/0x220 [ 297.059490][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.059518][ T7100] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.059558][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.059592][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.059620][ T7100] ? kmem_cache_free+0x18f/0x400 [ 297.059647][ T7100] ? __xfs_trans_commit+0x3e0/0xbd0 [ 297.059678][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.059706][ T7100] ? __xfs_trans_commit+0x4c7/0xbd0 [ 297.059749][ T7100] xfs_attr_finish_item+0xed/0x320 [ 297.059789][ T7100] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 297.059826][ T7100] xfs_defer_finish_one+0x5c8/0xcf0 [ 297.059886][ T7100] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 297.059935][ T7100] xfs_defer_finish_noroll+0x910/0x12d0 [ 297.059974][ T7100] ? xfs_trans_commit+0x10b/0x1c0 [ 297.060011][ T7100] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 297.060045][ T7100] ? inode_set_ctime_current+0x740/0xb40 [ 297.060092][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.060120][ T7100] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 297.060160][ T7100] xfs_trans_commit+0x10b/0x1c0 [ 297.060186][ T7100] ? __pfx_xfs_trans_commit+0x10/0x10 [ 297.060218][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.060246][ T7100] ? xfs_trans_log_inode+0x12c/0x1a0 [ 297.060286][ T7100] xfs_attr_set+0xdc6/0x1210 [ 297.060334][ T7100] ? __pfx_xfs_attr_set+0x10/0x10 [ 297.060368][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.060396][ T7100] ? __lock_acquire+0xab9/0xd20 [ 297.060432][ T7100] ? xfs_da_hashname+0x59d/0x740 [ 297.060463][ T7100] ? do_raw_spin_lock+0x121/0x290 [ 297.060506][ T7100] ? xfs_attr_change+0x2ac/0x390 [ 297.060540][ T7100] xfs_xattr_set+0x14d/0x250 [ 297.060572][ T7100] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 7119] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7100] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7100] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] exit_group(0 [pid 7100] <... futex resumed>) = ? [pid 7099] <... exit_group resumed>) = ? [pid 7100] +++ exited with 0 +++ [pid 7099] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7099, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=67 /* 0.67 s */} --- [ 297.060616][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.060644][ T7100] ? evm_protect_xattr+0x4d4/0xa90 [ 297.060671][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.060699][ T7100] ? rcu_is_watching+0x15/0xb0 [ 297.060732][ T7100] ? __pfx_evm_protect_xattr+0x10/0x10 [ 297.060760][ T7100] ? __pfx_xfs_xattr_set+0x10/0x10 [ 297.060787][ T7100] __vfs_setxattr+0x43c/0x480 [ 297.060835][ T7100] __vfs_setxattr_noperm+0x12d/0x660 [ 297.060878][ T7100] vfs_setxattr+0x16b/0x2f0 [ 297.060946][ T7100] ? __pfx_vfs_setxattr+0x10/0x10 [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 7119] <... write resumed>) = 16777216 [pid 5874] <... restart_syscall resumed>) = 0 [pid 5874] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7119] munmap(0x7f3cd3a00000, 138412032 [pid 7091] exit_group(0 [pid 7093] <... futex resumed>) = ? [pid 7091] <... exit_group resumed>) = ? [pid 7093] +++ exited with 0 +++ [ 297.060976][ T7100] ? mnt_get_write_access+0x223/0x2a0 [ 297.061013][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.061048][ T7100] filename_setxattr+0x274/0x600 [ 297.061094][ T7100] ? __pfx_filename_setxattr+0x10/0x10 [ 297.061132][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.061160][ T7100] ? getname_flags+0x1e5/0x540 [ 297.061201][ T7100] path_setxattrat+0x364/0x3a0 [ 297.061237][ T7100] ? __pfx_path_setxattrat+0x10/0x10 [ 297.061302][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.061330][ T7100] ? rcu_is_watching+0x15/0xb0 [pid 7119] <... munmap resumed>) = 0 [pid 7119] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 297.061366][ T7100] __x64_sys_lsetxattr+0xbf/0xe0 [ 297.061407][ T7100] do_syscall_64+0xfa/0x3b0 [ 297.061430][ T7100] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.061468][ T7100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.061492][ T7100] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.061520][ T7100] ? exc_page_fault+0x9f/0xf0 [ 297.061560][ T7100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.061585][ T7100] RIP: 0033:0x7f3cdbf794f9 [ 297.061606][ T7100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 297.061628][ T7100] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 297.061654][ T7100] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 297.061673][ T7100] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 297.061691][ T7100] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7119] ioctl(4, LOOP_SET_FD, 3 [pid 7121] <... lsetxattr resumed>) = ? [pid 7120] <... write resumed>) = 16777216 [pid 7120] munmap(0x7f3cd3a00000, 138412032 [pid 7121] +++ exited with 0 +++ [pid 7091] +++ exited with 0 +++ [ 297.061708][ T7100] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 297.061725][ T7100] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 297.061764][ T7100] [ 297.061775][ T7100] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 297.064797][ T7121] CPU: 0 UID: 0 PID: 7121 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 297.064829][ T7121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.064844][ T7121] Call Trace: [ 297.064854][ T7121] [ 297.064865][ T7121] dump_stack_lvl+0x189/0x250 [ 297.064898][ T7121] ? __pfx__xfs_alert_tag+0x10/0x10 [ 297.064935][ T7121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.064969][ T7121] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 297.065016][ T7121] xfs_corruption_error+0x122/0x170 [ 297.065054][ T7121] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 297.065089][ T7121] xfs_alloc_fixup_trees+0x95e/0xd20 [ 297.065117][ T7121] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 297.065158][ T7121] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 297.065188][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065215][ T7121] ? rcu_is_watching+0x15/0xb0 [ 297.065249][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065277][ T7121] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 297.065307][ T7121] ? rcu_is_watching+0x15/0xb0 [ 297.065346][ T7121] xfs_alloc_cur_finish+0xd3/0x4b0 [ 297.065375][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065404][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065437][ T7121] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 7120] <... munmap resumed>) = 0 [pid 7119] <... ioctl resumed>) = 0 [pid 7119] close(3) = 0 [pid 7119] close(4) = 0 [pid 7119] mkdir("./file1", 0777) = 0 [pid 7120] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7120] ioctl(4, LOOP_SET_FD, 3 [pid 7119] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7091, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=165 /* 1.65 s */} --- [pid 5871] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 297.065493][ T7121] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 297.065522][ T7121] ? xfs_group_grab+0x28/0x480 [ 297.065558][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065586][ T7121] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 297.065619][ T7121] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 297.065666][ T7121] xfs_alloc_vextent_start_ag+0x388/0x850 [ 297.065704][ T7121] xfs_bmapi_allocate+0x188e/0x2e00 [ 297.065767][ T7121] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 297.065799][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7120] <... ioctl resumed>) = 0 [pid 5874] <... umount2 resumed>) = 0 [pid 7120] close(3) = 0 [pid 7120] close(4) = 0 [pid 7120] mkdir("./file1", 0777) = 0 [ 297.065848][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065875][ T7121] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 297.065898][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.065925][ T7121] ? xfs_iext_prev+0x35a/0x370 [ 297.065963][ T7121] ? xfs_iext_get_extent+0x1bb/0x370 [ 297.065993][ T7121] xfs_bmapi_write+0x7df/0x1260 [ 297.066052][ T7121] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 297.066129][ T7121] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 297.066169][ T7121] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [pid 7120] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./28/file1") = 0 [pid 5874] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./28/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./28") = 0 [pid 5874] mkdir("./29", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 297.066199][ T7121] ? kasan_save_track+0x4f/0x80 [ 297.066225][ T7121] ? kasan_save_track+0x3e/0x80 [ 297.066256][ T7121] ? kasan_save_free_info+0x46/0x50 [ 297.066291][ T7121] ? kmem_cache_free+0x18f/0x400 [ 297.066324][ T7121] ? __xfs_trans_commit+0x3e0/0xbd0 [ 297.066348][ T7121] ? xfs_trans_roll+0x130/0x450 [ 297.066371][ T7121] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 297.066409][ T7121] xfs_attr_set_iter+0x2d4/0x4b70 [ 297.066443][ T7121] ? filename_setxattr+0x274/0x600 [ 297.066475][ T7121] ? path_setxattrat+0x364/0x3a0 [ 297.066496][ T7121] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 297.066547][ T7121] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 297.066603][ T7121] ? kasan_quarantine_put+0xdd/0x220 [ 297.066628][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.066655][ T7121] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.066694][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.066727][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.066755][ T7121] ? kmem_cache_free+0x18f/0x400 [ 297.066786][ T7121] ? __xfs_trans_commit+0x3e0/0xbd0 [ 297.066817][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.066844][ T7121] ? __xfs_trans_commit+0x4c7/0xbd0 [ 297.066887][ T7121] xfs_attr_finish_item+0xed/0x320 [ 297.066925][ T7121] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 297.066962][ T7121] xfs_defer_finish_one+0x5c8/0xcf0 [ 297.067019][ T7121] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 297.067068][ T7121] xfs_defer_finish_noroll+0x910/0x12d0 [ 297.067106][ T7121] ? xfs_trans_commit+0x10b/0x1c0 [ 297.067137][ T7121] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 297.067170][ T7121] ? inode_set_ctime_current+0x740/0xb40 [ 297.067216][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.067253][ T7121] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 297.067293][ T7121] xfs_trans_commit+0x10b/0x1c0 [ 297.067318][ T7121] ? __pfx_xfs_trans_commit+0x10/0x10 [ 297.067350][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.067378][ T7121] ? xfs_trans_log_inode+0x12c/0x1a0 [ 297.067418][ T7121] xfs_attr_set+0xdc6/0x1210 [ 297.067466][ T7121] ? __pfx_xfs_attr_set+0x10/0x10 [ 297.067499][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.067527][ T7121] ? __lock_acquire+0xab9/0xd20 [ 297.067563][ T7121] ? xfs_da_hashname+0x59d/0x740 [ 297.067594][ T7121] ? do_raw_spin_lock+0x121/0x290 [ 297.067636][ T7121] ? xfs_attr_change+0x2ac/0x390 [ 297.067669][ T7121] xfs_xattr_set+0x14d/0x250 [ 297.067701][ T7121] ? __pfx_xfs_xattr_set+0x10/0x10 [ 297.067746][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.067773][ T7121] ? evm_protect_xattr+0x4d4/0xa90 [ 297.067799][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.067827][ T7121] ? rcu_is_watching+0x15/0xb0 [ 297.067860][ T7121] ? __pfx_evm_protect_xattr+0x10/0x10 [ 297.067888][ T7121] ? __pfx_xfs_xattr_set+0x10/0x10 [ 297.067915][ T7121] __vfs_setxattr+0x43c/0x480 [ 297.067963][ T7121] __vfs_setxattr_noperm+0x12d/0x660 [ 297.068005][ T7121] vfs_setxattr+0x16b/0x2f0 [ 297.068046][ T7121] ? __pfx_vfs_setxattr+0x10/0x10 [ 297.068075][ T7121] ? mnt_get_write_access+0x223/0x2a0 [ 297.068105][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7129 ./strace-static-x86_64: Process 7129 attached [pid 7129] set_robust_list(0x55555d962760, 24) = 0 [pid 7129] chdir("./29") = 0 [pid 7129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7129] setpgid(0, 0) = 0 [pid 7129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] write(3, "1000", 4) = 4 [pid 7129] close(3) = 0 [pid 7129] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7129] write(1, "executing program\n", 18) = 18 [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 297.068139][ T7121] filename_setxattr+0x274/0x600 [ 297.068184][ T7121] ? __pfx_filename_setxattr+0x10/0x10 [ 297.068222][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.068255][ T7121] ? getname_flags+0x1e5/0x540 [ 297.068295][ T7121] path_setxattrat+0x364/0x3a0 [ 297.068332][ T7121] ? __pfx_path_setxattrat+0x10/0x10 [ 297.068396][ T7121] ? srso_alias_return_thunk+0x5/0xfbef5 [ 297.068424][ T7121] ? rcu_is_watching+0x15/0xb0 [ 297.068459][ T7121] __x64_sys_lsetxattr+0xbf/0xe0 [pid 7129] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7129] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7132 attached [pid 7132] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7129] <... clone3 resumed> => {parent_tid=[7132]}, 88) = 7132 [pid 7132] <... rseq resumed>) = 0 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 7132] set_robust_list(0x7f3cdbf259a0, 24 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7132] <... set_robust_list resumed>) = 0 [pid 7129] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] <... futex resumed>) = 0 [pid 7132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7132] memfd_create("syzkaller", 0) = 3 [pid 7132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 297.068499][ T7121] do_syscall_64+0xfa/0x3b0 [ 297.068527][ T7121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.068550][ T7121] ? __switch_to_asm+0x39/0x70 [ 297.068582][ T7121] ? __switch_to_asm+0x33/0x70 [ 297.068620][ T7121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.068643][ T7121] RIP: 0033:0x7f3cdbf794f9 [ 297.068664][ T7121] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 297.068685][ T7121] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 297.068710][ T7121] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 297.068729][ T7121] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 297.068747][ T7121] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 297.068763][ T7121] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 297.068783][ T7121] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 297.068822][ T7121] [ 297.091234][ T7121] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 297.338220][ T7100] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 297.350511][ T7121] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 297.376851][ T7100] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 297.377605][ T7121] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 297.660819][ T7119] loop2: detected capacity change from 0 to 32768 [ 297.751286][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 297.801018][ T7120] loop1: detected capacity change from 0 to 32768 [ 297.882854][ T7119] XFS: noikeep mount option is deprecated. [ 297.919040][ T7119] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7132] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [ 297.929720][ T7120] XFS: noikeep mount option is deprecated. [ 298.057969][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 298.320134][ T7119] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./27/file1") = 0 [pid 5871] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./27/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./27") = 0 [pid 5871] mkdir("./28", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 298.570788][ T7120] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 298.603765][ T7119] XFS (loop2): Starting recovery (logdev: internal) [pid 5871] close(3 [pid 7119] <... mount resumed>) = 0 [pid 7119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7119] chdir("./file1") = 0 [pid 7119] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7119] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7119] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7117] <... futex resumed>) = 0 [ 298.673996][ T7119] XFS (loop2): Ending recovery (logdev: internal) [ 298.700770][ T7120] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7117] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = 0 [pid 7117] <... futex resumed>) = 1 [pid 7119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... openat resumed>) = 4 [pid 7119] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7117] <... futex resumed>) = 0 [pid 7119] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7117] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... pwritev2 resumed>) = 65007 [pid 7119] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7117] <... futex resumed>) = 0 [pid 7119] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7117] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 298.747140][ T7120] XFS (loop1): Starting recovery (logdev: internal) [ 298.777222][ T7119] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7120] <... mount resumed>) = 0 [pid 7119] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7119] <... futex resumed>) = 1 [pid 7117] <... futex resumed>) = 0 [pid 7120] <... openat resumed>) = 3 [pid 7119] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7117] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] chdir("./file1" [pid 7117] <... futex resumed>) = 0 [pid 7120] <... chdir resumed>) = 0 [pid 7117] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... close resumed>) = 0 [pid 7132] <... write resumed>) = 16777216 [pid 7120] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7132] munmap(0x7f3cd3a00000, 138412032 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7120] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 298.812674][ T7120] XFS (loop1): Ending recovery (logdev: internal) [ 298.819240][ T7119] XFS (loop2): Unmount and run xfs_repair [ 298.838385][ T7119] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 298.852962][ T7119] CPU: 1 UID: 0 PID: 7119 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 298.852998][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.853021][ T7119] Call Trace: [ 298.853031][ T7119] [ 298.853042][ T7119] dump_stack_lvl+0x189/0x250 [ 298.853078][ T7119] ? __pfx__xfs_alert_tag+0x10/0x10 [ 298.853118][ T7119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.853153][ T7119] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 298.853201][ T7119] xfs_corruption_error+0x122/0x170 [ 298.853240][ T7119] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 298.853275][ T7119] xfs_alloc_fixup_trees+0x95e/0xd20 [ 298.853304][ T7119] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 298.853345][ T7119] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 298.853376][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.853405][ T7119] ? rcu_is_watching+0x15/0xb0 [ 298.853436][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.853463][ T7119] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 298.853493][ T7119] ? rcu_is_watching+0x15/0xb0 [ 298.853530][ T7119] xfs_alloc_cur_finish+0xd3/0x4b0 [ 298.853559][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.853588][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.853622][ T7119] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 298.853677][ T7119] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 298.853712][ T7119] ? xfs_group_grab+0x28/0x480 [ 298.853748][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.853775][ T7119] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 298.853807][ T7119] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 298.853853][ T7119] xfs_alloc_vextent_start_ag+0x388/0x850 [ 298.853891][ T7119] xfs_bmapi_allocate+0x188e/0x2e00 [ 298.853953][ T7119] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 298.853985][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854040][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854067][ T7119] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 298.854090][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854118][ T7119] ? xfs_iext_prev+0x35a/0x370 [ 298.854154][ T7119] ? xfs_iext_get_extent+0x1bb/0x370 [ 298.854185][ T7119] xfs_bmapi_write+0x7df/0x1260 [ 298.854243][ T7119] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 298.854319][ T7119] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 298.854360][ T7119] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 298.854390][ T7119] ? kasan_save_track+0x4f/0x80 [ 298.854416][ T7119] ? kasan_save_track+0x3e/0x80 [ 298.854441][ T7119] ? kasan_save_free_info+0x46/0x50 [ 298.854477][ T7119] ? kmem_cache_free+0x18f/0x400 [ 298.854506][ T7119] ? __xfs_trans_commit+0x3e0/0xbd0 [ 298.854530][ T7119] ? xfs_trans_roll+0x130/0x450 [ 298.854554][ T7119] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 298.854594][ T7119] xfs_attr_set_iter+0x2d4/0x4b70 [ 298.854628][ T7119] ? filename_setxattr+0x274/0x600 [ 298.854661][ T7119] ? path_setxattrat+0x364/0x3a0 [ 298.854683][ T7119] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 298.854735][ T7119] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 298.854791][ T7119] ? kasan_quarantine_put+0xdd/0x220 [ 298.854817][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854844][ T7119] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.854884][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854918][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.854946][ T7119] ? kmem_cache_free+0x18f/0x400 [ 298.854975][ T7119] ? __xfs_trans_commit+0x3e0/0xbd0 [ 298.855003][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855033][ T7119] ? __xfs_trans_commit+0x4c7/0xbd0 [ 298.855070][ T7119] xfs_attr_finish_item+0xed/0x320 [ 298.855105][ T7119] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 298.855138][ T7119] xfs_defer_finish_one+0x5c8/0xcf0 [ 298.855190][ T7119] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 298.855233][ T7119] xfs_defer_finish_noroll+0x910/0x12d0 [ 298.855267][ T7119] ? xfs_trans_commit+0x10b/0x1c0 [ 298.855295][ T7119] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 298.855324][ T7119] ? inode_set_ctime_current+0x740/0xb40 [ 298.855366][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855390][ T7119] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 298.855426][ T7119] xfs_trans_commit+0x10b/0x1c0 [ 298.855448][ T7119] ? __pfx_xfs_trans_commit+0x10/0x10 [ 298.855477][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855501][ T7119] ? xfs_trans_log_inode+0x12c/0x1a0 [ 298.855536][ T7119] xfs_attr_set+0xdc6/0x1210 [ 298.855579][ T7119] ? __pfx_xfs_attr_set+0x10/0x10 [ 298.855608][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855632][ T7119] ? __lock_acquire+0xab9/0xd20 [ 298.855664][ T7119] ? xfs_da_hashname+0x59d/0x740 [ 298.855692][ T7119] ? do_raw_spin_lock+0x121/0x290 [ 298.855729][ T7119] ? xfs_attr_change+0x2ac/0x390 [ 298.855759][ T7119] xfs_xattr_set+0x14d/0x250 [ 298.855787][ T7119] ? __pfx_xfs_xattr_set+0x10/0x10 [ 298.855826][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855850][ T7119] ? evm_protect_xattr+0x4d4/0xa90 [ 298.855874][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.855898][ T7119] ? rcu_is_watching+0x15/0xb0 [ 298.855927][ T7119] ? __pfx_evm_protect_xattr+0x10/0x10 [ 298.855952][ T7119] ? __pfx_xfs_xattr_set+0x10/0x10 [ 298.855976][ T7119] __vfs_setxattr+0x43c/0x480 [ 298.856026][ T7119] __vfs_setxattr_noperm+0x12d/0x660 [ 298.856064][ T7119] vfs_setxattr+0x16b/0x2f0 [ 298.856100][ T7119] ? __pfx_vfs_setxattr+0x10/0x10 [ 298.856126][ T7119] ? mnt_get_write_access+0x223/0x2a0 [ 298.856153][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.856182][ T7119] filename_setxattr+0x274/0x600 [ 298.856223][ T7119] ? __pfx_filename_setxattr+0x10/0x10 [ 298.856257][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.856281][ T7119] ? getname_flags+0x1e5/0x540 [ 298.856318][ T7119] path_setxattrat+0x364/0x3a0 [ 298.856350][ T7119] ? __pfx_path_setxattrat+0x10/0x10 [ 298.856406][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.856431][ T7119] ? rcu_is_watching+0x15/0xb0 [ 298.856462][ T7119] __x64_sys_lsetxattr+0xbf/0xe0 [ 298.856497][ T7119] do_syscall_64+0xfa/0x3b0 [ 298.856519][ T7119] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.856553][ T7119] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.856573][ T7119] ? srso_alias_return_thunk+0x5/0xfbef5 [ 298.856597][ T7119] ? exc_page_fault+0x9f/0xf0 [ 298.856633][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.856653][ T7119] RIP: 0033:0x7f3cdbf794f9 [ 298.856673][ T7119] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 298.856691][ T7119] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 298.856714][ T7119] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 298.856730][ T7119] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 298.856746][ T7119] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 298.856763][ T7119] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 7120] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] <... futex resumed>) = 0 [pid 7118] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7140 ./strace-static-x86_64: Process 7140 attached [pid 7118] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] set_robust_list(0x55555d962760, 24 [pid 7120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7140] <... set_robust_list resumed>) = 0 [pid 7117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7140] chdir("./28") = 0 [pid 7140] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7132] <... munmap resumed>) = 0 [pid 7120] <... openat resumed>) = 4 [pid 7140] <... prctl resumed>) = 0 [pid 7140] setpgid(0, 0) = 0 [pid 7120] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7120] <... futex resumed>) = 1 [pid 7140] <... openat resumed>) = 3 [pid 7120] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7140] write(3, "1000", 4) = 4 [pid 7140] close(3) = 0 [pid 7140] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7140] write(1, "executing program\n", 18) = 18 [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7140] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7132] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 298.856781][ T7119] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 298.856819][ T7119] [ 299.534786][ T7119] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 299.545735][ T7119] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7132] ioctl(4, LOOP_SET_FD, 3 [pid 7118] <... futex resumed>) = 0 [pid 7140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7140] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7141]}, 88) = 7141 [pid 7140] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7141 attached NULL, 8) = 0 [pid 7140] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7141] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7141] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7141] memfd_create("syzkaller", 0) = 3 [pid 7141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7118] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... ioctl resumed>) = 0 [pid 7120] <... futex resumed>) = 0 [pid 7119] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7118] <... futex resumed>) = 1 [pid 7132] close(3 [pid 7120] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7132] <... close resumed>) = 0 [pid 7119] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] close(4 [pid 7119] <... futex resumed>) = 0 [pid 7132] <... close resumed>) = 0 [ 299.564381][ T7132] loop3: detected capacity change from 0 to 32768 [ 299.568202][ T7119] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [pid 7132] mkdir("./file1", 0777 [pid 7120] <... pwritev2 resumed>) = 65007 [pid 7119] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7117] exit_group(0) = ? [pid 7132] <... mkdir resumed>) = 0 [pid 7120] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = ? [pid 7120] <... futex resumed>) = 1 [pid 7132] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7118] <... futex resumed>) = 0 [pid 7120] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7119] +++ exited with 0 +++ [pid 7117] +++ exited with 0 +++ [pid 7118] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7117, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=73 /* 0.73 s */} --- [pid 5873] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7120] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] <... openat resumed>) = 3 [pid 5873] newfstatat(3, "", [pid 7120] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7118] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7118] <... futex resumed>) = 0 [pid 5873] getdents64(3, [ 299.610963][ T7132] XFS: noikeep mount option is deprecated. [ 299.623808][ T7120] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 299.638597][ T7120] XFS (loop1): Unmount and run xfs_repair [pid 7118] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7120] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 299.658804][ T7120] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 299.694525][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 299.706844][ T7120] CPU: 0 UID: 0 PID: 7120 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 299.706880][ T7120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.706896][ T7120] Call Trace: [ 299.706906][ T7120] [ 299.706917][ T7120] dump_stack_lvl+0x189/0x250 [ 299.706952][ T7120] ? __pfx__xfs_alert_tag+0x10/0x10 [ 299.706991][ T7120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.707025][ T7120] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 299.707078][ T7120] xfs_corruption_error+0x122/0x170 [ 299.707117][ T7120] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 299.707152][ T7120] xfs_alloc_fixup_trees+0x95e/0xd20 [ 299.707181][ T7120] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 299.707222][ T7120] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 299.707251][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707281][ T7120] ? rcu_is_watching+0x15/0xb0 [ 299.707312][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707340][ T7120] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 299.707372][ T7120] ? rcu_is_watching+0x15/0xb0 [ 299.707410][ T7120] xfs_alloc_cur_finish+0xd3/0x4b0 [ 299.707440][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707469][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707503][ T7120] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 299.707558][ T7120] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 299.707588][ T7120] ? xfs_group_grab+0x28/0x480 [ 299.707624][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707651][ T7120] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 299.707684][ T7120] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 299.707731][ T7120] xfs_alloc_vextent_start_ag+0x388/0x850 [ 299.707769][ T7120] xfs_bmapi_allocate+0x188e/0x2e00 [ 299.707833][ T7120] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 299.707865][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707915][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707942][ T7120] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 299.707966][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.707993][ T7120] ? xfs_iext_prev+0x35a/0x370 [ 299.708030][ T7120] ? xfs_iext_get_extent+0x1bb/0x370 [ 299.708067][ T7120] xfs_bmapi_write+0x7df/0x1260 [ 299.708124][ T7120] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 299.708202][ T7120] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 299.708242][ T7120] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 299.708272][ T7120] ? kasan_save_track+0x4f/0x80 [ 299.708297][ T7120] ? kasan_save_track+0x3e/0x80 [ 299.708321][ T7120] ? kasan_save_free_info+0x46/0x50 [ 299.708357][ T7120] ? kmem_cache_free+0x18f/0x400 [pid 5873] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7141] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7118] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7141] <... write resumed>) = 16777216 [ 299.708385][ T7120] ? __xfs_trans_commit+0x3e0/0xbd0 [ 299.708410][ T7120] ? xfs_trans_roll+0x130/0x450 [ 299.708433][ T7120] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 299.708473][ T7120] xfs_attr_set_iter+0x2d4/0x4b70 [ 299.708508][ T7120] ? filename_setxattr+0x274/0x600 [ 299.708542][ T7120] ? path_setxattrat+0x364/0x3a0 [ 299.708564][ T7120] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 299.708617][ T7120] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 299.708674][ T7120] ? kasan_quarantine_put+0xdd/0x220 [ 299.708701][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7141] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 299.708729][ T7120] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.708769][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.708804][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.708832][ T7120] ? kmem_cache_free+0x18f/0x400 [ 299.708860][ T7120] ? __xfs_trans_commit+0x3e0/0xbd0 [ 299.708892][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.708920][ T7120] ? __xfs_trans_commit+0x4c7/0xbd0 [ 299.708964][ T7120] xfs_attr_finish_item+0xed/0x320 [ 299.709004][ T7120] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 7141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7141] close(3) = 0 [pid 7141] close(4) = 0 [pid 7141] mkdir("./file1", 0777) = 0 [ 299.709047][ T7120] xfs_defer_finish_one+0x5c8/0xcf0 [ 299.709108][ T7120] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 299.709158][ T7120] xfs_defer_finish_noroll+0x910/0x12d0 [ 299.709198][ T7120] ? xfs_trans_commit+0x10b/0x1c0 [ 299.709231][ T7120] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 299.709266][ T7120] ? inode_set_ctime_current+0x740/0xb40 [ 299.709314][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.709343][ T7120] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 299.709384][ T7120] xfs_trans_commit+0x10b/0x1c0 [ 299.709411][ T7120] ? __pfx_xfs_trans_commit+0x10/0x10 [ 299.709444][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.709472][ T7120] ? xfs_trans_log_inode+0x12c/0x1a0 [ 299.709513][ T7120] xfs_attr_set+0xdc6/0x1210 [ 299.709562][ T7120] ? __pfx_xfs_attr_set+0x10/0x10 [ 299.709597][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.709625][ T7120] ? __lock_acquire+0xab9/0xd20 [ 299.709662][ T7120] ? xfs_da_hashname+0x59d/0x740 [ 299.709695][ T7120] ? do_raw_spin_lock+0x121/0x290 [ 299.709739][ T7120] ? xfs_attr_change+0x2ac/0x390 [ 299.709774][ T7120] xfs_xattr_set+0x14d/0x250 [ 299.709807][ T7120] ? __pfx_xfs_xattr_set+0x10/0x10 [ 299.709852][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.709881][ T7120] ? evm_protect_xattr+0x4d4/0xa90 [ 299.709908][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.709937][ T7120] ? rcu_is_watching+0x15/0xb0 [ 299.709971][ T7120] ? __pfx_evm_protect_xattr+0x10/0x10 [ 299.710000][ T7120] ? __pfx_xfs_xattr_set+0x10/0x10 [ 299.710028][ T7120] __vfs_setxattr+0x43c/0x480 [pid 7141] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./28/file1") = 0 [pid 5873] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./28/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./28") = 0 [pid 5873] mkdir("./29", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 299.710091][ T7120] __vfs_setxattr_noperm+0x12d/0x660 [ 299.710135][ T7120] vfs_setxattr+0x16b/0x2f0 [ 299.710177][ T7120] ? __pfx_vfs_setxattr+0x10/0x10 [ 299.710208][ T7120] ? mnt_get_write_access+0x223/0x2a0 [ 299.710239][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.710274][ T7120] filename_setxattr+0x274/0x600 [ 299.710321][ T7120] ? __pfx_filename_setxattr+0x10/0x10 [ 299.710360][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.710389][ T7120] ? getname_flags+0x1e5/0x540 [ 299.710431][ T7120] path_setxattrat+0x364/0x3a0 [ 299.710468][ T7120] ? __pfx_path_setxattrat+0x10/0x10 [ 299.710536][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.710564][ T7120] ? rcu_is_watching+0x15/0xb0 [ 299.710601][ T7120] __x64_sys_lsetxattr+0xbf/0xe0 [ 299.710641][ T7120] do_syscall_64+0xfa/0x3b0 [ 299.710666][ T7120] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.710705][ T7120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.710729][ T7120] ? srso_alias_return_thunk+0x5/0xfbef5 [ 299.710758][ T7120] ? exc_page_fault+0x9f/0xf0 [ 299.710798][ T7120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.710823][ T7120] RIP: 0033:0x7f3cdbf794f9 [ 299.710845][ T7120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 299.710867][ T7120] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 299.710893][ T7120] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 299.710913][ T7120] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 299.710932][ T7120] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 299.710948][ T7120] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 299.710966][ T7120] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 299.711006][ T7120] [ 299.711067][ T7120] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 300.033013][ T7141] loop0: detected capacity change from 0 to 32768 [pid 5873] close(3 [pid 7120] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7120] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] exit_group(0 [pid 7120] <... futex resumed>) = ? [pid 7118] <... exit_group resumed>) = ? [pid 7120] +++ exited with 0 +++ [pid 7118] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7118, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=104 /* 1.04 s */} --- [pid 5872] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 300.050956][ T7120] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 300.068111][ T7132] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 300.101921][ T7141] XFS: noikeep mount option is deprecated. [ 300.127069][ T7120] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 300.277486][ T7141] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7157 attached [pid 5872] <... umount2 resumed>) = 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7157 [ 300.488431][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 300.514436][ T7132] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7157] set_robust_list(0x55555d962760, 24 [pid 5872] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7157] <... set_robust_list resumed>) = 0 [pid 5872] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7157] chdir("./29" [pid 5872] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 7157] <... chdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7157] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] getdents64(4, [pid 7157] <... prctl resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 7157] setpgid(0, 0 [pid 5872] getdents64(4, [pid 7157] <... setpgid resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 7157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] close(4 [pid 7157] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./28/file1") = 0 [pid 7157] write(3, "1000", 4 [pid 5872] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7157] <... write resumed>) = 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7157] close(3 [pid 5872] newfstatat(AT_FDCWD, "./28/binderfs", [pid 7157] <... close resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7157] symlink("/dev/binderfs", "./binderfs" [pid 5872] unlink("./28/binderfs") = 0 [pid 5872] getdents64(3, [pid 7157] <... symlink resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 7157] write(1, "executing program\n", 18 [pid 5872] close(3executing program [pid 7157] <... write resumed>) = 18 [pid 5872] <... close resumed>) = 0 [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("./28" [pid 7157] <... futex resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 7157] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5872] mkdir("./29", 0777 [pid 7157] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 7157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7157] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... openat resumed>) = 3 [pid 7157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [ 300.533899][ T7141] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 300.543558][ T7132] XFS (loop3): Starting recovery (logdev: internal) [pid 5872] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7159 attached ) = 0 [pid 5872] close(3 [pid 7157] <... clone3 resumed> => {parent_tid=[7159]}, 88) = 7159 [pid 7132] <... mount resumed>) = 0 [pid 7159] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7157] rt_sigprocmask(SIG_SETMASK, [], [pid 7159] set_robust_list(0x7f3cdbf259a0, 24 [pid 7157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7159] <... set_robust_list resumed>) = 0 [pid 7157] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] rt_sigprocmask(SIG_SETMASK, [], [pid 7157] <... futex resumed>) = 0 [pid 7159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7159] memfd_create("syzkaller", 0) = 3 [pid 7132] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7132] <... openat resumed>) = 3 [pid 7132] chdir("./file1") = 0 [pid 7132] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7132] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7132] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... mount resumed>) = 0 [pid 7132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7129] <... futex resumed>) = 0 [pid 7141] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7141] <... openat resumed>) = 3 [pid 7141] chdir("./file1") = 0 [pid 7132] <... openat resumed>) = 4 [pid 7141] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7132] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7141] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... futex resumed>) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7141] <... futex resumed>) = 1 [pid 7140] <... futex resumed>) = 0 [pid 7132] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] <... futex resumed>) = 0 [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7140] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7141] <... futex resumed>) = 0 [pid 7140] <... futex resumed>) = 1 [pid 7141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7141] <... openat resumed>) = 4 [pid 7141] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7140] <... futex resumed>) = 0 [ 300.583103][ T7132] XFS (loop3): Ending recovery (logdev: internal) [ 300.591649][ T7141] XFS (loop0): Starting recovery (logdev: internal) [ 300.613079][ T7141] XFS (loop0): Ending recovery (logdev: internal) [pid 7140] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7140] <... futex resumed>) = 0 [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] <... pwritev2 resumed>) = 65007 [pid 7141] <... pwritev2 resumed>) = 65007 [pid 7132] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... futex resumed>) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7141] <... futex resumed>) = 1 [pid 7140] <... futex resumed>) = 0 [pid 7132] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7140] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7129] <... futex resumed>) = 0 [pid 7140] <... futex resumed>) = 0 [pid 7132] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7141] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7141] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7141] <... futex resumed>) = 1 [pid 7140] <... futex resumed>) = 0 [pid 7132] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7140] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7140] <... futex resumed>) = 0 [pid 7132] <... futex resumed>) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7141] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 300.697770][ T7141] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 300.709911][ T7132] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 300.722850][ T7132] XFS (loop3): Unmount and run xfs_repair [ 300.737696][ T7141] XFS (loop0): Unmount and run xfs_repair [pid 7132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7129] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7159] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7140] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 300.748316][ T7141] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 300.768353][ T7132] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 300.775035][ T7141] CPU: 1 UID: 0 PID: 7141 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 300.775068][ T7141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.775084][ T7141] Call Trace: [ 300.775095][ T7141] [ 300.775106][ T7141] dump_stack_lvl+0x189/0x250 [ 300.775141][ T7141] ? __pfx__xfs_alert_tag+0x10/0x10 [ 300.775179][ T7141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.775214][ T7141] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 300.775261][ T7141] xfs_corruption_error+0x122/0x170 [ 300.775304][ T7141] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 300.775339][ T7141] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 7129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 300.775367][ T7141] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 300.775407][ T7141] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 300.775437][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.775465][ T7141] ? rcu_is_watching+0x15/0xb0 [ 300.775495][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.775522][ T7141] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 300.775553][ T7141] ? rcu_is_watching+0x15/0xb0 [ 300.775592][ T7141] xfs_alloc_cur_finish+0xd3/0x4b0 [ 300.775621][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.775651][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.775684][ T7141] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 300.775740][ T7141] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 300.775769][ T7141] ? xfs_group_grab+0x28/0x480 [ 300.775805][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.775832][ T7141] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 300.775865][ T7141] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 300.775912][ T7141] xfs_alloc_vextent_start_ag+0x388/0x850 [ 300.775951][ T7141] xfs_bmapi_allocate+0x188e/0x2e00 [ 300.776013][ T7141] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 300.776045][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.776095][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.776123][ T7141] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 300.776146][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.776174][ T7141] ? xfs_iext_prev+0x35a/0x370 [ 300.776211][ T7141] ? xfs_iext_get_extent+0x1bb/0x370 [ 300.776242][ T7141] xfs_bmapi_write+0x7df/0x1260 [ 300.776305][ T7141] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 5872] <... close resumed>) = 0 [ 300.776383][ T7141] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 300.776423][ T7141] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 300.776453][ T7141] ? kasan_save_track+0x4f/0x80 [ 300.776478][ T7141] ? kasan_save_track+0x3e/0x80 [ 300.776503][ T7141] ? kasan_save_free_info+0x46/0x50 [ 300.776539][ T7141] ? kmem_cache_free+0x18f/0x400 [ 300.776567][ T7141] ? __xfs_trans_commit+0x3e0/0xbd0 [ 300.776592][ T7141] ? xfs_trans_roll+0x130/0x450 [ 300.776615][ T7141] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 300.776654][ T7141] xfs_attr_set_iter+0x2d4/0x4b70 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7160 [ 300.776688][ T7141] ? filename_setxattr+0x274/0x600 [ 300.776720][ T7141] ? path_setxattrat+0x364/0x3a0 [ 300.776742][ T7141] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 300.776797][ T7141] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 300.776853][ T7141] ? kasan_quarantine_put+0xdd/0x220 [ 300.776878][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.776906][ T7141] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.776946][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.776979][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 ./strace-static-x86_64: Process 7160 attached [pid 7160] set_robust_list(0x55555d962760, 24) = 0 [pid 7160] chdir("./29") = 0 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7160] setpgid(0, 0) = 0 [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7160] write(3, "1000", 4) = 4 [pid 7160] close(3) = 0 [pid 7160] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7160] write(1, "executing program\n", 18) = 18 [pid 7160] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7160] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7161 attached => {parent_tid=[7161]}, 88) = 7161 [pid 7161] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 7161] <... rseq resumed>) = 0 [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7160] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7161] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7161] memfd_create("syzkaller", 0) = 3 [pid 7161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7141] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7141] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 300.777006][ T7141] ? kmem_cache_free+0x18f/0x400 [ 300.777033][ T7141] ? __xfs_trans_commit+0x3e0/0xbd0 [ 300.777064][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.777091][ T7141] ? __xfs_trans_commit+0x4c7/0xbd0 [ 300.777134][ T7141] xfs_attr_finish_item+0xed/0x320 [ 300.777173][ T7141] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 300.777210][ T7141] xfs_defer_finish_one+0x5c8/0xcf0 [ 300.777269][ T7141] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 300.777324][ T7141] xfs_defer_finish_noroll+0x910/0x12d0 [pid 7141] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7140] exit_group(0) = ? [pid 7141] <... futex resumed>) = ? [pid 7141] +++ exited with 0 +++ [pid 7140] +++ exited with 0 +++ [ 300.777363][ T7141] ? xfs_trans_commit+0x10b/0x1c0 [ 300.777395][ T7141] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 300.777428][ T7141] ? inode_set_ctime_current+0x740/0xb40 [ 300.777474][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.777502][ T7141] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 300.777541][ T7141] xfs_trans_commit+0x10b/0x1c0 [ 300.777567][ T7141] ? __pfx_xfs_trans_commit+0x10/0x10 [ 300.777599][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.777627][ T7141] ? xfs_trans_log_inode+0x12c/0x1a0 [ 300.777667][ T7141] xfs_attr_set+0xdc6/0x1210 [pid 7159] <... write resumed>) = 16777216 [ 300.777714][ T7141] ? __pfx_xfs_attr_set+0x10/0x10 [ 300.777748][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.777775][ T7141] ? __lock_acquire+0xab9/0xd20 [ 300.777811][ T7141] ? xfs_da_hashname+0x59d/0x740 [ 300.777842][ T7141] ? do_raw_spin_lock+0x121/0x290 [ 300.777884][ T7141] ? xfs_attr_change+0x2ac/0x390 [ 300.777919][ T7141] xfs_xattr_set+0x14d/0x250 [ 300.777951][ T7141] ? __pfx_xfs_xattr_set+0x10/0x10 [ 300.777995][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.778022][ T7141] ? evm_protect_xattr+0x4d4/0xa90 [ 300.778049][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.778076][ T7141] ? rcu_is_watching+0x15/0xb0 [ 300.778110][ T7141] ? __pfx_evm_protect_xattr+0x10/0x10 [ 300.778137][ T7141] ? __pfx_xfs_xattr_set+0x10/0x10 [ 300.778165][ T7141] __vfs_setxattr+0x43c/0x480 [ 300.778213][ T7141] __vfs_setxattr_noperm+0x12d/0x660 [ 300.778256][ T7141] vfs_setxattr+0x16b/0x2f0 [ 300.778304][ T7141] ? __pfx_vfs_setxattr+0x10/0x10 [ 300.778333][ T7141] ? mnt_get_write_access+0x223/0x2a0 [pid 7159] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7159] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 300.778363][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.778397][ T7141] filename_setxattr+0x274/0x600 [ 300.778443][ T7141] ? __pfx_filename_setxattr+0x10/0x10 [ 300.778481][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.778508][ T7141] ? getname_flags+0x1e5/0x540 [ 300.778549][ T7141] path_setxattrat+0x364/0x3a0 [ 300.778585][ T7141] ? __pfx_path_setxattrat+0x10/0x10 [ 300.778661][ T7141] __x64_sys_lsetxattr+0xbf/0xe0 [ 300.778700][ T7141] do_syscall_64+0xfa/0x3b0 [ 300.778724][ T7141] ? lockdep_hardirqs_on+0x9c/0x150 [pid 7159] ioctl(4, LOOP_SET_FD, 3 [pid 7161] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7132] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7140, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=67 /* 0.67 s */} --- [pid 5871] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7132] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7132] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7132] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] exit_group(0) = ? [pid 7132] <... futex resumed>) = ? [pid 7132] +++ exited with 0 +++ [pid 7129] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7129, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=157 /* 1.57 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 300.778762][ T7141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.778789][ T7141] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.778816][ T7141] ? exc_page_fault+0x9f/0xf0 [ 300.778856][ T7141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.778880][ T7141] RIP: 0033:0x7f3cdbf794f9 [ 300.778902][ T7141] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 300.778924][ T7141] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 300.778950][ T7141] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 300.778969][ T7141] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 300.778987][ T7141] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 300.779004][ T7141] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 300.779021][ T7141] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 300.779059][ T7141] [ 300.798628][ T7141] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 300.836818][ T7132] CPU: 0 UID: 0 PID: 7132 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 300.836853][ T7132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.836869][ T7132] Call Trace: [ 300.836880][ T7132] [ 300.836892][ T7132] dump_stack_lvl+0x189/0x250 [ 300.836928][ T7132] ? __pfx__xfs_alert_tag+0x10/0x10 [ 300.836965][ T7132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.836999][ T7132] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 300.837056][ T7132] xfs_corruption_error+0x122/0x170 [ 300.837095][ T7132] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 300.837129][ T7132] xfs_alloc_fixup_trees+0x95e/0xd20 [ 300.837157][ T7132] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 300.837197][ T7132] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 300.837227][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837255][ T7132] ? rcu_is_watching+0x15/0xb0 [ 300.837284][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7161] <... write resumed>) = 16777216 [ 300.837312][ T7132] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 300.837342][ T7132] ? rcu_is_watching+0x15/0xb0 [ 300.837381][ T7132] xfs_alloc_cur_finish+0xd3/0x4b0 [ 300.837410][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837439][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837473][ T7132] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 300.837529][ T7132] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 300.837558][ T7132] ? xfs_group_grab+0x28/0x480 [ 300.837594][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7161] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7161] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 300.837621][ T7132] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 300.837654][ T7132] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 300.837701][ T7132] xfs_alloc_vextent_start_ag+0x388/0x850 [ 300.837739][ T7132] xfs_bmapi_allocate+0x188e/0x2e00 [ 300.837802][ T7132] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 300.837833][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837882][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837910][ T7132] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 300.837933][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.837960][ T7132] ? xfs_iext_prev+0x35a/0x370 [ 300.837997][ T7132] ? xfs_iext_get_extent+0x1bb/0x370 [ 300.838032][ T7132] xfs_bmapi_write+0x7df/0x1260 [ 300.838091][ T7132] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 300.838168][ T7132] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 300.838208][ T7132] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 300.838238][ T7132] ? kasan_save_track+0x4f/0x80 [ 300.838263][ T7132] ? kasan_save_track+0x3e/0x80 [ 300.838287][ T7132] ? kasan_save_free_info+0x46/0x50 [pid 7161] ioctl(4, LOOP_SET_FD, 3 [pid 7159] <... ioctl resumed>) = 0 [pid 7161] <... ioctl resumed>) = 0 [pid 7159] close(3) = 0 [pid 7159] close(4) = 0 [pid 7159] mkdir("./file1", 0777 [pid 7161] close(3 [pid 7159] <... mkdir resumed>) = 0 [ 300.838323][ T7132] ? kmem_cache_free+0x18f/0x400 [ 300.838351][ T7132] ? __xfs_trans_commit+0x3e0/0xbd0 [ 300.838375][ T7132] ? xfs_trans_roll+0x130/0x450 [ 300.838398][ T7132] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 300.838437][ T7132] xfs_attr_set_iter+0x2d4/0x4b70 [ 300.838471][ T7132] ? filename_setxattr+0x274/0x600 [ 300.838503][ T7132] ? path_setxattrat+0x364/0x3a0 [ 300.838524][ T7132] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 300.838575][ T7132] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 300.838630][ T7132] ? kasan_quarantine_put+0xdd/0x220 [pid 7161] <... close resumed>) = 0 [ 300.838655][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.838683][ T7132] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.838722][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.838755][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.838783][ T7132] ? kmem_cache_free+0x18f/0x400 [ 300.838809][ T7132] ? __xfs_trans_commit+0x3e0/0xbd0 [ 300.838840][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.838867][ T7132] ? __xfs_trans_commit+0x4c7/0xbd0 [ 300.838910][ T7132] xfs_attr_finish_item+0xed/0x320 [pid 7159] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7161] close(4) = 0 [pid 7161] mkdir("./file1", 0777) = 0 [ 300.838949][ T7132] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 300.838985][ T7132] xfs_defer_finish_one+0x5c8/0xcf0 [ 300.839049][ T7132] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 300.839098][ T7132] xfs_defer_finish_noroll+0x910/0x12d0 [ 300.839136][ T7132] ? xfs_trans_commit+0x10b/0x1c0 [ 300.839167][ T7132] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 300.839200][ T7132] ? inode_set_ctime_current+0x740/0xb40 [ 300.839246][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.839273][ T7132] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 300.839313][ T7132] xfs_trans_commit+0x10b/0x1c0 [ 300.839339][ T7132] ? __pfx_xfs_trans_commit+0x10/0x10 [ 300.839371][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.839399][ T7132] ? xfs_trans_log_inode+0x12c/0x1a0 [ 300.839438][ T7132] xfs_attr_set+0xdc6/0x1210 [ 300.839485][ T7132] ? __pfx_xfs_attr_set+0x10/0x10 [ 300.839519][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.839546][ T7132] ? __lock_acquire+0xab9/0xd20 [ 300.839582][ T7132] ? xfs_da_hashname+0x59d/0x740 [ 300.839613][ T7132] ? do_raw_spin_lock+0x121/0x290 [ 300.839655][ T7132] ? xfs_attr_change+0x2ac/0x390 [ 300.839689][ T7132] xfs_xattr_set+0x14d/0x250 [ 300.839721][ T7132] ? __pfx_xfs_xattr_set+0x10/0x10 [ 300.839765][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.839793][ T7132] ? evm_protect_xattr+0x4d4/0xa90 [ 300.839819][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.839846][ T7132] ? rcu_is_watching+0x15/0xb0 [ 300.839879][ T7132] ? __pfx_evm_protect_xattr+0x10/0x10 [ 300.839907][ T7132] ? __pfx_xfs_xattr_set+0x10/0x10 [ 300.839934][ T7132] __vfs_setxattr+0x43c/0x480 [ 300.839982][ T7132] __vfs_setxattr_noperm+0x12d/0x660 [ 300.840029][ T7132] vfs_setxattr+0x16b/0x2f0 [ 300.840070][ T7132] ? __pfx_vfs_setxattr+0x10/0x10 [ 300.840100][ T7132] ? mnt_get_write_access+0x223/0x2a0 [ 300.840130][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.840163][ T7132] filename_setxattr+0x274/0x600 [ 300.840209][ T7132] ? __pfx_filename_setxattr+0x10/0x10 [ 300.840247][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.840274][ T7132] ? getname_flags+0x1e5/0x540 [ 300.840315][ T7132] path_setxattrat+0x364/0x3a0 [ 300.840351][ T7132] ? __pfx_path_setxattrat+0x10/0x10 [ 300.840416][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [ 300.840444][ T7132] ? rcu_is_watching+0x15/0xb0 [ 300.840479][ T7132] __x64_sys_lsetxattr+0xbf/0xe0 [ 300.840519][ T7132] do_syscall_64+0xfa/0x3b0 [ 300.840543][ T7132] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.840581][ T7132] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.840604][ T7132] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7161] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... umount2 resumed>) = 0 [ 300.840632][ T7132] ? exc_page_fault+0x9f/0xf0 [ 300.840671][ T7132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.840695][ T7132] RIP: 0033:0x7f3cdbf794f9 [ 300.840718][ T7132] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 300.840739][ T7132] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 5871] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] <... umount2 resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./28/file1", [pid 5874] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] newfstatat(AT_FDCWD, "./29/file1", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... openat resumed>) = 4 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(4, "", [pid 5874] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... openat resumed>) = 4 [pid 5871] getdents64(4, [pid 5874] newfstatat(4, "", [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 300.840765][ T7132] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 300.840784][ T7132] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 300.840802][ T7132] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 300.840818][ T7132] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 300.840835][ T7132] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 300.840874][ T7132] [ 300.840885][ T7132] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 5871] getdents64(4, [pid 5874] getdents64(4, [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] close(4 [pid 5874] getdents64(4, [pid 5871] <... close resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4 [pid 5871] rmdir("./28/file1" [pid 5874] <... close resumed>) = 0 [pid 5874] rmdir("./29/file1") = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] newfstatat(AT_FDCWD, "./28/binderfs", [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./28/binderfs" [ 300.898380][ T7141] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 300.981962][ T7132] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 301.121670][ T7141] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 301.123983][ T7132] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 301.311321][ T7159] loop2: detected capacity change from 0 to 32768 [pid 5874] unlink("./29/binderfs") = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./28") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./29") = 0 [pid 5871] mkdir("./29", 0777 [pid 5874] mkdir("./30", 0777 [pid 5871] <... mkdir resumed>) = 0 [pid 5874] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 301.621784][ T7161] loop1: detected capacity change from 0 to 32768 [ 301.728876][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 301.741705][ T7159] XFS: noikeep mount option is deprecated. [ 301.816123][ T7161] XFS: noikeep mount option is deprecated. [ 301.921391][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 302.064502][ T7159] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 302.079465][ T7161] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 302.170422][ T7159] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 302.208317][ T7161] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 302.225758][ T7159] XFS (loop2): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7159] <... mount resumed>) = 0 [pid 7159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7159] chdir("./file1") = 0 [pid 7159] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7161] <... mount resumed>) = 0 [pid 7159] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7159] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] chdir("./file1") = 0 [pid 7159] <... futex resumed>) = 1 [pid 7157] <... futex resumed>) = 0 [pid 7161] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7159] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7157] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7157] <... futex resumed>) = 0 [pid 7161] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7159] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = 1 [pid 7161] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7160] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] <... openat resumed>) = 4 [pid 7161] <... openat resumed>) = 4 [pid 7159] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7159] <... futex resumed>) = 1 [pid 7157] <... futex resumed>) = 0 [pid 7161] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7157] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7160] <... futex resumed>) = 0 [pid 7157] <... futex resumed>) = 0 [pid 7161] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7160] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 302.383604][ T7161] XFS (loop1): Starting recovery (logdev: internal) [ 302.398372][ T7159] XFS (loop2): Ending recovery (logdev: internal) [ 302.412650][ T7161] XFS (loop1): Ending recovery (logdev: internal) [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] <... pwritev2 resumed>) = 65007 [pid 7159] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7157] <... futex resumed>) = 0 [pid 7159] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7157] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... pwritev2 resumed>) = 65007 [pid 7157] <... futex resumed>) = 0 [pid 7161] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7161] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] <... futex resumed>) = 0 [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7160] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7160] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 302.467217][ T7159] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 302.492398][ T7159] XFS (loop2): Unmount and run xfs_repair [pid 7161] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7159] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7159] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7157] <... futex resumed>) = 0 [pid 7157] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7157] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5874] <... close resumed>) = 0 [pid 7160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7160] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7160] <... mmap resumed>) = 0x7f3cdbee4000 [pid 7160] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 7178 attached [pid 7161] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7178 [pid 7178] set_robust_list(0x55555d962760, 24 [pid 7160] <... mprotect resumed>) = 0 [pid 7178] <... set_robust_list resumed>) = 0 [pid 7161] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7161] <... futex resumed>) = 0 [pid 7160] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7178] chdir("./30" [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 7178] <... chdir resumed>) = 0 [pid 7161] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7160] <... clone3 resumed> => {parent_tid=[7179]}, 88) = 7179 [pid 7178] <... prctl resumed>) = 0 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 7178] setpgid(0, 0) = 0 [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7160] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7179 attached [pid 7179] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7179] <... rseq resumed>) = 0 [pid 7179] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7179] rt_sigprocmask(SIG_SETMASK, [], [pid 7178] <... openat resumed>) = 3 [pid 7179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7178] write(3, "1000", 4 [pid 7179] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7178] <... write resumed>) = 4 [pid 7178] close(3) = 0 [ 302.507645][ T7161] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 302.522934][ T7159] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 302.536394][ T7161] XFS (loop1): Unmount and run xfs_repair [ 302.555606][ T7179] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 302.568975][ T7159] CPU: 0 UID: 0 PID: 7159 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 302.569012][ T7159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.569028][ T7159] Call Trace: [ 302.569038][ T7159] [ 302.569049][ T7159] dump_stack_lvl+0x189/0x250 [ 302.569088][ T7159] ? __pfx__xfs_alert_tag+0x10/0x10 [ 302.569125][ T7159] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 7178] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... close resumed>) = 0 [pid 7178] <... symlink resumed>) = 0 [pid 7157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7180 ./strace-static-x86_64: Process 7180 attached [pid 7160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7180] set_robust_list(0x55555d962760, 24) = 0 [pid 7180] chdir("./29") = 0 [pid 7180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7180] setpgid(0, 0) = 0 [pid 7180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7180] write(3, "1000", 4) = 4 [pid 7180] close(3) = 0 [ 302.569160][ T7159] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 302.569215][ T7159] xfs_corruption_error+0x122/0x170 [ 302.569253][ T7159] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 302.569289][ T7159] xfs_alloc_fixup_trees+0x95e/0xd20 [ 302.569317][ T7159] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 302.569358][ T7159] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 302.569389][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.569417][ T7159] ? rcu_is_watching+0x15/0xb0 [ 302.569448][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 executing program executing program [pid 7180] symlink("/dev/binderfs", "./binderfs" [pid 7178] write(1, "executing program\n", 18 [pid 7180] <... symlink resumed>) = 0 [pid 7180] write(1, "executing program\n", 18) = 18 [pid 7180] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7180] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7181 attached [pid 7181] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7181] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7181] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] <... clone3 resumed> => {parent_tid=[7181]}, 88) = 7181 [pid 7180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7178] <... write resumed>) = 18 [pid 7180] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = 0 [pid 7180] <... futex resumed>) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7181] memfd_create("syzkaller", 0 [pid 7180] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7178] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7178] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7181] <... memfd_create resumed>) = 3 [pid 7178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7182 attached [pid 7181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7178] <... clone3 resumed> => {parent_tid=[7182]}, 88) = 7182 [pid 7178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7178] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7182] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7182] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7182] memfd_create("syzkaller", 0) = 3 [pid 7182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 302.569475][ T7159] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 302.569507][ T7159] ? rcu_is_watching+0x15/0xb0 [ 302.569546][ T7159] xfs_alloc_cur_finish+0xd3/0x4b0 [ 302.569575][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.569605][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.569639][ T7159] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 302.569696][ T7159] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 302.569726][ T7159] ? xfs_group_grab+0x28/0x480 [ 302.569762][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7159] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7159] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7159] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7157] exit_group(0 [pid 7159] <... futex resumed>) = ? [pid 7157] <... exit_group resumed>) = ? [ 302.569789][ T7159] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 302.569823][ T7159] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 302.569871][ T7159] xfs_alloc_vextent_start_ag+0x388/0x850 [ 302.569911][ T7159] xfs_bmapi_allocate+0x188e/0x2e00 [ 302.569974][ T7159] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 302.570006][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570055][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570082][ T7159] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 302.570106][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570133][ T7159] ? xfs_iext_prev+0x35a/0x370 [ 302.570170][ T7159] ? xfs_iext_get_extent+0x1bb/0x370 [ 302.570206][ T7159] xfs_bmapi_write+0x7df/0x1260 [ 302.570265][ T7159] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 302.570342][ T7159] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 302.570382][ T7159] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 302.570411][ T7159] ? kasan_save_track+0x4f/0x80 [ 302.570437][ T7159] ? kasan_save_track+0x3e/0x80 [ 302.570461][ T7159] ? kasan_save_free_info+0x46/0x50 [ 302.570498][ T7159] ? kmem_cache_free+0x18f/0x400 [ 302.570526][ T7159] ? __xfs_trans_commit+0x3e0/0xbd0 [ 302.570551][ T7159] ? xfs_trans_roll+0x130/0x450 [ 302.570574][ T7159] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 302.570613][ T7159] xfs_attr_set_iter+0x2d4/0x4b70 [ 302.570647][ T7159] ? filename_setxattr+0x274/0x600 [ 302.570681][ T7159] ? path_setxattrat+0x364/0x3a0 [ 302.570702][ T7159] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 302.570753][ T7159] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 302.570809][ T7159] ? kasan_quarantine_put+0xdd/0x220 [ 302.570835][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570862][ T7159] ? lockdep_hardirqs_on+0x9c/0x150 [ 302.570903][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570936][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.570963][ T7159] ? kmem_cache_free+0x18f/0x400 [ 302.570991][ T7159] ? __xfs_trans_commit+0x3e0/0xbd0 [ 302.571022][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.571049][ T7159] ? __xfs_trans_commit+0x4c7/0xbd0 [ 302.571092][ T7159] xfs_attr_finish_item+0xed/0x320 [ 302.571132][ T7159] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 302.571168][ T7159] xfs_defer_finish_one+0x5c8/0xcf0 [ 302.571234][ T7159] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 302.571283][ T7159] xfs_defer_finish_noroll+0x910/0x12d0 [ 302.571321][ T7159] ? xfs_trans_commit+0x10b/0x1c0 [ 302.571353][ T7159] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 302.571386][ T7159] ? inode_set_ctime_current+0x740/0xb40 [ 302.571432][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.571460][ T7159] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 302.571499][ T7159] xfs_trans_commit+0x10b/0x1c0 [pid 7182] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7159] +++ exited with 0 +++ [pid 7157] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7157, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=103 /* 1.03 s */} --- [pid 5873] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 302.571525][ T7159] ? __pfx_xfs_trans_commit+0x10/0x10 [ 302.571557][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.571585][ T7159] ? xfs_trans_log_inode+0x12c/0x1a0 [ 302.571624][ T7159] xfs_attr_set+0xdc6/0x1210 [ 302.571672][ T7159] ? __pfx_xfs_attr_set+0x10/0x10 [ 302.571705][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.571733][ T7159] ? __lock_acquire+0xab9/0xd20 [ 302.571769][ T7159] ? xfs_da_hashname+0x59d/0x740 [ 302.571800][ T7159] ? do_raw_spin_lock+0x121/0x290 [ 302.571842][ T7159] ? xfs_attr_change+0x2ac/0x390 [pid 5873] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7181] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7160] exit_group(0 [pid 7161] <... futex resumed>) = ? [pid 7160] <... exit_group resumed>) = ? [pid 7161] +++ exited with 0 +++ [ 302.571877][ T7159] xfs_xattr_set+0x14d/0x250 [ 302.571909][ T7159] ? __pfx_xfs_xattr_set+0x10/0x10 [ 302.571953][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.571980][ T7159] ? evm_protect_xattr+0x4d4/0xa90 [ 302.572007][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.572034][ T7159] ? rcu_is_watching+0x15/0xb0 [ 302.572067][ T7159] ? __pfx_evm_protect_xattr+0x10/0x10 [ 302.572095][ T7159] ? __pfx_xfs_xattr_set+0x10/0x10 [ 302.572123][ T7159] __vfs_setxattr+0x43c/0x480 [ 302.572171][ T7159] __vfs_setxattr_noperm+0x12d/0x660 [ 302.572218][ T7159] vfs_setxattr+0x16b/0x2f0 [ 302.572259][ T7159] ? __pfx_vfs_setxattr+0x10/0x10 [ 302.572289][ T7159] ? mnt_get_write_access+0x223/0x2a0 [ 302.572319][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.572353][ T7159] filename_setxattr+0x274/0x600 [ 302.572399][ T7159] ? __pfx_filename_setxattr+0x10/0x10 [ 302.572437][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.572464][ T7159] ? getname_flags+0x1e5/0x540 [ 302.572505][ T7159] path_setxattrat+0x364/0x3a0 [ 302.572541][ T7159] ? __pfx_path_setxattrat+0x10/0x10 [ 302.572605][ T7159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.572633][ T7159] ? rcu_is_watching+0x15/0xb0 [ 302.572668][ T7159] __x64_sys_lsetxattr+0xbf/0xe0 [ 302.572708][ T7159] do_syscall_64+0xfa/0x3b0 [ 302.572736][ T7159] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.572759][ T7159] ? asm_common_interrupt+0x26/0x40 [ 302.572789][ T7159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.572813][ T7159] RIP: 0033:0x7f3cdbf794f9 [ 302.572836][ T7159] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 302.572857][ T7159] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 302.572883][ T7159] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 302.572902][ T7159] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 302.572920][ T7159] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 302.572937][ T7159] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 302.572953][ T7159] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 302.572992][ T7159] [ 302.573003][ T7159] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 302.596050][ T7179] CPU: 1 UID: 0 PID: 7179 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 302.596086][ T7179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7182] <... write resumed>) = 16777216 [ 302.596102][ T7179] Call Trace: [ 302.596113][ T7179] [ 302.596124][ T7179] dump_stack_lvl+0x189/0x250 [ 302.596160][ T7179] ? __pfx__xfs_alert_tag+0x10/0x10 [ 302.596196][ T7179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.596230][ T7179] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 302.596277][ T7179] xfs_corruption_error+0x122/0x170 [ 302.596315][ T7179] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 302.596350][ T7179] xfs_alloc_fixup_trees+0x95e/0xd20 [ 302.596379][ T7179] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7182] munmap(0x7f3cd3a00000, 138412032) = 0 [ 302.596420][ T7179] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 302.596450][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.596478][ T7179] ? rcu_is_watching+0x15/0xb0 [ 302.596509][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.596537][ T7179] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 302.596568][ T7179] ? rcu_is_watching+0x15/0xb0 [ 302.596606][ T7179] xfs_alloc_cur_finish+0xd3/0x4b0 [ 302.596636][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.596665][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7182] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7182] ioctl(4, LOOP_SET_FD, 3 [pid 7181] <... write resumed>) = 16777216 [pid 7179] <... lsetxattr resumed>) = ? [pid 7181] munmap(0x7f3cd3a00000, 138412032 [pid 7179] +++ exited with 0 +++ [pid 7160] +++ exited with 0 +++ [ 302.596699][ T7179] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 302.596756][ T7179] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 302.596789][ T7179] ? xfs_group_grab+0x28/0x480 [ 302.596825][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.596851][ T7179] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 302.596884][ T7179] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 302.596931][ T7179] xfs_alloc_vextent_start_ag+0x388/0x850 [ 302.596978][ T7179] xfs_bmapi_allocate+0x188e/0x2e00 [ 302.597041][ T7179] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 302.597074][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.597123][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.597150][ T7179] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 302.597174][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.597200][ T7179] ? xfs_iext_prev+0x35a/0x370 [ 302.597238][ T7179] ? xfs_iext_get_extent+0x1bb/0x370 [ 302.597268][ T7179] xfs_bmapi_write+0x7df/0x1260 [ 302.597327][ T7179] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 302.597404][ T7179] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 7181] <... munmap resumed>) = 0 [pid 7182] <... ioctl resumed>) = 0 [pid 7182] close(3) = 0 [pid 7182] close(4) = 0 [pid 7182] mkdir("./file1", 0777) = 0 [pid 7182] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7160, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=139 /* 1.39 s */} --- [pid 5872] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 302.597444][ T7179] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 302.597474][ T7179] ? kasan_save_track+0x4f/0x80 [ 302.597499][ T7179] ? kasan_save_track+0x3e/0x80 [ 302.597523][ T7179] ? kasan_save_free_info+0x46/0x50 [ 302.597558][ T7179] ? kmem_cache_free+0x18f/0x400 [ 302.597587][ T7179] ? __xfs_trans_commit+0x3e0/0xbd0 [ 302.597612][ T7179] ? xfs_trans_roll+0x130/0x450 [ 302.597635][ T7179] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 302.597674][ T7179] xfs_attr_set_iter+0x2d4/0x4b70 [ 302.597708][ T7179] ? filename_setxattr+0x274/0x600 [pid 5872] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 302.597740][ T7179] ? path_setxattrat+0x364/0x3a0 [ 302.597761][ T7179] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 302.597812][ T7179] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 302.597868][ T7179] ? kasan_quarantine_put+0xdd/0x220 [ 302.597893][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.597921][ T7179] ? lockdep_hardirqs_on+0x9c/0x150 [ 302.597967][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598000][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598027][ T7179] ? kmem_cache_free+0x18f/0x400 [pid 5872] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7181] <... openat resumed>) = 4 [pid 7181] ioctl(4, LOOP_SET_FD, 3 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./29/file1") = 0 [pid 5873] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./29/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./29") = 0 [pid 5873] mkdir("./30", 0777) = 0 [ 302.598054][ T7179] ? __xfs_trans_commit+0x3e0/0xbd0 [ 302.598084][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598111][ T7179] ? __xfs_trans_commit+0x4c7/0xbd0 [ 302.598154][ T7179] xfs_attr_finish_item+0xed/0x320 [ 302.598194][ T7179] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 302.598230][ T7179] xfs_defer_finish_one+0x5c8/0xcf0 [ 302.598290][ T7179] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 302.598338][ T7179] xfs_defer_finish_noroll+0x910/0x12d0 [ 302.598376][ T7179] ? xfs_trans_commit+0x10b/0x1c0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 302.598408][ T7179] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 302.598440][ T7179] ? inode_set_ctime_current+0x740/0xb40 [ 302.598487][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598515][ T7179] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 302.598554][ T7179] xfs_trans_commit+0x10b/0x1c0 [ 302.598581][ T7179] ? __pfx_xfs_trans_commit+0x10/0x10 [ 302.598613][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598640][ T7179] ? xfs_trans_log_inode+0x12c/0x1a0 [ 302.598679][ T7179] xfs_attr_set+0xdc6/0x1210 [ 302.598727][ T7179] ? __pfx_xfs_attr_set+0x10/0x10 [ 302.598760][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.598787][ T7179] ? __lock_acquire+0xab9/0xd20 [ 302.598824][ T7179] ? xfs_da_hashname+0x59d/0x740 [ 302.598855][ T7179] ? do_raw_spin_lock+0x121/0x290 [ 302.598898][ T7179] ? xfs_attr_change+0x2ac/0x390 [ 302.598931][ T7179] xfs_xattr_set+0x14d/0x250 [ 302.598971][ T7179] ? __pfx_xfs_xattr_set+0x10/0x10 [ 302.599015][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.599042][ T7179] ? evm_protect_xattr+0x4d4/0xa90 [ 302.599068][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.599096][ T7179] ? rcu_is_watching+0x15/0xb0 [ 302.599129][ T7179] ? __pfx_evm_protect_xattr+0x10/0x10 [ 302.599157][ T7179] ? __pfx_xfs_xattr_set+0x10/0x10 [ 302.599184][ T7179] __vfs_setxattr+0x43c/0x480 [ 302.599231][ T7179] __vfs_setxattr_noperm+0x12d/0x660 [ 302.599274][ T7179] vfs_setxattr+0x16b/0x2f0 [ 302.599315][ T7179] ? __pfx_vfs_setxattr+0x10/0x10 [ 302.599345][ T7179] ? mnt_get_write_access+0x223/0x2a0 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7187 attached [pid 7187] set_robust_list(0x55555d962760, 24) = 0 [pid 7187] chdir("./30") = 0 [pid 7187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7187] setpgid(0, 0) = 0 [pid 7187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7187] write(3, "1000", 4) = 4 [pid 7187] close(3) = 0 [ 302.599375][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.599408][ T7179] filename_setxattr+0x274/0x600 [ 302.599451][ T7179] ? __pfx_filename_setxattr+0x10/0x10 [ 302.599488][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.599516][ T7179] ? getname_flags+0x1e5/0x540 [ 302.599556][ T7179] path_setxattrat+0x364/0x3a0 [ 302.599592][ T7179] ? __pfx_path_setxattrat+0x10/0x10 [ 302.599657][ T7179] ? srso_alias_return_thunk+0x5/0xfbef5 [ 302.599684][ T7179] ? rcu_is_watching+0x15/0xb0 [pid 7187] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7187] write(1, "executing program\n", 18) = 18 [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7187] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7187] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7188 attached [pid 7188] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7188] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7188] rt_sigprocmask(SIG_SETMASK, [], [pid 7187] <... clone3 resumed> => {parent_tid=[7188]}, 88) = 7188 [pid 7188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7187] rt_sigprocmask(SIG_SETMASK, [], [pid 7188] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7187] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] <... futex resumed>) = 0 [pid 7187] <... futex resumed>) = 1 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7187 [pid 7188] memfd_create("syzkaller", 0 [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7188] <... memfd_create resumed>) = 3 [pid 7188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 302.599720][ T7179] __x64_sys_lsetxattr+0xbf/0xe0 [ 302.599760][ T7179] do_syscall_64+0xfa/0x3b0 [ 302.599788][ T7179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.599811][ T7179] ? __switch_to_asm+0x39/0x70 [ 302.599843][ T7179] ? __switch_to_asm+0x33/0x70 [ 302.599880][ T7179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.599905][ T7179] RIP: 0033:0x7f3cdbf794f9 [ 302.599927][ T7179] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 302.599954][ T7179] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 302.599979][ T7179] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 302.599998][ T7179] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 302.600017][ T7179] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 302.600033][ T7179] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 302.600049][ T7179] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 302.600088][ T7179] [ 302.600667][ T7179] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 302.605759][ T7159] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 302.619870][ T7179] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7188] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7181] <... ioctl resumed>) = 0 [ 302.626263][ T7159] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 302.671307][ T7179] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 303.348122][ T7182] loop3: detected capacity change from 0 to 32768 [ 303.434228][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 303.470201][ T7182] XFS: noikeep mount option is deprecated. [ 303.583576][ T7181] loop0: detected capacity change from 0 to 32768 [ 304.017182][ T7182] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7181] close(3) = 0 [pid 7181] close(4) = 0 [pid 7181] mkdir("./file1", 0777) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 304.027004][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7181] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./29/file1") = 0 [pid 5872] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./29/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 304.068280][ T7182] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 304.079498][ T7181] XFS: noikeep mount option is deprecated. [pid 5872] close(3) = 0 [pid 5872] rmdir("./29") = 0 [pid 5872] mkdir("./30", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 304.121303][ T7182] XFS (loop3): Starting recovery (logdev: internal) [ 304.195495][ T7181] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] close(3 [pid 7182] <... mount resumed>) = 0 [pid 7182] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7182] chdir("./file1") = 0 [pid 7182] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7182] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7182] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] <... futex resumed>) = 0 [pid 7178] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] <... futex resumed>) = 0 [pid 7182] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7182] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7178] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 304.243405][ T7182] XFS (loop3): Ending recovery (logdev: internal) [ 304.281554][ T7181] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7182] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7182] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7182] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7178] <... futex resumed>) = 0 [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7182] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7178] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 304.334476][ T7182] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 304.347998][ T7181] XFS (loop0): Starting recovery (logdev: internal) [ 304.356828][ T7182] XFS (loop3): Unmount and run xfs_repair [ 304.369319][ T7182] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 304.397005][ T7182] CPU: 0 UID: 0 PID: 7182 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 304.397041][ T7182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.397057][ T7182] Call Trace: [ 304.397066][ T7182] [ 304.397077][ T7182] dump_stack_lvl+0x189/0x250 [ 304.397113][ T7182] ? __pfx__xfs_alert_tag+0x10/0x10 [ 304.397152][ T7182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.397185][ T7182] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7182] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7178] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7181] <... mount resumed>) = 0 [pid 7181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7181] chdir("./file1") = 0 [pid 7181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7181] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7180] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7181] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7181] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7180] <... futex resumed>) = 0 [pid 7181] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7180] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... pwritev2 resumed>) = 65007 [pid 7181] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... futex resumed>) = 0 [pid 7180] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... futex resumed>) = 1 [pid 5872] <... close resumed>) = 0 [ 304.397243][ T7182] xfs_corruption_error+0x122/0x170 [ 304.397282][ T7182] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 304.397321][ T7182] xfs_alloc_fixup_trees+0x95e/0xd20 [ 304.397352][ T7182] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 304.397392][ T7182] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 304.397423][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.397453][ T7182] ? rcu_is_watching+0x15/0xb0 [ 304.397483][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.397511][ T7182] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 7181] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7188] <... write resumed>) = 16777216 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 7188] munmap(0x7f3cd3a00000, 138412032 [pid 7180] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7180] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7180] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7202]}, 88) = 7202 [pid 7180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7180] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7180] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7201 attached [pid 7201] set_robust_list(0x55555d962760, 24) = 0 [pid 7201] chdir("./30") = 0 [pid 7201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 7202 attached [pid 7201] setpgid(0, 0 [pid 7202] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7201] <... setpgid resumed>) = 0 [pid 7202] <... rseq resumed>) = 0 [pid 7201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7202] set_robust_list(0x7f3cdbf049a0, 24 [pid 7201] <... openat resumed>) = 3 [pid 7202] <... set_robust_list resumed>) = 0 [pid 7201] write(3, "1000", 4 [pid 7202] rt_sigprocmask(SIG_SETMASK, [], [pid 7201] <... write resumed>) = 4 [pid 7202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7201] close(3 [pid 7202] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7201] <... close resumed>) = 0 [pid 7201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7201] write(1, "executing program\n", 18) = 18 [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 304.397542][ T7182] ? rcu_is_watching+0x15/0xb0 [ 304.397582][ T7182] xfs_alloc_cur_finish+0xd3/0x4b0 [ 304.397611][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.397641][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.397674][ T7182] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 304.397730][ T7182] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 304.397759][ T7182] ? xfs_group_grab+0x28/0x480 [ 304.397796][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.397825][ T7182] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7188] <... munmap resumed>) = 0 [pid 7182] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7181] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7201 [pid 7188] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7182] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] exit_group(0 [pid 7188] <... openat resumed>) = 4 [pid 7182] <... futex resumed>) = ? [pid 7181] <... futex resumed>) = 0 [pid 7178] <... exit_group resumed>) = ? [ 304.397859][ T7182] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 304.397906][ T7182] xfs_alloc_vextent_start_ag+0x388/0x850 [ 304.397945][ T7182] xfs_bmapi_allocate+0x188e/0x2e00 [ 304.398009][ T7182] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 304.398041][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.398092][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.398119][ T7182] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 304.398142][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7188] ioctl(4, LOOP_SET_FD, 3 [pid 7182] +++ exited with 0 +++ [pid 7181] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] +++ exited with 0 +++ [pid 7201] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7180] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7178, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=66 /* 0.66 s */} --- [pid 7188] <... ioctl resumed>) = 0 [pid 7201] <... mprotect resumed>) = 0 [pid 7201] rt_sigprocmask(SIG_BLOCK, ~[], [ 304.398169][ T7182] ? xfs_iext_prev+0x35a/0x370 [ 304.398213][ T7182] ? xfs_iext_get_extent+0x1bb/0x370 [ 304.398244][ T7182] xfs_bmapi_write+0x7df/0x1260 [ 304.398301][ T7182] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 304.398379][ T7182] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 304.398420][ T7182] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 304.398450][ T7182] ? kasan_save_track+0x4f/0x80 [ 304.398476][ T7182] ? kasan_save_track+0x3e/0x80 [ 304.398501][ T7182] ? kasan_save_free_info+0x46/0x50 [pid 7188] close(3) = 0 [pid 5874] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7201] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7188] close(4 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7188] <... close resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7201] <... clone3 resumed> => {parent_tid=[7203]}, 88) = 7203 [pid 7188] mkdir("./file1", 0777 [pid 5874] <... openat resumed>) = 3 [pid 7201] rt_sigprocmask(SIG_SETMASK, [], [pid 7188] <... mkdir resumed>) = 0 [pid 5874] newfstatat(3, "", [pid 7201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7201] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] getdents64(3, ./strace-static-x86_64: Process 7203 attached [pid 7201] <... futex resumed>) = 0 [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 304.398538][ T7182] ? kmem_cache_free+0x18f/0x400 [ 304.398566][ T7182] ? __xfs_trans_commit+0x3e0/0xbd0 [ 304.398589][ T7182] ? xfs_trans_roll+0x130/0x450 [ 304.398610][ T7182] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 304.398645][ T7182] xfs_attr_set_iter+0x2d4/0x4b70 [ 304.398674][ T7182] ? filename_setxattr+0x274/0x600 [ 304.398706][ T7182] ? path_setxattrat+0x364/0x3a0 [ 304.398727][ T7182] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 304.398779][ T7182] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 304.398834][ T7182] ? kasan_quarantine_put+0xdd/0x220 [pid 5874] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7203] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7203] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 304.398859][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.398887][ T7182] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.398927][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.398962][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.398990][ T7182] ? kmem_cache_free+0x18f/0x400 [ 304.399019][ T7182] ? __xfs_trans_commit+0x3e0/0xbd0 [ 304.399052][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.399080][ T7182] ? __xfs_trans_commit+0x4c7/0xbd0 [ 304.399123][ T7182] xfs_attr_finish_item+0xed/0x320 [pid 7203] memfd_create("syzkaller", 0) = 3 [pid 7203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 304.399168][ T7181] XFS (loop0): Ending recovery (logdev: internal) [ 304.399162][ T7182] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 304.399206][ T7182] xfs_defer_finish_one+0x5c8/0xcf0 [ 304.399262][ T7182] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 304.399311][ T7182] xfs_defer_finish_noroll+0x910/0x12d0 [ 304.399348][ T7182] ? xfs_trans_commit+0x10b/0x1c0 [ 304.399380][ T7182] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 304.399413][ T7182] ? inode_set_ctime_current+0x740/0xb40 [ 304.399460][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.399487][ T7182] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 304.399526][ T7182] xfs_trans_commit+0x10b/0x1c0 [ 304.399552][ T7182] ? __pfx_xfs_trans_commit+0x10/0x10 [ 304.399584][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.399611][ T7182] ? xfs_trans_log_inode+0x12c/0x1a0 [ 304.399651][ T7182] xfs_attr_set+0xdc6/0x1210 [ 304.399699][ T7182] ? __pfx_xfs_attr_set+0x10/0x10 [ 304.399732][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.399760][ T7182] ? __lock_acquire+0xab9/0xd20 [ 304.399796][ T7182] ? xfs_da_hashname+0x59d/0x740 [ 304.399828][ T7182] ? do_raw_spin_lock+0x121/0x290 [ 304.399870][ T7182] ? xfs_attr_change+0x2ac/0x390 [ 304.399904][ T7182] xfs_xattr_set+0x14d/0x250 [ 304.399935][ T7182] ? __pfx_xfs_xattr_set+0x10/0x10 [ 304.399978][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.400006][ T7182] ? evm_protect_xattr+0x4d4/0xa90 [ 304.400033][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.400060][ T7182] ? rcu_is_watching+0x15/0xb0 [ 304.400094][ T7182] ? __pfx_evm_protect_xattr+0x10/0x10 [ 304.400122][ T7182] ? __pfx_xfs_xattr_set+0x10/0x10 [ 304.400149][ T7182] __vfs_setxattr+0x43c/0x480 [ 304.400207][ T7182] __vfs_setxattr_noperm+0x12d/0x660 [ 304.400250][ T7182] vfs_setxattr+0x16b/0x2f0 [ 304.400291][ T7182] ? __pfx_vfs_setxattr+0x10/0x10 [ 304.400321][ T7182] ? mnt_get_write_access+0x223/0x2a0 [ 304.400351][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.400385][ T7182] filename_setxattr+0x274/0x600 [ 304.400431][ T7182] ? __pfx_filename_setxattr+0x10/0x10 [ 304.400469][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.400496][ T7182] ? getname_flags+0x1e5/0x540 [ 304.400537][ T7182] path_setxattrat+0x364/0x3a0 [ 304.400573][ T7182] ? __pfx_path_setxattrat+0x10/0x10 [ 304.400638][ T7182] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.400666][ T7182] ? rcu_is_watching+0x15/0xb0 [ 304.400702][ T7182] __x64_sys_lsetxattr+0xbf/0xe0 [ 304.400742][ T7182] do_syscall_64+0xfa/0x3b0 [ 304.400769][ T7182] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.400792][ T7182] ? asm_common_interrupt+0x26/0x40 [pid 7203] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7180] exit_group(0 [pid 7181] <... futex resumed>) = ? [pid 7180] <... exit_group resumed>) = ? [pid 7181] +++ exited with 0 +++ [ 304.400823][ T7182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.400846][ T7182] RIP: 0033:0x7f3cdbf794f9 [ 304.400869][ T7182] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 304.400890][ T7182] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 304.400916][ T7182] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 304.400935][ T7182] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 304.400974][ T7182] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 304.400991][ T7182] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 304.401007][ T7182] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 304.401046][ T7182] [ 304.401124][ T7182] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 304.478174][ T7181] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 304.501133][ T7182] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 304.504970][ T7181] XFS (loop0): Unmount and run xfs_repair [ 304.515098][ T7182] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 304.534094][ T7202] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 304.598948][ T7188] loop2: detected capacity change from 0 to 32768 [pid 7203] <... write resumed>) = 16777216 [ 304.603355][ T7202] CPU: 1 UID: 0 PID: 7202 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 304.603388][ T7202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.603404][ T7202] Call Trace: [ 304.603414][ T7202] [ 304.603426][ T7202] dump_stack_lvl+0x189/0x250 [ 304.603464][ T7202] ? __pfx__xfs_alert_tag+0x10/0x10 [ 304.603503][ T7202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.603538][ T7202] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7203] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7203] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7203] ioctl(4, LOOP_SET_FD, 3 [pid 7202] <... lsetxattr resumed>) = ? [pid 7202] +++ exited with 0 +++ [pid 7180] +++ exited with 0 +++ [pid 7203] <... ioctl resumed>) = 0 [ 304.603585][ T7202] xfs_corruption_error+0x122/0x170 [ 304.603624][ T7202] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 304.603659][ T7202] xfs_alloc_fixup_trees+0x95e/0xd20 [ 304.603687][ T7202] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 304.603728][ T7202] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 304.603759][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.603787][ T7202] ? rcu_is_watching+0x15/0xb0 [ 304.603817][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.603844][ T7202] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 304.603875][ T7202] ? rcu_is_watching+0x15/0xb0 [ 304.603915][ T7202] xfs_alloc_cur_finish+0xd3/0x4b0 [ 304.603952][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.603982][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.604015][ T7202] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 304.604072][ T7202] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 304.604101][ T7202] ? xfs_group_grab+0x28/0x480 [ 304.604141][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.604170][ T7202] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 304.604202][ T7202] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 304.604248][ T7202] xfs_alloc_vextent_start_ag+0x388/0x850 [ 304.604287][ T7202] xfs_bmapi_allocate+0x188e/0x2e00 [ 304.604351][ T7202] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 304.604383][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.604433][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.604460][ T7202] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 304.604484][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.604511][ T7202] ? xfs_iext_prev+0x35a/0x370 [pid 7203] close(3) = 0 [pid 7203] close(4) = 0 [pid 7203] mkdir("./file1", 0777) = 0 [pid 7203] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7180, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=148 /* 1.48 s */} --- [ 304.604550][ T7202] ? xfs_iext_get_extent+0x1bb/0x370 [ 304.604581][ T7202] xfs_bmapi_write+0x7df/0x1260 [ 304.604639][ T7202] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 304.604717][ T7202] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 304.604757][ T7202] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 304.604787][ T7202] ? kasan_save_track+0x4f/0x80 [ 304.604813][ T7202] ? kasan_save_track+0x3e/0x80 [ 304.604837][ T7202] ? kasan_save_free_info+0x46/0x50 [ 304.604873][ T7202] ? kmem_cache_free+0x18f/0x400 [ 304.604901][ T7202] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 5871] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 304.604926][ T7202] ? xfs_trans_roll+0x130/0x450 [ 304.604956][ T7202] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 304.604995][ T7202] xfs_attr_set_iter+0x2d4/0x4b70 [ 304.605030][ T7202] ? filename_setxattr+0x274/0x600 [ 304.605063][ T7202] ? path_setxattrat+0x364/0x3a0 [ 304.605084][ T7202] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 304.605135][ T7202] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 304.605191][ T7202] ? kasan_quarantine_put+0xdd/0x220 [ 304.605216][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605243][ T7202] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.605283][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605317][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605344][ T7202] ? kmem_cache_free+0x18f/0x400 [ 304.605372][ T7202] ? __xfs_trans_commit+0x3e0/0xbd0 [ 304.605402][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605430][ T7202] ? __xfs_trans_commit+0x4c7/0xbd0 [ 304.605472][ T7202] xfs_attr_finish_item+0xed/0x320 [ 304.605511][ T7202] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 304.605548][ T7202] xfs_defer_finish_one+0x5c8/0xcf0 [ 304.605607][ T7202] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 304.605655][ T7202] xfs_defer_finish_noroll+0x910/0x12d0 [ 304.605693][ T7202] ? xfs_trans_commit+0x10b/0x1c0 [ 304.605725][ T7202] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 304.605758][ T7202] ? inode_set_ctime_current+0x740/0xb40 [ 304.605804][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605832][ T7202] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 304.605871][ T7202] xfs_trans_commit+0x10b/0x1c0 [pid 5871] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./30/file1") = 0 [ 304.605898][ T7202] ? __pfx_xfs_trans_commit+0x10/0x10 [ 304.605930][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.605970][ T7202] ? xfs_trans_log_inode+0x12c/0x1a0 [ 304.606009][ T7202] xfs_attr_set+0xdc6/0x1210 [ 304.606057][ T7202] ? __pfx_xfs_attr_set+0x10/0x10 [ 304.606090][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.606117][ T7202] ? __lock_acquire+0xab9/0xd20 [ 304.606153][ T7202] ? xfs_da_hashname+0x59d/0x740 [ 304.606185][ T7202] ? do_raw_spin_lock+0x121/0x290 [ 304.606227][ T7202] ? xfs_attr_change+0x2ac/0x390 [pid 5874] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./30/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./30") = 0 [pid 5874] mkdir("./31", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 304.606261][ T7202] xfs_xattr_set+0x14d/0x250 [ 304.606292][ T7202] ? __pfx_xfs_xattr_set+0x10/0x10 [ 304.606336][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.606364][ T7202] ? evm_protect_xattr+0x4d4/0xa90 [ 304.606390][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.606418][ T7202] ? rcu_is_watching+0x15/0xb0 [ 304.606451][ T7202] ? __pfx_evm_protect_xattr+0x10/0x10 [ 304.606479][ T7202] ? __pfx_xfs_xattr_set+0x10/0x10 [ 304.606506][ T7202] __vfs_setxattr+0x43c/0x480 [ 304.606554][ T7202] __vfs_setxattr_noperm+0x12d/0x660 [ 304.606596][ T7202] vfs_setxattr+0x16b/0x2f0 [ 304.606637][ T7202] ? __pfx_vfs_setxattr+0x10/0x10 [ 304.606667][ T7202] ? mnt_get_write_access+0x223/0x2a0 [ 304.606697][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.606731][ T7202] filename_setxattr+0x274/0x600 [ 304.606781][ T7202] ? __pfx_filename_setxattr+0x10/0x10 [ 304.606819][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.606846][ T7202] ? getname_flags+0x1e5/0x540 [ 304.606886][ T7202] path_setxattrat+0x364/0x3a0 [ 304.606922][ T7202] ? __pfx_path_setxattrat+0x10/0x10 [ 304.606993][ T7202] ? srso_alias_return_thunk+0x5/0xfbef5 [ 304.607020][ T7202] ? rcu_is_watching+0x15/0xb0 [ 304.607056][ T7202] __x64_sys_lsetxattr+0xbf/0xe0 [ 304.607096][ T7202] do_syscall_64+0xfa/0x3b0 [ 304.607124][ T7202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.607147][ T7202] ? __switch_to_asm+0x39/0x70 [ 304.607180][ T7202] ? __switch_to_asm+0x33/0x70 [ 304.607217][ T7202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.607241][ T7202] RIP: 0033:0x7f3cdbf794f9 [ 304.607263][ T7202] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 304.607285][ T7202] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 304.607312][ T7202] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 304.607331][ T7202] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 304.607350][ T7202] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 304.607366][ T7202] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 304.607384][ T7202] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 304.607423][ T7202] [ 304.607620][ T7202] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 304.662535][ T7188] XFS: noikeep mount option is deprecated. [ 304.668154][ T7202] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7220 ./strace-static-x86_64: Process 7220 attached [pid 7220] set_robust_list(0x55555d962760, 24) = 0 [pid 7220] chdir("./31") = 0 [pid 7220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7220] setpgid(0, 0) = 0 [pid 7220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7220] write(3, "1000", 4) = 4 [pid 7220] close(3) = 0 [pid 7220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7220] write(1, "executing program\n", 18executing program ) = 18 [pid 7220] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 305.222331][ T7203] loop1: detected capacity change from 0 to 32768 [ 305.223574][ T7202] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 305.231496][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 305.245157][ T7188] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 305.390710][ T7203] XFS: noikeep mount option is deprecated. [ 305.496639][ T7188] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7220] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7220] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7221 attached [pid 7221] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7220] <... clone3 resumed> => {parent_tid=[7221]}, 88) = 7221 [pid 7221] <... rseq resumed>) = 0 [pid 7188] <... mount resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [ 305.592141][ T7203] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 305.649320][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 305.680975][ T7188] XFS (loop2): Starting recovery (logdev: internal) [ 305.878269][ T7203] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 305.929428][ T7188] XFS (loop2): Ending recovery (logdev: internal) [pid 5871] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7221] set_robust_list(0x7f3cdbf259a0, 24 [pid 7220] rt_sigprocmask(SIG_SETMASK, [], [pid 7188] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7221] <... set_robust_list resumed>) = 0 [pid 7188] <... openat resumed>) = 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7221] rt_sigprocmask(SIG_SETMASK, [], [pid 7220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] chdir("./file1" [pid 5871] umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7221] memfd_create("syzkaller", 0 [pid 7220] <... futex resumed>) = 0 [pid 7188] <... chdir resumed>) = 0 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7221] <... memfd_create resumed>) = 3 [pid 7220] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7188] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./29/file1" [pid 7203] <... mount resumed>) = 0 [pid 7221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7188] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... rmdir resumed>) = 0 [pid 7203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7221] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7203] <... openat resumed>) = 3 [pid 7188] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] chdir("./file1" [pid 5871] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7203] <... chdir resumed>) = 0 [pid 7203] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7203] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7188] <... futex resumed>) = 1 [pid 7188] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] newfstatat(AT_FDCWD, "./29/binderfs", [pid 7203] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7203] <... futex resumed>) = 1 [pid 7201] <... futex resumed>) = 0 [pid 7203] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7201] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] unlink("./29/binderfs" [pid 7201] <... futex resumed>) = 0 [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 7203] <... openat resumed>) = 4 [pid 7187] <... futex resumed>) = 0 [pid 5871] rmdir("./29" [pid 7203] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 7203] <... futex resumed>) = 1 [pid 7201] <... futex resumed>) = 0 [pid 7188] <... futex resumed>) = 0 [pid 7187] <... futex resumed>) = 1 [pid 7203] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7201] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7188] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] mkdir("./30", 0777) = 0 [pid 7188] <... openat resumed>) = 4 [pid 7188] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7188] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7187] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7187] <... futex resumed>) = 0 [pid 7188] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7203] <... pwritev2 resumed>) = 65007 [ 305.960595][ T7203] XFS (loop1): Starting recovery (logdev: internal) [ 305.984944][ T7203] XFS (loop1): Ending recovery (logdev: internal) [pid 7188] <... pwritev2 resumed>) = 65007 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7203] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 7188] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] <... futex resumed>) = 1 [pid 7201] <... futex resumed>) = 0 [pid 7188] <... futex resumed>) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7188] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7187] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7187] <... futex resumed>) = 0 [pid 7188] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7203] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7201] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7203] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7188] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7203] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7188] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7187] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] <... futex resumed>) = 1 [pid 7201] <... futex resumed>) = 0 [pid 7201] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] <... futex resumed>) = 0 [ 306.048509][ T7188] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 306.049023][ T7203] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 306.072425][ T7188] XFS (loop2): Unmount and run xfs_repair [ 306.079056][ T7203] XFS (loop1): Unmount and run xfs_repair [pid 7187] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7203] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7201] <... futex resumed>) = 0 [ 306.118026][ T7188] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 306.134440][ T7203] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 306.142687][ T7188] CPU: 1 UID: 0 PID: 7188 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7201] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 306.142723][ T7188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.142739][ T7188] Call Trace: [ 306.142749][ T7188] [ 306.142760][ T7188] dump_stack_lvl+0x189/0x250 [ 306.142795][ T7188] ? __pfx__xfs_alert_tag+0x10/0x10 [ 306.142834][ T7188] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.142868][ T7188] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 306.142915][ T7188] xfs_corruption_error+0x122/0x170 [ 306.142954][ T7188] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 306.142988][ T7188] xfs_alloc_fixup_trees+0x95e/0xd20 [ 306.143017][ T7188] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 306.143057][ T7188] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 306.143087][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143116][ T7188] ? rcu_is_watching+0x15/0xb0 [ 306.143146][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143173][ T7188] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 306.143203][ T7188] ? rcu_is_watching+0x15/0xb0 [ 306.143248][ T7188] xfs_alloc_cur_finish+0xd3/0x4b0 [ 306.143277][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143307][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143340][ T7188] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 306.143396][ T7188] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 306.143425][ T7188] ? xfs_group_grab+0x28/0x480 [ 306.143461][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143488][ T7188] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 306.143522][ T7188] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 306.143568][ T7188] xfs_alloc_vextent_start_ag+0x388/0x850 [ 306.143607][ T7188] xfs_bmapi_allocate+0x188e/0x2e00 [pid 7221] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7187] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... close resumed>) = 0 [ 306.143670][ T7188] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 306.143702][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143751][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143779][ T7188] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 306.143801][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.143829][ T7188] ? xfs_iext_prev+0x35a/0x370 [ 306.143866][ T7188] ? xfs_iext_get_extent+0x1bb/0x370 [ 306.143896][ T7188] xfs_bmapi_write+0x7df/0x1260 [ 306.143956][ T7188] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 306.144033][ T7188] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 306.144074][ T7188] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 306.144104][ T7188] ? kasan_save_track+0x4f/0x80 [ 306.144130][ T7188] ? kasan_save_track+0x3e/0x80 [ 306.144154][ T7188] ? kasan_save_free_info+0x46/0x50 [ 306.144190][ T7188] ? kmem_cache_free+0x18f/0x400 [ 306.144224][ T7188] ? __xfs_trans_commit+0x3e0/0xbd0 [ 306.144249][ T7188] ? xfs_trans_roll+0x130/0x450 [ 306.144273][ T7188] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 306.144313][ T7188] xfs_attr_set_iter+0x2d4/0x4b70 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7222 [ 306.144347][ T7188] ? filename_setxattr+0x274/0x600 [ 306.144379][ T7188] ? path_setxattrat+0x364/0x3a0 [ 306.144401][ T7188] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 306.144453][ T7188] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 306.144510][ T7188] ? kasan_quarantine_put+0xdd/0x220 [ 306.144535][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.144563][ T7188] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.144603][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.144637][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.144665][ T7188] ? kmem_cache_free+0x18f/0x400 ./strace-static-x86_64: Process 7222 attached [ 306.144692][ T7188] ? __xfs_trans_commit+0x3e0/0xbd0 [ 306.144723][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.144751][ T7188] ? __xfs_trans_commit+0x4c7/0xbd0 [ 306.144794][ T7188] xfs_attr_finish_item+0xed/0x320 [ 306.144834][ T7188] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 306.144872][ T7188] xfs_defer_finish_one+0x5c8/0xcf0 [ 306.144931][ T7188] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 306.144979][ T7188] xfs_defer_finish_noroll+0x910/0x12d0 [ 306.145018][ T7188] ? xfs_trans_commit+0x10b/0x1c0 [pid 7222] set_robust_list(0x55555d962760, 24 [pid 7221] <... write resumed>) = 16777216 [pid 7188] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7222] <... set_robust_list resumed>) = 0 [pid 7221] munmap(0x7f3cd3a00000, 138412032 [pid 7188] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] chdir("./30") = 0 [pid 7222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7222] setpgid(0, 0 [pid 7188] <... futex resumed>) = 0 [pid 7222] <... setpgid resumed>) = 0 [pid 7188] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7187] exit_group(0 [pid 7222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7188] <... futex resumed>) = ? [pid 7187] <... exit_group resumed>) = ? [pid 7222] write(3, "1000", 4 [pid 7188] +++ exited with 0 +++ [ 306.145050][ T7188] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 306.145083][ T7188] ? inode_set_ctime_current+0x740/0xb40 [ 306.145129][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.145157][ T7188] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 306.145197][ T7188] xfs_trans_commit+0x10b/0x1c0 [ 306.145229][ T7188] ? __pfx_xfs_trans_commit+0x10/0x10 [ 306.145261][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.145289][ T7188] ? xfs_trans_log_inode+0x12c/0x1a0 [ 306.145329][ T7188] xfs_attr_set+0xdc6/0x1210 [pid 7222] <... write resumed>) = 4 [pid 7187] +++ exited with 0 +++ [pid 7222] close(3 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7187, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=102 /* 1.02 s */} --- [pid 7222] <... close resumed>) = 0 [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 7222] symlink("/dev/binderfs", "./binderfs" [pid 5873] <... restart_syscall resumed>) = 0 [pid 7222] <... symlink resumed>) = 0 [pid 7222] write(1, "executing program\n", 18executing program ) = 18 [pid 5873] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7222] <... futex resumed>) = 0 [pid 5873] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7222] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 5873] <... openat resumed>) = 3 [pid 7222] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5873] newfstatat(3, "", [pid 7222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] getdents64(3, [pid 7222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7222] <... mmap resumed>) = 0x7f3cdbf05000 [pid 5873] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7222] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7223 attached => {parent_tid=[7223]}, 88) = 7223 [pid 7223] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7223] <... rseq resumed>) = 0 [pid 7222] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [ 306.145377][ T7188] ? __pfx_xfs_attr_set+0x10/0x10 [ 306.145410][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.145438][ T7188] ? __lock_acquire+0xab9/0xd20 [ 306.145474][ T7188] ? xfs_da_hashname+0x59d/0x740 [ 306.145506][ T7188] ? do_raw_spin_lock+0x121/0x290 [ 306.145548][ T7188] ? xfs_attr_change+0x2ac/0x390 [ 306.145583][ T7188] xfs_xattr_set+0x14d/0x250 [ 306.145615][ T7188] ? __pfx_xfs_xattr_set+0x10/0x10 [ 306.145660][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.145687][ T7188] ? evm_protect_xattr+0x4d4/0xa90 [pid 7223] set_robust_list(0x7f3cdbf259a0, 24 [pid 7222] <... futex resumed>) = 0 [pid 7223] <... set_robust_list resumed>) = 0 [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7223] memfd_create("syzkaller", 0) = 3 [pid 7223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7221] <... munmap resumed>) = 0 [ 306.145714][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.145742][ T7188] ? rcu_is_watching+0x15/0xb0 [ 306.145775][ T7188] ? __pfx_evm_protect_xattr+0x10/0x10 [ 306.145803][ T7188] ? __pfx_xfs_xattr_set+0x10/0x10 [ 306.145830][ T7188] __vfs_setxattr+0x43c/0x480 [ 306.145878][ T7188] __vfs_setxattr_noperm+0x12d/0x660 [ 306.145922][ T7188] vfs_setxattr+0x16b/0x2f0 [ 306.145963][ T7188] ? __pfx_vfs_setxattr+0x10/0x10 [ 306.145993][ T7188] ? mnt_get_write_access+0x223/0x2a0 [pid 7221] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 306.146029][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.146063][ T7188] filename_setxattr+0x274/0x600 [ 306.146109][ T7188] ? __pfx_filename_setxattr+0x10/0x10 [ 306.146147][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.146175][ T7188] ? getname_flags+0x1e5/0x540 [ 306.146226][ T7188] path_setxattrat+0x364/0x3a0 [ 306.146263][ T7188] ? __pfx_path_setxattrat+0x10/0x10 [ 306.146329][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.146356][ T7188] ? rcu_is_watching+0x15/0xb0 [ 306.146392][ T7188] __x64_sys_lsetxattr+0xbf/0xe0 [ 306.146432][ T7188] do_syscall_64+0xfa/0x3b0 [ 306.146456][ T7188] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.146494][ T7188] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.146517][ T7188] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.146545][ T7188] ? exc_page_fault+0x9f/0xf0 [ 306.146585][ T7188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.146609][ T7188] RIP: 0033:0x7f3cdbf794f9 [pid 7221] ioctl(4, LOOP_SET_FD, 3 [pid 7223] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7203] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 306.146632][ T7188] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 306.146654][ T7188] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 306.146680][ T7188] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 306.146699][ T7188] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 306.146717][ T7188] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 306.146734][ T7188] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 7203] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] exit_group(0 [pid 7221] <... ioctl resumed>) = 0 [pid 7221] close(3) = 0 [pid 7221] close(4) = 0 [pid 7221] mkdir("./file1", 0777) = 0 [ 306.146751][ T7188] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 306.146790][ T7188] [ 306.172474][ T7188] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 306.204058][ T7203] CPU: 0 UID: 0 PID: 7203 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 306.204092][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.204108][ T7203] Call Trace: [ 306.204120][ T7203] [ 306.204130][ T7203] dump_stack_lvl+0x189/0x250 [pid 7221] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7203] <... futex resumed>) = ? [pid 7201] <... exit_group resumed>) = ? [pid 7203] +++ exited with 0 +++ [pid 7201] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7201, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=102 /* 1.02 s */} --- [pid 5872] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 306.204167][ T7203] ? __pfx__xfs_alert_tag+0x10/0x10 [ 306.204204][ T7203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.204246][ T7203] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 306.204293][ T7203] xfs_corruption_error+0x122/0x170 [ 306.204331][ T7203] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 306.204366][ T7203] xfs_alloc_fixup_trees+0x95e/0xd20 [ 306.204398][ T7203] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 306.204441][ T7203] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 306.204471][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.204500][ T7203] ? rcu_is_watching+0x15/0xb0 [ 306.204530][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.204558][ T7203] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 306.204589][ T7203] ? rcu_is_watching+0x15/0xb0 [ 306.204628][ T7203] xfs_alloc_cur_finish+0xd3/0x4b0 [ 306.204657][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.204687][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.204720][ T7203] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 306.204777][ T7203] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 306.204806][ T7203] ? xfs_group_grab+0x28/0x480 [ 306.204842][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.204869][ T7203] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 306.204902][ T7203] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 306.204948][ T7203] xfs_alloc_vextent_start_ag+0x388/0x850 [ 306.204987][ T7203] xfs_bmapi_allocate+0x188e/0x2e00 [ 306.205050][ T7203] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 306.205082][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.205131][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.205159][ T7203] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 306.205182][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.205210][ T7203] ? xfs_iext_prev+0x35a/0x370 [ 306.205252][ T7203] ? xfs_iext_get_extent+0x1bb/0x370 [ 306.205282][ T7203] xfs_bmapi_write+0x7df/0x1260 [ 306.205340][ T7203] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 306.205418][ T7203] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 306.205459][ T7203] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 306.205489][ T7203] ? kasan_save_track+0x4f/0x80 [ 306.205514][ T7203] ? kasan_save_track+0x3e/0x80 [ 306.205538][ T7203] ? kasan_save_free_info+0x46/0x50 [ 306.205574][ T7203] ? kmem_cache_free+0x18f/0x400 [ 306.205601][ T7203] ? __xfs_trans_commit+0x3e0/0xbd0 [ 306.205626][ T7203] ? xfs_trans_roll+0x130/0x450 [ 306.205649][ T7203] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 306.205688][ T7203] xfs_attr_set_iter+0x2d4/0x4b70 [ 306.205722][ T7203] ? filename_setxattr+0x274/0x600 [ 306.205754][ T7203] ? path_setxattrat+0x364/0x3a0 [ 306.205776][ T7203] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 306.205827][ T7203] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 306.205883][ T7203] ? kasan_quarantine_put+0xdd/0x220 [ 306.205908][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.205936][ T7203] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.205975][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.206008][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.206035][ T7203] ? kmem_cache_free+0x18f/0x400 [ 306.206062][ T7203] ? __xfs_trans_commit+0x3e0/0xbd0 [ 306.206093][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.206121][ T7203] ? __xfs_trans_commit+0x4c7/0xbd0 [ 306.206163][ T7203] xfs_attr_finish_item+0xed/0x320 [ 306.206203][ T7203] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 306.206243][ T7203] xfs_defer_finish_one+0x5c8/0xcf0 [ 306.206303][ T7203] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 306.206352][ T7203] xfs_defer_finish_noroll+0x910/0x12d0 [ 306.206390][ T7203] ? xfs_trans_commit+0x10b/0x1c0 [ 306.206422][ T7203] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 306.206455][ T7203] ? inode_set_ctime_current+0x740/0xb40 [ 306.206501][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7223] <... write resumed>) = 16777216 [ 306.206529][ T7203] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 306.206568][ T7203] xfs_trans_commit+0x10b/0x1c0 [ 306.206595][ T7203] ? __pfx_xfs_trans_commit+0x10/0x10 [ 306.206626][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.206654][ T7203] ? xfs_trans_log_inode+0x12c/0x1a0 [ 306.206693][ T7203] xfs_attr_set+0xdc6/0x1210 [ 306.206742][ T7203] ? __pfx_xfs_attr_set+0x10/0x10 [ 306.206779][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.206807][ T7203] ? __lock_acquire+0xab9/0xd20 [pid 7223] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7223] close(3) = 0 [pid 7223] close(4) = 0 [pid 7223] mkdir("./file1", 0777) = 0 [ 306.206843][ T7203] ? xfs_da_hashname+0x59d/0x740 [ 306.206874][ T7203] ? do_raw_spin_lock+0x121/0x290 [ 306.206917][ T7203] ? xfs_attr_change+0x2ac/0x390 [ 306.206950][ T7203] xfs_xattr_set+0x14d/0x250 [ 306.206982][ T7203] ? __pfx_xfs_xattr_set+0x10/0x10 [ 306.207027][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207054][ T7203] ? evm_protect_xattr+0x4d4/0xa90 [ 306.207080][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207108][ T7203] ? rcu_is_watching+0x15/0xb0 [ 306.207141][ T7203] ? __pfx_evm_protect_xattr+0x10/0x10 [ 306.207169][ T7203] ? __pfx_xfs_xattr_set+0x10/0x10 [ 306.207196][ T7203] __vfs_setxattr+0x43c/0x480 [ 306.207248][ T7203] __vfs_setxattr_noperm+0x12d/0x660 [ 306.207291][ T7203] vfs_setxattr+0x16b/0x2f0 [ 306.207332][ T7203] ? __pfx_vfs_setxattr+0x10/0x10 [ 306.207361][ T7203] ? mnt_get_write_access+0x223/0x2a0 [ 306.207391][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207425][ T7203] filename_setxattr+0x274/0x600 [ 306.207472][ T7203] ? __pfx_filename_setxattr+0x10/0x10 [ 306.207509][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207537][ T7203] ? getname_flags+0x1e5/0x540 [ 306.207577][ T7203] path_setxattrat+0x364/0x3a0 [ 306.207614][ T7203] ? __pfx_path_setxattrat+0x10/0x10 [ 306.207678][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207706][ T7203] ? rcu_is_watching+0x15/0xb0 [ 306.207742][ T7203] __x64_sys_lsetxattr+0xbf/0xe0 [ 306.207782][ T7203] do_syscall_64+0xfa/0x3b0 [ 306.207806][ T7203] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.207844][ T7203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7223] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./30/file1") = 0 [ 306.207867][ T7203] ? srso_alias_return_thunk+0x5/0xfbef5 [ 306.207894][ T7203] ? exc_page_fault+0x9f/0xf0 [ 306.207934][ T7203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.207958][ T7203] RIP: 0033:0x7f3cdbf794f9 [ 306.207981][ T7203] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 306.208002][ T7203] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 5873] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 306.208028][ T7203] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 306.208047][ T7203] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 306.208065][ T7203] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 306.208081][ T7203] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 306.208098][ T7203] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 306.208137][ T7203] [ 306.208209][ T7203] XFS (loop1): Corruption detected. Unmount and run xfs_repair [pid 5873] unlink("./30/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./30") = 0 [pid 5873] mkdir("./31", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 306.308534][ T7188] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 306.435145][ T7203] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 306.470960][ T7188] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 306.515031][ T7203] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 306.687846][ T7221] loop3: detected capacity change from 0 to 32768 [ 306.819378][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 306.855050][ T7221] XFS: noikeep mount option is deprecated. [ 307.285393][ T7223] loop0: detected capacity change from 0 to 32768 [ 307.310647][ T7223] XFS: noikeep mount option is deprecated. [ 307.432276][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] close(3 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 307.456884][ T7221] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 307.479771][ T7223] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./30/file1") = 0 [pid 5872] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./30/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./30") = 0 [pid 5872] mkdir("./31", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7240 ./strace-static-x86_64: Process 7240 attached [pid 7240] set_robust_list(0x55555d962760, 24) = 0 [ 307.712644][ T7223] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 307.736906][ T7223] XFS (loop0): Starting recovery (logdev: internal) [pid 7240] chdir("./31") = 0 [pid 7240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7240] setpgid(0, 0) = 0 [pid 7240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7223] <... mount resumed>) = 0 [pid 7223] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7240] <... openat resumed>) = 3 [pid 7240] write(3, "1000", 4) = 4 [pid 7223] <... openat resumed>) = 3 [pid 7223] chdir("./file1" [pid 7240] close(3) = 0 [pid 7240] symlink("/dev/binderfs", "./binderfs" [pid 7223] <... chdir resumed>) = 0 [pid 7223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7240] <... symlink resumed>) = 0 [pid 7223] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 0 [pid 7222] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7223] <... futex resumed>) = 1 [pid 7223] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7223] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 0 [pid 7222] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7223] <... futex resumed>) = 1 [pid 7223] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0executing program [pid 7240] write(1, "executing program\n", 18) = 18 [pid 7240] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 307.793488][ T7223] XFS (loop0): Ending recovery (logdev: internal) [ 307.804214][ T7221] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7240] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7240] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7223] <... pwritev2 resumed>) = 65007 [pid 7223] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7240] <... mprotect resumed>) = 0 [pid 7222] <... futex resumed>) = 0 [pid 7222] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7223] <... futex resumed>) = 1 [pid 7223] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7241]}, 88) = 7241 ./strace-static-x86_64: Process 7241 attached [pid 7241] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7241] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7241] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7223] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 307.853464][ T7221] XFS (loop3): Starting recovery (logdev: internal) [ 307.867439][ T7223] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 307.892984][ T7223] XFS (loop0): Unmount and run xfs_repair [pid 7240] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7241] <... futex resumed>) = 0 [pid 7240] <... futex resumed>) = 1 [pid 7241] memfd_create("syzkaller", 0) = 3 [pid 7241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7240] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7223] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7222] <... futex resumed>) = 0 [pid 7223] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7222] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7222] <... futex resumed>) = 0 [pid 7222] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7223] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7221] <... mount resumed>) = 0 [pid 7221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7221] chdir("./file1") = 0 [pid 7221] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7221] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7220] <... futex resumed>) = 0 [pid 7220] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7220] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7221] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7220] <... futex resumed>) = 0 [pid 7221] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7220] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7220] <... futex resumed>) = 0 [pid 7221] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7220] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... pwritev2 resumed>) = 65007 [pid 7221] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7220] <... futex resumed>) = 0 [pid 7220] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7220] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 307.902843][ T7221] XFS (loop3): Ending recovery (logdev: internal) [ 307.916375][ T7223] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 307.936109][ T7221] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 307.946857][ T7223] CPU: 0 UID: 0 PID: 7223 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 307.946894][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.946909][ T7223] Call Trace: [ 307.946920][ T7223] [ 307.946931][ T7223] dump_stack_lvl+0x189/0x250 [ 307.946969][ T7223] ? __pfx__xfs_alert_tag+0x10/0x10 [ 307.947013][ T7223] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.947047][ T7223] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 307.947095][ T7223] xfs_corruption_error+0x122/0x170 [pid 7221] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040executing program [pid 7222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7220] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7220] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7220] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7242]}, 88) = 7242 [pid 7220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7220] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7220] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7242 attached [pid 5872] <... close resumed>) = 0 [pid 7242] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7242] set_robust_list(0x7f3cdbf049a0, 24 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7242] <... set_robust_list resumed>) = 0 [pid 7242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7242] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7243 ./strace-static-x86_64: Process 7243 attached [pid 7243] set_robust_list(0x55555d962760, 24) = 0 [pid 7243] chdir("./31") = 0 [pid 7243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7243] setpgid(0, 0) = 0 [pid 7243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7243] write(3, "1000", 4) = 4 [pid 7243] close(3) = 0 [pid 7243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7243] write(1, "executing program\n", 18) = 18 [pid 7243] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7243] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7244]}, 88) = 7244 [pid 7243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7243] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7220] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7220] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 307.947134][ T7223] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 307.947168][ T7223] xfs_alloc_fixup_trees+0x95e/0xd20 [ 307.947196][ T7223] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 307.947237][ T7223] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 307.947267][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947295][ T7223] ? rcu_is_watching+0x15/0xb0 [ 307.947325][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947352][ T7223] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 307.947383][ T7223] ? rcu_is_watching+0x15/0xb0 ./strace-static-x86_64: Process 7244 attached [pid 7244] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7244] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7244] memfd_create("syzkaller", 0) = 3 [pid 7244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 307.947421][ T7223] xfs_alloc_cur_finish+0xd3/0x4b0 [ 307.947450][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947479][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947513][ T7223] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 307.947567][ T7223] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 307.947594][ T7223] ? xfs_group_grab+0x28/0x480 [ 307.947630][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947657][ T7223] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 307.947689][ T7223] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 307.947734][ T7223] xfs_alloc_vextent_start_ag+0x388/0x850 [ 307.947773][ T7223] xfs_bmapi_allocate+0x188e/0x2e00 [ 307.947836][ T7223] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 307.947868][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947917][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.947945][ T7223] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 307.947970][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.948002][ T7223] ? xfs_iext_prev+0x35a/0x370 [pid 7222] exit_group(0) = ? [ 307.948039][ T7223] ? xfs_iext_get_extent+0x1bb/0x370 [ 307.948069][ T7223] xfs_bmapi_write+0x7df/0x1260 [ 307.948128][ T7223] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 307.948205][ T7223] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 307.948245][ T7223] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 307.948275][ T7223] ? kasan_save_track+0x4f/0x80 [ 307.948300][ T7223] ? kasan_save_track+0x3e/0x80 [ 307.948323][ T7223] ? kasan_save_free_info+0x46/0x50 [ 307.948359][ T7223] ? kmem_cache_free+0x18f/0x400 [ 307.948387][ T7223] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 7220] exit_group(0) = ? [ 307.948412][ T7223] ? xfs_trans_roll+0x130/0x450 [ 307.948436][ T7223] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 307.948474][ T7223] xfs_attr_set_iter+0x2d4/0x4b70 [ 307.948508][ T7223] ? filename_setxattr+0x274/0x600 [ 307.948540][ T7223] ? path_setxattrat+0x364/0x3a0 [ 307.948561][ T7223] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 307.948611][ T7223] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 307.948667][ T7223] ? kasan_quarantine_put+0xdd/0x220 [ 307.948692][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.948721][ T7223] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.948761][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.948799][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.948826][ T7223] ? kmem_cache_free+0x18f/0x400 [ 307.948854][ T7223] ? __xfs_trans_commit+0x3e0/0xbd0 [ 307.948885][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.948912][ T7223] ? __xfs_trans_commit+0x4c7/0xbd0 [ 307.948938][ T7223] ? xfs_trans_dup+0xc3/0x5f0 [ 307.948983][ T7223] xfs_attr_finish_item+0xed/0x320 [ 307.949022][ T7223] ? __pfx_xfs_attr_finish_item+0x10/0x10 [pid 7244] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 307.949059][ T7223] xfs_defer_finish_one+0x5c8/0xcf0 [ 307.949118][ T7223] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 307.949166][ T7223] xfs_defer_finish_noroll+0x910/0x12d0 [ 307.949204][ T7223] ? xfs_trans_commit+0x10b/0x1c0 [ 307.949236][ T7223] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 307.949269][ T7223] ? inode_set_ctime_current+0x740/0xb40 [ 307.949315][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.949343][ T7223] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 307.949382][ T7223] xfs_trans_commit+0x10b/0x1c0 [ 307.949408][ T7223] ? __pfx_xfs_trans_commit+0x10/0x10 [ 307.949440][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.949467][ T7223] ? xfs_trans_log_inode+0x12c/0x1a0 [ 307.949506][ T7223] xfs_attr_set+0xdc6/0x1210 [ 307.949555][ T7223] ? __pfx_xfs_attr_set+0x10/0x10 [ 307.949588][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.949615][ T7223] ? __lock_acquire+0xab9/0xd20 [ 307.949651][ T7223] ? xfs_da_hashname+0x59d/0x740 [ 307.949682][ T7223] ? do_raw_spin_lock+0x121/0x290 [ 307.949724][ T7223] ? xfs_attr_change+0x2ac/0x390 [ 307.949758][ T7223] xfs_xattr_set+0x14d/0x250 [ 307.949789][ T7223] ? __pfx_xfs_xattr_set+0x10/0x10 [ 307.949833][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.949861][ T7223] ? evm_protect_xattr+0x4d4/0xa90 [ 307.949887][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.949915][ T7223] ? rcu_is_watching+0x15/0xb0 [ 307.949948][ T7223] ? __pfx_evm_protect_xattr+0x10/0x10 [ 307.949981][ T7223] ? __pfx_xfs_xattr_set+0x10/0x10 [ 307.950009][ T7223] __vfs_setxattr+0x43c/0x480 [pid 7241] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7221] <... open resumed>) = ? [ 307.950057][ T7223] __vfs_setxattr_noperm+0x12d/0x660 [ 307.950100][ T7223] vfs_setxattr+0x16b/0x2f0 [ 307.950141][ T7223] ? __pfx_vfs_setxattr+0x10/0x10 [ 307.950171][ T7223] ? mnt_get_write_access+0x223/0x2a0 [ 307.950201][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.950234][ T7223] filename_setxattr+0x274/0x600 [ 307.950280][ T7223] ? __pfx_filename_setxattr+0x10/0x10 [ 307.950318][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.950345][ T7223] ? getname_flags+0x1e5/0x540 [ 307.950386][ T7223] path_setxattrat+0x364/0x3a0 [pid 7221] +++ exited with 0 +++ [ 307.950422][ T7223] ? __pfx_path_setxattrat+0x10/0x10 [ 307.950487][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.950514][ T7223] ? rcu_is_watching+0x15/0xb0 [ 307.950550][ T7223] __x64_sys_lsetxattr+0xbf/0xe0 [ 307.950589][ T7223] do_syscall_64+0xfa/0x3b0 [ 307.950613][ T7223] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.950651][ T7223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.950674][ T7223] ? srso_alias_return_thunk+0x5/0xfbef5 [ 307.950701][ T7223] ? exc_page_fault+0x9f/0xf0 [ 307.950741][ T7223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.950765][ T7223] RIP: 0033:0x7f3cdbf794f9 [ 307.950788][ T7223] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 307.950809][ T7223] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 307.950835][ T7223] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 307.950854][ T7223] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 307.950872][ T7223] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 307.950889][ T7223] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 307.950905][ T7223] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 307.950944][ T7223] [ 307.950956][ T7223] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 308.041707][ T7221] XFS (loop3): Unmount and run xfs_repair [ 308.448755][ T7223] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 308.490221][ T7242] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 308.546818][ T7223] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 308.596814][ T7242] CPU: 1 UID: 0 PID: 7242 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7241] <... write resumed>) = 16777216 [pid 7244] <... write resumed>) = 16777216 [pid 7223] <... lsetxattr resumed>) = ? [pid 7244] munmap(0x7f3cd3a00000, 138412032 [pid 7241] munmap(0x7f3cd3a00000, 138412032 [pid 7223] +++ exited with 0 +++ [pid 7222] +++ exited with 0 +++ [ 308.596849][ T7242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.596865][ T7242] Call Trace: [ 308.596875][ T7242] [ 308.596886][ T7242] dump_stack_lvl+0x189/0x250 [ 308.596922][ T7242] ? __pfx__xfs_alert_tag+0x10/0x10 [ 308.596960][ T7242] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.596994][ T7242] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 308.597041][ T7242] xfs_corruption_error+0x122/0x170 [ 308.597079][ T7242] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 308.597114][ T7242] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 7244] <... munmap resumed>) = 0 [pid 7241] <... munmap resumed>) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7222, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=92 /* 0.92 s */} --- [pid 5871] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 7241] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7241] <... openat resumed>) = 4 [pid 5871] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7241] close(3) = 0 [pid 7244] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7241] close(4) = 0 [pid 7241] mkdir("./file1", 0777 [pid 7244] <... openat resumed>) = 4 [pid 7241] <... mkdir resumed>) = 0 [pid 7244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7241] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7244] close(3) = 0 [ 308.597143][ T7242] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 308.597183][ T7242] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 308.597213][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597241][ T7242] ? rcu_is_watching+0x15/0xb0 [ 308.597271][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597305][ T7242] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 308.597335][ T7242] ? rcu_is_watching+0x15/0xb0 [ 308.597374][ T7242] xfs_alloc_cur_finish+0xd3/0x4b0 [ 308.597404][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597433][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597467][ T7242] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 308.597523][ T7242] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 308.597552][ T7242] ? xfs_group_grab+0x28/0x480 [ 308.597587][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597614][ T7242] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 308.597647][ T7242] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 308.597694][ T7242] xfs_alloc_vextent_start_ag+0x388/0x850 [ 308.597733][ T7242] xfs_bmapi_allocate+0x188e/0x2e00 [ 308.597796][ T7242] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 308.597829][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597877][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597905][ T7242] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 308.597927][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.597955][ T7242] ? xfs_iext_prev+0x35a/0x370 [ 308.597991][ T7242] ? xfs_iext_get_extent+0x1bb/0x370 [ 308.598022][ T7242] xfs_bmapi_write+0x7df/0x1260 [ 308.598080][ T7242] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 7244] close(4) = 0 [ 308.598157][ T7242] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 308.598197][ T7242] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 308.598227][ T7242] ? kasan_save_track+0x4f/0x80 [ 308.598253][ T7242] ? kasan_save_track+0x3e/0x80 [ 308.598277][ T7242] ? kasan_save_free_info+0x46/0x50 [ 308.598333][ T7242] ? kmem_cache_free+0x18f/0x400 [ 308.598360][ T7242] ? __xfs_trans_commit+0x3e0/0xbd0 [ 308.598385][ T7242] ? xfs_trans_roll+0x130/0x450 [ 308.598408][ T7242] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 7244] mkdir("./file1", 0777) = 0 [ 308.598447][ T7242] xfs_attr_set_iter+0x2d4/0x4b70 [ 308.598480][ T7242] ? filename_setxattr+0x274/0x600 [ 308.598512][ T7242] ? path_setxattrat+0x364/0x3a0 [ 308.598533][ T7242] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 308.598584][ T7242] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 308.598640][ T7242] ? kasan_quarantine_put+0xdd/0x220 [ 308.598666][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.598693][ T7242] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.598732][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7244] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7242] <... lsetxattr resumed>) = ? [pid 7242] +++ exited with 0 +++ [pid 7220] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7220, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=165 /* 1.65 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 308.598766][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.598793][ T7242] ? kmem_cache_free+0x18f/0x400 [ 308.598820][ T7242] ? __xfs_trans_commit+0x3e0/0xbd0 [ 308.598851][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.598878][ T7242] ? __xfs_trans_commit+0x4c7/0xbd0 [ 308.598920][ T7242] xfs_attr_finish_item+0xed/0x320 [ 308.598959][ T7242] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 308.598996][ T7242] xfs_defer_finish_one+0x5c8/0xcf0 [ 308.599055][ T7242] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 308.599103][ T7242] xfs_defer_finish_noroll+0x910/0x12d0 [ 308.599142][ T7242] ? xfs_trans_commit+0x10b/0x1c0 [ 308.599175][ T7242] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 308.599209][ T7242] ? inode_set_ctime_current+0x740/0xb40 [ 308.599256][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.599289][ T7242] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 308.599327][ T7242] xfs_trans_commit+0x10b/0x1c0 [ 308.599354][ T7242] ? __pfx_xfs_trans_commit+0x10/0x10 [ 308.599385][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.599413][ T7242] ? xfs_trans_log_inode+0x12c/0x1a0 [ 308.599453][ T7242] xfs_attr_set+0xdc6/0x1210 [ 308.599500][ T7242] ? __pfx_xfs_attr_set+0x10/0x10 [ 308.599533][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.599560][ T7242] ? __lock_acquire+0xab9/0xd20 [ 308.599596][ T7242] ? xfs_da_hashname+0x59d/0x740 [ 308.599627][ T7242] ? do_raw_spin_lock+0x121/0x290 [ 308.599670][ T7242] ? xfs_attr_change+0x2ac/0x390 [ 308.599704][ T7242] xfs_xattr_set+0x14d/0x250 [ 308.599736][ T7242] ? __pfx_xfs_xattr_set+0x10/0x10 [ 308.599779][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.599807][ T7242] ? evm_protect_xattr+0x4d4/0xa90 [ 308.599833][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.599861][ T7242] ? rcu_is_watching+0x15/0xb0 [ 308.599894][ T7242] ? __pfx_evm_protect_xattr+0x10/0x10 [ 308.599921][ T7242] ? __pfx_xfs_xattr_set+0x10/0x10 [ 308.599948][ T7242] __vfs_setxattr+0x43c/0x480 [ 308.599996][ T7242] __vfs_setxattr_noperm+0x12d/0x660 [ 308.600039][ T7242] vfs_setxattr+0x16b/0x2f0 [ 308.600080][ T7242] ? __pfx_vfs_setxattr+0x10/0x10 [ 308.600109][ T7242] ? mnt_get_write_access+0x223/0x2a0 [ 308.600139][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.600173][ T7242] filename_setxattr+0x274/0x600 [ 308.600219][ T7242] ? __pfx_filename_setxattr+0x10/0x10 [ 308.600257][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.600292][ T7242] ? getname_flags+0x1e5/0x540 [ 308.600332][ T7242] path_setxattrat+0x364/0x3a0 [ 308.600368][ T7242] ? __pfx_path_setxattrat+0x10/0x10 [ 308.600433][ T7242] ? srso_alias_return_thunk+0x5/0xfbef5 [ 308.600460][ T7242] ? rcu_is_watching+0x15/0xb0 [ 308.600496][ T7242] __x64_sys_lsetxattr+0xbf/0xe0 [ 308.600535][ T7242] do_syscall_64+0xfa/0x3b0 [ 308.600562][ T7242] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.600585][ T7242] ? __switch_to_asm+0x39/0x70 [ 308.600617][ T7242] ? __switch_to_asm+0x33/0x70 [ 308.600654][ T7242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.600678][ T7242] RIP: 0033:0x7f3cdbf794f9 [ 308.600700][ T7242] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 308.600721][ T7242] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 308.600747][ T7242] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 308.600766][ T7242] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 308.600787][ T7242] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 308.600804][ T7242] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 308.600821][ T7242] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 308.600859][ T7242] [ 308.600870][ T7242] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 308.787373][ T7241] loop2: detected capacity change from 0 to 32768 [ 308.794672][ T7244] loop1: detected capacity change from 0 to 32768 [ 308.797729][ T7241] XFS: noikeep mount option is deprecated. [ 308.920787][ T7242] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 308.923315][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 308.936585][ T7242] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 309.008227][ T7244] XFS: noikeep mount option is deprecated. [ 309.103826][ T7241] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 309.280127][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 309.372059][ T7241] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 309.405497][ T7244] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 309.429753][ T7241] XFS (loop2): Starting recovery (logdev: internal) [pid 5874] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] getdents64(4, [pid 5874] <... openat resumed>) = 4 [pid 5871] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./30/file1") = 0 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5871] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] rmdir("./31/file1") = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./30/binderfs") = 0 [pid 5874] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] getdents64(3, [pid 5874] unlink("./31/binderfs" [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 5874] <... unlink resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./30" [pid 5874] getdents64(3, [pid 5871] <... rmdir resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5871] mkdir("./31", 0777) = 0 [pid 5874] rmdir("./31") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5874] mkdir("./32", 0777) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 309.509447][ T7244] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 309.533752][ T7241] XFS (loop2): Ending recovery (logdev: internal) [ 309.535336][ T7244] XFS (loop1): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7241] <... mount resumed>) = 0 [pid 7241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7241] chdir("./file1") = 0 [pid 7241] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7241] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7240] <... futex resumed>) = 0 [pid 7240] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7241] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7240] <... futex resumed>) = 0 [pid 7240] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7241] <... openat resumed>) = 4 [pid 7241] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7240] <... futex resumed>) = 0 [pid 7240] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7241] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7241] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7240] <... futex resumed>) = 0 [pid 7240] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7240] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7241] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7244] <... mount resumed>) = 0 [pid 7244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7244] chdir("./file1") = 0 [pid 7244] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7244] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7243] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] <... openat resumed>) = 4 [pid 7244] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7241] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7244] <... pwritev2 resumed>) = 65007 [pid 7240] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7244] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7241] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7240] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7244] <... futex resumed>) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7241] <... futex resumed>) = 0 [pid 7240] <... futex resumed>) = 0 [pid 7243] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7244] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7243] <... futex resumed>) = 0 [ 309.609384][ T7244] XFS (loop1): Ending recovery (logdev: internal) [ 309.614077][ T7241] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 309.643956][ T7241] XFS (loop2): Unmount and run xfs_repair [pid 7241] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7240] <... mmap resumed>) = 0x7f3cdbee4000 [pid 7243] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7240] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7261 attached [pid 7261] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7240] <... clone3 resumed> => {parent_tid=[7261]}, 88) = 7261 [pid 7261] <... rseq resumed>) = 0 [pid 7240] rt_sigprocmask(SIG_SETMASK, [], [pid 7261] set_robust_list(0x7f3cdbf049a0, 24 [pid 7240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7261] <... set_robust_list resumed>) = 0 [pid 7240] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] rt_sigprocmask(SIG_SETMASK, [], [pid 7240] <... futex resumed>) = 0 [pid 7261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7240] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 309.674334][ T7244] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 309.704044][ T7261] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 309.707338][ T7244] XFS (loop1): Unmount and run xfs_repair [pid 7261] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7244] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7243] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7243] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7243] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7262]}, 88) = 7262 [pid 7243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7243] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7262 attached [pid 7244] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7262] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7244] <... futex resumed>) = 0 [pid 7262] <... rseq resumed>) = 0 [pid 7244] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7262] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 309.737240][ T7261] CPU: 0 UID: 0 PID: 7261 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 309.737273][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 309.737291][ T7261] Call Trace: [ 309.737308][ T7261] [ 309.737318][ T7261] dump_stack_lvl+0x189/0x250 [ 309.737354][ T7261] ? __pfx__xfs_alert_tag+0x10/0x10 [ 309.737392][ T7261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.737427][ T7261] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 309.737474][ T7261] xfs_corruption_error+0x122/0x170 [ 309.737512][ T7261] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 309.737546][ T7261] xfs_alloc_fixup_trees+0x95e/0xd20 [ 309.737574][ T7261] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 309.737614][ T7261] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 309.737645][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.737674][ T7261] ? rcu_is_watching+0x15/0xb0 [ 309.737705][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.737733][ T7261] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 7262] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7240] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7243] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 309.737765][ T7261] ? rcu_is_watching+0x15/0xb0 [ 309.737804][ T7261] xfs_alloc_cur_finish+0xd3/0x4b0 [ 309.737834][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.737864][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.737899][ T7261] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 309.737956][ T7261] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 309.737986][ T7261] ? xfs_group_grab+0x28/0x480 [ 309.738024][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.738052][ T7261] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 5874] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7263 ./strace-static-x86_64: Process 7263 attached [pid 7263] set_robust_list(0x55555d962760, 24) = 0 [pid 7263] chdir("./31") = 0 [pid 7263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7263] setpgid(0, 0) = 0 [pid 7263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7263] write(3, "1000", 4) = 4 [pid 7263] close(3) = 0 [pid 7263] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7263] write(1, "executing program\n", 18) = 18 [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7263] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7263] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7264 attached [pid 7264] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7263] <... clone3 resumed> => {parent_tid=[7264]}, 88) = 7264 [pid 7264] <... rseq resumed>) = 0 [pid 7263] rt_sigprocmask(SIG_SETMASK, [], [pid 7264] set_robust_list(0x7f3cdbf259a0, 24 [pid 7263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7264] <... set_robust_list resumed>) = 0 [pid 7263] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] rt_sigprocmask(SIG_SETMASK, [], [pid 7263] <... futex resumed>) = 0 [pid 7264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7264] memfd_create("syzkaller", 0) = 3 [pid 7264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 309.738082][ T7261] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 309.738130][ T7261] xfs_alloc_vextent_start_ag+0x388/0x850 [ 309.738170][ T7261] xfs_bmapi_allocate+0x188e/0x2e00 [ 309.738235][ T7261] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 309.738269][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.738326][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.738354][ T7261] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 309.738378][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.738405][ T7261] ? xfs_iext_prev+0x35a/0x370 [ 309.738442][ T7261] ? xfs_iext_get_extent+0x1bb/0x370 [ 309.738471][ T7261] xfs_bmapi_write+0x7df/0x1260 [ 309.738530][ T7261] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 309.738608][ T7261] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 309.738650][ T7261] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 309.738679][ T7261] ? kasan_save_track+0x4f/0x80 [ 309.738706][ T7261] ? kasan_save_track+0x3e/0x80 [ 309.738730][ T7261] ? kasan_save_free_info+0x46/0x50 [ 309.738766][ T7261] ? kmem_cache_free+0x18f/0x400 [ 309.738795][ T7261] ? __xfs_trans_commit+0x3e0/0xbd0 [ 309.738820][ T7261] ? xfs_trans_roll+0x130/0x450 [ 309.738844][ T7261] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 309.738884][ T7261] xfs_attr_set_iter+0x2d4/0x4b70 [ 309.738919][ T7261] ? filename_setxattr+0x274/0x600 [ 309.738952][ T7261] ? path_setxattrat+0x364/0x3a0 [ 309.738973][ T7261] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 309.739025][ T7261] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 309.739081][ T7261] ? kasan_quarantine_put+0xdd/0x220 [pid 7264] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7261] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7261] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 309.739107][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739135][ T7261] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.739175][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739210][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739238][ T7261] ? kmem_cache_free+0x18f/0x400 [ 309.739267][ T7261] ? __xfs_trans_commit+0x3e0/0xbd0 [ 309.739298][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739339][ T7261] ? __xfs_trans_commit+0x4c7/0xbd0 [ 309.739383][ T7261] xfs_attr_finish_item+0xed/0x320 [pid 7261] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7240] exit_group(0 [pid 7261] <... futex resumed>) = ? [pid 7240] <... exit_group resumed>) = ? [pid 7261] +++ exited with 0 +++ [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7265 [ 309.739423][ T7261] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 309.739461][ T7261] xfs_defer_finish_one+0x5c8/0xcf0 [ 309.739520][ T7261] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 309.739569][ T7261] xfs_defer_finish_noroll+0x910/0x12d0 [ 309.739608][ T7261] ? xfs_trans_commit+0x10b/0x1c0 [ 309.739640][ T7261] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 309.739674][ T7261] ? inode_set_ctime_current+0x740/0xb40 [ 309.739721][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739749][ T7261] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 309.739789][ T7261] xfs_trans_commit+0x10b/0x1c0 [ 309.739815][ T7261] ? __pfx_xfs_trans_commit+0x10/0x10 [ 309.739847][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.739875][ T7261] ? xfs_trans_log_inode+0x12c/0x1a0 [ 309.739915][ T7261] xfs_attr_set+0xdc6/0x1210 [ 309.739963][ T7261] ? __pfx_xfs_attr_set+0x10/0x10 [ 309.739997][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740026][ T7261] ? __lock_acquire+0xab9/0xd20 [ 309.740062][ T7261] ? xfs_da_hashname+0x59d/0x740 ./strace-static-x86_64: Process 7265 attached [pid 7241] <... futex resumed>) = ? [pid 7265] set_robust_list(0x55555d962760, 24 [pid 7241] +++ exited with 0 +++ [pid 7240] +++ exited with 0 +++ [pid 7265] <... set_robust_list resumed>) = 0 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7240, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=94 /* 0.94 s */} --- [pid 7265] chdir("./32") = 0 [pid 7265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7265] setpgid(0, 0) = 0 [pid 7265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7265] write(3, "1000", 4) = 4 [pid 7265] close(3executing program ) = 0 [pid 7265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7265] write(1, "executing program\n", 18) = 18 [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7265] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7265] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7265] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7266]}, 88) = 7266 [pid 7265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7265] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7265] <... futex resumed>) = 0 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 309.740095][ T7261] ? do_raw_spin_lock+0x121/0x290 [ 309.740138][ T7261] ? xfs_attr_change+0x2ac/0x390 [ 309.740173][ T7261] xfs_xattr_set+0x14d/0x250 [ 309.740205][ T7261] ? __pfx_xfs_xattr_set+0x10/0x10 [ 309.740250][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740278][ T7261] ? evm_protect_xattr+0x4d4/0xa90 [ 309.740310][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740338][ T7261] ? rcu_is_watching+0x15/0xb0 [ 309.740372][ T7261] ? __pfx_evm_protect_xattr+0x10/0x10 [ 309.740400][ T7261] ? __pfx_xfs_xattr_set+0x10/0x10 [ 309.740428][ T7261] __vfs_setxattr+0x43c/0x480 [ 309.740476][ T7261] __vfs_setxattr_noperm+0x12d/0x660 [ 309.740519][ T7261] vfs_setxattr+0x16b/0x2f0 [ 309.740561][ T7261] ? __pfx_vfs_setxattr+0x10/0x10 [ 309.740591][ T7261] ? mnt_get_write_access+0x223/0x2a0 [ 309.740621][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740655][ T7261] filename_setxattr+0x274/0x600 [ 309.740702][ T7261] ? __pfx_filename_setxattr+0x10/0x10 [ 309.740740][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740768][ T7261] ? getname_flags+0x1e5/0x540 [ 309.740810][ T7261] path_setxattrat+0x364/0x3a0 [ 309.740846][ T7261] ? __pfx_path_setxattrat+0x10/0x10 [ 309.740912][ T7261] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.740940][ T7261] ? rcu_is_watching+0x15/0xb0 [ 309.740999][ T7261] __x64_sys_lsetxattr+0xbf/0xe0 [ 309.741040][ T7261] do_syscall_64+0xfa/0x3b0 [ 309.741067][ T7261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.741090][ T7261] ? __switch_to_asm+0x39/0x70 [ 309.741123][ T7261] ? __switch_to_asm+0x33/0x70 [pid 5873] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7264] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7266 attached [pid 7264] munmap(0x7f3cd3a00000, 138412032 [pid 7266] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7266] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7266] memfd_create("syzkaller", 0) = 3 [ 309.741161][ T7261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.741185][ T7261] RIP: 0033:0x7f3cdbf794f9 [ 309.741206][ T7261] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 309.741228][ T7261] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 309.741254][ T7261] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 309.741273][ T7261] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 309.741292][ T7261] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 309.741313][ T7261] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 309.741330][ T7261] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 309.741369][ T7261] [ 309.741416][ T7261] XFS (loop2): Corruption detected. Unmount and run xfs_repair [pid 7266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7264] <... munmap resumed>) = 0 [pid 7264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 309.795805][ T7262] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 309.858452][ T7261] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 309.893199][ T7262] CPU: 1 UID: 0 PID: 7262 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 309.893236][ T7262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 309.893252][ T7262] Call Trace: [ 309.893263][ T7262] [ 309.893274][ T7262] dump_stack_lvl+0x189/0x250 [ 309.893319][ T7262] ? __pfx__xfs_alert_tag+0x10/0x10 [ 309.893357][ T7262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.893392][ T7262] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 309.893439][ T7262] xfs_corruption_error+0x122/0x170 [ 309.893477][ T7262] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 309.893512][ T7262] xfs_alloc_fixup_trees+0x95e/0xd20 [ 309.893541][ T7262] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 309.893581][ T7262] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 7264] ioctl(4, LOOP_SET_FD, 3 [pid 7262] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7264] <... ioctl resumed>) = 0 [pid 7262] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] close(3) = 0 [pid 7264] close(4) = 0 [pid 7264] mkdir("./file1", 0777) = 0 [ 309.893612][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.893640][ T7262] ? rcu_is_watching+0x15/0xb0 [ 309.893670][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.893698][ T7262] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 309.893729][ T7262] ? rcu_is_watching+0x15/0xb0 [ 309.893767][ T7262] xfs_alloc_cur_finish+0xd3/0x4b0 [ 309.893796][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.893825][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.893858][ T7262] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 7264] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7262] <... futex resumed>) = 0 [pid 7243] exit_group(0) = ? [pid 7262] +++ exited with 0 +++ [ 309.893914][ T7262] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 309.893943][ T7262] ? xfs_group_grab+0x28/0x480 [ 309.893979][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.894007][ T7262] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 309.894039][ T7262] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 309.894086][ T7262] xfs_alloc_vextent_start_ag+0x388/0x850 [ 309.894125][ T7262] xfs_bmapi_allocate+0x188e/0x2e00 [ 309.894188][ T7262] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 309.894221][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7244] <... futex resumed>) = ? [pid 7244] +++ exited with 0 +++ [pid 7243] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7243, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=102 /* 1.02 s */} --- [pid 5872] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 309.894270][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.894303][ T7262] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 309.894326][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.894354][ T7262] ? xfs_iext_prev+0x35a/0x370 [ 309.894391][ T7262] ? xfs_iext_get_extent+0x1bb/0x370 [ 309.894421][ T7262] xfs_bmapi_write+0x7df/0x1260 [ 309.894479][ T7262] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 309.894556][ T7262] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 309.894597][ T7262] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [pid 5872] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 309.894626][ T7262] ? kasan_save_track+0x4f/0x80 [ 309.894651][ T7262] ? kasan_save_track+0x3e/0x80 [ 309.894675][ T7262] ? kasan_save_free_info+0x46/0x50 [ 309.894711][ T7262] ? kmem_cache_free+0x18f/0x400 [ 309.894739][ T7262] ? __xfs_trans_commit+0x3e0/0xbd0 [ 309.894764][ T7262] ? xfs_trans_roll+0x130/0x450 [ 309.894787][ T7262] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 309.894826][ T7262] xfs_attr_set_iter+0x2d4/0x4b70 [ 309.894860][ T7262] ? filename_setxattr+0x274/0x600 [ 309.894892][ T7262] ? path_setxattrat+0x364/0x3a0 [ 309.894913][ T7262] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 309.894964][ T7262] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 309.895020][ T7262] ? kasan_quarantine_put+0xdd/0x220 [ 309.895045][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895072][ T7262] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.895112][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895146][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895173][ T7262] ? kmem_cache_free+0x18f/0x400 [ 309.895201][ T7262] ? __xfs_trans_commit+0x3e0/0xbd0 [ 309.895232][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895259][ T7262] ? __xfs_trans_commit+0x4c7/0xbd0 [ 309.895307][ T7262] xfs_attr_finish_item+0xed/0x320 [ 309.895347][ T7262] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 309.895383][ T7262] xfs_defer_finish_one+0x5c8/0xcf0 [ 309.895442][ T7262] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 309.895491][ T7262] xfs_defer_finish_noroll+0x910/0x12d0 [ 309.895529][ T7262] ? xfs_trans_commit+0x10b/0x1c0 [ 309.895561][ T7262] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 309.895594][ T7262] ? inode_set_ctime_current+0x740/0xb40 [ 309.895640][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895668][ T7262] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 309.895707][ T7262] xfs_trans_commit+0x10b/0x1c0 [ 309.895734][ T7262] ? __pfx_xfs_trans_commit+0x10/0x10 [ 309.895766][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895793][ T7262] ? xfs_trans_log_inode+0x12c/0x1a0 [ 309.895832][ T7262] xfs_attr_set+0xdc6/0x1210 [ 309.895881][ T7262] ? __pfx_xfs_attr_set+0x10/0x10 [ 309.895914][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.895941][ T7262] ? __lock_acquire+0xab9/0xd20 [ 309.895977][ T7262] ? xfs_da_hashname+0x59d/0x740 [ 309.896008][ T7262] ? do_raw_spin_lock+0x121/0x290 [ 309.896050][ T7262] ? xfs_attr_change+0x2ac/0x390 [ 309.896085][ T7262] xfs_xattr_set+0x14d/0x250 [ 309.896117][ T7262] ? __pfx_xfs_xattr_set+0x10/0x10 [ 309.896161][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.896188][ T7262] ? evm_protect_xattr+0x4d4/0xa90 [ 309.896214][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.896242][ T7262] ? rcu_is_watching+0x15/0xb0 [ 309.896275][ T7262] ? __pfx_evm_protect_xattr+0x10/0x10 [ 309.896309][ T7262] ? __pfx_xfs_xattr_set+0x10/0x10 [ 309.896336][ T7262] __vfs_setxattr+0x43c/0x480 [ 309.896385][ T7262] __vfs_setxattr_noperm+0x12d/0x660 [ 309.896427][ T7262] vfs_setxattr+0x16b/0x2f0 [ 309.896468][ T7262] ? __pfx_vfs_setxattr+0x10/0x10 [ 309.896498][ T7262] ? mnt_get_write_access+0x223/0x2a0 [ 309.896528][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.896562][ T7262] filename_setxattr+0x274/0x600 [ 309.896608][ T7262] ? __pfx_filename_setxattr+0x10/0x10 [ 309.896646][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.896673][ T7262] ? getname_flags+0x1e5/0x540 [ 309.896715][ T7262] path_setxattrat+0x364/0x3a0 [ 309.896750][ T7262] ? __pfx_path_setxattrat+0x10/0x10 [ 309.896819][ T7262] ? srso_alias_return_thunk+0x5/0xfbef5 [ 309.896846][ T7262] ? rcu_is_watching+0x15/0xb0 [ 309.896882][ T7262] __x64_sys_lsetxattr+0xbf/0xe0 [ 309.896922][ T7262] do_syscall_64+0xfa/0x3b0 [ 309.896949][ T7262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7266] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 309.896972][ T7262] ? __switch_to_asm+0x39/0x70 [ 309.897004][ T7262] ? __switch_to_asm+0x33/0x70 [ 309.897041][ T7262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.897065][ T7262] RIP: 0033:0x7f3cdbf794f9 [ 309.897088][ T7262] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 309.897109][ T7262] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 7266] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7266] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 309.897135][ T7262] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 309.897154][ T7262] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 309.897172][ T7262] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 309.897189][ T7262] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 309.897205][ T7262] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 309.897244][ T7262] [ 309.897381][ T7262] XFS (loop1): Corruption detected. Unmount and run xfs_repair [pid 7266] ioctl(4, LOOP_SET_FD, 3 [pid 5873] <... umount2 resumed>) = 0 [pid 7266] <... ioctl resumed>) = 0 [pid 7266] close(3) = 0 [pid 7266] close(4) = 0 [pid 7266] mkdir("./file1", 0777) = 0 [pid 7266] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 309.943913][ T7261] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 310.074921][ T7262] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 310.435151][ T7264] loop0: detected capacity change from 0 to 32768 [ 310.448405][ T7262] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 310.519238][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 310.547600][ T7264] XFS: noikeep mount option is deprecated. [pid 5873] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./31/file1") = 0 [pid 5873] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./31/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./31") = 0 [pid 5873] mkdir("./32", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 311.136832][ T7266] loop3: detected capacity change from 0 to 32768 [ 311.152332][ T7264] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 311.180209][ T7266] XFS: noikeep mount option is deprecated. [ 311.191429][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5873] close(3 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./31/file1") = 0 [pid 5872] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./31/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./31") = 0 [pid 5872] mkdir("./32", 0777) = 0 [ 311.302661][ T7266] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 311.331626][ T7264] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 311.378099][ T7266] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 311.400217][ T7264] XFS (loop0): Starting recovery (logdev: internal) [ 311.425092][ T7266] XFS (loop3): Starting recovery (logdev: internal) [pid 5872] close(3 [pid 7264] <... mount resumed>) = 0 [pid 7264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7264] chdir("./file1") = 0 [pid 7264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7264] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7266] <... mount resumed>) = 0 [pid 7263] <... futex resumed>) = 0 [pid 7263] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7264] <... futex resumed>) = 1 [pid 7266] <... openat resumed>) = 3 [pid 7264] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7266] chdir("./file1" [pid 7264] <... openat resumed>) = 4 [pid 7266] <... chdir resumed>) = 0 [pid 7266] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7266] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7266] <... futex resumed>) = 1 [pid 7265] <... futex resumed>) = 0 [pid 7264] <... futex resumed>) = 1 [pid 7263] <... futex resumed>) = 0 [pid 7266] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7265] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7263] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7265] <... futex resumed>) = 0 [pid 7263] <... futex resumed>) = 0 [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7266] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [ 311.462162][ T7264] XFS (loop0): Ending recovery (logdev: internal) [ 311.479461][ T7266] XFS (loop3): Ending recovery (logdev: internal) [pid 7264] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7266] <... openat resumed>) = 4 [pid 7264] <... pwritev2 resumed>) = 65007 [pid 7266] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7263] <... futex resumed>) = 0 [pid 7263] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] <... futex resumed>) = 1 [pid 7264] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7266] <... futex resumed>) = 1 [pid 7265] <... futex resumed>) = 0 [pid 7265] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... close resumed>) = 0 [pid 7266] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7266] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7265] <... futex resumed>) = 0 [pid 7266] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7265] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7265] <... futex resumed>) = 0 [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7283 attached [pid 7264] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7283 [pid 7264] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] set_robust_list(0x55555d962760, 24 [pid 7266] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7264] <... futex resumed>) = 0 [pid 7263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7283] <... set_robust_list resumed>) = 0 [pid 7266] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7263] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7266] <... futex resumed>) = 1 [pid 7265] <... futex resumed>) = 0 [pid 7264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7263] <... futex resumed>) = 0 [pid 7283] chdir("./32" [pid 7266] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7283] <... chdir resumed>) = 0 [pid 7265] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 311.533661][ T7264] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 311.556445][ T7266] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 311.569899][ T7264] XFS (loop0): Unmount and run xfs_repair [ 311.576263][ T7266] XFS (loop3): Unmount and run xfs_repair [pid 7263] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7283] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7265] <... futex resumed>) = 0 [pid 7283] <... prctl resumed>) = 0 [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7283] setpgid(0, 0) = 0 [pid 7283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7266] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7283] <... openat resumed>) = 3 [ 311.590345][ T7264] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 311.608672][ T7266] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 311.623321][ T7264] CPU: 0 UID: 0 PID: 7264 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7283] write(3, "1000", 4) = 4 [pid 7263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... close resumed>) = 0 [pid 7265] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7265] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 311.623356][ T7264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.623372][ T7264] Call Trace: [ 311.623382][ T7264] [ 311.623393][ T7264] dump_stack_lvl+0x189/0x250 [ 311.623428][ T7264] ? __pfx__xfs_alert_tag+0x10/0x10 [ 311.623464][ T7264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.623498][ T7264] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 311.623544][ T7264] xfs_corruption_error+0x122/0x170 [ 311.623583][ T7264] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7283] close(3 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7284 attached [pid 7283] <... close resumed>) = 0 [pid 7284] set_robust_list(0x55555d962760, 24 [pid 7283] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7284 [pid 7284] <... set_robust_list resumed>) = 0 [pid 7283] <... symlink resumed>) = 0 [pid 7284] chdir("./32" [pid 7283] write(1, "executing program\n", 18executing program [pid 7284] <... chdir resumed>) = 0 [pid 7283] <... write resumed>) = 18 [pid 7284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7284] <... prctl resumed>) = 0 [pid 7283] <... futex resumed>) = 0 [pid 7284] setpgid(0, 0 [pid 7283] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7284] <... setpgid resumed>) = 0 [pid 7283] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7284] <... openat resumed>) = 3 [pid 7283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7284] write(3, "1000", 4 [pid 7283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7284] <... write resumed>) = 4 [pid 7283] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7284] close(3 [pid 7283] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7284] <... close resumed>) = 0 [pid 7283] <... mprotect resumed>) = 0 [pid 7284] symlink("/dev/binderfs", "./binderfs" [pid 7283] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7284] <... symlink resumed>) = 0 [pid 7283] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 7284] write(1, "executing program\n", 18 [pid 7283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7285 attached [pid 7284] <... write resumed>) = 18 [pid 7285] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] <... clone3 resumed> => {parent_tid=[7285]}, 88) = 7285 [pid 7285] <... rseq resumed>) = 0 [pid 7284] <... futex resumed>) = 0 [pid 7283] rt_sigprocmask(SIG_SETMASK, [], [pid 7285] set_robust_list(0x7f3cdbf259a0, 24 [pid 7284] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7285] <... set_robust_list resumed>) = 0 [pid 7284] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7283] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] rt_sigprocmask(SIG_SETMASK, [], [pid 7284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7283] <... futex resumed>) = 0 [pid 7285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7285] memfd_create("syzkaller", 0 [pid 7284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7285] <... memfd_create resumed>) = 3 [pid 7284] <... mmap resumed>) = 0x7f3cdbf05000 [ 311.623658][ T7264] xfs_alloc_fixup_trees+0x95e/0xd20 [ 311.623709][ T7264] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 311.623767][ T7264] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 311.623801][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.623830][ T7264] ? rcu_is_watching+0x15/0xb0 [ 311.623859][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.623887][ T7264] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 311.623917][ T7264] ? rcu_is_watching+0x15/0xb0 [ 311.623956][ T7264] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 7285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7284] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7285] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7284] <... mprotect resumed>) = 0 [pid 7284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7286 attached => {parent_tid=[7286]}, 88) = 7286 [pid 7284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7284] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7286] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7286] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7286] memfd_create("syzkaller", 0) = 3 [pid 7286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 311.623986][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624017][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624051][ T7264] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 311.624108][ T7264] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 311.624137][ T7264] ? xfs_group_grab+0x28/0x480 [ 311.624173][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624201][ T7264] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 311.624242][ T7264] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 311.624290][ T7264] xfs_alloc_vextent_start_ag+0x388/0x850 [ 311.624329][ T7264] xfs_bmapi_allocate+0x188e/0x2e00 [ 311.624393][ T7264] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 311.624425][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624475][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624503][ T7264] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 311.624526][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.624554][ T7264] ? xfs_iext_prev+0x35a/0x370 [ 311.624592][ T7264] ? xfs_iext_get_extent+0x1bb/0x370 [ 311.624623][ T7264] xfs_bmapi_write+0x7df/0x1260 [ 311.624683][ T7264] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 311.624796][ T7264] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 311.624840][ T7264] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 311.624871][ T7264] ? kasan_save_track+0x4f/0x80 [ 311.624897][ T7264] ? kasan_save_track+0x3e/0x80 [ 311.624921][ T7264] ? kasan_save_free_info+0x46/0x50 [ 311.624958][ T7264] ? kmem_cache_free+0x18f/0x400 [ 311.624986][ T7264] ? __xfs_trans_commit+0x3e0/0xbd0 [ 311.625012][ T7264] ? xfs_trans_roll+0x130/0x450 [ 311.625035][ T7264] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 311.625075][ T7264] xfs_attr_set_iter+0x2d4/0x4b70 [ 311.625109][ T7264] ? filename_setxattr+0x274/0x600 [ 311.625142][ T7264] ? path_setxattrat+0x364/0x3a0 [ 311.625164][ T7264] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 311.625216][ T7264] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 311.625278][ T7264] ? kasan_quarantine_put+0xdd/0x220 [ 311.625304][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.625332][ T7264] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.625372][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7263] exit_group(0) = ? [ 311.625406][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.625434][ T7264] ? kmem_cache_free+0x18f/0x400 [ 311.625463][ T7264] ? __xfs_trans_commit+0x3e0/0xbd0 [ 311.625495][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.625523][ T7264] ? __xfs_trans_commit+0x4c7/0xbd0 [ 311.625566][ T7264] xfs_attr_finish_item+0xed/0x320 [ 311.625607][ T7264] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 311.625644][ T7264] xfs_defer_finish_one+0x5c8/0xcf0 [ 311.625704][ T7264] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 311.625754][ T7264] xfs_defer_finish_noroll+0x910/0x12d0 [ 311.625793][ T7264] ? xfs_trans_commit+0x10b/0x1c0 [ 311.625825][ T7264] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 311.625858][ T7264] ? inode_set_ctime_current+0x740/0xb40 [ 311.625924][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.625966][ T7264] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 311.626017][ T7264] xfs_trans_commit+0x10b/0x1c0 [ 311.626054][ T7264] ? __pfx_xfs_trans_commit+0x10/0x10 [ 311.626101][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.626132][ T7264] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 7286] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7265] exit_group(0) = ? [ 311.626172][ T7264] xfs_attr_set+0xdc6/0x1210 [ 311.626220][ T7264] ? __pfx_xfs_attr_set+0x10/0x10 [ 311.626258][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.626286][ T7264] ? __lock_acquire+0xab9/0xd20 [ 311.626323][ T7264] ? xfs_da_hashname+0x59d/0x740 [ 311.626354][ T7264] ? do_raw_spin_lock+0x121/0x290 [ 311.626397][ T7264] ? xfs_attr_change+0x2ac/0x390 [ 311.626431][ T7264] xfs_xattr_set+0x14d/0x250 [ 311.626462][ T7264] ? __pfx_xfs_xattr_set+0x10/0x10 [ 311.626507][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.626534][ T7264] ? evm_protect_xattr+0x4d4/0xa90 [ 311.626560][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.626588][ T7264] ? rcu_is_watching+0x15/0xb0 [ 311.626622][ T7264] ? __pfx_evm_protect_xattr+0x10/0x10 [ 311.626650][ T7264] ? __pfx_xfs_xattr_set+0x10/0x10 [ 311.626678][ T7264] __vfs_setxattr+0x43c/0x480 [ 311.626728][ T7264] __vfs_setxattr_noperm+0x12d/0x660 [ 311.626775][ T7264] vfs_setxattr+0x16b/0x2f0 [ 311.626817][ T7264] ? __pfx_vfs_setxattr+0x10/0x10 [ 311.626846][ T7264] ? mnt_get_write_access+0x223/0x2a0 [ 311.626876][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.626910][ T7264] filename_setxattr+0x274/0x600 [ 311.626957][ T7264] ? __pfx_filename_setxattr+0x10/0x10 [ 311.626995][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.627024][ T7264] ? getname_flags+0x1e5/0x540 [ 311.627066][ T7264] path_setxattrat+0x364/0x3a0 [ 311.627103][ T7264] ? __pfx_path_setxattrat+0x10/0x10 [ 311.627167][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.627195][ T7264] ? rcu_is_watching+0x15/0xb0 [ 311.627237][ T7264] __x64_sys_lsetxattr+0xbf/0xe0 [ 311.627277][ T7264] do_syscall_64+0xfa/0x3b0 [ 311.627301][ T7264] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.627340][ T7264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.627364][ T7264] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.627392][ T7264] ? exc_page_fault+0x9f/0xf0 [ 311.627447][ T7264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.627471][ T7264] RIP: 0033:0x7f3cdbf794f9 [pid 7285] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7266] <... lsetxattr resumed>) = ? [pid 7266] +++ exited with 0 +++ [pid 7265] +++ exited with 0 +++ [ 311.627494][ T7264] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 311.627515][ T7264] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 311.627541][ T7264] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 311.627561][ T7264] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 311.627579][ T7264] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7265, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=77 /* 0.77 s */} --- [pid 5874] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 311.627596][ T7264] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 311.627613][ T7264] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 311.627652][ T7264] [ 311.640629][ T7266] CPU: 1 UID: 0 PID: 7266 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 311.640664][ T7266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.640680][ T7266] Call Trace: [ 311.640690][ T7266] [ 311.640701][ T7266] dump_stack_lvl+0x189/0x250 [pid 5874] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7286] <... write resumed>) = 16777216 [ 311.640738][ T7266] ? __pfx__xfs_alert_tag+0x10/0x10 [ 311.640774][ T7266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.640809][ T7266] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 311.640856][ T7266] xfs_corruption_error+0x122/0x170 [ 311.640894][ T7266] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 311.640929][ T7266] xfs_alloc_fixup_trees+0x95e/0xd20 [ 311.640957][ T7266] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 311.641033][ T7266] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 311.641063][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641092][ T7266] ? rcu_is_watching+0x15/0xb0 [pid 7286] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7286] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 311.641122][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641149][ T7266] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 311.641180][ T7266] ? rcu_is_watching+0x15/0xb0 [ 311.641219][ T7266] xfs_alloc_cur_finish+0xd3/0x4b0 [ 311.641248][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641277][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641310][ T7266] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 311.641362][ T7266] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 311.641391][ T7266] ? xfs_group_grab+0x28/0x480 [pid 7286] ioctl(4, LOOP_SET_FD, 3 [pid 7264] <... lsetxattr resumed>) = ? [pid 7264] +++ exited with 0 +++ [pid 7263] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7263, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=140 /* 1.40 s */} --- [pid 5871] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 311.641425][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641453][ T7266] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 311.641486][ T7266] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 311.641533][ T7266] xfs_alloc_vextent_start_ag+0x388/0x850 [ 311.641573][ T7266] xfs_bmapi_allocate+0x188e/0x2e00 [ 311.641637][ T7266] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 311.641669][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641717][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7285] <... write resumed>) = 16777216 [pid 7286] <... ioctl resumed>) = 0 [ 311.641744][ T7266] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 311.641767][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.641794][ T7266] ? xfs_iext_prev+0x35a/0x370 [ 311.641831][ T7266] ? xfs_iext_get_extent+0x1bb/0x370 [ 311.641862][ T7266] xfs_bmapi_write+0x7df/0x1260 [ 311.641919][ T7266] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 311.642010][ T7266] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 311.642051][ T7266] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 311.642080][ T7266] ? kasan_save_track+0x4f/0x80 [pid 7285] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7286] close(3 [pid 7285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7286] <... close resumed>) = 0 [pid 7285] <... openat resumed>) = 4 [pid 7286] close(4 [pid 7285] ioctl(4, LOOP_SET_FD, 3 [pid 7286] <... close resumed>) = 0 [ 311.642111][ T7266] ? kasan_save_track+0x3e/0x80 [ 311.642134][ T7266] ? kasan_save_free_info+0x46/0x50 [ 311.642169][ T7266] ? kmem_cache_free+0x18f/0x400 [ 311.642197][ T7266] ? __xfs_trans_commit+0x3e0/0xbd0 [ 311.642222][ T7266] ? xfs_trans_roll+0x130/0x450 [ 311.642244][ T7266] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 311.642283][ T7266] xfs_attr_set_iter+0x2d4/0x4b70 [ 311.642317][ T7266] ? filename_setxattr+0x274/0x600 [ 311.642349][ T7266] ? path_setxattrat+0x364/0x3a0 [ 311.642371][ T7266] ? __x64_sys_lsetxattr+0xbf/0xe0 [pid 7286] mkdir("./file1", 0777) = 0 [ 311.642421][ T7266] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 311.642476][ T7266] ? kasan_quarantine_put+0xdd/0x220 [ 311.642501][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.642528][ T7266] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.642567][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.642601][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.642628][ T7266] ? kmem_cache_free+0x18f/0x400 [ 311.642656][ T7266] ? __xfs_trans_commit+0x3e0/0xbd0 [ 311.642687][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7286] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7285] <... ioctl resumed>) = 0 [ 311.642714][ T7266] ? __xfs_trans_commit+0x4c7/0xbd0 [ 311.642757][ T7266] xfs_attr_finish_item+0xed/0x320 [ 311.642796][ T7266] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 311.642832][ T7266] xfs_defer_finish_one+0x5c8/0xcf0 [ 311.642895][ T7266] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 311.642943][ T7266] xfs_defer_finish_noroll+0x910/0x12d0 [ 311.642991][ T7266] ? xfs_trans_commit+0x10b/0x1c0 [ 311.643023][ T7266] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 311.643056][ T7266] ? inode_set_ctime_current+0x740/0xb40 [pid 7285] close(3) = 0 [pid 7285] close(4) = 0 [pid 7285] mkdir("./file1", 0777) = 0 [pid 7285] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 311.643102][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.643129][ T7266] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 311.643169][ T7266] xfs_trans_commit+0x10b/0x1c0 [ 311.643195][ T7266] ? __pfx_xfs_trans_commit+0x10/0x10 [ 311.643227][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.643253][ T7266] ? xfs_trans_log_inode+0x12c/0x1a0 [ 311.643292][ T7266] xfs_attr_set+0xdc6/0x1210 [ 311.643344][ T7266] ? __pfx_xfs_attr_set+0x10/0x10 [ 311.643378][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./32/file1") = 0 [pid 5874] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./32/binderfs") = 0 [ 311.643406][ T7266] ? __lock_acquire+0xab9/0xd20 [ 311.643442][ T7266] ? xfs_da_hashname+0x59d/0x740 [ 311.643473][ T7266] ? do_raw_spin_lock+0x121/0x290 [ 311.643515][ T7266] ? xfs_attr_change+0x2ac/0x390 [ 311.643548][ T7266] xfs_xattr_set+0x14d/0x250 [ 311.643580][ T7266] ? __pfx_xfs_xattr_set+0x10/0x10 [ 311.643625][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.643652][ T7266] ? evm_protect_xattr+0x4d4/0xa90 [ 311.643679][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.643706][ T7266] ? rcu_is_watching+0x15/0xb0 [ 311.643740][ T7266] ? __pfx_evm_protect_xattr+0x10/0x10 [ 311.643767][ T7266] ? __pfx_xfs_xattr_set+0x10/0x10 [ 311.643795][ T7266] __vfs_setxattr+0x43c/0x480 [ 311.643843][ T7266] __vfs_setxattr_noperm+0x12d/0x660 [ 311.643886][ T7266] vfs_setxattr+0x16b/0x2f0 [ 311.643927][ T7266] ? __pfx_vfs_setxattr+0x10/0x10 [ 311.643957][ T7266] ? mnt_get_write_access+0x223/0x2a0 [ 311.643995][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.644028][ T7266] filename_setxattr+0x274/0x600 [ 311.644074][ T7266] ? __pfx_filename_setxattr+0x10/0x10 [ 311.644112][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.644140][ T7266] ? getname_flags+0x1e5/0x540 [ 311.644180][ T7266] path_setxattrat+0x364/0x3a0 [ 311.644216][ T7266] ? __pfx_path_setxattrat+0x10/0x10 [ 311.644280][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.644308][ T7266] ? rcu_is_watching+0x15/0xb0 [ 311.644343][ T7266] __x64_sys_lsetxattr+0xbf/0xe0 [ 311.644383][ T7266] do_syscall_64+0xfa/0x3b0 [ 311.644408][ T7266] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.644446][ T7266] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.644469][ T7266] ? srso_alias_return_thunk+0x5/0xfbef5 [ 311.644496][ T7266] ? exc_page_fault+0x9f/0xf0 [ 311.644536][ T7266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.644560][ T7266] RIP: 0033:0x7f3cdbf794f9 [ 311.644583][ T7266] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5874] getdents64(3, [pid 5871] <... umount2 resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] close(3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... close resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./31/file1", [pid 5874] rmdir("./32" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] <... rmdir resumed>) = 0 [pid 5871] umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./31/file1") = 0 [pid 5871] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] mkdir("./33", 0777 [pid 5871] newfstatat(AT_FDCWD, "./31/binderfs", [pid 5874] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./31/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5871] rmdir("./31") = 0 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 5871] mkdir("./32", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 311.644604][ T7266] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 311.644630][ T7266] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 311.644648][ T7266] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 311.644666][ T7266] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 311.644682][ T7266] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 311.644699][ T7266] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 311.644737][ T7266] [ 311.644748][ T7266] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 311.687590][ T7264] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 311.896848][ T7266] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 312.188089][ T7264] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 312.193892][ T7266] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 312.216839][ T7264] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 312.433851][ T7286] loop1: detected capacity change from 0 to 32768 [ 312.495684][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 312.509573][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 312.571037][ T7285] loop2: detected capacity change from 0 to 32768 [ 312.606246][ T7286] XFS: noikeep mount option is deprecated. [ 312.689997][ T7285] XFS: noikeep mount option is deprecated. [pid 5871] close(3 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7298 attached [pid 7298] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7298 [pid 7298] <... set_robust_list resumed>) = 0 [pid 7298] chdir("./33") = 0 [pid 7298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7298] setpgid(0, 0) = 0 [pid 7298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7298] write(3, "1000", 4) = 4 [ 313.156124][ T7286] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 313.167352][ T7285] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7298] close(3) = 0 [pid 7298] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7298] write(1, "executing program\n", 18) = 18 [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7298] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7298] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7304 attached [pid 7304] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7298] <... clone3 resumed> => {parent_tid=[7304]}, 88) = 7304 [pid 7304] <... rseq resumed>) = 0 [pid 7298] rt_sigprocmask(SIG_SETMASK, [], [pid 7304] set_robust_list(0x7f3cdbf259a0, 24 [pid 7298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7304] <... set_robust_list resumed>) = 0 [pid 7298] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] rt_sigprocmask(SIG_SETMASK, [], [pid 7298] <... futex resumed>) = 0 [pid 7304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7304] memfd_create("syzkaller", 0) = 3 [pid 7304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 5871] <... close resumed>) = 0 [ 313.245566][ T7285] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 313.247560][ T7286] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7305 attached , child_tidptr=0x55555d962750) = 7305 [pid 7305] set_robust_list(0x55555d962760, 24) = 0 [pid 7305] chdir("./32") = 0 [pid 7305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7305] setpgid(0, 0) = 0 [pid 7305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7305] write(3, "1000", 4) = 4 [pid 7305] close(3) = 0 [pid 7286] <... mount resumed>) = 0 [pid 7305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7286] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 executing program [pid 7305] write(1, "executing program\n", 18 [pid 7286] chdir("./file1" [pid 7305] <... write resumed>) = 18 [pid 7286] <... chdir resumed>) = 0 [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7305] <... futex resumed>) = 0 [pid 7305] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7286] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7305] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7286] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7286] <... futex resumed>) = 1 [ 313.288572][ T7286] XFS (loop1): Starting recovery (logdev: internal) [ 313.296128][ T7285] XFS (loop2): Starting recovery (logdev: internal) [ 313.307462][ T7286] XFS (loop1): Ending recovery (logdev: internal) [pid 7305] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7305] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7286] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7285] <... mount resumed>) = 0 [pid 7284] <... futex resumed>) = 0 [pid 7305] <... mprotect resumed>) = 0 [pid 7285] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7285] <... openat resumed>) = 3 [pid 7284] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7285] chdir("./file1" [pid 7305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7285] <... chdir resumed>) = 0 [pid 7286] <... futex resumed>) = 0 [pid 7284] <... futex resumed>) = 1 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7306 attached [pid 7286] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7306] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7305] <... clone3 resumed> => {parent_tid=[7306]}, 88) = 7306 [pid 7285] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7306] <... rseq resumed>) = 0 [pid 7305] rt_sigprocmask(SIG_SETMASK, [], [pid 7285] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7306] set_robust_list(0x7f3cdbf259a0, 24 [pid 7305] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... futex resumed>) = 1 [pid 7283] <... futex resumed>) = 0 [pid 7306] <... set_robust_list resumed>) = 0 [pid 7305] <... futex resumed>) = 0 [pid 7286] <... openat resumed>) = 4 [pid 7285] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] rt_sigprocmask(SIG_SETMASK, [], [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7283] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7286] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7283] <... futex resumed>) = 0 [pid 7306] memfd_create("syzkaller", 0 [pid 7286] <... futex resumed>) = 1 [pid 7285] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7284] <... futex resumed>) = 0 [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7284] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] <... memfd_create resumed>) = 3 [pid 7306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7285] <... openat resumed>) = 4 [pid 7306] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7285] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7283] <... futex resumed>) = 0 [pid 7285] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7283] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] <... pwritev2 resumed>) = 65007 [pid 7285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7283] <... futex resumed>) = 0 [pid 7286] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] <... futex resumed>) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7286] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7284] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7284] <... futex resumed>) = 0 [ 313.334698][ T7285] XFS (loop2): Ending recovery (logdev: internal) [pid 7286] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7285] <... pwritev2 resumed>) = 65007 [pid 7285] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7283] <... futex resumed>) = 0 [pid 7285] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7283] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7286] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7286] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7285] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] <... futex resumed>) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7285] <... futex resumed>) = 1 [pid 7286] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7285] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7284] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] <... futex resumed>) = 0 [pid 7286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7284] <... futex resumed>) = 0 [pid 7283] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7285] <... futex resumed>) = 0 [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7283] <... futex resumed>) = 1 [pid 7285] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 313.376749][ T7286] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 313.395370][ T7285] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 313.407849][ T7286] XFS (loop1): Unmount and run xfs_repair [ 313.413831][ T7285] XFS (loop2): Unmount and run xfs_repair [pid 7283] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7284] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 313.442038][ T7285] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 313.468008][ T7286] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 313.481440][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 313.481475][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 313.481493][ T7285] Call Trace: [ 313.481503][ T7285] [ 313.481514][ T7285] dump_stack_lvl+0x189/0x250 [ 313.481553][ T7285] ? __pfx__xfs_alert_tag+0x10/0x10 [ 313.481593][ T7285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.481627][ T7285] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 313.481674][ T7285] xfs_corruption_error+0x122/0x170 [ 313.481714][ T7285] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 313.481749][ T7285] xfs_alloc_fixup_trees+0x95e/0xd20 [ 313.481778][ T7285] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 313.481819][ T7285] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 313.481850][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.481879][ T7285] ? rcu_is_watching+0x15/0xb0 [ 313.481909][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.481937][ T7285] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 313.481968][ T7285] ? rcu_is_watching+0x15/0xb0 [ 313.482020][ T7285] xfs_alloc_cur_finish+0xd3/0x4b0 [ 313.482050][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482080][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482114][ T7285] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 313.482171][ T7285] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 313.482201][ T7285] ? xfs_group_grab+0x28/0x480 [ 313.482237][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482266][ T7285] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 313.482299][ T7285] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 313.482347][ T7285] xfs_alloc_vextent_start_ag+0x388/0x850 [ 313.482386][ T7285] xfs_bmapi_allocate+0x188e/0x2e00 [ 313.482451][ T7285] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 313.482484][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482534][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482563][ T7285] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 313.482586][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.482614][ T7285] ? xfs_iext_prev+0x35a/0x370 [ 313.482652][ T7285] ? xfs_iext_get_extent+0x1bb/0x370 [pid 7306] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7304] <... write resumed>) = 16777216 [ 313.482682][ T7285] xfs_bmapi_write+0x7df/0x1260 [ 313.482742][ T7285] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 313.482821][ T7285] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 313.482863][ T7285] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 313.482894][ T7285] ? kasan_save_track+0x4f/0x80 [ 313.482921][ T7285] ? kasan_save_track+0x3e/0x80 [ 313.482946][ T7285] ? kasan_save_free_info+0x46/0x50 [ 313.482996][ T7285] ? kmem_cache_free+0x18f/0x400 [ 313.483025][ T7285] ? __xfs_trans_commit+0x3e0/0xbd0 [ 313.483051][ T7285] ? xfs_trans_roll+0x130/0x450 [ 313.483076][ T7285] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 313.483116][ T7285] xfs_attr_set_iter+0x2d4/0x4b70 [ 313.483151][ T7285] ? filename_setxattr+0x274/0x600 [ 313.483185][ T7285] ? path_setxattrat+0x364/0x3a0 [ 313.483207][ T7285] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 313.483258][ T7285] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 313.483316][ T7285] ? kasan_quarantine_put+0xdd/0x220 [ 313.483342][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.483371][ T7285] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.483412][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.483447][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.483475][ T7285] ? kmem_cache_free+0x18f/0x400 [ 313.483503][ T7285] ? __xfs_trans_commit+0x3e0/0xbd0 [ 313.483535][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.483563][ T7285] ? __xfs_trans_commit+0x4c7/0xbd0 [ 313.483606][ T7285] xfs_attr_finish_item+0xed/0x320 [ 313.483646][ T7285] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 313.483683][ T7285] xfs_defer_finish_one+0x5c8/0xcf0 [ 313.483744][ T7285] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 313.483794][ T7285] xfs_defer_finish_noroll+0x910/0x12d0 [ 313.483833][ T7285] ? xfs_trans_commit+0x10b/0x1c0 [ 313.483865][ T7285] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 313.483899][ T7285] ? inode_set_ctime_current+0x740/0xb40 [ 313.483947][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.483982][ T7285] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 313.484023][ T7285] xfs_trans_commit+0x10b/0x1c0 [ 313.484049][ T7285] ? __pfx_xfs_trans_commit+0x10/0x10 [ 313.484082][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7304] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7285] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7285] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7304] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7304] ioctl(4, LOOP_SET_FD, 3 [pid 7283] exit_group(0 [pid 7285] <... futex resumed>) = ? [pid 7283] <... exit_group resumed>) = ? [pid 7285] +++ exited with 0 +++ [pid 7283] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7283, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=96 /* 0.96 s */} --- [ 313.484110][ T7285] ? xfs_trans_log_inode+0x12c/0x1a0 [ 313.484150][ T7285] xfs_attr_set+0xdc6/0x1210 [ 313.484200][ T7285] ? __pfx_xfs_attr_set+0x10/0x10 [ 313.484233][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.484262][ T7285] ? __lock_acquire+0xab9/0xd20 [ 313.484298][ T7285] ? xfs_da_hashname+0x59d/0x740 [ 313.484331][ T7285] ? do_raw_spin_lock+0x121/0x290 [ 313.484374][ T7285] ? xfs_attr_change+0x2ac/0x390 [ 313.484409][ T7285] xfs_xattr_set+0x14d/0x250 [ 313.484441][ T7285] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 7306] <... write resumed>) = 16777216 [pid 7286] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 7306] munmap(0x7f3cd3a00000, 138412032 [pid 7286] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7284] exit_group(0) = ? [pid 7286] <... futex resumed>) = ? [ 313.484486][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.484514][ T7285] ? evm_protect_xattr+0x4d4/0xa90 [ 313.484542][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.484570][ T7285] ? rcu_is_watching+0x15/0xb0 [ 313.484604][ T7285] ? __pfx_evm_protect_xattr+0x10/0x10 [ 313.484632][ T7285] ? __pfx_xfs_xattr_set+0x10/0x10 [ 313.484660][ T7285] __vfs_setxattr+0x43c/0x480 [ 313.484710][ T7285] __vfs_setxattr_noperm+0x12d/0x660 [ 313.484753][ T7285] vfs_setxattr+0x16b/0x2f0 [pid 7286] +++ exited with 0 +++ [pid 7284] +++ exited with 0 +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7284, si_uid=0, si_status=0, si_utime=0, si_stime=83 /* 0.83 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... restart_syscall resumed>) = 0 [pid 5873] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 313.484795][ T7285] ? __pfx_vfs_setxattr+0x10/0x10 [ 313.484826][ T7285] ? mnt_get_write_access+0x223/0x2a0 [ 313.484856][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.484891][ T7285] filename_setxattr+0x274/0x600 [ 313.484937][ T7285] ? __pfx_filename_setxattr+0x10/0x10 [ 313.484983][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.485012][ T7285] ? getname_flags+0x1e5/0x540 [ 313.485053][ T7285] path_setxattrat+0x364/0x3a0 [ 313.485089][ T7285] ? __pfx_path_setxattrat+0x10/0x10 [ 313.485155][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7306] <... munmap resumed>) = 0 [pid 7306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7306] ioctl(4, LOOP_SET_FD, 3 [pid 7304] <... ioctl resumed>) = 0 [ 313.485183][ T7285] ? rcu_is_watching+0x15/0xb0 [ 313.485219][ T7285] __x64_sys_lsetxattr+0xbf/0xe0 [ 313.485383][ T7285] do_syscall_64+0xfa/0x3b0 [ 313.485407][ T7285] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.485445][ T7285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.485469][ T7285] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.485498][ T7285] ? exc_page_fault+0x9f/0xf0 [ 313.485539][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.485569][ T7285] RIP: 0033:0x7f3cdbf794f9 [pid 7304] close(3) = 0 [pid 7306] <... ioctl resumed>) = 0 [pid 7306] close(3) = 0 [ 313.485593][ T7285] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 313.485615][ T7285] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 313.485642][ T7285] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 313.485661][ T7285] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 313.485680][ T7285] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7306] close(4 [pid 7304] close(4 [pid 7306] <... close resumed>) = 0 [pid 7304] <... close resumed>) = 0 [pid 7306] mkdir("./file1", 0777) = 0 [pid 7304] mkdir("./file1", 0777) = 0 [ 313.485696][ T7285] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 313.485714][ T7285] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 313.485753][ T7285] [ 313.485765][ T7285] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 313.607046][ T7286] CPU: 1 UID: 0 PID: 7286 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 313.607082][ T7286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7304] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 313.607098][ T7286] Call Trace: [ 313.607109][ T7286] [ 313.607120][ T7286] dump_stack_lvl+0x189/0x250 [ 313.607157][ T7286] ? __pfx__xfs_alert_tag+0x10/0x10 [ 313.607194][ T7286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.607229][ T7286] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 313.607282][ T7286] xfs_corruption_error+0x122/0x170 [ 313.607321][ T7286] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 313.607356][ T7286] xfs_alloc_fixup_trees+0x95e/0xd20 [ 313.607385][ T7286] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 313.607426][ T7286] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 313.607456][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.607484][ T7286] ? rcu_is_watching+0x15/0xb0 [ 313.607514][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.607542][ T7286] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 313.607572][ T7286] ? rcu_is_watching+0x15/0xb0 [ 313.607611][ T7286] xfs_alloc_cur_finish+0xd3/0x4b0 [ 313.607639][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.607669][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.607702][ T7286] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 313.607759][ T7286] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 313.607787][ T7286] ? xfs_group_grab+0x28/0x480 [ 313.607823][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.607850][ T7286] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 313.607884][ T7286] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 313.607932][ T7286] xfs_alloc_vextent_start_ag+0x388/0x850 [ 313.607970][ T7286] xfs_bmapi_allocate+0x188e/0x2e00 [ 313.608034][ T7286] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 313.608066][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.608116][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.608143][ T7286] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 313.608167][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.608193][ T7286] ? xfs_iext_prev+0x35a/0x370 [ 313.608231][ T7286] ? xfs_iext_get_extent+0x1bb/0x370 [ 313.608267][ T7286] xfs_bmapi_write+0x7df/0x1260 [ 313.608325][ T7286] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 7306] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 313.608402][ T7286] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 313.608442][ T7286] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 313.608472][ T7286] ? kasan_save_track+0x4f/0x80 [ 313.608497][ T7286] ? kasan_save_track+0x3e/0x80 [ 313.608522][ T7286] ? kasan_save_free_info+0x46/0x50 [ 313.608558][ T7286] ? kmem_cache_free+0x18f/0x400 [ 313.608586][ T7286] ? __xfs_trans_commit+0x3e0/0xbd0 [ 313.608611][ T7286] ? xfs_trans_roll+0x130/0x450 [ 313.608634][ T7286] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 313.608673][ T7286] xfs_attr_set_iter+0x2d4/0x4b70 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./32/file1" [pid 5872] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] <... rmdir resumed>) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./32/file1") = 0 [pid 5873] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./32/binderfs" [ 313.608706][ T7286] ? filename_setxattr+0x274/0x600 [ 313.608738][ T7286] ? path_setxattrat+0x364/0x3a0 [ 313.608760][ T7286] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 313.608811][ T7286] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 313.608867][ T7286] ? kasan_quarantine_put+0xdd/0x220 [ 313.608892][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.608919][ T7286] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.608958][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5872] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... unlink resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 313.608991][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.609019][ T7286] ? kmem_cache_free+0x18f/0x400 [ 313.609046][ T7286] ? __xfs_trans_commit+0x3e0/0xbd0 [ 313.609076][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.609104][ T7286] ? __xfs_trans_commit+0x4c7/0xbd0 [ 313.609147][ T7286] xfs_attr_finish_item+0xed/0x320 [ 313.609187][ T7286] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 313.609223][ T7286] xfs_defer_finish_one+0x5c8/0xcf0 [ 313.609287][ T7286] ? __pfx_xfs_defer_finish_one+0x10/0x10 [pid 5872] newfstatat(AT_FDCWD, "./32/binderfs", [pid 5873] getdents64(3, [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] unlink("./32/binderfs" [pid 5873] close(3 [pid 5872] <... unlink resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5873] rmdir("./32") = 0 [pid 5873] mkdir("./33", 0777 [pid 5872] getdents64(3, [pid 5873] <... mkdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./32" [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... rmdir resumed>) = 0 [pid 5873] <... openat resumed>) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD [pid 5872] mkdir("./33", 0777 [pid 5873] <... ioctl resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [ 313.609336][ T7286] xfs_defer_finish_noroll+0x910/0x12d0 [ 313.609374][ T7286] ? xfs_trans_commit+0x10b/0x1c0 [ 313.609406][ T7286] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 313.609439][ T7286] ? inode_set_ctime_current+0x740/0xb40 [ 313.609485][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.609513][ T7286] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 313.609552][ T7286] xfs_trans_commit+0x10b/0x1c0 [ 313.609578][ T7286] ? __pfx_xfs_trans_commit+0x10/0x10 [ 313.609610][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.609637][ T7286] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 5873] close(3 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 313.609677][ T7286] xfs_attr_set+0xdc6/0x1210 [ 313.609725][ T7286] ? __pfx_xfs_attr_set+0x10/0x10 [ 313.609758][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.609786][ T7286] ? __lock_acquire+0xab9/0xd20 [ 313.609821][ T7286] ? xfs_da_hashname+0x59d/0x740 [ 313.609852][ T7286] ? do_raw_spin_lock+0x121/0x290 [ 313.609894][ T7286] ? xfs_attr_change+0x2ac/0x390 [ 313.609928][ T7286] xfs_xattr_set+0x14d/0x250 [ 313.609960][ T7286] ? __pfx_xfs_xattr_set+0x10/0x10 [ 313.610004][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610032][ T7286] ? evm_protect_xattr+0x4d4/0xa90 [ 313.610059][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610087][ T7286] ? rcu_is_watching+0x15/0xb0 [ 313.610119][ T7286] ? __pfx_evm_protect_xattr+0x10/0x10 [ 313.610147][ T7286] ? __pfx_xfs_xattr_set+0x10/0x10 [ 313.610174][ T7286] __vfs_setxattr+0x43c/0x480 [ 313.610223][ T7286] __vfs_setxattr_noperm+0x12d/0x660 [ 313.610270][ T7286] vfs_setxattr+0x16b/0x2f0 [ 313.610311][ T7286] ? __pfx_vfs_setxattr+0x10/0x10 [ 313.610341][ T7286] ? mnt_get_write_access+0x223/0x2a0 [ 313.610371][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610405][ T7286] filename_setxattr+0x274/0x600 [ 313.610451][ T7286] ? __pfx_filename_setxattr+0x10/0x10 [ 313.610489][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610517][ T7286] ? getname_flags+0x1e5/0x540 [ 313.610557][ T7286] path_setxattrat+0x364/0x3a0 [ 313.610593][ T7286] ? __pfx_path_setxattrat+0x10/0x10 [ 313.610658][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610685][ T7286] ? rcu_is_watching+0x15/0xb0 [ 313.610721][ T7286] __x64_sys_lsetxattr+0xbf/0xe0 [ 313.610761][ T7286] do_syscall_64+0xfa/0x3b0 [ 313.610785][ T7286] ? lockdep_hardirqs_on+0x9c/0x150 [ 313.610823][ T7286] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.610846][ T7286] ? srso_alias_return_thunk+0x5/0xfbef5 [ 313.610874][ T7286] ? exc_page_fault+0x9f/0xf0 [ 313.610914][ T7286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.610938][ T7286] RIP: 0033:0x7f3cdbf794f9 [ 313.610962][ T7286] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 313.610983][ T7286] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 313.611009][ T7286] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 313.611028][ T7286] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 313.611046][ T7286] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 313.611062][ T7286] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 313.611079][ T7286] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 313.611118][ T7286] [ 313.611129][ T7286] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 313.687513][ T7285] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 313.735024][ T7286] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 313.786805][ T7285] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 313.791254][ T7286] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 313.905440][ T7304] loop3: detected capacity change from 0 to 32768 [ 314.073044][ T7306] loop0: detected capacity change from 0 to 32768 [ 314.099797][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 314.119163][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 314.182501][ T7304] XFS: noikeep mount option is deprecated. [ 314.240224][ T7306] XFS: noikeep mount option is deprecated. [ 314.373747][ T7304] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 314.419942][ T7306] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 314.457230][ T7306] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 314.490884][ T7304] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5872] close(3 [pid 7306] <... mount resumed>) = 0 [pid 7306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7306] chdir("./file1") = 0 [pid 7306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7306] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7304] <... mount resumed>) = 0 [pid 7304] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7304] chdir("./file1") = 0 [pid 7304] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7304] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7298] <... futex resumed>) = 0 [pid 7298] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7305] <... futex resumed>) = 0 [pid 7305] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... futex resumed>) = 0 [pid 7305] <... futex resumed>) = 1 [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7304] <... openat resumed>) = 4 [pid 7304] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7298] <... futex resumed>) = 0 [pid 7304] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7298] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7298] <... futex resumed>) = 0 [pid 7304] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] <... openat resumed>) = 4 [pid 7306] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... close resumed>) = 0 [pid 7306] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] <... futex resumed>) = 0 [ 314.501193][ T7306] XFS (loop0): Starting recovery (logdev: internal) [ 314.576710][ T7304] XFS (loop3): Starting recovery (logdev: internal) [ 314.821171][ T7306] XFS (loop0): Ending recovery (logdev: internal) [ 314.842669][ T7304] XFS (loop3): Ending recovery (logdev: internal) [pid 7305] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] <... futex resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7306] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0./strace-static-x86_64: Process 7323 attached [pid 7323] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7323 [pid 7323] <... set_robust_list resumed>) = 0 [pid 7323] chdir("./33") = 0 [pid 7323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7323] setpgid(0, 0) = 0 [pid 7323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7323] write(3, "1000", 4) = 4 [pid 7323] close(3) = 0 [pid 7323] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... close resumed>) = 0 [pid 7323] <... symlink resumed>) = 0 [pid 7306] <... pwritev2 resumed>) = 65007 [pid 7304] <... pwritev2 resumed>) = 65007 executing program [pid 7323] write(1, "executing program\n", 18 [pid 7304] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7323] <... write resumed>) = 18 [pid 7306] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = 1 [pid 7298] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7324 attached [pid 7323] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... futex resumed>) = 1 [pid 7305] <... futex resumed>) = 0 [pid 7304] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7298] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7324] set_robust_list(0x55555d962760, 24 [pid 7323] <... futex resumed>) = 0 [pid 7306] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7298] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7324 [pid 7324] <... set_robust_list resumed>) = 0 [pid 7323] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7305] <... futex resumed>) = 0 [pid 7304] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7324] chdir("./33" [pid 7323] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7306] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7324] <... chdir resumed>) = 0 [pid 7323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7323] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7325]}, 88) = 7325 [pid 7323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7323] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7323] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7325 attached [pid 7325] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7325] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7325] memfd_create("syzkaller", 0 [pid 7324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7325] <... memfd_create resumed>) = 3 [pid 7324] <... prctl resumed>) = 0 [pid 7325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7324] setpgid(0, 0 [pid 7325] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7324] <... setpgid resumed>) = 0 [pid 7304] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7306] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7304] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7324] write(3, "1000", 4 [pid 7306] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = 1 [pid 7298] <... futex resumed>) = 0 [pid 7324] <... write resumed>) = 4 [pid 7306] <... futex resumed>) = 1 [pid 7305] <... futex resumed>) = 0 [pid 7304] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7298] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7324] close(3 [pid 7306] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7298] <... futex resumed>) = 0 [pid 7324] <... close resumed>) = 0 [pid 7306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7305] <... futex resumed>) = 0 [pid 7304] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 315.089915][ T7304] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 315.092292][ T7306] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 315.101864][ T7304] XFS (loop3): Unmount and run xfs_repair [ 315.121063][ T7306] XFS (loop0): Unmount and run xfs_repair executing program [pid 7298] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7324] symlink("/dev/binderfs", "./binderfs" [pid 7306] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7305] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7324] <... symlink resumed>) = 0 [pid 7324] write(1, "executing program\n", 18) = 18 [pid 7324] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7324] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7326]}, 88) = 7326 [pid 7324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7326 attached [pid 7324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7326] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [ 315.142033][ T7304] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 315.161828][ T7306] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 7326] set_robust_list(0x7f3cdbf259a0, 24 [pid 7324] <... futex resumed>) = 0 [pid 7324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 315.176205][ T7304] CPU: 0 UID: 0 PID: 7304 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 315.176239][ T7304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.176255][ T7304] Call Trace: [ 315.176265][ T7304] [ 315.176277][ T7304] dump_stack_lvl+0x189/0x250 [ 315.176312][ T7304] ? __pfx__xfs_alert_tag+0x10/0x10 [ 315.176350][ T7304] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.176386][ T7304] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 315.176433][ T7304] xfs_corruption_error+0x122/0x170 [ 315.176471][ T7304] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7325] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7326] <... set_robust_list resumed>) = 0 [pid 7326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7326] memfd_create("syzkaller", 0) = 3 [pid 7326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 315.176505][ T7304] xfs_alloc_fixup_trees+0x95e/0xd20 [ 315.176533][ T7304] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 315.176574][ T7304] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 315.176603][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.176633][ T7304] ? rcu_is_watching+0x15/0xb0 [ 315.176664][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.176692][ T7304] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 315.176724][ T7304] ? rcu_is_watching+0x15/0xb0 [ 315.176768][ T7304] xfs_alloc_cur_finish+0xd3/0x4b0 [ 315.176798][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.176828][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.176862][ T7304] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 315.176919][ T7304] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 315.176948][ T7304] ? xfs_group_grab+0x28/0x480 [ 315.176986][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.177015][ T7304] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 315.177049][ T7304] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 315.177106][ T7304] xfs_alloc_vextent_start_ag+0x388/0x850 [ 315.177146][ T7304] xfs_bmapi_allocate+0x188e/0x2e00 [ 315.177213][ T7304] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 315.177246][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.177296][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.177324][ T7304] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 315.177349][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.177378][ T7304] ? xfs_iext_prev+0x35a/0x370 [ 315.177416][ T7304] ? xfs_iext_get_extent+0x1bb/0x370 [ 315.177447][ T7304] xfs_bmapi_write+0x7df/0x1260 [pid 7304] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7304] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 315.177508][ T7304] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 315.177588][ T7304] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 315.177629][ T7304] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 315.177660][ T7304] ? kasan_save_track+0x4f/0x80 [ 315.177686][ T7304] ? kasan_save_track+0x3e/0x80 [ 315.177711][ T7304] ? kasan_save_free_info+0x46/0x50 [ 315.177748][ T7304] ? kmem_cache_free+0x18f/0x400 [ 315.177778][ T7304] ? __xfs_trans_commit+0x3e0/0xbd0 [ 315.177804][ T7304] ? xfs_trans_roll+0x130/0x450 [pid 7304] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7298] exit_group(0 [pid 7304] <... futex resumed>) = ? [pid 7298] <... exit_group resumed>) = ? [pid 7304] +++ exited with 0 +++ [pid 7298] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7298, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=112 /* 1.12 s */} --- [ 315.177828][ T7304] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 315.177869][ T7304] xfs_attr_set_iter+0x2d4/0x4b70 [ 315.177904][ T7304] ? filename_setxattr+0x274/0x600 [ 315.177938][ T7304] ? path_setxattrat+0x364/0x3a0 [ 315.177960][ T7304] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 315.178013][ T7304] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 315.178076][ T7304] ? kasan_quarantine_put+0xdd/0x220 [ 315.178103][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.178131][ T7304] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.178172][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 315.178207][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.178235][ T7304] ? kmem_cache_free+0x18f/0x400 [ 315.178264][ T7304] ? __xfs_trans_commit+0x3e0/0xbd0 [ 315.178296][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.178324][ T7304] ? __xfs_trans_commit+0x4c7/0xbd0 [ 315.178368][ T7304] xfs_attr_finish_item+0xed/0x320 [ 315.178408][ T7304] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 315.178446][ T7304] xfs_defer_finish_one+0x5c8/0xcf0 [pid 5874] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7305] exit_group(0) = ? [ 315.178507][ T7304] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 315.178558][ T7304] xfs_defer_finish_noroll+0x910/0x12d0 [ 315.178598][ T7304] ? xfs_trans_commit+0x10b/0x1c0 [ 315.178630][ T7304] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 315.178665][ T7304] ? inode_set_ctime_current+0x740/0xb40 [ 315.178713][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.178741][ T7304] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 315.178785][ T7304] xfs_trans_commit+0x10b/0x1c0 [ 315.178812][ T7304] ? __pfx_xfs_trans_commit+0x10/0x10 [ 315.178845][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.178874][ T7304] ? xfs_trans_log_inode+0x12c/0x1a0 [ 315.178915][ T7304] xfs_attr_set+0xdc6/0x1210 [ 315.178964][ T7304] ? __pfx_xfs_attr_set+0x10/0x10 [ 315.178999][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.179027][ T7304] ? __lock_acquire+0xab9/0xd20 [ 315.179070][ T7304] ? xfs_da_hashname+0x59d/0x740 [ 315.179102][ T7304] ? do_raw_spin_lock+0x121/0x290 [ 315.179146][ T7304] ? xfs_attr_change+0x2ac/0x390 [ 315.179181][ T7304] xfs_xattr_set+0x14d/0x250 [ 315.179213][ T7304] ? __pfx_xfs_xattr_set+0x10/0x10 [ 315.179259][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.179287][ T7304] ? evm_protect_xattr+0x4d4/0xa90 [ 315.179315][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.179343][ T7304] ? rcu_is_watching+0x15/0xb0 [ 315.179378][ T7304] ? __pfx_evm_protect_xattr+0x10/0x10 [ 315.179406][ T7304] ? __pfx_xfs_xattr_set+0x10/0x10 [ 315.179434][ T7304] __vfs_setxattr+0x43c/0x480 [ 315.179484][ T7304] __vfs_setxattr_noperm+0x12d/0x660 [ 315.179528][ T7304] vfs_setxattr+0x16b/0x2f0 [ 315.179570][ T7304] ? __pfx_vfs_setxattr+0x10/0x10 [ 315.179600][ T7304] ? mnt_get_write_access+0x223/0x2a0 [ 315.179631][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.179666][ T7304] filename_setxattr+0x274/0x600 [ 315.179714][ T7304] ? __pfx_filename_setxattr+0x10/0x10 [ 315.179753][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.179781][ T7304] ? getname_flags+0x1e5/0x540 [ 315.179824][ T7304] path_setxattrat+0x364/0x3a0 [ 315.179861][ T7304] ? __pfx_path_setxattrat+0x10/0x10 [ 315.179928][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7326] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7325] <... write resumed>) = 16777216 [ 315.179956][ T7304] ? rcu_is_watching+0x15/0xb0 [ 315.179993][ T7304] __x64_sys_lsetxattr+0xbf/0xe0 [ 315.180034][ T7304] do_syscall_64+0xfa/0x3b0 [ 315.180062][ T7304] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.180101][ T7304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.180125][ T7304] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.180153][ T7304] ? exc_page_fault+0x9f/0xf0 [ 315.180194][ T7304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.180219][ T7304] RIP: 0033:0x7f3cdbf794f9 [pid 7325] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 315.180241][ T7304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 315.180263][ T7304] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 315.180290][ T7304] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 315.180309][ T7304] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 315.180328][ T7304] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 315.180345][ T7304] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 315.180362][ T7304] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 315.180402][ T7304] [ 315.196855][ T7306] CPU: 1 UID: 0 PID: 7306 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 315.196887][ T7306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.196903][ T7306] Call Trace: [ 315.196913][ T7306] [pid 7325] ioctl(4, LOOP_SET_FD, 3 [pid 7326] <... write resumed>) = 16777216 [pid 7306] <... lsetxattr resumed>) = ? [pid 7326] munmap(0x7f3cd3a00000, 138412032 [pid 7306] +++ exited with 0 +++ [pid 7305] +++ exited with 0 +++ [pid 7326] <... munmap resumed>) = 0 [ 315.196924][ T7306] dump_stack_lvl+0x189/0x250 [ 315.196957][ T7306] ? __pfx__xfs_alert_tag+0x10/0x10 [ 315.196993][ T7306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.197028][ T7306] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 315.197074][ T7306] xfs_corruption_error+0x122/0x170 [ 315.197112][ T7306] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 315.197146][ T7306] xfs_alloc_fixup_trees+0x95e/0xd20 [ 315.197175][ T7306] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 315.197216][ T7306] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 7326] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7325] <... ioctl resumed>) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7305, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=119 /* 1.19 s */} --- [pid 7325] close(3) = 0 [pid 7325] close(4) = 0 [pid 7325] mkdir("./file1", 0777) = 0 [pid 7325] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7326] <... openat resumed>) = 4 [ 315.197246][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197274][ T7306] ? rcu_is_watching+0x15/0xb0 [ 315.197313][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197340][ T7306] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 315.197371][ T7306] ? rcu_is_watching+0x15/0xb0 [ 315.197410][ T7306] xfs_alloc_cur_finish+0xd3/0x4b0 [ 315.197439][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197469][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197502][ T7306] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 315.197559][ T7306] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 315.197588][ T7306] ? xfs_group_grab+0x28/0x480 [ 315.197623][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197650][ T7306] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 315.197683][ T7306] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 315.197730][ T7306] xfs_alloc_vextent_start_ag+0x388/0x850 [ 315.197769][ T7306] xfs_bmapi_allocate+0x188e/0x2e00 [ 315.197831][ T7306] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 315.197863][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7326] ioctl(4, LOOP_SET_FD, 3 [ 315.197912][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197940][ T7306] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 315.197964][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.197991][ T7306] ? xfs_iext_prev+0x35a/0x370 [ 315.198028][ T7306] ? xfs_iext_get_extent+0x1bb/0x370 [ 315.198058][ T7306] xfs_bmapi_write+0x7df/0x1260 [ 315.198116][ T7306] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 315.198194][ T7306] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 315.198234][ T7306] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 315.198264][ T7306] ? kasan_save_track+0x4f/0x80 [pid 5871] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7326] <... ioctl resumed>) = 0 [pid 7326] close(3) = 0 [pid 7326] close(4) = 0 [ 315.198289][ T7306] ? kasan_save_track+0x3e/0x80 [ 315.198319][ T7306] ? kasan_save_free_info+0x46/0x50 [ 315.198355][ T7306] ? kmem_cache_free+0x18f/0x400 [ 315.198383][ T7306] ? __xfs_trans_commit+0x3e0/0xbd0 [ 315.198407][ T7306] ? xfs_trans_roll+0x130/0x450 [ 315.198430][ T7306] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 315.198469][ T7306] xfs_attr_set_iter+0x2d4/0x4b70 [ 315.198502][ T7306] ? filename_setxattr+0x274/0x600 [ 315.198534][ T7306] ? path_setxattrat+0x364/0x3a0 [pid 5871] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7326] mkdir("./file1", 0777 [pid 5871] <... openat resumed>) = 3 [pid 7326] <... mkdir resumed>) = 0 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 7326] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 315.198555][ T7306] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 315.198606][ T7306] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 315.198662][ T7306] ? kasan_quarantine_put+0xdd/0x220 [ 315.198687][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.198715][ T7306] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.198754][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.198788][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.198816][ T7306] ? kmem_cache_free+0x18f/0x400 [ 315.198844][ T7306] ? __xfs_trans_commit+0x3e0/0xbd0 [ 315.198874][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.198902][ T7306] ? __xfs_trans_commit+0x4c7/0xbd0 [ 315.198945][ T7306] xfs_attr_finish_item+0xed/0x320 [ 315.198984][ T7306] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 315.199020][ T7306] xfs_defer_finish_one+0x5c8/0xcf0 [ 315.199079][ T7306] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 315.199128][ T7306] xfs_defer_finish_noroll+0x910/0x12d0 [ 315.199167][ T7306] ? xfs_trans_commit+0x10b/0x1c0 [ 315.199199][ T7306] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 315.199232][ T7306] ? inode_set_ctime_current+0x740/0xb40 [ 315.199278][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.199311][ T7306] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 315.199350][ T7306] xfs_trans_commit+0x10b/0x1c0 [ 315.199377][ T7306] ? __pfx_xfs_trans_commit+0x10/0x10 [ 315.199408][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.199436][ T7306] ? xfs_trans_log_inode+0x12c/0x1a0 [ 315.199475][ T7306] xfs_attr_set+0xdc6/0x1210 [ 315.199524][ T7306] ? __pfx_xfs_attr_set+0x10/0x10 [ 315.199557][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.199585][ T7306] ? __lock_acquire+0xab9/0xd20 [ 315.199620][ T7306] ? xfs_da_hashname+0x59d/0x740 [ 315.199652][ T7306] ? do_raw_spin_lock+0x121/0x290 [ 315.199694][ T7306] ? xfs_attr_change+0x2ac/0x390 [ 315.199728][ T7306] xfs_xattr_set+0x14d/0x250 [ 315.199760][ T7306] ? __pfx_xfs_xattr_set+0x10/0x10 [ 315.199804][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.199832][ T7306] ? evm_protect_xattr+0x4d4/0xa90 [ 315.199859][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.199887][ T7306] ? rcu_is_watching+0x15/0xb0 [ 315.199919][ T7306] ? __pfx_evm_protect_xattr+0x10/0x10 [ 315.199947][ T7306] ? __pfx_xfs_xattr_set+0x10/0x10 [ 315.199975][ T7306] __vfs_setxattr+0x43c/0x480 [ 315.200023][ T7306] __vfs_setxattr_noperm+0x12d/0x660 [ 315.200065][ T7306] vfs_setxattr+0x16b/0x2f0 [ 315.200106][ T7306] ? __pfx_vfs_setxattr+0x10/0x10 [ 315.200136][ T7306] ? mnt_get_write_access+0x223/0x2a0 [ 315.200167][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.200201][ T7306] filename_setxattr+0x274/0x600 [pid 5871] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./33/file1") = 0 [pid 5874] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./33/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./33") = 0 [pid 5874] mkdir("./34", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 315.200247][ T7306] ? __pfx_filename_setxattr+0x10/0x10 [ 315.200286][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.200318][ T7306] ? getname_flags+0x1e5/0x540 [ 315.200359][ T7306] path_setxattrat+0x364/0x3a0 [ 315.200394][ T7306] ? __pfx_path_setxattrat+0x10/0x10 [ 315.200459][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.200487][ T7306] ? rcu_is_watching+0x15/0xb0 [ 315.200523][ T7306] __x64_sys_lsetxattr+0xbf/0xe0 [ 315.200563][ T7306] do_syscall_64+0xfa/0x3b0 [ 315.200588][ T7306] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.200625][ T7306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.200649][ T7306] ? srso_alias_return_thunk+0x5/0xfbef5 [ 315.200676][ T7306] ? exc_page_fault+0x9f/0xf0 [ 315.200716][ T7306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.200740][ T7306] RIP: 0033:0x7f3cdbf794f9 [ 315.200762][ T7306] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7335 ./strace-static-x86_64: Process 7335 attached [pid 7335] set_robust_list(0x55555d962760, 24) = 0 [pid 7335] chdir("./34") = 0 [pid 7335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7335] setpgid(0, 0) = 0 [pid 7335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7335] write(3, "1000", 4) = 4 [pid 7335] close(3) = 0 [pid 7335] symlink("/dev/binderfs", "./binderfs") = 0 [ 315.200783][ T7306] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 315.200808][ T7306] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 315.200827][ T7306] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 315.200846][ T7306] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 315.200862][ T7306] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 315.200879][ T7306] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 315.200918][ T7306] [pid 7335] write(1, "executing program\n", 18executing program ) = 18 [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7335] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7335] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7336 attached => {parent_tid=[7336]}, 88) = 7336 [pid 7336] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7335] rt_sigprocmask(SIG_SETMASK, [], [pid 7336] <... rseq resumed>) = 0 [pid 7335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7336] set_robust_list(0x7f3cdbf259a0, 24 [pid 7335] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7336] <... set_robust_list resumed>) = 0 [pid 7335] <... futex resumed>) = 0 [pid 7336] rt_sigprocmask(SIG_SETMASK, [], [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7336] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 315.200928][ T7306] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 315.206205][ T7304] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 315.314554][ T7304] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 315.340149][ T7306] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7336] memfd_create("syzkaller", 0) = 3 [pid 7336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 315.406895][ T7304] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 315.410273][ T7306] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 315.822653][ T7325] loop2: detected capacity change from 0 to 32768 [ 315.930413][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 315.950251][ T7325] XFS: noikeep mount option is deprecated. [ 315.958817][ T7326] loop1: detected capacity change from 0 to 32768 [ 316.085874][ T7325] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 316.156655][ T7326] XFS: noikeep mount option is deprecated. [ 316.581801][ T7325] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 316.685436][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./32/file1") = 0 [pid 5871] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./32/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./32") = 0 [pid 5871] mkdir("./33", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 316.708624][ T7326] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 316.709274][ T7325] XFS (loop2): Starting recovery (logdev: internal) [pid 5871] close(3 [pid 7336] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7325] <... mount resumed>) = 0 [pid 7325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7325] chdir("./file1") = 0 [pid 7325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [ 316.771992][ T7325] XFS (loop2): Ending recovery (logdev: internal) [ 316.796499][ T7326] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7325] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7323] <... futex resumed>) = 0 [pid 7325] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7323] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7323] <... futex resumed>) = 0 [pid 7325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7323] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] <... openat resumed>) = 4 [pid 7325] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7323] <... futex resumed>) = 0 [pid 7325] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7323] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7323] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] <... pwritev2 resumed>) = 65007 [pid 7325] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7323] <... futex resumed>) = 0 [pid 7325] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7323] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] <... futex resumed>) = 0 [pid 7323] <... futex resumed>) = 1 [pid 7325] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7323] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7323] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7323] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 316.863074][ T7325] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 316.886905][ T7326] XFS (loop1): Starting recovery (logdev: internal) [pid 7323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7345 attached [pid 7345] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7323] <... clone3 resumed> => {parent_tid=[7345]}, 88) = 7345 [pid 7323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7323] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] <... rseq resumed>) = 0 [pid 7323] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7345] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7325] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7325] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7325] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7326] <... mount resumed>) = 0 [pid 7326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7326] chdir("./file1") = 0 [pid 7326] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7326] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7324] <... futex resumed>) = 0 [pid 7324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7326] <... futex resumed>) = 1 [pid 7326] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7326] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7326] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 316.925456][ T7325] XFS (loop2): Unmount and run xfs_repair [ 316.942495][ T7326] XFS (loop1): Ending recovery (logdev: internal) [ 316.951494][ T7345] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 7324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7326] <... pwritev2 resumed>) = 65007 [pid 7326] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7324] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 316.982340][ T7345] CPU: 1 UID: 0 PID: 7345 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 316.982376][ T7345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 316.982392][ T7345] Call Trace: [ 316.982402][ T7345] [ 316.982413][ T7345] dump_stack_lvl+0x189/0x250 [ 316.982450][ T7345] ? __pfx__xfs_alert_tag+0x10/0x10 [ 316.982488][ T7345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.982522][ T7345] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7326] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5871] <... close resumed>) = 0 [pid 7324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7324] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7324] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7346]}, 88) = 7346 [pid 7324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7324] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7347 attached ./strace-static-x86_64: Process 7346 attached [pid 7326] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7347] set_robust_list(0x55555d962760, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7347 [pid 7347] <... set_robust_list resumed>) = 0 [pid 7346] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7347] chdir("./33" [pid 7346] <... rseq resumed>) = 0 [pid 7347] <... chdir resumed>) = 0 [pid 7346] set_robust_list(0x7f3cdbf049a0, 24 [pid 7347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7346] <... set_robust_list resumed>) = 0 [pid 7347] <... prctl resumed>) = 0 [pid 7346] rt_sigprocmask(SIG_SETMASK, [], [pid 7347] setpgid(0, 0 [pid 7346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7347] <... setpgid resumed>) = 0 [pid 7346] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7326] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7347] write(3, "1000", 4 [pid 7326] <... futex resumed>) = 0 [pid 7347] <... write resumed>) = 4 [pid 7326] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7347] close(3) = 0 [pid 7347] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7347] write(1, "executing program\n", 18) = 18 [pid 7347] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7347] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7347] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7348 attached => {parent_tid=[7348]}, 88) = 7348 [pid 7347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7348] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] <... rseq resumed>) = 0 [pid 7347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7348] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 316.982569][ T7345] xfs_corruption_error+0x122/0x170 [ 316.982608][ T7345] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 316.982644][ T7345] xfs_alloc_fixup_trees+0x95e/0xd20 [ 316.982673][ T7345] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 316.982715][ T7345] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 316.982746][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.982775][ T7345] ? rcu_is_watching+0x15/0xb0 [ 316.982807][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7348] memfd_create("syzkaller", 0) = 3 [pid 7348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 316.982835][ T7345] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 316.982867][ T7345] ? rcu_is_watching+0x15/0xb0 [ 316.982907][ T7345] xfs_alloc_cur_finish+0xd3/0x4b0 [ 316.982937][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.982968][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.983010][ T7345] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 316.983068][ T7345] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 316.983098][ T7345] ? xfs_group_grab+0x28/0x480 [ 316.983135][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.983162][ T7345] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 316.983197][ T7345] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 316.983244][ T7345] xfs_alloc_vextent_start_ag+0x388/0x850 [ 316.983284][ T7345] xfs_bmapi_allocate+0x188e/0x2e00 [ 316.983346][ T7345] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 316.983378][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.983425][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.983452][ T7345] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 316.983476][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7345] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7345] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7345] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7323] exit_group(0 [pid 7345] <... futex resumed>) = ? [pid 7323] <... exit_group resumed>) = ? [pid 7345] +++ exited with 0 +++ [ 316.983502][ T7345] ? xfs_iext_prev+0x35a/0x370 [ 316.983540][ T7345] ? xfs_iext_get_extent+0x1bb/0x370 [ 316.983570][ T7345] xfs_bmapi_write+0x7df/0x1260 [ 316.983628][ T7345] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 316.983705][ T7345] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 316.983746][ T7345] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 316.983777][ T7345] ? kasan_save_track+0x4f/0x80 [ 316.983803][ T7345] ? kasan_save_track+0x3e/0x80 [ 316.983828][ T7345] ? kasan_save_free_info+0x46/0x50 [ 316.983865][ T7345] ? kmem_cache_free+0x18f/0x400 [ 316.983893][ T7345] ? __xfs_trans_commit+0x3e0/0xbd0 [ 316.983919][ T7345] ? xfs_trans_roll+0x130/0x450 [ 316.983942][ T7345] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 316.983981][ T7345] xfs_attr_set_iter+0x2d4/0x4b70 [ 316.984023][ T7345] ? filename_setxattr+0x274/0x600 [ 316.984057][ T7345] ? path_setxattrat+0x364/0x3a0 [ 316.984077][ T7345] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 316.984128][ T7345] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 316.984184][ T7345] ? kasan_quarantine_put+0xdd/0x220 [pid 7325] <... futex resumed>) = ? [pid 7325] +++ exited with 0 +++ [pid 7323] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7323, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=65 /* 0.65 s */} --- [ 316.984211][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984239][ T7345] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.984280][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984315][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984343][ T7345] ? kmem_cache_free+0x18f/0x400 [ 316.984372][ T7345] ? __xfs_trans_commit+0x3e0/0xbd0 [ 316.984405][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984439][ T7345] ? __xfs_trans_commit+0x4c7/0xbd0 [ 316.984483][ T7345] xfs_attr_finish_item+0xed/0x320 [pid 5873] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7336] <... write resumed>) = 16777216 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 316.984523][ T7345] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 316.984561][ T7345] xfs_defer_finish_one+0x5c8/0xcf0 [ 316.984622][ T7345] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 316.984672][ T7345] xfs_defer_finish_noroll+0x910/0x12d0 [ 316.984712][ T7345] ? xfs_trans_commit+0x10b/0x1c0 [ 316.984745][ T7345] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 316.984779][ T7345] ? inode_set_ctime_current+0x740/0xb40 [ 316.984826][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984858][ T7345] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 316.984898][ T7345] xfs_trans_commit+0x10b/0x1c0 [ 316.984924][ T7345] ? __pfx_xfs_trans_commit+0x10/0x10 [ 316.984956][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.984985][ T7345] ? xfs_trans_log_inode+0x12c/0x1a0 [ 316.985040][ T7345] xfs_attr_set+0xdc6/0x1210 [ 316.985089][ T7345] ? __pfx_xfs_attr_set+0x10/0x10 [ 316.985123][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.985150][ T7345] ? __lock_acquire+0xab9/0xd20 [ 316.985186][ T7345] ? xfs_da_hashname+0x59d/0x740 [ 316.985218][ T7345] ? do_raw_spin_lock+0x121/0x290 [pid 7336] munmap(0x7f3cd3a00000, 138412032 [pid 7348] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7336] <... munmap resumed>) = 0 [ 316.985261][ T7345] ? xfs_attr_change+0x2ac/0x390 [ 316.985297][ T7345] xfs_xattr_set+0x14d/0x250 [ 316.985329][ T7345] ? __pfx_xfs_xattr_set+0x10/0x10 [ 316.985374][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.985401][ T7345] ? evm_protect_xattr+0x4d4/0xa90 [ 316.985428][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.985456][ T7345] ? rcu_is_watching+0x15/0xb0 [ 316.985488][ T7345] ? __pfx_evm_protect_xattr+0x10/0x10 [ 316.985515][ T7345] ? __pfx_xfs_xattr_set+0x10/0x10 [ 316.985543][ T7345] __vfs_setxattr+0x43c/0x480 [pid 7336] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 316.985592][ T7345] __vfs_setxattr_noperm+0x12d/0x660 [ 316.985634][ T7345] vfs_setxattr+0x16b/0x2f0 [ 316.985675][ T7345] ? __pfx_vfs_setxattr+0x10/0x10 [ 316.985705][ T7345] ? mnt_get_write_access+0x223/0x2a0 [ 316.985736][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.985770][ T7345] filename_setxattr+0x274/0x600 [ 316.985817][ T7345] ? __pfx_filename_setxattr+0x10/0x10 [ 316.985856][ T7345] ? srso_alias_return_thunk+0x5/0xfbef5 [ 316.985884][ T7345] ? getname_flags+0x1e5/0x540 [pid 7336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7336] close(3) = 0 [pid 7324] exit_group(0 [pid 7336] close(4 [pid 7324] <... exit_group resumed>) = ? [pid 7336] <... close resumed>) = 0 [pid 7336] mkdir("./file1", 0777) = 0 [ 316.985925][ T7345] path_setxattrat+0x364/0x3a0 [ 316.985961][ T7345] ? __pfx_path_setxattrat+0x10/0x10 [ 316.986043][ T7345] __x64_sys_lsetxattr+0xbf/0xe0 [ 316.986079][ T7345] do_syscall_64+0xfa/0x3b0 [ 316.986103][ T7345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.986123][ T7345] ? __switch_to_asm+0x39/0x70 [ 316.986153][ T7345] ? __switch_to_asm+0x33/0x70 [ 316.986186][ T7345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.986208][ T7345] RIP: 0033:0x7f3cdbf794f9 [ 316.986228][ T7345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 316.986249][ T7345] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 316.986274][ T7345] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 316.986292][ T7345] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 316.986308][ T7345] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 316.986321][ T7345] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 316.986335][ T7345] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 316.986369][ T7345] [ 316.991836][ T7326] XFS (loop1): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 317.011588][ T7345] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 317.018804][ T7326] XFS (loop1): Unmount and run xfs_repair [pid 7336] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7348] <... write resumed>) = 16777216 [pid 7326] <... futex resumed>) = ? [pid 7326] +++ exited with 0 +++ [ 317.043701][ T7345] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 317.118916][ T7346] XFS (loop1): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 317.119637][ T7345] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 317.126490][ T7346] CPU: 0 UID: 0 PID: 7346 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 317.126524][ T7346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7348] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 317.126540][ T7346] Call Trace: [ 317.126552][ T7346] [ 317.126564][ T7346] dump_stack_lvl+0x189/0x250 [ 317.126600][ T7346] ? __pfx__xfs_alert_tag+0x10/0x10 [ 317.126638][ T7346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.126672][ T7346] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 317.126720][ T7346] xfs_corruption_error+0x122/0x170 [ 317.126763][ T7346] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 317.126798][ T7346] xfs_alloc_fixup_trees+0x95e/0xd20 [ 317.126826][ T7346] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 317.126868][ T7346] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 317.126898][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.126927][ T7346] ? rcu_is_watching+0x15/0xb0 [ 317.126957][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.126985][ T7346] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 317.127023][ T7346] ? rcu_is_watching+0x15/0xb0 [ 317.127061][ T7346] xfs_alloc_cur_finish+0xd3/0x4b0 [ 317.127090][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.127119][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7348] ioctl(4, LOOP_SET_FD, 3 [pid 7346] <... lsetxattr resumed>) = ? [pid 7346] +++ exited with 0 +++ [pid 7324] +++ exited with 0 +++ [ 317.127152][ T7346] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 317.127209][ T7346] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 317.127238][ T7346] ? xfs_group_grab+0x28/0x480 [ 317.127273][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.127300][ T7346] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 317.127333][ T7346] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 317.127380][ T7346] xfs_alloc_vextent_start_ag+0x388/0x850 [ 317.127419][ T7346] xfs_bmapi_allocate+0x188e/0x2e00 [ 317.127483][ T7346] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [pid 7348] <... ioctl resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7324, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=140 /* 1.40 s */} --- [pid 5872] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5872] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7348] close(3) = 0 [pid 7348] close(4) = 0 [pid 7348] mkdir("./file1", 0777) = 0 [ 317.127514][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.127564][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.127591][ T7346] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 317.127614][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.127642][ T7346] ? xfs_iext_prev+0x35a/0x370 [ 317.127679][ T7346] ? xfs_iext_get_extent+0x1bb/0x370 [ 317.127710][ T7346] xfs_bmapi_write+0x7df/0x1260 [ 317.127768][ T7346] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 317.127845][ T7346] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 317.127885][ T7346] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 317.127915][ T7346] ? kasan_save_track+0x4f/0x80 [ 317.127940][ T7346] ? kasan_save_track+0x3e/0x80 [ 317.127964][ T7346] ? kasan_save_free_info+0x46/0x50 [ 317.128000][ T7346] ? kmem_cache_free+0x18f/0x400 [ 317.128034][ T7346] ? __xfs_trans_commit+0x3e0/0xbd0 [ 317.128059][ T7346] ? xfs_trans_roll+0x130/0x450 [ 317.128083][ T7346] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 317.128121][ T7346] xfs_attr_set_iter+0x2d4/0x4b70 [pid 7348] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./33/file1") = 0 [pid 5873] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./33/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./33") = 0 [pid 5873] mkdir("./34", 0777) = 0 [ 317.128155][ T7346] ? filename_setxattr+0x274/0x600 [ 317.128187][ T7346] ? path_setxattrat+0x364/0x3a0 [ 317.128208][ T7346] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 317.128259][ T7346] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 317.128315][ T7346] ? kasan_quarantine_put+0xdd/0x220 [ 317.128341][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.128368][ T7346] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.128408][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.128442][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 317.128469][ T7346] ? kmem_cache_free+0x18f/0x400 [ 317.128497][ T7346] ? __xfs_trans_commit+0x3e0/0xbd0 [ 317.128527][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.128555][ T7346] ? __xfs_trans_commit+0x4c7/0xbd0 [ 317.128597][ T7346] xfs_attr_finish_item+0xed/0x320 [ 317.128637][ T7346] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 317.128673][ T7346] xfs_defer_finish_one+0x5c8/0xcf0 [ 317.128733][ T7346] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 317.128785][ T7346] xfs_defer_finish_noroll+0x910/0x12d0 [ 317.128824][ T7346] ? xfs_trans_commit+0x10b/0x1c0 [ 317.128855][ T7346] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 317.128888][ T7346] ? inode_set_ctime_current+0x740/0xb40 [ 317.128934][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.128962][ T7346] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 317.129005][ T7346] xfs_trans_commit+0x10b/0x1c0 [ 317.129032][ T7346] ? __pfx_xfs_trans_commit+0x10/0x10 [ 317.129063][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129091][ T7346] ? xfs_trans_log_inode+0x12c/0x1a0 [ 317.129131][ T7346] xfs_attr_set+0xdc6/0x1210 [ 317.129179][ T7346] ? __pfx_xfs_attr_set+0x10/0x10 [ 317.129212][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129240][ T7346] ? __lock_acquire+0xab9/0xd20 [ 317.129276][ T7346] ? xfs_da_hashname+0x59d/0x740 [ 317.129308][ T7346] ? do_raw_spin_lock+0x121/0x290 [ 317.129350][ T7346] ? xfs_attr_change+0x2ac/0x390 [ 317.129383][ T7346] xfs_xattr_set+0x14d/0x250 [ 317.129415][ T7346] ? __pfx_xfs_xattr_set+0x10/0x10 [ 317.129459][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129486][ T7346] ? evm_protect_xattr+0x4d4/0xa90 [ 317.129513][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129540][ T7346] ? rcu_is_watching+0x15/0xb0 [ 317.129573][ T7346] ? __pfx_evm_protect_xattr+0x10/0x10 [ 317.129601][ T7346] ? __pfx_xfs_xattr_set+0x10/0x10 [ 317.129628][ T7346] __vfs_setxattr+0x43c/0x480 [ 317.129675][ T7346] __vfs_setxattr_noperm+0x12d/0x660 [ 317.129719][ T7346] vfs_setxattr+0x16b/0x2f0 [ 317.129759][ T7346] ? __pfx_vfs_setxattr+0x10/0x10 [ 317.129789][ T7346] ? mnt_get_write_access+0x223/0x2a0 [ 317.129819][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129853][ T7346] filename_setxattr+0x274/0x600 [ 317.129899][ T7346] ? __pfx_filename_setxattr+0x10/0x10 [ 317.129936][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.129964][ T7346] ? getname_flags+0x1e5/0x540 [ 317.130009][ T7346] path_setxattrat+0x364/0x3a0 [ 317.130046][ T7346] ? __pfx_path_setxattrat+0x10/0x10 [ 317.130110][ T7346] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.130136][ T7346] ? rcu_is_watching+0x15/0xb0 [ 317.130170][ T7346] __x64_sys_lsetxattr+0xbf/0xe0 [ 317.130209][ T7346] do_syscall_64+0xfa/0x3b0 [ 317.130236][ T7346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.130260][ T7346] ? __switch_to_asm+0x39/0x70 [ 317.130292][ T7346] ? __switch_to_asm+0x33/0x70 [ 317.130329][ T7346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.130352][ T7346] RIP: 0033:0x7f3cdbf794f9 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7359 ./strace-static-x86_64: Process 7359 attached [pid 7359] set_robust_list(0x55555d962760, 24) = 0 [pid 7359] chdir("./34") = 0 [pid 7359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7359] setpgid(0, 0) = 0 [pid 7359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7359] write(3, "1000", 4) = 4 [pid 7359] close(3) = 0 [pid 7359] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7359] write(1, "executing program\n", 18) = 18 [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7359] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7359] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7363]}, 88) = 7363 [pid 7359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7359] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7363 attached [ 317.130375][ T7346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 317.130397][ T7346] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 317.130423][ T7346] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 317.130442][ T7346] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 317.130460][ T7346] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 317.130476][ T7346] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 317.130493][ T7346] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 317.130531][ T7346] [ 317.132317][ T7346] XFS (loop1): Corruption detected. Unmount and run xfs_repair [ 317.539454][ T7336] loop3: detected capacity change from 0 to 32768 [ 317.541276][ T7346] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 317.556608][ T7336] XFS: noikeep mount option is deprecated. [ 317.571317][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7363] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7363] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7363] memfd_create("syzkaller", 0) = 3 [pid 7363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 317.682135][ T7346] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 317.775943][ T7348] loop0: detected capacity change from 0 to 32768 [ 317.875302][ T7336] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 317.933367][ T7348] XFS: noikeep mount option is deprecated. [ 318.097222][ T7348] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 318.391312][ T7336] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 318.411393][ T5872] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("./33/file1") = 0 [pid 5872] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./33/binderfs") = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./33" [pid 7363] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] mkdir("./34", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 318.538716][ T7336] XFS (loop3): Starting recovery (logdev: internal) [pid 5872] close(3 [pid 7336] <... mount resumed>) = 0 [pid 7336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7336] chdir("./file1") = 0 [pid 7336] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7336] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7335] <... futex resumed>) = 0 [pid 7336] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7335] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7335] <... futex resumed>) = 0 [pid 7336] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... openat resumed>) = 4 [pid 7336] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7335] <... futex resumed>) = 0 [pid 7336] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7335] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7335] <... futex resumed>) = 0 [pid 7336] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... pwritev2 resumed>) = 65007 [ 318.622653][ T7336] XFS (loop3): Ending recovery (logdev: internal) [ 318.646066][ T7348] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7336] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7335] <... futex resumed>) = 0 [pid 7336] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7335] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7335] <... futex resumed>) = 0 [pid 7336] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7336] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7335] <... futex resumed>) = 0 [pid 7336] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 318.705361][ T7336] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 318.706061][ T7348] XFS (loop0): Starting recovery (logdev: internal) [ 318.735585][ T7336] XFS (loop3): Unmount and run xfs_repair [pid 7335] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 318.753641][ T7336] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 318.777161][ T7336] CPU: 0 UID: 0 PID: 7336 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 318.777197][ T7336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 318.777213][ T7336] Call Trace: [ 318.777222][ T7336] [ 318.777233][ T7336] dump_stack_lvl+0x189/0x250 [ 318.777269][ T7336] ? __pfx__xfs_alert_tag+0x10/0x10 [ 318.777305][ T7336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.777339][ T7336] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 318.777385][ T7336] xfs_corruption_error+0x122/0x170 [ 318.777424][ T7336] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 318.777458][ T7336] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 7335] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 318.777486][ T7336] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 318.777531][ T7336] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 318.777561][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.777588][ T7336] ? rcu_is_watching+0x15/0xb0 [ 318.777618][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.777645][ T7336] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 318.777675][ T7336] ? rcu_is_watching+0x15/0xb0 [ 318.777713][ T7336] xfs_alloc_cur_finish+0xd3/0x4b0 [ 318.777742][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7363] <... write resumed>) = 16777216 [pid 7348] <... mount resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7363] munmap(0x7f3cd3a00000, 138412032 [pid 7348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7367 attached [pid 7367] set_robust_list(0x55555d962760, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55555d962750) = 7367 [pid 7367] <... set_robust_list resumed>) = 0 [pid 7367] chdir("./34" [pid 7348] <... openat resumed>) = 3 [pid 7367] <... chdir resumed>) = 0 [pid 7348] chdir("./file1") = 0 [pid 7348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7348] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7347] <... futex resumed>) = 0 [pid 7348] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] <... openat resumed>) = 4 [pid 7347] <... futex resumed>) = 0 [pid 7348] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7348] <... futex resumed>) = 0 [pid 7347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7348] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 318.777772][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.777806][ T7336] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 318.777862][ T7336] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 318.777891][ T7336] ? xfs_group_grab+0x28/0x480 [ 318.777926][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.777954][ T7336] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 318.777998][ T7336] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 318.778046][ T7336] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 7347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... munmap resumed>) = 0 [pid 7348] <... pwritev2 resumed>) = 65007 [pid 7347] <... futex resumed>) = 0 [pid 7363] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7348] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7363] <... openat resumed>) = 4 [pid 7348] <... futex resumed>) = 0 [pid 7347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7363] ioctl(4, LOOP_SET_FD, 3 [ 318.778086][ T7336] xfs_bmapi_allocate+0x188e/0x2e00 [ 318.778150][ T7336] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 318.778183][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.778234][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.778262][ T7336] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 318.778286][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.778314][ T7336] ? xfs_iext_prev+0x35a/0x370 [ 318.778352][ T7336] ? xfs_iext_get_extent+0x1bb/0x370 [ 318.778383][ T7336] xfs_bmapi_write+0x7df/0x1260 [pid 7348] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040executing program [pid 7347] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7363] <... ioctl resumed>) = 0 [pid 7336] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7367] <... prctl resumed>) = 0 [pid 7336] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] setpgid(0, 0 [pid 7336] <... futex resumed>) = 0 [pid 7367] <... setpgid resumed>) = 0 [pid 7336] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7367] write(3, "1000", 4) = 4 [pid 7367] close(3) = 0 [pid 7367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7367] write(1, "executing program\n", 18) = 18 [pid 7367] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7367] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7368 attached [pid 7368] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7367] <... clone3 resumed> => {parent_tid=[7368]}, 88) = 7368 [pid 7368] <... rseq resumed>) = 0 [pid 7367] rt_sigprocmask(SIG_SETMASK, [], [pid 7368] set_robust_list(0x7f3cdbf259a0, 24 [pid 7367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7368] <... set_robust_list resumed>) = 0 [pid 7367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] rt_sigprocmask(SIG_SETMASK, [], [pid 7367] <... futex resumed>) = 0 [pid 7368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7368] memfd_create("syzkaller", 0) = 3 [pid 7368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7347] <... futex resumed>) = 0 [pid 7335] exit_group(0 [pid 7347] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... futex resumed>) = ? [pid 7335] <... exit_group resumed>) = ? [pid 7336] +++ exited with 0 +++ [pid 7335] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7335, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=75 /* 0.75 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 318.778442][ T7336] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 318.778521][ T7336] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 318.778561][ T7336] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 318.778591][ T7336] ? kasan_save_track+0x4f/0x80 [ 318.778618][ T7336] ? kasan_save_track+0x3e/0x80 [ 318.778643][ T7336] ? kasan_save_free_info+0x46/0x50 [ 318.778680][ T7336] ? kmem_cache_free+0x18f/0x400 [ 318.778709][ T7336] ? __xfs_trans_commit+0x3e0/0xbd0 [ 318.778734][ T7336] ? xfs_trans_roll+0x130/0x450 [pid 5874] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7347] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7347] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7369]}, 88) = 7369 [pid 7347] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7369 attached NULL, 8) = 0 [pid 7369] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7347] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... rseq resumed>) = 0 [pid 7347] <... futex resumed>) = 0 [pid 7369] set_robust_list(0x7f3cdbf049a0, 24 [pid 7347] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7369] <... set_robust_list resumed>) = 0 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 318.778757][ T7336] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 318.778798][ T7336] xfs_attr_set_iter+0x2d4/0x4b70 [ 318.778832][ T7336] ? filename_setxattr+0x274/0x600 [ 318.778865][ T7336] ? path_setxattrat+0x364/0x3a0 [ 318.778887][ T7336] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 318.778938][ T7336] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 318.779001][ T7336] ? kasan_quarantine_put+0xdd/0x220 [ 318.779028][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.779054][ T7336] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.779095][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7369] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7363] close(3) = 0 [pid 7363] close(4) = 0 [pid 7363] mkdir("./file1", 0777) = 0 [ 318.779130][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.779158][ T7336] ? kmem_cache_free+0x18f/0x400 [ 318.779186][ T7336] ? __xfs_trans_commit+0x3e0/0xbd0 [ 318.779218][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.779245][ T7336] ? __xfs_trans_commit+0x4c7/0xbd0 [ 318.779289][ T7336] xfs_attr_finish_item+0xed/0x320 [ 318.779329][ T7336] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 318.779368][ T7336] xfs_defer_finish_one+0x5c8/0xcf0 [ 318.779428][ T7336] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 318.779477][ T7336] xfs_defer_finish_noroll+0x910/0x12d0 [ 318.779517][ T7336] ? xfs_trans_commit+0x10b/0x1c0 [ 318.779549][ T7336] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 318.779583][ T7336] ? inode_set_ctime_current+0x740/0xb40 [ 318.779631][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.779659][ T7336] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 318.779700][ T7336] xfs_trans_commit+0x10b/0x1c0 [ 318.779726][ T7336] ? __pfx_xfs_trans_commit+0x10/0x10 [ 318.779759][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7363] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 318.779787][ T7336] ? xfs_trans_log_inode+0x12c/0x1a0 [ 318.779827][ T7336] xfs_attr_set+0xdc6/0x1210 [ 318.779876][ T7336] ? __pfx_xfs_attr_set+0x10/0x10 [ 318.779911][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.779939][ T7336] ? __lock_acquire+0xab9/0xd20 [ 318.779976][ T7336] ? xfs_da_hashname+0x59d/0x740 [ 318.780030][ T7336] ? do_raw_spin_lock+0x121/0x290 [ 318.780073][ T7336] ? xfs_attr_change+0x2ac/0x390 [ 318.780108][ T7336] xfs_xattr_set+0x14d/0x250 [ 318.780140][ T7336] ? __pfx_xfs_xattr_set+0x10/0x10 [ 318.780185][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.780213][ T7336] ? evm_protect_xattr+0x4d4/0xa90 [ 318.780240][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.780268][ T7336] ? rcu_is_watching+0x15/0xb0 [ 318.780302][ T7336] ? __pfx_evm_protect_xattr+0x10/0x10 [ 318.780329][ T7336] ? __pfx_xfs_xattr_set+0x10/0x10 [ 318.780357][ T7336] __vfs_setxattr+0x43c/0x480 [ 318.780406][ T7336] __vfs_setxattr_noperm+0x12d/0x660 [ 318.780450][ T7336] vfs_setxattr+0x16b/0x2f0 [ 318.780491][ T7336] ? __pfx_vfs_setxattr+0x10/0x10 [pid 7368] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7347] exit_group(0) = ? [ 318.780522][ T7336] ? mnt_get_write_access+0x223/0x2a0 [ 318.780552][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.780587][ T7336] filename_setxattr+0x274/0x600 [ 318.780634][ T7336] ? __pfx_filename_setxattr+0x10/0x10 [ 318.780672][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.780701][ T7336] ? getname_flags+0x1e5/0x540 [ 318.780742][ T7336] path_setxattrat+0x364/0x3a0 [ 318.780779][ T7336] ? __pfx_path_setxattrat+0x10/0x10 [ 318.780844][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.780872][ T7336] ? rcu_is_watching+0x15/0xb0 [pid 7348] <... open resumed>) = ? [pid 7348] +++ exited with 0 +++ [pid 5874] <... umount2 resumed>) = 0 [ 318.780909][ T7336] __x64_sys_lsetxattr+0xbf/0xe0 [ 318.780950][ T7336] do_syscall_64+0xfa/0x3b0 [ 318.780975][ T7336] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.781046][ T7336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.781071][ T7336] ? srso_alias_return_thunk+0x5/0xfbef5 [ 318.781099][ T7336] ? exc_page_fault+0x9f/0xf0 [ 318.781139][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.781164][ T7336] RIP: 0033:0x7f3cdbf794f9 [pid 5874] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./34/file1") = 0 [pid 5874] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./34/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./34") = 0 [pid 5874] mkdir("./35", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 318.781186][ T7336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 318.781208][ T7336] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 318.781234][ T7336] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 318.781253][ T7336] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 318.781271][ T7336] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 318.781288][ T7336] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 318.781306][ T7336] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 318.781344][ T7336] [ 318.806872][ T7336] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 318.848045][ T7348] XFS (loop0): Ending recovery (logdev: internal) [ 318.887897][ T7336] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 318.980045][ T7363] loop2: detected capacity change from 0 to 32768 [ 318.983568][ T7336] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 318.990907][ T7348] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 319.140417][ T7363] XFS: noikeep mount option is deprecated. [ 319.143631][ T7348] XFS (loop0): Unmount and run xfs_repair [ 319.212018][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 319.230200][ T7369] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 319.605825][ T7369] CPU: 0 UID: 0 PID: 7369 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 319.605860][ T7369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.605875][ T7369] Call Trace: [ 319.605886][ T7369] [ 319.605897][ T7369] dump_stack_lvl+0x189/0x250 [ 319.605933][ T7369] ? __pfx__xfs_alert_tag+0x10/0x10 [ 319.605970][ T7369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.606010][ T7369] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 319.606057][ T7369] xfs_corruption_error+0x122/0x170 [ 319.606092][ T7369] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 319.606127][ T7369] xfs_alloc_fixup_trees+0x95e/0xd20 [ 319.606156][ T7369] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 319.606197][ T7369] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 319.606227][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606262][ T7369] ? rcu_is_watching+0x15/0xb0 [ 319.606292][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] close(3 [pid 7368] <... write resumed>) = 16777216 [ 319.606319][ T7369] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 319.606347][ T7369] ? rcu_is_watching+0x15/0xb0 [ 319.606382][ T7369] xfs_alloc_cur_finish+0xd3/0x4b0 [ 319.606408][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606435][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606465][ T7369] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 319.606517][ T7369] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 319.606543][ T7369] ? xfs_group_grab+0x28/0x480 [ 319.606576][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606600][ T7369] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 319.606632][ T7369] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 319.606675][ T7369] xfs_alloc_vextent_start_ag+0x388/0x850 [ 319.606711][ T7369] xfs_bmapi_allocate+0x188e/0x2e00 [ 319.606775][ T7369] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 319.606804][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606850][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606876][ T7369] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 319.606897][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.606923][ T7369] ? xfs_iext_prev+0x35a/0x370 [ 319.606957][ T7369] ? xfs_iext_get_extent+0x1bb/0x370 [ 319.606985][ T7369] xfs_bmapi_write+0x7df/0x1260 [ 319.607041][ T7369] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 319.607116][ T7369] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 319.607154][ T7369] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 319.607182][ T7369] ? kasan_save_track+0x4f/0x80 [ 319.607205][ T7369] ? kasan_save_track+0x3e/0x80 [ 319.607227][ T7369] ? kasan_save_free_info+0x46/0x50 [ 319.607271][ T7369] ? kmem_cache_free+0x18f/0x400 [pid 7368] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 5874] <... close resumed>) = 0 [pid 7368] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7368] <... openat resumed>) = 4 [ 319.607296][ T7369] ? __xfs_trans_commit+0x3e0/0xbd0 [ 319.607319][ T7369] ? xfs_trans_roll+0x130/0x450 [ 319.607341][ T7369] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 319.607378][ T7369] xfs_attr_set_iter+0x2d4/0x4b70 [ 319.607410][ T7369] ? filename_setxattr+0x274/0x600 [ 319.607441][ T7369] ? path_setxattrat+0x364/0x3a0 [ 319.607462][ T7369] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 319.607511][ T7369] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 319.607564][ T7369] ? kasan_quarantine_put+0xdd/0x220 [pid 7368] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7378 attached [pid 7369] <... lsetxattr resumed>) = ? [pid 7368] <... ioctl resumed>) = 0 [pid 7368] close(3) = 0 [pid 7368] close(4) = 0 [pid 7368] mkdir("./file1", 0777) = 0 [ 319.607588][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.607614][ T7369] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.607651][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.607683][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.607709][ T7369] ? kmem_cache_free+0x18f/0x400 [ 319.607736][ T7369] ? __xfs_trans_commit+0x3e0/0xbd0 [ 319.607766][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.607793][ T7369] ? __xfs_trans_commit+0x4c7/0xbd0 [ 319.607834][ T7369] xfs_attr_finish_item+0xed/0x320 [ 319.607871][ T7369] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 319.607906][ T7369] xfs_defer_finish_one+0x5c8/0xcf0 [ 319.607963][ T7369] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 319.608009][ T7369] xfs_defer_finish_noroll+0x910/0x12d0 [ 319.608046][ T7369] ? xfs_trans_commit+0x10b/0x1c0 [ 319.608077][ T7369] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 319.608108][ T7369] ? inode_set_ctime_current+0x740/0xb40 [ 319.608152][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.608179][ T7369] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 319.608216][ T7369] xfs_trans_commit+0x10b/0x1c0 [ 319.608241][ T7369] ? __pfx_xfs_trans_commit+0x10/0x10 [ 319.608278][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.608304][ T7369] ? xfs_trans_log_inode+0x12c/0x1a0 [ 319.608341][ T7369] xfs_attr_set+0xdc6/0x1210 [ 319.608389][ T7369] ? __pfx_xfs_attr_set+0x10/0x10 [ 319.608420][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.608447][ T7369] ? __lock_acquire+0xab9/0xd20 [ 319.608482][ T7369] ? xfs_da_hashname+0x59d/0x740 [ 319.608512][ T7369] ? do_raw_spin_lock+0x121/0x290 [ 319.608552][ T7369] ? xfs_attr_change+0x2ac/0x390 [pid 7368] mount("/dev/loop1", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid"executing program [pid 7378] set_robust_list(0x55555d962760, 24 [pid 7369] +++ exited with 0 +++ [pid 7363] <... mount resumed>) = 0 [pid 7347] +++ exited with 0 +++ [pid 7378] <... set_robust_list resumed>) = 0 [pid 7363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7378 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7347, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=146 /* 1.46 s */} --- [pid 7378] chdir("./35" [pid 7363] <... openat resumed>) = 3 [pid 7378] <... chdir resumed>) = 0 [pid 7363] chdir("./file1" [pid 7378] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7363] <... chdir resumed>) = 0 [pid 5871] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7378] <... prctl resumed>) = 0 [pid 7363] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7378] setpgid(0, 0 [pid 7363] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7378] <... setpgid resumed>) = 0 [pid 7363] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 7378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7363] <... futex resumed>) = 1 [pid 5871] newfstatat(3, "", [pid 7378] <... openat resumed>) = 3 [pid 7363] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7378] write(3, "1000", 4 [pid 5871] getdents64(3, [pid 7378] <... write resumed>) = 4 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7378] close(3 [pid 5871] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7378] <... close resumed>) = 0 [pid 7378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7378] write(1, "executing program\n", 18) = 18 [pid 7378] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7378] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7379]}, 88) = 7379 [pid 7378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7378] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7378] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7359] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7379 attached [pid 7379] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7359] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... rseq resumed>) = 0 [pid 7363] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = 1 [pid 7379] set_robust_list(0x7f3cdbf259a0, 24 [pid 7363] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7379] <... set_robust_list resumed>) = 0 [pid 7363] <... openat resumed>) = 4 [pid 7379] rt_sigprocmask(SIG_SETMASK, [], [pid 7363] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7363] <... futex resumed>) = 1 [pid 7359] <... futex resumed>) = 0 [pid 7379] memfd_create("syzkaller", 0 [pid 7363] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7359] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7379] <... memfd_create resumed>) = 3 [pid 7379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7363] <... pwritev2 resumed>) = 65007 [pid 7363] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7363] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7359] <... futex resumed>) = 0 [pid 7359] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = 1 [pid 7363] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 319.608585][ T7369] xfs_xattr_set+0x14d/0x250 [ 319.608615][ T7369] ? __pfx_xfs_xattr_set+0x10/0x10 [ 319.608658][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.608684][ T7369] ? evm_protect_xattr+0x4d4/0xa90 [ 319.608710][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.608736][ T7369] ? rcu_is_watching+0x15/0xb0 [ 319.608767][ T7369] ? __pfx_evm_protect_xattr+0x10/0x10 [ 319.608794][ T7369] ? __pfx_xfs_xattr_set+0x10/0x10 [ 319.608821][ T7369] __vfs_setxattr+0x43c/0x480 [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7363] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7363] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7363] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7359] <... futex resumed>) = 0 [pid 7359] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = 1 [pid 7363] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 319.608868][ T7369] __vfs_setxattr_noperm+0x12d/0x660 [ 319.608909][ T7369] vfs_setxattr+0x16b/0x2f0 [ 319.608947][ T7369] ? __pfx_vfs_setxattr+0x10/0x10 [ 319.608976][ T7369] ? mnt_get_write_access+0x223/0x2a0 [ 319.609005][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.609037][ T7369] filename_setxattr+0x274/0x600 [ 319.609082][ T7369] ? __pfx_filename_setxattr+0x10/0x10 [ 319.609118][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.609144][ T7369] ? getname_flags+0x1e5/0x540 [ 319.609183][ T7369] path_setxattrat+0x364/0x3a0 [ 319.609219][ T7369] ? __pfx_path_setxattrat+0x10/0x10 [ 319.609289][ T7369] ? srso_alias_return_thunk+0x5/0xfbef5 [ 319.609315][ T7369] ? rcu_is_watching+0x15/0xb0 [ 319.609350][ T7369] __x64_sys_lsetxattr+0xbf/0xe0 [ 319.609390][ T7369] do_syscall_64+0xfa/0x3b0 [ 319.609416][ T7369] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.609438][ T7369] ? __switch_to_asm+0x39/0x70 [ 319.609469][ T7369] ? __switch_to_asm+0x33/0x70 [ 319.609505][ T7369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.609528][ T7369] RIP: 0033:0x7f3cdbf794f9 [ 319.609549][ T7369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 319.609570][ T7369] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 319.609594][ T7369] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 319.609611][ T7369] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 319.609626][ T7369] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 319.609640][ T7369] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 319.609654][ T7369] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 319.609690][ T7369] [ 319.612477][ T7363] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 319.624460][ T7369] XFS (loop0): Corruption detected. Unmount and run xfs_repair [pid 7359] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 319.798399][ T7363] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 319.857670][ T7369] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 319.872364][ T7363] XFS (loop2): Starting recovery (logdev: internal) [ 319.874449][ T7369] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 319.882656][ T7368] loop1: detected capacity change from 0 to 32768 [ 319.913221][ T7363] XFS (loop2): Ending recovery (logdev: internal) [ 319.946137][ T7368] XFS: noikeep mount option is deprecated. [ 320.111720][ T7363] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 320.111784][ T7363] XFS (loop2): Unmount and run xfs_repair [ 320.165890][ T7363] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 320.334987][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7379] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7379] <... write resumed>) = 16777216 [ 320.409592][ T7363] CPU: 1 UID: 0 PID: 7363 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 320.409629][ T7363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.409645][ T7363] Call Trace: [ 320.409655][ T7363] [ 320.409665][ T7363] dump_stack_lvl+0x189/0x250 [ 320.409701][ T7363] ? __pfx__xfs_alert_tag+0x10/0x10 [ 320.409739][ T7363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.409774][ T7363] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7379] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7379] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 320.409822][ T7363] xfs_corruption_error+0x122/0x170 [ 320.409861][ T7363] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 320.409895][ T7363] xfs_alloc_fixup_trees+0x95e/0xd20 [ 320.409925][ T7363] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 320.409966][ T7363] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 320.410003][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410033][ T7363] ? rcu_is_watching+0x15/0xb0 [ 320.410063][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7379] close(3) = 0 [ 320.410091][ T7363] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 320.410122][ T7363] ? rcu_is_watching+0x15/0xb0 [ 320.410162][ T7363] xfs_alloc_cur_finish+0xd3/0x4b0 [ 320.410192][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410222][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410256][ T7363] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 320.410313][ T7363] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 320.410342][ T7363] ? xfs_group_grab+0x28/0x480 [ 320.410379][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7379] close(4) = 0 [ 320.410407][ T7363] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 320.410441][ T7363] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 320.410488][ T7363] xfs_alloc_vextent_start_ag+0x388/0x850 [ 320.410527][ T7363] xfs_bmapi_allocate+0x188e/0x2e00 [ 320.410592][ T7363] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 320.410625][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410675][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410703][ T7363] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 320.410727][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.410755][ T7363] ? xfs_iext_prev+0x35a/0x370 [ 320.410793][ T7363] ? xfs_iext_get_extent+0x1bb/0x370 [ 320.410824][ T7363] xfs_bmapi_write+0x7df/0x1260 [ 320.410883][ T7363] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 320.410962][ T7363] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 320.411012][ T7363] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 320.411043][ T7363] ? kasan_save_track+0x4f/0x80 [ 320.411069][ T7363] ? kasan_save_track+0x3e/0x80 [ 320.411094][ T7363] ? kasan_save_free_info+0x46/0x50 [ 320.411132][ T7363] ? kmem_cache_free+0x18f/0x400 [pid 7379] mkdir("./file1", 0777 [pid 5871] <... umount2 resumed>) = 0 [pid 7379] <... mkdir resumed>) = 0 [pid 5871] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7379] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7363] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7363] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7363] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7359] exit_group(0) = ? [pid 5871] <... openat resumed>) = 4 [pid 7363] <... futex resumed>) = ? [pid 7363] +++ exited with 0 +++ [pid 7359] +++ exited with 0 +++ [ 320.411161][ T7363] ? __xfs_trans_commit+0x3e0/0xbd0 [ 320.411186][ T7363] ? xfs_trans_roll+0x130/0x450 [ 320.411209][ T7363] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 320.411249][ T7363] xfs_attr_set_iter+0x2d4/0x4b70 [ 320.411283][ T7363] ? filename_setxattr+0x274/0x600 [ 320.411316][ T7363] ? path_setxattrat+0x364/0x3a0 [ 320.411339][ T7363] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 320.411391][ T7363] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 320.411448][ T7363] ? kasan_quarantine_put+0xdd/0x220 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7359, si_uid=0, si_status=0, si_utime=0, si_stime=83 /* 0.83 s */} --- [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] close(4 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... close resumed>) = 0 [pid 5873] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] rmdir("./33/file1" [pid 5873] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 5873] newfstatat(3, "", [pid 5871] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] getdents64(3, [ 320.411473][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.411501][ T7363] ? lockdep_hardirqs_on+0x9c/0x150 [ 320.411543][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.411576][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.411604][ T7363] ? kmem_cache_free+0x18f/0x400 [ 320.411633][ T7363] ? __xfs_trans_commit+0x3e0/0xbd0 [ 320.411664][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.411693][ T7363] ? __xfs_trans_commit+0x4c7/0xbd0 [ 320.411736][ T7363] xfs_attr_finish_item+0xed/0x320 [pid 5871] newfstatat(AT_FDCWD, "./33/binderfs", [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./33/binderfs" [pid 5873] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./33") = 0 [pid 5871] mkdir("./34", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 320.411776][ T7363] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 320.411814][ T7363] xfs_defer_finish_one+0x5c8/0xcf0 [ 320.411874][ T7363] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 320.411924][ T7363] xfs_defer_finish_noroll+0x910/0x12d0 [ 320.411964][ T7363] ? xfs_trans_commit+0x10b/0x1c0 [ 320.412004][ T7363] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 320.412038][ T7363] ? inode_set_ctime_current+0x740/0xb40 [ 320.412086][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 320.412115][ T7363] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 320.412155][ T7363] xfs_trans_commit+0x10b/0x1c0 [ 320.412182][ T7363] ? __pfx_xfs_trans_commit+0x10/0x10 [ 320.412215][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.412243][ T7363] ? xfs_trans_log_inode+0x12c/0x1a0 [ 320.412283][ T7363] xfs_attr_set+0xdc6/0x1210 [ 320.412332][ T7363] ? __pfx_xfs_attr_set+0x10/0x10 [ 320.412367][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.412395][ T7363] ? __lock_acquire+0xab9/0xd20 [ 320.412432][ T7363] ? xfs_da_hashname+0x59d/0x740 [ 320.412463][ T7363] ? do_raw_spin_lock+0x121/0x290 [ 320.412507][ T7363] ? xfs_attr_change+0x2ac/0x390 [ 320.412541][ T7363] xfs_xattr_set+0x14d/0x250 [ 320.412574][ T7363] ? __pfx_xfs_xattr_set+0x10/0x10 [ 320.412619][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.412647][ T7363] ? evm_protect_xattr+0x4d4/0xa90 [ 320.412675][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.412703][ T7363] ? rcu_is_watching+0x15/0xb0 [ 320.412738][ T7363] ? __pfx_evm_protect_xattr+0x10/0x10 [ 320.412766][ T7363] ? __pfx_xfs_xattr_set+0x10/0x10 [ 320.412794][ T7363] __vfs_setxattr+0x43c/0x480 [ 320.412843][ T7363] __vfs_setxattr_noperm+0x12d/0x660 [ 320.412887][ T7363] vfs_setxattr+0x16b/0x2f0 [ 320.412929][ T7363] ? __pfx_vfs_setxattr+0x10/0x10 [ 320.412959][ T7363] ? mnt_get_write_access+0x223/0x2a0 [ 320.412990][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.413032][ T7363] filename_setxattr+0x274/0x600 [ 320.413079][ T7363] ? __pfx_filename_setxattr+0x10/0x10 [ 320.413117][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.413146][ T7363] ? getname_flags+0x1e5/0x540 [ 320.413187][ T7363] path_setxattrat+0x364/0x3a0 [ 320.413224][ T7363] ? __pfx_path_setxattrat+0x10/0x10 [ 320.413289][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.413317][ T7363] ? rcu_is_watching+0x15/0xb0 [ 320.413354][ T7363] __x64_sys_lsetxattr+0xbf/0xe0 [ 320.413395][ T7363] do_syscall_64+0xfa/0x3b0 [ 320.413420][ T7363] ? lockdep_hardirqs_on+0x9c/0x150 [ 320.413460][ T7363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.413484][ T7363] ? srso_alias_return_thunk+0x5/0xfbef5 [ 320.413512][ T7363] ? exc_page_fault+0x9f/0xf0 [ 320.413553][ T7363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.413577][ T7363] RIP: 0033:0x7f3cdbf794f9 [ 320.413599][ T7363] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 320.413622][ T7363] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 5871] close(3 [pid 7379] <... mount resumed>) = 0 [pid 7368] <... mount resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7379] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7379] <... openat resumed>) = 3 [pid 7368] <... openat resumed>) = 3 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7379] chdir("./file1" [pid 7368] chdir("./file1" [pid 7379] <... chdir resumed>) = 0 [pid 7368] <... chdir resumed>) = 0 [pid 7379] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7368] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7379] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7378] <... futex resumed>) = 0 [pid 7368] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7379] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7378] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... futex resumed>) = 0 [pid 7378] <... futex resumed>) = 1 [pid 7368] <... futex resumed>) = 1 [pid 7379] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7368] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7379] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7378] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7378] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... futex resumed>) = 0 [pid 7379] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7379] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7378] <... futex resumed>) = 1 [pid 7378] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7378] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... futex resumed>) = 0 [pid 7379] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040./strace-static-x86_64: Process 7396 attached [pid 7378] <... futex resumed>) = 1 [pid 7367] <... futex resumed>) = 0 [pid 7378] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7367] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7367] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7396] set_robust_list(0x55555d962760, 24) = 0 [ 320.413648][ T7363] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 320.413667][ T7363] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 320.413686][ T7363] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 320.413703][ T7363] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 320.413720][ T7363] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 320.413759][ T7363] [ 320.413770][ T7363] XFS (loop2): Corruption detected. Unmount and run xfs_repair [pid 7396] chdir("./34"executing program ) = 0 [pid 7396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7396] setpgid(0, 0) = 0 [pid 7396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7396] write(3, "1000", 4) = 4 [pid 7396] close(3) = 0 [pid 7396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7396] write(1, "executing program\n", 18) = 18 [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7396] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7397]}, 88) = 7397 [pid 7396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7396] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7397 attached [pid 7397] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7397] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7397] memfd_create("syzkaller", 0) = 3 [pid 7397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7378] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7378] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7378] <... futex resumed>) = 0 [ 320.500889][ T7379] loop3: detected capacity change from 0 to 32768 [ 320.504443][ T7363] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 320.579093][ T7368] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 320.589592][ T7363] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 320.610676][ T7379] XFS: noikeep mount option is deprecated. [pid 7367] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7367] <... futex resumed>) = 0 [pid 7378] <... mmap resumed>) = 0x7f3cdbee4000 [pid 7367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7378] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 7367] <... mmap resumed>) = 0x7f3cdbee4000 [pid 7378] <... mprotect resumed>) = 0 [pid 7367] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE [pid 7378] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7367] <... mprotect resumed>) = 0 [pid 7378] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 7367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7399 attached [pid 7378] <... clone3 resumed> => {parent_tid=[7398]}, 88) = 7398 [pid 7399] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7378] rt_sigprocmask(SIG_SETMASK, [], [pid 7367] <... clone3 resumed> => {parent_tid=[7399]}, 88) = 7399 [pid 7399] <... rseq resumed>) = 0 [pid 7378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7367] rt_sigprocmask(SIG_SETMASK, [], [pid 7399] set_robust_list(0x7f3cdbf049a0, 24 [pid 7378] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7399] <... set_robust_list resumed>) = 0 [pid 7378] <... futex resumed>) = 0 [pid 7367] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7398 attached [pid 7399] rt_sigprocmask(SIG_SETMASK, [], [pid 7378] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7367] <... futex resumed>) = 0 [pid 7399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7398] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7367] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7399] pwritev2(-1, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7398] <... rseq resumed>) = 0 [pid 7399] <... pwritev2 resumed>) = -1 EBADF (Bad file descriptor) [pid 7398] set_robust_list(0x7f3cdbf049a0, 24 [pid 7399] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7398] <... set_robust_list resumed>) = 0 [pid 7399] <... futex resumed>) = 1 [pid 7398] rt_sigprocmask(SIG_SETMASK, [], [pid 7367] <... futex resumed>) = 0 [pid 7398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7367] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7398] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7367] <... futex resumed>) = 0 [pid 7367] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7399] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7368] <... futex resumed>) = 0 [ 320.727038][ T7368] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 320.748133][ T7379] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 320.802620][ T7379] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 320.817529][ T7368] XFS (loop1): Starting recovery (logdev: internal) [ 320.829809][ T7379] XFS (loop3): Starting recovery (logdev: internal) [ 320.921118][ T7368] XFS (loop1): Ending recovery (logdev: internal) [ 320.935721][ T7379] XFS (loop3): Ending recovery (logdev: internal) [pid 7368] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7378] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7396 [pid 7367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7367] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbec3000 [pid 7367] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} => {parent_tid=[7400]}, 88) = 7400 [pid 7367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 320.947674][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 321.110532][ T7379] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 321.250874][ T7399] XFS (loop1): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 321.255156][ T7379] XFS (loop3): Unmount and run xfs_repair ./strace-static-x86_64: Process 7400 attached [pid 7367] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7379] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7400] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053 [pid 7367] <... futex resumed>) = 0 [pid 7379] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7400] <... rseq resumed>) = 0 [ 321.263332][ T7399] XFS (loop1): Unmount and run xfs_repair [ 321.279288][ T7398] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 321.293628][ T7398] CPU: 1 UID: 0 PID: 7398 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 321.293662][ T7398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7367] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7397] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [ 321.293677][ T7398] Call Trace: [ 321.293687][ T7398] [ 321.293696][ T7398] dump_stack_lvl+0x189/0x250 [ 321.293733][ T7398] ? __pfx__xfs_alert_tag+0x10/0x10 [ 321.293768][ T7398] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.293800][ T7398] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 321.293844][ T7398] xfs_corruption_error+0x122/0x170 [ 321.293880][ T7398] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 321.293912][ T7398] xfs_alloc_fixup_trees+0x95e/0xd20 [ 321.293938][ T7398] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7400] set_robust_list(0x7f3cdbee39a0, 24) = 0 [ 321.293976][ T7398] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 321.294013][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294040][ T7398] ? rcu_is_watching+0x15/0xb0 [ 321.294068][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294093][ T7398] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 321.294121][ T7398] ? rcu_is_watching+0x15/0xb0 [ 321.294157][ T7398] xfs_alloc_cur_finish+0xd3/0x4b0 [ 321.294184][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294212][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7400] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [ 321.294243][ T7398] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 321.294307][ T7398] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 321.294334][ T7398] ? xfs_group_grab+0x28/0x480 [ 321.294366][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294392][ T7398] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 321.294422][ T7398] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 321.294466][ T7398] xfs_alloc_vextent_start_ag+0x388/0x850 [ 321.294502][ T7398] xfs_bmapi_allocate+0x188e/0x2e00 [ 321.294562][ T7398] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 321.294593][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294641][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294665][ T7398] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 321.294687][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.294712][ T7398] ? xfs_iext_prev+0x35a/0x370 [ 321.294746][ T7398] ? xfs_iext_get_extent+0x1bb/0x370 [ 321.294775][ T7398] xfs_bmapi_write+0x7df/0x1260 [ 321.294828][ T7398] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 321.294902][ T7398] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 321.294940][ T7398] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 321.294968][ T7398] ? kasan_save_track+0x4f/0x80 [ 321.294992][ T7398] ? kasan_save_track+0x3e/0x80 [ 321.295026][ T7398] ? kasan_save_free_info+0x46/0x50 [ 321.295060][ T7398] ? kmem_cache_free+0x18f/0x400 [ 321.295086][ T7398] ? __xfs_trans_commit+0x3e0/0xbd0 [ 321.295110][ T7398] ? xfs_trans_roll+0x130/0x450 [ 321.295131][ T7398] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 321.295168][ T7398] xfs_attr_set_iter+0x2d4/0x4b70 [pid 5873] close(4) = 0 [pid 7400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7400] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7398] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7398] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7398] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] rmdir("./34/file1") = 0 [pid 5873] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./34/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./34") = 0 [pid 5873] mkdir("./35", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [pid 5873] close(3 [ 321.295200][ T7398] ? filename_setxattr+0x274/0x600 [ 321.295231][ T7398] ? path_setxattrat+0x364/0x3a0 [ 321.295251][ T7398] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 321.295300][ T7398] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 321.295354][ T7398] ? kasan_quarantine_put+0xdd/0x220 [ 321.295379][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.295404][ T7398] ? lockdep_hardirqs_on+0x9c/0x150 [ 321.295442][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.295473][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.295500][ T7398] ? kmem_cache_free+0x18f/0x400 [pid 7378] exit_group(0 [pid 7398] <... futex resumed>) = ? [pid 7378] <... exit_group resumed>) = ? [pid 7398] +++ exited with 0 +++ [ 321.295527][ T7398] ? __xfs_trans_commit+0x3e0/0xbd0 [ 321.295557][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.295583][ T7398] ? __xfs_trans_commit+0x4c7/0xbd0 [ 321.295623][ T7398] xfs_attr_finish_item+0xed/0x320 [ 321.295661][ T7398] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 321.295695][ T7398] xfs_defer_finish_one+0x5c8/0xcf0 [ 321.295753][ T7398] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 321.295800][ T7398] xfs_defer_finish_noroll+0x910/0x12d0 [ 321.295837][ T7398] ? xfs_trans_commit+0x10b/0x1c0 [ 321.295867][ T7398] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 321.295897][ T7398] ? inode_set_ctime_current+0x740/0xb40 [ 321.295942][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.295968][ T7398] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 321.296018][ T7398] xfs_trans_commit+0x10b/0x1c0 [ 321.296043][ T7398] ? __pfx_xfs_trans_commit+0x10/0x10 [ 321.296073][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296099][ T7398] ? xfs_trans_log_inode+0x12c/0x1a0 [ 321.296137][ T7398] xfs_attr_set+0xdc6/0x1210 [pid 7379] <... futex resumed>) = ? [ 321.296185][ T7398] ? __pfx_xfs_attr_set+0x10/0x10 [ 321.296222][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296248][ T7398] ? __lock_acquire+0xab9/0xd20 [ 321.296283][ T7398] ? xfs_da_hashname+0x59d/0x740 [ 321.296313][ T7398] ? do_raw_spin_lock+0x121/0x290 [ 321.296353][ T7398] ? xfs_attr_change+0x2ac/0x390 [ 321.296386][ T7398] xfs_xattr_set+0x14d/0x250 [ 321.296417][ T7398] ? __pfx_xfs_xattr_set+0x10/0x10 [ 321.296460][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296486][ T7398] ? evm_protect_xattr+0x4d4/0xa90 [pid 7379] +++ exited with 0 +++ [pid 7378] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7378, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=83 /* 0.83 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 321.296512][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296538][ T7398] ? rcu_is_watching+0x15/0xb0 [ 321.296569][ T7398] ? __pfx_evm_protect_xattr+0x10/0x10 [ 321.296595][ T7398] ? __pfx_xfs_xattr_set+0x10/0x10 [ 321.296621][ T7398] __vfs_setxattr+0x43c/0x480 [ 321.296669][ T7398] __vfs_setxattr_noperm+0x12d/0x660 [ 321.296711][ T7398] vfs_setxattr+0x16b/0x2f0 [ 321.296757][ T7398] ? __pfx_vfs_setxattr+0x10/0x10 [ 321.296786][ T7398] ? mnt_get_write_access+0x223/0x2a0 [ 321.296815][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296847][ T7398] filename_setxattr+0x274/0x600 [ 321.296890][ T7398] ? __pfx_filename_setxattr+0x10/0x10 [ 321.296925][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.296949][ T7398] ? getname_flags+0x1e5/0x540 [ 321.296985][ T7398] path_setxattrat+0x364/0x3a0 [ 321.297033][ T7398] ? __pfx_path_setxattrat+0x10/0x10 [ 321.297096][ T7398] ? srso_alias_return_thunk+0x5/0xfbef5 [ 321.297124][ T7398] ? rcu_is_watching+0x15/0xb0 [ 321.297161][ T7398] __x64_sys_lsetxattr+0xbf/0xe0 [ 321.297202][ T7398] do_syscall_64+0xfa/0x3b0 [ 321.297228][ T7398] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.297250][ T7398] ? __switch_to_asm+0x39/0x70 [ 321.297281][ T7398] ? __switch_to_asm+0x33/0x70 [ 321.297318][ T7398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.297342][ T7398] RIP: 0033:0x7f3cdbf794f9 [ 321.297363][ T7398] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5874] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7397] <... write resumed>) = 16777216 [ 321.297385][ T7398] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 321.297411][ T7398] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 321.297430][ T7398] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 321.297448][ T7398] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.297464][ T7398] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 321.297480][ T7398] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 321.297517][ T7398] [pid 7397] munmap(0x7f3cd3a00000, 138412032 [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7401 ./strace-static-x86_64: Process 7401 attached [ 321.346309][ T7399] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 321.348455][ T7398] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 321.371949][ T7399] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 321.392445][ T7398] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 321.442853][ T7399] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [pid 7401] set_robust_list(0x55555d962760, 24) = 0 [pid 7401] chdir("./35") = 0 [pid 7401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7401] setpgid(0, 0) = 0 [pid 7401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7401] write(3, "1000", 4) = 4 [pid 7401] close(3) = 0 [pid 7401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7401] write(1, "executing program\n", 18executing program ) = 18 [pid 7367] exit_group(0 [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... exit_group resumed>) = ? [pid 7401] <... futex resumed>) = 0 [pid 7397] <... munmap resumed>) = 0 [pid 7401] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7401] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7397] <... openat resumed>) = 4 [pid 7401] <... mprotect resumed>) = 0 [pid 7401] rt_sigprocmask(SIG_BLOCK, ~[], [ 321.448769][ T7398] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 321.477000][ T7399] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 321.892037][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.892815][ T7399] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 321.901320][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.917071][ T7399] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 321.926685][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7397] ioctl(4, LOOP_SET_FD, 3 [pid 7401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7402]}, 88) = 7402 [pid 7401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7401] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7402 attached [pid 7397] <... ioctl resumed>) = 0 [pid 7402] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7397] close(3 [pid 7402] <... rseq resumed>) = 0 [pid 7397] <... close resumed>) = 0 [ 321.932934][ T7399] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 322.073105][ T7397] loop0: detected capacity change from 0 to 32768 [ 322.082300][ T7399] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 322.098531][ T7399] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 322.107735][ T7399] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [pid 7402] set_robust_list(0x7f3cdbf259a0, 24 [pid 7399] <... open resumed>) = ? [pid 7397] close(4 [pid 7368] <... openat resumed>) = ? [pid 5874] <... umount2 resumed>) = 0 [pid 7402] <... set_robust_list resumed>) = 0 [pid 7399] +++ exited with 0 +++ [pid 7397] <... close resumed>) = 0 [pid 5874] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7402] rt_sigprocmask(SIG_SETMASK, [], [pid 7397] mkdir("./file1", 0777 [pid 7402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./35/file1", [pid 7402] memfd_create("syzkaller", 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7402] <... memfd_create resumed>) = 3 [pid 5874] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7397] <... mkdir resumed>) = 0 [pid 7402] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7397] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", [pid 7368] +++ exited with 0 +++ [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./35/file1") = 0 [pid 5874] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./35/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./35") = 0 [pid 5874] mkdir("./36", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 322.128105][ T30] audit: type=1800 audit(1752029517.905:2): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor289" name="file1" dev="loop1" ino=4422 res=0 errno=0 [ 322.156681][ T7397] XFS: noikeep mount option is deprecated. [ 322.207576][ T7397] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 322.271223][ T7397] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 322.304844][ T7397] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7397] <... mount resumed>) = 0 [pid 7397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7397] chdir("./file1") = 0 [pid 7397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7397] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7397] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7396] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] <... futex resumed>) = 0 [pid 7396] <... futex resumed>) = 1 [pid 7397] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7397] <... openat resumed>) = 4 [pid 7397] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7397] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7396] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] <... futex resumed>) = 0 [pid 7396] <... futex resumed>) = 1 [pid 7397] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7397] <... pwritev2 resumed>) = 65007 [pid 7397] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7397] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7396] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7396] <... futex resumed>) = 0 [pid 7397] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 322.338960][ T7397] XFS (loop0): Ending recovery (logdev: internal) [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... close resumed>) = 0 [pid 7397] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7397] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7412 attached [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7412 [pid 7412] set_robust_list(0x55555d962760, 24) = 0 [pid 7412] chdir("./36") = 0 [pid 7412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7397] <... futex resumed>) = 1 [pid 7396] <... futex resumed>) = 0 [pid 7412] setpgid(0, 0 [pid 7397] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7396] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7396] <... futex resumed>) = 0 [pid 7397] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7396] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7412] <... setpgid resumed>) = 0 [ 322.391807][ T7397] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 322.416839][ T7397] XFS (loop0): Unmount and run xfs_repair [pid 7412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7412] write(3, "1000", 4) = 4 [pid 7412] close(3) = 0 [pid 7412] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7412] write(1, "executing program\n", 18) = 18 [pid 7412] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7412] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7413]}, 88) = 7413 [pid 7412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7412] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7413 attached ) = 0 [pid 7412] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7413] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7396] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 322.443472][ T7397] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 322.463694][ T7397] CPU: 0 UID: 0 PID: 7397 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 322.463730][ T7397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.463746][ T7397] Call Trace: [ 322.463756][ T7397] [ 322.463767][ T7397] dump_stack_lvl+0x189/0x250 [ 322.463806][ T7397] ? __pfx__xfs_alert_tag+0x10/0x10 [ 322.463844][ T7397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.463880][ T7397] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 322.463927][ T7397] xfs_corruption_error+0x122/0x170 [ 322.463966][ T7397] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 322.464002][ T7397] xfs_alloc_fixup_trees+0x95e/0xd20 [ 322.464031][ T7397] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7413] <... rseq resumed>) = 0 [pid 7413] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7413] memfd_create("syzkaller", 0) = 3 [pid 7413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 322.464073][ T7397] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 322.464113][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464141][ T7397] ? rcu_is_watching+0x15/0xb0 [ 322.464172][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464199][ T7397] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 322.464232][ T7397] ? rcu_is_watching+0x15/0xb0 [ 322.464271][ T7397] xfs_alloc_cur_finish+0xd3/0x4b0 [ 322.464302][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464333][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464367][ T7397] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 322.464425][ T7397] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 322.464455][ T7397] ? xfs_group_grab+0x28/0x480 [ 322.464492][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464522][ T7397] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 322.464559][ T7397] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 322.464608][ T7397] xfs_alloc_vextent_start_ag+0x388/0x850 [ 322.464648][ T7397] xfs_bmapi_allocate+0x188e/0x2e00 [ 322.464714][ T7397] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 322.464749][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7396] exit_group(0) = ? [pid 7402] <... write resumed>) = 16777216 [ 322.464800][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464828][ T7397] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 322.464853][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.464881][ T7397] ? xfs_iext_prev+0x35a/0x370 [ 322.464920][ T7397] ? xfs_iext_get_extent+0x1bb/0x370 [ 322.464951][ T7397] xfs_bmapi_write+0x7df/0x1260 [ 322.465011][ T7397] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 322.465099][ T7397] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 322.465142][ T7397] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 322.465173][ T7397] ? kasan_save_track+0x4f/0x80 [ 322.465200][ T7397] ? kasan_save_track+0x3e/0x80 [ 322.465225][ T7397] ? kasan_save_free_info+0x46/0x50 [ 322.465263][ T7397] ? kmem_cache_free+0x18f/0x400 [ 322.465293][ T7397] ? __xfs_trans_commit+0x3e0/0xbd0 [ 322.465319][ T7397] ? xfs_trans_roll+0x130/0x450 [ 322.465343][ T7397] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 322.465384][ T7397] xfs_attr_set_iter+0x2d4/0x4b70 [ 322.465419][ T7397] ? filename_setxattr+0x274/0x600 [ 322.465453][ T7397] ? path_setxattrat+0x364/0x3a0 [ 322.465476][ T7397] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 322.465528][ T7397] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 322.465586][ T7397] ? kasan_quarantine_put+0xdd/0x220 [ 322.465612][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.465641][ T7397] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.465682][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.465716][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.465745][ T7397] ? kmem_cache_free+0x18f/0x400 [ 322.465774][ T7397] ? __xfs_trans_commit+0x3e0/0xbd0 [ 322.465806][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.465834][ T7397] ? __xfs_trans_commit+0x4c7/0xbd0 [ 322.465878][ T7397] xfs_attr_finish_item+0xed/0x320 [ 322.465918][ T7397] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 322.465956][ T7397] xfs_defer_finish_one+0x5c8/0xcf0 [ 322.466016][ T7397] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 322.466066][ T7397] xfs_defer_finish_noroll+0x910/0x12d0 [ 322.466114][ T7397] ? xfs_trans_commit+0x10b/0x1c0 [ 322.466147][ T7397] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 322.466181][ T7397] ? inode_set_ctime_current+0x740/0xb40 [ 322.466229][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.466258][ T7397] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 322.466299][ T7397] xfs_trans_commit+0x10b/0x1c0 [ 322.466325][ T7397] ? __pfx_xfs_trans_commit+0x10/0x10 [ 322.466357][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.466386][ T7397] ? xfs_trans_log_inode+0x12c/0x1a0 [ 322.466427][ T7397] xfs_attr_set+0xdc6/0x1210 [ 322.466476][ T7397] ? __pfx_xfs_attr_set+0x10/0x10 [ 322.466511][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.466539][ T7397] ? __lock_acquire+0xab9/0xd20 [ 322.466576][ T7397] ? xfs_da_hashname+0x59d/0x740 [ 322.466609][ T7397] ? do_raw_spin_lock+0x121/0x290 [ 322.466653][ T7397] ? xfs_attr_change+0x2ac/0x390 [ 322.466688][ T7397] xfs_xattr_set+0x14d/0x250 [ 322.466720][ T7397] ? __pfx_xfs_xattr_set+0x10/0x10 [ 322.466770][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.466799][ T7397] ? evm_protect_xattr+0x4d4/0xa90 [ 322.466826][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.466854][ T7397] ? rcu_is_watching+0x15/0xb0 [ 322.466887][ T7397] ? __pfx_evm_protect_xattr+0x10/0x10 [ 322.466913][ T7397] ? __pfx_xfs_xattr_set+0x10/0x10 [ 322.466941][ T7397] __vfs_setxattr+0x43c/0x480 [ 322.466989][ T7397] __vfs_setxattr_noperm+0x12d/0x660 [ 322.467032][ T7397] vfs_setxattr+0x16b/0x2f0 [ 322.467074][ T7397] ? __pfx_vfs_setxattr+0x10/0x10 [ 322.467109][ T7397] ? mnt_get_write_access+0x223/0x2a0 [ 322.467139][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.467173][ T7397] filename_setxattr+0x274/0x600 [ 322.467220][ T7397] ? __pfx_filename_setxattr+0x10/0x10 [ 322.467259][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.467288][ T7397] ? getname_flags+0x1e5/0x540 [ 322.467329][ T7397] path_setxattrat+0x364/0x3a0 [ 322.467367][ T7397] ? __pfx_path_setxattrat+0x10/0x10 [ 322.467433][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.467462][ T7397] ? rcu_is_watching+0x15/0xb0 [ 322.467499][ T7397] __x64_sys_lsetxattr+0xbf/0xe0 [ 322.467540][ T7397] do_syscall_64+0xfa/0x3b0 [ 322.467565][ T7397] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.467604][ T7397] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.467628][ T7397] ? srso_alias_return_thunk+0x5/0xfbef5 [ 322.467657][ T7397] ? exc_page_fault+0x9f/0xf0 [ 322.467697][ T7397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.467722][ T7397] RIP: 0033:0x7f3cdbf794f9 [ 322.467744][ T7397] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 322.467766][ T7397] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 322.467793][ T7397] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 322.467813][ T7397] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 322.467831][ T7397] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 322.467848][ T7397] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 322.467866][ T7397] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 322.467905][ T7397] [pid 7402] munmap(0x7f3cd3a00000, 138412032 [pid 7413] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7402] <... munmap resumed>) = 0 [ 323.162801][ T7397] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 323.172308][ T7397] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 323.190028][ T7397] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 7402] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7397] <... lsetxattr resumed>) = ? [pid 7402] <... openat resumed>) = 4 [pid 7402] ioctl(4, LOOP_SET_FD, 3 [pid 7397] +++ exited with 0 +++ [pid 7396] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7396, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7402] <... ioctl resumed>) = 0 [pid 7402] close(3) = 0 [pid 7402] close(4) = 0 [pid 7402] mkdir("./file1", 0777) = 0 [ 323.217657][ T7402] loop2: detected capacity change from 0 to 32768 [ 323.264255][ T7402] XFS: noikeep mount option is deprecated. [ 323.289092][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7402] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7413] <... write resumed>) = 16777216 [pid 7413] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7413] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7413] close(3) = 0 [ 323.387362][ T7413] loop3: detected capacity change from 0 to 32768 [pid 7413] close(4) = 0 [pid 7413] mkdir("./file1", 0777 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 7413] <... mkdir resumed>) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./34/file1" [pid 7413] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./34/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./34") = 0 [pid 5871] mkdir("./35", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 323.430635][ T7402] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 323.451983][ T7413] XFS: noikeep mount option is deprecated. [ 323.500262][ T7413] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 323.551340][ T7402] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7432 attached [pid 7432] set_robust_list(0x55555d962760, 24) = 0 [pid 7432] chdir("./35" [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7432 [pid 7432] <... chdir resumed>) = 0 [pid 7432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7432] setpgid(0, 0) = 0 [pid 7432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7432] write(3, "1000", 4) = 4 [pid 7432] close(3) = 0 [pid 7432] symlink("/dev/binderfs", "./binderfs") = 0 [ 323.599733][ T7402] XFS (loop2): Starting recovery (logdev: internal) [ 323.636115][ T7413] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. executing program [pid 7432] write(1, "executing program\n", 18) = 18 [pid 7432] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7432] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7433 attached => {parent_tid=[7433]}, 88) = 7433 [pid 7402] <... mount resumed>) = 0 [pid 7402] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7433] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7432] rt_sigprocmask(SIG_SETMASK, [], [pid 7402] <... openat resumed>) = 3 [pid 7432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7433] <... rseq resumed>) = 0 [pid 7432] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] chdir("./file1" [pid 7433] set_robust_list(0x7f3cdbf259a0, 24 [pid 7432] <... futex resumed>) = 0 [pid 7433] <... set_robust_list resumed>) = 0 [pid 7432] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7402] <... chdir resumed>) = 0 [pid 7433] rt_sigprocmask(SIG_SETMASK, [], [pid 7402] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7402] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7433] memfd_create("syzkaller", 0 [pid 7402] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7401] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7433] <... memfd_create resumed>) = 3 [pid 7433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7402] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7402] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7402] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 0 [pid 7401] <... futex resumed>) = 1 [pid 7402] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] <... pwritev2 resumed>) = 65007 [pid 7402] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7402] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 0 [pid 7401] <... futex resumed>) = 1 [pid 7402] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 323.654954][ T7402] XFS (loop2): Ending recovery (logdev: internal) [ 323.673363][ T7413] XFS (loop3): Starting recovery (logdev: internal) [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7402] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7402] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] <... futex resumed>) = 0 [pid 7401] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 0 [pid 7401] <... futex resumed>) = 1 [pid 7402] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7401] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] <... mount resumed>) = 0 [pid 7413] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7413] chdir("./file1") = 0 [pid 7413] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7413] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7412] <... futex resumed>) = 0 [pid 7412] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] <... futex resumed>) = 1 [pid 7413] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7413] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7412] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7413] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 323.694578][ T7402] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 323.706242][ T7402] XFS (loop2): Unmount and run xfs_repair [ 323.718103][ T7413] XFS (loop3): Ending recovery (logdev: internal) [ 323.730576][ T7402] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 7412] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] <... pwritev2 resumed>) = 65007 [pid 7413] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7413] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7412] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 323.743822][ T7402] CPU: 0 UID: 0 PID: 7402 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 323.743857][ T7402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.743874][ T7402] Call Trace: [ 323.743884][ T7402] [ 323.743896][ T7402] dump_stack_lvl+0x189/0x250 [ 323.743933][ T7402] ? __pfx__xfs_alert_tag+0x10/0x10 [ 323.743973][ T7402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.744008][ T7402] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 323.744057][ T7402] xfs_corruption_error+0x122/0x170 [ 323.744097][ T7402] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 323.744132][ T7402] xfs_alloc_fixup_trees+0x95e/0xd20 [ 323.744162][ T7402] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 323.744203][ T7402] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 323.744234][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744269][ T7402] ? rcu_is_watching+0x15/0xb0 [ 323.744300][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744328][ T7402] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 323.744360][ T7402] ? rcu_is_watching+0x15/0xb0 [pid 7433] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7412] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7412] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7434]}, 88) = 7434 [pid 7412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7412] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7434 attached [pid 7434] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7434] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 323.744400][ T7402] xfs_alloc_cur_finish+0xd3/0x4b0 [ 323.744429][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744460][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744494][ T7402] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 323.744551][ T7402] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 323.744581][ T7402] ? xfs_group_grab+0x28/0x480 [ 323.744618][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744646][ T7402] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 323.744680][ T7402] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 323.744728][ T7402] xfs_alloc_vextent_start_ag+0x388/0x850 [ 323.744768][ T7402] xfs_bmapi_allocate+0x188e/0x2e00 [ 323.744833][ T7402] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 323.744866][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744917][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744945][ T7402] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 323.744969][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.744997][ T7402] ? xfs_iext_prev+0x35a/0x370 [ 323.745034][ T7402] ? xfs_iext_get_extent+0x1bb/0x370 [ 323.745065][ T7402] xfs_bmapi_write+0x7df/0x1260 [ 323.745125][ T7402] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 323.745205][ T7402] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 323.745246][ T7402] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 323.745282][ T7402] ? kasan_save_track+0x4f/0x80 [ 323.745308][ T7402] ? kasan_save_track+0x3e/0x80 [ 323.745333][ T7402] ? kasan_save_free_info+0x46/0x50 [ 323.745370][ T7402] ? kmem_cache_free+0x18f/0x400 [ 323.745399][ T7402] ? __xfs_trans_commit+0x3e0/0xbd0 [ 323.745425][ T7402] ? xfs_trans_roll+0x130/0x450 [ 323.745448][ T7402] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 323.745488][ T7402] xfs_attr_set_iter+0x2d4/0x4b70 [ 323.745522][ T7402] ? filename_setxattr+0x274/0x600 [ 323.745555][ T7402] ? path_setxattrat+0x364/0x3a0 [ 323.745577][ T7402] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 323.745629][ T7402] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 323.745685][ T7402] ? kasan_quarantine_put+0xdd/0x220 [ 323.745711][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.745740][ T7402] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.745780][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7434] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7413] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7402] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5872] kill(-7367, SIGKILL) = 0 [pid 5872] kill(7367, SIGKILL) = 0 [pid 7402] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7433] <... write resumed>) = 16777216 [pid 7413] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7433] munmap(0x7f3cd3a00000, 138412032 [pid 7413] <... futex resumed>) = 0 [pid 7401] exit_group(0 [pid 7413] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7402] <... futex resumed>) = ? [pid 7401] <... exit_group resumed>) = ? [pid 7402] +++ exited with 0 +++ [pid 7401] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7401, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=83 /* 0.83 s */} --- [pid 5873] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 323.745814][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.745842][ T7402] ? kmem_cache_free+0x18f/0x400 [ 323.745870][ T7402] ? __xfs_trans_commit+0x3e0/0xbd0 [ 323.745901][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.745929][ T7402] ? __xfs_trans_commit+0x4c7/0xbd0 [ 323.745971][ T7402] xfs_attr_finish_item+0xed/0x320 [ 323.746011][ T7402] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 323.746048][ T7402] xfs_defer_finish_one+0x5c8/0xcf0 [ 323.746108][ T7402] ? __pfx_xfs_defer_finish_one+0x10/0x10 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7433] <... munmap resumed>) = 0 [pid 7433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7433] ioctl(4, LOOP_SET_FD, 3) = 0 [ 323.746157][ T7402] xfs_defer_finish_noroll+0x910/0x12d0 [ 323.746196][ T7402] ? xfs_trans_commit+0x10b/0x1c0 [ 323.746227][ T7402] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 323.746265][ T7402] ? inode_set_ctime_current+0x740/0xb40 [ 323.746313][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.746341][ T7402] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 323.746381][ T7402] xfs_trans_commit+0x10b/0x1c0 [ 323.746407][ T7402] ? __pfx_xfs_trans_commit+0x10/0x10 [pid 7433] close(3) = 0 [pid 7433] close(4) = 0 [pid 7433] mkdir("./file1", 0777) = 0 [ 323.746439][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.746467][ T7402] ? xfs_trans_log_inode+0x12c/0x1a0 [ 323.746507][ T7402] xfs_attr_set+0xdc6/0x1210 [ 323.746556][ T7402] ? __pfx_xfs_attr_set+0x10/0x10 [ 323.746590][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.746618][ T7402] ? __lock_acquire+0xab9/0xd20 [ 323.746654][ T7402] ? xfs_da_hashname+0x59d/0x740 [ 323.746686][ T7402] ? do_raw_spin_lock+0x121/0x290 [ 323.746729][ T7402] ? xfs_attr_change+0x2ac/0x390 [ 323.746767][ T7402] xfs_xattr_set+0x14d/0x250 [ 323.746800][ T7402] ? __pfx_xfs_xattr_set+0x10/0x10 [ 323.746844][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.746873][ T7402] ? evm_protect_xattr+0x4d4/0xa90 [ 323.746899][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.746927][ T7402] ? rcu_is_watching+0x15/0xb0 [ 323.746973][ T7402] ? __pfx_evm_protect_xattr+0x10/0x10 [ 323.747004][ T7402] ? __pfx_xfs_xattr_set+0x10/0x10 [ 323.747032][ T7402] __vfs_setxattr+0x43c/0x480 [ 323.747081][ T7402] __vfs_setxattr_noperm+0x12d/0x660 [ 323.747123][ T7402] vfs_setxattr+0x16b/0x2f0 [ 323.747165][ T7402] ? __pfx_vfs_setxattr+0x10/0x10 [ 323.747195][ T7402] ? mnt_get_write_access+0x223/0x2a0 [ 323.747226][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.747269][ T7402] filename_setxattr+0x274/0x600 [ 323.747317][ T7402] ? __pfx_filename_setxattr+0x10/0x10 [ 323.747355][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.747383][ T7402] ? getname_flags+0x1e5/0x540 [ 323.747423][ T7402] path_setxattrat+0x364/0x3a0 [ 323.747457][ T7402] ? __pfx_path_setxattrat+0x10/0x10 [ 323.747522][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.747549][ T7402] ? rcu_is_watching+0x15/0xb0 [ 323.747586][ T7402] __x64_sys_lsetxattr+0xbf/0xe0 [ 323.747627][ T7402] do_syscall_64+0xfa/0x3b0 [ 323.747651][ T7402] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.747690][ T7402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.747714][ T7402] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.747741][ T7402] ? exc_page_fault+0x9f/0xf0 [ 323.747780][ T7402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.747802][ T7402] RIP: 0033:0x7f3cdbf794f9 [pid 7433] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7412] exit_group(0) = ? [pid 7413] <... futex resumed>) = ? [pid 7413] +++ exited with 0 +++ [pid 5872] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55555d9637f0 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [ 323.747824][ T7402] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 323.747845][ T7402] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 323.747871][ T7402] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 323.747890][ T7402] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 323.747908][ T7402] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 323.747925][ T7402] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 323.747942][ T7402] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 323.747981][ T7402] [ 323.765017][ T7413] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 323.770702][ T7402] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 323.791506][ T7413] XFS (loop3): Unmount and run xfs_repair [ 323.857742][ T7402] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 323.873712][ T7434] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 323.886802][ T7402] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 323.892561][ T7434] CPU: 1 UID: 0 PID: 7434 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 323.892593][ T7434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.892610][ T7434] Call Trace: [ 323.892621][ T7434] [ 323.892631][ T7434] dump_stack_lvl+0x189/0x250 [ 323.892668][ T7434] ? __pfx__xfs_alert_tag+0x10/0x10 [ 323.892706][ T7434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.892740][ T7434] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 323.892788][ T7434] xfs_corruption_error+0x122/0x170 [ 323.892829][ T7434] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7434] <... lsetxattr resumed>) = ? [pid 7434] +++ exited with 0 +++ [pid 7412] +++ exited with 0 +++ [pid 5873] <... umount2 resumed>) = 0 [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7412, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=102 /* 1.02 s */} --- [pid 5873] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... openat resumed>) = 3 [ 323.892864][ T7434] xfs_alloc_fixup_trees+0x95e/0xd20 [ 323.892891][ T7434] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 323.892932][ T7434] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 323.892962][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.892991][ T7434] ? rcu_is_watching+0x15/0xb0 [ 323.893028][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893056][ T7434] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 323.893087][ T7434] ? rcu_is_watching+0x15/0xb0 [ 323.893125][ T7434] xfs_alloc_cur_finish+0xd3/0x4b0 [ 323.893154][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(3, "", [pid 5873] newfstatat(4, "", [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./35/file1") = 0 [pid 5873] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./35/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./35") = 0 [pid 5873] mkdir("./36", 0777) = 0 [ 323.893184][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893218][ T7434] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 323.893274][ T7434] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 323.893303][ T7434] ? xfs_group_grab+0x28/0x480 [ 323.893340][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893367][ T7434] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 323.893400][ T7434] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 323.893448][ T7434] xfs_alloc_vextent_start_ag+0x388/0x850 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 323.893486][ T7434] xfs_bmapi_allocate+0x188e/0x2e00 [ 323.893549][ T7434] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 323.893581][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893631][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893658][ T7434] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 323.893681][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.893709][ T7434] ? xfs_iext_prev+0x35a/0x370 [ 323.893746][ T7434] ? xfs_iext_get_extent+0x1bb/0x370 [ 323.893776][ T7434] xfs_bmapi_write+0x7df/0x1260 [ 323.893834][ T7434] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 323.893912][ T7434] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 323.893952][ T7434] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 323.893982][ T7434] ? kasan_save_track+0x4f/0x80 [ 323.894013][ T7434] ? kasan_save_track+0x3e/0x80 [ 323.894038][ T7434] ? kasan_save_free_info+0x46/0x50 [ 323.894074][ T7434] ? kmem_cache_free+0x18f/0x400 [ 323.894102][ T7434] ? __xfs_trans_commit+0x3e0/0xbd0 [ 323.894127][ T7434] ? xfs_trans_roll+0x130/0x450 [ 323.894150][ T7434] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 323.894189][ T7434] xfs_attr_set_iter+0x2d4/0x4b70 [ 323.894223][ T7434] ? filename_setxattr+0x274/0x600 [ 323.894255][ T7434] ? path_setxattrat+0x364/0x3a0 [ 323.894277][ T7434] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 323.894328][ T7434] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 323.894384][ T7434] ? kasan_quarantine_put+0xdd/0x220 [ 323.894409][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.894437][ T7434] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.894477][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.894510][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] close(3) = 0 [ 323.894538][ T7434] ? kmem_cache_free+0x18f/0x400 [ 323.894565][ T7434] ? __xfs_trans_commit+0x3e0/0xbd0 [ 323.894596][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.894624][ T7434] ? __xfs_trans_commit+0x4c7/0xbd0 [ 323.894666][ T7434] xfs_attr_finish_item+0xed/0x320 [ 323.894705][ T7434] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 323.894742][ T7434] xfs_defer_finish_one+0x5c8/0xcf0 [ 323.894800][ T7434] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 323.894849][ T7434] xfs_defer_finish_noroll+0x910/0x12d0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7441 ./strace-static-x86_64: Process 7441 attached [pid 7441] set_robust_list(0x55555d962760, 24) = 0 [pid 7441] chdir("./36") = 0 [pid 7441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7441] setpgid(0, 0) = 0 [pid 7441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7441] write(3, "1000", 4) = 4 [ 323.894887][ T7434] ? xfs_trans_commit+0x10b/0x1c0 [ 323.894919][ T7434] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 323.894951][ T7434] ? inode_set_ctime_current+0x740/0xb40 [ 323.894998][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.895031][ T7434] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 323.895070][ T7434] xfs_trans_commit+0x10b/0x1c0 [ 323.895095][ T7434] ? __pfx_xfs_trans_commit+0x10/0x10 [ 323.895128][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.895155][ T7434] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 7441] close(3) = 0 [pid 7441] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7441] write(1, "executing program\n", 18) = 18 [pid 7441] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7441] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7442]}, 88) = 7442 [pid 7441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7441] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7442 attached [pid 7442] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7442] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 323.895194][ T7434] xfs_attr_set+0xdc6/0x1210 [ 323.895241][ T7434] ? __pfx_xfs_attr_set+0x10/0x10 [ 323.895274][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.895302][ T7434] ? __lock_acquire+0xab9/0xd20 [ 323.895338][ T7434] ? xfs_da_hashname+0x59d/0x740 [ 323.895369][ T7434] ? do_raw_spin_lock+0x121/0x290 [ 323.895411][ T7434] ? xfs_attr_change+0x2ac/0x390 [ 323.895446][ T7434] xfs_xattr_set+0x14d/0x250 [ 323.895477][ T7434] ? __pfx_xfs_xattr_set+0x10/0x10 [ 323.895521][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7442] memfd_create("syzkaller", 0) = 3 [pid 7442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 323.895549][ T7434] ? evm_protect_xattr+0x4d4/0xa90 [ 323.895575][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.895602][ T7434] ? rcu_is_watching+0x15/0xb0 [ 323.895636][ T7434] ? __pfx_evm_protect_xattr+0x10/0x10 [ 323.895663][ T7434] ? __pfx_xfs_xattr_set+0x10/0x10 [ 323.895691][ T7434] __vfs_setxattr+0x43c/0x480 [ 323.895739][ T7434] __vfs_setxattr_noperm+0x12d/0x660 [ 323.895782][ T7434] vfs_setxattr+0x16b/0x2f0 [ 323.895823][ T7434] ? __pfx_vfs_setxattr+0x10/0x10 [ 323.895852][ T7434] ? mnt_get_write_access+0x223/0x2a0 [ 323.895883][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.895916][ T7434] filename_setxattr+0x274/0x600 [ 323.895962][ T7434] ? __pfx_filename_setxattr+0x10/0x10 [ 323.895999][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.896035][ T7434] ? getname_flags+0x1e5/0x540 [ 323.896075][ T7434] path_setxattrat+0x364/0x3a0 [ 323.896111][ T7434] ? __pfx_path_setxattrat+0x10/0x10 [ 323.896176][ T7434] ? srso_alias_return_thunk+0x5/0xfbef5 [ 323.896203][ T7434] ? rcu_is_watching+0x15/0xb0 [ 323.896239][ T7434] __x64_sys_lsetxattr+0xbf/0xe0 [ 323.896278][ T7434] do_syscall_64+0xfa/0x3b0 [ 323.896306][ T7434] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.896329][ T7434] ? __switch_to_asm+0x39/0x70 [ 323.896361][ T7434] ? __switch_to_asm+0x33/0x70 [ 323.896398][ T7434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.896422][ T7434] RIP: 0033:0x7f3cdbf794f9 [ 323.896443][ T7434] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 323.896465][ T7434] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 323.896491][ T7434] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 323.896510][ T7434] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 323.896528][ T7434] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 323.896545][ T7434] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 323.896562][ T7434] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 323.896600][ T7434] [ 323.896610][ T7434] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 324.153455][ T7433] loop0: detected capacity change from 0 to 32768 [ 324.189292][ T7433] XFS: noikeep mount option is deprecated. [ 324.230868][ T7434] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 324.235234][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7442] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 324.242777][ T7434] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 324.563895][ T7433] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 325.240162][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./36/file1") = 0 [pid 5874] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./36/binderfs" [pid 7442] <... write resumed>) = 16777216 [pid 5874] <... unlink resumed>) = 0 [pid 5874] getdents64(3, [pid 7442] munmap(0x7f3cd3a00000, 138412032 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./36") = 0 [pid 5874] mkdir("./37", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 325.319199][ T7433] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 325.345797][ T7433] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7442] <... munmap resumed>) = 0 [pid 7442] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7433] <... mount resumed>) = 0 [pid 7433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7442] ioctl(4, LOOP_SET_FD, 3 [pid 7433] <... openat resumed>) = 3 [ 325.366100][ T7433] XFS (loop0): Ending recovery (logdev: internal) [pid 7433] chdir("./file1") = 0 [pid 7433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7433] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7432] <... futex resumed>) = 0 [pid 7433] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7432] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7432] <... futex resumed>) = 0 [pid 7433] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7432] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7433] <... openat resumed>) = 4 [pid 7433] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7432] <... futex resumed>) = 0 [pid 7433] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7432] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7432] <... futex resumed>) = 0 [pid 7442] <... ioctl resumed>) = 0 [pid 7433] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7432] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7442] close(3) = 0 [pid 7442] close(4) = 0 [pid 7442] mkdir("./file1", 0777) = 0 [pid 7442] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7433] <... pwritev2 resumed>) = 65007 [pid 7433] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] <... futex resumed>) = 0 [pid 7433] <... futex resumed>) = 1 [pid 7432] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7432] <... futex resumed>) = 0 [ 325.401872][ T7442] loop2: detected capacity change from 0 to 32768 [ 325.427437][ T7442] XFS: noikeep mount option is deprecated. [ 325.444716][ T7433] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7432] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7432] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7432] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7455]}, 88) = 7455 [pid 7432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7432] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7455 attached [pid 7433] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7433] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7455] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7455] set_robust_list(0x7f3cdbf049a0, 24 [pid 7433] <... futex resumed>) = 0 [pid 7433] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7455] <... set_robust_list resumed>) = 0 [ 325.485116][ T7442] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 325.486971][ T7433] XFS (loop0): Unmount and run xfs_repair [pid 7455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7455] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7432] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 325.542184][ T7455] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 325.583566][ T7442] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 325.583913][ T7455] CPU: 1 UID: 0 PID: 7455 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 325.583946][ T7455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 325.583961][ T7455] Call Trace: [ 325.583977][ T7455] [ 325.584000][ T7455] dump_stack_lvl+0x189/0x250 [ 325.584041][ T7455] ? __pfx__xfs_alert_tag+0x10/0x10 [ 325.584080][ T7455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.584114][ T7455] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 325.584162][ T7455] xfs_corruption_error+0x122/0x170 [ 325.584201][ T7455] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 325.584235][ T7455] xfs_alloc_fixup_trees+0x95e/0xd20 [ 325.584264][ T7455] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 325.584313][ T7455] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 325.584343][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.584372][ T7455] ? rcu_is_watching+0x15/0xb0 [pid 5874] <... close resumed>) = 0 [ 325.584403][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.584430][ T7455] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 325.584461][ T7455] ? rcu_is_watching+0x15/0xb0 [ 325.584500][ T7455] xfs_alloc_cur_finish+0xd3/0x4b0 [ 325.584530][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.584559][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.584593][ T7455] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 325.584649][ T7455] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7442] <... mount resumed>) = 0 ./strace-static-x86_64: Process 7456 attached [pid 7442] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7456] set_robust_list(0x55555d962760, 24 [pid 7442] <... openat resumed>) = 3 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7456 [pid 7456] <... set_robust_list resumed>) = 0 [pid 7456] chdir("./37" [pid 7442] chdir("./file1" [pid 7456] <... chdir resumed>) = 0 [pid 7442] <... chdir resumed>) = 0 [pid 7456] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7442] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7456] <... prctl resumed>) = 0 [pid 7442] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7456] setpgid(0, 0) = 0 [pid 7456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7442] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7442] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7456] write(3, "1000", 4) = 4 [pid 7456] close(3) = 0 [pid 7456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7441] <... futex resumed>) = 0 [pid 7456] write(1, "executing program\n", 18executing program [pid 7441] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7456] <... write resumed>) = 18 [pid 7442] <... futex resumed>) = 0 [pid 7441] <... futex resumed>) = 1 [ 325.584678][ T7455] ? xfs_group_grab+0x28/0x480 [ 325.584715][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.584742][ T7455] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 325.584775][ T7455] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 325.584822][ T7455] xfs_alloc_vextent_start_ag+0x388/0x850 [ 325.584861][ T7455] xfs_bmapi_allocate+0x188e/0x2e00 [ 325.584925][ T7455] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 325.584957][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7442] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7441] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7456] <... futex resumed>) = 0 [pid 7456] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7442] <... openat resumed>) = 4 [pid 7456] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7442] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7456] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7442] <... futex resumed>) = 1 [pid 7441] <... futex resumed>) = 0 [pid 7456] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7441] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7456] <... mprotect resumed>) = 0 [pid 7442] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7441] <... futex resumed>) = 0 [pid 7441] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7457 attached [pid 7457] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7457] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7456] <... clone3 resumed> => {parent_tid=[7457]}, 88) = 7457 [pid 7457] rt_sigprocmask(SIG_SETMASK, [], [pid 7456] rt_sigprocmask(SIG_SETMASK, [], [pid 7457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7442] <... pwritev2 resumed>) = 65007 [pid 7457] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7456] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7456] <... futex resumed>) = 0 [pid 7442] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] memfd_create("syzkaller", 0 [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7442] <... futex resumed>) = 1 [pid 7441] <... futex resumed>) = 0 [pid 7442] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7441] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] <... memfd_create resumed>) = 3 [pid 7455] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7455] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7455] <... futex resumed>) = 0 [ 325.585006][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.585034][ T7455] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 325.585057][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.585085][ T7455] ? xfs_iext_prev+0x35a/0x370 [ 325.585123][ T7455] ? xfs_iext_get_extent+0x1bb/0x370 [ 325.585154][ T7455] xfs_bmapi_write+0x7df/0x1260 [ 325.585212][ T7455] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 325.585295][ T7455] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 325.585337][ T7455] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 325.585366][ T7455] ? kasan_save_track+0x4f/0x80 [ 325.585392][ T7455] ? kasan_save_track+0x3e/0x80 [ 325.585417][ T7455] ? kasan_save_free_info+0x46/0x50 [ 325.585453][ T7455] ? kmem_cache_free+0x18f/0x400 [ 325.585482][ T7455] ? __xfs_trans_commit+0x3e0/0xbd0 [ 325.585506][ T7455] ? xfs_trans_roll+0x130/0x450 [ 325.585530][ T7455] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 325.585569][ T7455] xfs_attr_set_iter+0x2d4/0x4b70 [ 325.585603][ T7455] ? filename_setxattr+0x274/0x600 [ 325.585636][ T7455] ? path_setxattrat+0x364/0x3a0 [pid 7455] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7457] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7441] <... futex resumed>) = 0 [ 325.585658][ T7455] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 325.585709][ T7455] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 325.585765][ T7455] ? kasan_quarantine_put+0xdd/0x220 [ 325.585790][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.585818][ T7455] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.585859][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.585892][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.585920][ T7455] ? kmem_cache_free+0x18f/0x400 [ 325.585948][ T7455] ? __xfs_trans_commit+0x3e0/0xbd0 [ 325.585979][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.586006][ T7455] ? __xfs_trans_commit+0x4c7/0xbd0 [ 325.586048][ T7455] xfs_attr_finish_item+0xed/0x320 [ 325.586089][ T7455] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 325.586125][ T7455] xfs_defer_finish_one+0x5c8/0xcf0 [ 325.586185][ T7455] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 325.586234][ T7455] xfs_defer_finish_noroll+0x910/0x12d0 [ 325.586279][ T7455] ? xfs_trans_commit+0x10b/0x1c0 [ 325.586310][ T7455] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 325.586344][ T7455] ? inode_set_ctime_current+0x740/0xb40 [ 325.586390][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.586418][ T7455] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 325.586457][ T7455] xfs_trans_commit+0x10b/0x1c0 [ 325.586484][ T7455] ? __pfx_xfs_trans_commit+0x10/0x10 [ 325.586516][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.586543][ T7455] ? xfs_trans_log_inode+0x12c/0x1a0 [ 325.586583][ T7455] xfs_attr_set+0xdc6/0x1210 [ 325.586632][ T7455] ? __pfx_xfs_attr_set+0x10/0x10 [ 325.586665][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7441] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7432] exit_group(0) = ? [pid 7433] <... futex resumed>) = ? [pid 7433] +++ exited with 0 +++ [pid 7455] <... futex resumed>) = ? [pid 7455] +++ exited with 0 +++ [pid 7432] +++ exited with 0 +++ [ 325.586692][ T7455] ? __lock_acquire+0xab9/0xd20 [ 325.586729][ T7455] ? xfs_da_hashname+0x59d/0x740 [ 325.586760][ T7455] ? do_raw_spin_lock+0x121/0x290 [ 325.586803][ T7455] ? xfs_attr_change+0x2ac/0x390 [ 325.586837][ T7455] xfs_xattr_set+0x14d/0x250 [ 325.586869][ T7455] ? __pfx_xfs_xattr_set+0x10/0x10 [ 325.586913][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.586941][ T7455] ? evm_protect_xattr+0x4d4/0xa90 [ 325.586968][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.586995][ T7455] ? rcu_is_watching+0x15/0xb0 [pid 7441] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7441] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7441] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0}./strace-static-x86_64: Process 7458 attached => {parent_tid=[7458]}, 88) = 7458 [pid 7441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7441] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7458] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7458] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 325.587029][ T7455] ? __pfx_evm_protect_xattr+0x10/0x10 [ 325.587055][ T7455] ? __pfx_xfs_xattr_set+0x10/0x10 [ 325.587082][ T7455] __vfs_setxattr+0x43c/0x480 [ 325.587131][ T7455] __vfs_setxattr_noperm+0x12d/0x660 [ 325.587174][ T7455] vfs_setxattr+0x16b/0x2f0 [ 325.587216][ T7455] ? __pfx_vfs_setxattr+0x10/0x10 [ 325.587245][ T7455] ? mnt_get_write_access+0x223/0x2a0 [ 325.587279][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.587312][ T7455] filename_setxattr+0x274/0x600 [pid 7458] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7457] <... write resumed>) = 16777216 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7432, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=121 /* 1.21 s */} --- [pid 7457] munmap(0x7f3cd3a00000, 138412032 [pid 7441] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 325.587359][ T7455] ? __pfx_filename_setxattr+0x10/0x10 [ 325.587397][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.587424][ T7455] ? getname_flags+0x1e5/0x540 [ 325.587464][ T7455] path_setxattrat+0x364/0x3a0 [ 325.587501][ T7455] ? __pfx_path_setxattrat+0x10/0x10 [ 325.587566][ T7455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 325.587594][ T7455] ? rcu_is_watching+0x15/0xb0 [ 325.587630][ T7455] __x64_sys_lsetxattr+0xbf/0xe0 [ 325.587670][ T7455] do_syscall_64+0xfa/0x3b0 [ 325.587698][ T7455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7457] <... munmap resumed>) = 0 [pid 7457] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5871] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7457] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7457] <... ioctl resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7457] close(3) = 0 [pid 7457] close(4 [pid 5871] <... openat resumed>) = 3 [pid 7457] <... close resumed>) = 0 [pid 7457] mkdir("./file1", 0777 [pid 5871] newfstatat(3, "", [pid 7457] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 325.587721][ T7455] ? __switch_to_asm+0x39/0x70 [ 325.587754][ T7455] ? __switch_to_asm+0x33/0x70 [ 325.587791][ T7455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.587814][ T7455] RIP: 0033:0x7f3cdbf794f9 [ 325.587837][ T7455] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 325.587858][ T7455] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 5871] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7457] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7442] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7442] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 325.587884][ T7455] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 325.587903][ T7455] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 325.587921][ T7455] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 325.587937][ T7455] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 325.587954][ T7455] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 325.587992][ T7455] [ 325.589986][ T7455] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 325.650071][ T7442] XFS (loop2): Starting recovery (logdev: internal) [ 325.679923][ T7455] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 325.720369][ T7442] XFS (loop2): Ending recovery (logdev: internal) [ 325.725740][ T7455] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 325.807980][ T7442] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 326.201248][ T7457] loop3: detected capacity change from 0 to 32768 [ 326.204814][ T7442] XFS (loop2): Unmount and run xfs_repair [ 326.247760][ T7457] XFS: noikeep mount option is deprecated. [ 326.349326][ T7458] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 326.369026][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 326.383922][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 326.383959][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 326.383975][ T7458] Call Trace: [ 326.383985][ T7458] [ 326.383996][ T7458] dump_stack_lvl+0x189/0x250 [ 326.384033][ T7458] ? __pfx__xfs_alert_tag+0x10/0x10 [ 326.384072][ T7458] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.384106][ T7458] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 326.384153][ T7458] xfs_corruption_error+0x122/0x170 [ 326.384192][ T7458] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 326.384226][ T7458] xfs_alloc_fixup_trees+0x95e/0xd20 [ 326.384254][ T7458] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 326.384305][ T7458] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 326.384336][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.384365][ T7458] ? rcu_is_watching+0x15/0xb0 [ 326.384395][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.384423][ T7458] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 326.384454][ T7458] ? rcu_is_watching+0x15/0xb0 [ 326.384493][ T7458] xfs_alloc_cur_finish+0xd3/0x4b0 [ 326.384522][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.384552][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.384586][ T7458] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 326.384642][ T7458] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 326.384672][ T7458] ? xfs_group_grab+0x28/0x480 [ 326.384708][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.384736][ T7458] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 326.384769][ T7458] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 326.384816][ T7458] xfs_alloc_vextent_start_ag+0x388/0x850 [ 326.384855][ T7458] xfs_bmapi_allocate+0x188e/0x2e00 [ 326.384920][ T7458] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 326.384953][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385002][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385030][ T7458] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 326.385054][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385082][ T7458] ? xfs_iext_prev+0x35a/0x370 [ 326.385120][ T7458] ? xfs_iext_get_extent+0x1bb/0x370 [ 326.385151][ T7458] xfs_bmapi_write+0x7df/0x1260 [ 326.385210][ T7458] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 326.385293][ T7458] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 326.385335][ T7458] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 326.385366][ T7458] ? kasan_save_track+0x4f/0x80 [ 326.385391][ T7458] ? kasan_save_track+0x3e/0x80 [ 326.385416][ T7458] ? kasan_save_free_info+0x46/0x50 [ 326.385454][ T7458] ? kmem_cache_free+0x18f/0x400 [ 326.385483][ T7458] ? __xfs_trans_commit+0x3e0/0xbd0 [ 326.385507][ T7458] ? xfs_trans_roll+0x130/0x450 [ 326.385531][ T7458] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 326.385570][ T7458] xfs_attr_set_iter+0x2d4/0x4b70 [ 326.385604][ T7458] ? filename_setxattr+0x274/0x600 [ 326.385636][ T7458] ? path_setxattrat+0x364/0x3a0 [ 326.385658][ T7458] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 326.385709][ T7458] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 326.385766][ T7458] ? kasan_quarantine_put+0xdd/0x220 [ 326.385792][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385820][ T7458] ? lockdep_hardirqs_on+0x9c/0x150 [ 326.385860][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385894][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.385922][ T7458] ? kmem_cache_free+0x18f/0x400 [ 326.385950][ T7458] ? __xfs_trans_commit+0x3e0/0xbd0 [ 326.385981][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.386008][ T7458] ? __xfs_trans_commit+0x4c7/0xbd0 [ 326.386033][ T7458] ? xfs_trans_dup+0xc3/0x5f0 [ 326.386071][ T7458] xfs_attr_finish_item+0xed/0x320 [ 326.386111][ T7458] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 326.386148][ T7458] xfs_defer_finish_one+0x5c8/0xcf0 [ 326.386207][ T7458] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 326.386257][ T7458] xfs_defer_finish_noroll+0x910/0x12d0 [ 326.386307][ T7458] ? xfs_trans_commit+0x10b/0x1c0 [ 326.386338][ T7458] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 326.386372][ T7458] ? inode_set_ctime_current+0x740/0xb40 [ 326.386420][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.386448][ T7458] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 326.386488][ T7458] xfs_trans_commit+0x10b/0x1c0 [ 326.386514][ T7458] ? __pfx_xfs_trans_commit+0x10/0x10 [ 326.386546][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.386573][ T7458] ? xfs_trans_log_inode+0x12c/0x1a0 [ 326.386613][ T7458] xfs_attr_set+0xdc6/0x1210 [ 326.386662][ T7458] ? __pfx_xfs_attr_set+0x10/0x10 [ 326.386694][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.386721][ T7458] ? __lock_acquire+0xab9/0xd20 [ 326.386762][ T7458] ? xfs_da_hashname+0x59d/0x740 [ 326.386793][ T7458] ? do_raw_spin_lock+0x121/0x290 [ 326.386834][ T7458] ? xfs_attr_change+0x2ac/0x390 [ 326.386869][ T7458] xfs_xattr_set+0x14d/0x250 [ 326.386901][ T7458] ? __pfx_xfs_xattr_set+0x10/0x10 [ 326.386944][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.386973][ T7458] ? evm_protect_xattr+0x4d4/0xa90 [ 326.387000][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.387028][ T7458] ? rcu_is_watching+0x15/0xb0 [ 326.387062][ T7458] ? __pfx_evm_protect_xattr+0x10/0x10 [ 326.387089][ T7458] ? __pfx_xfs_xattr_set+0x10/0x10 [ 326.387117][ T7458] __vfs_setxattr+0x43c/0x480 [ 326.387166][ T7458] __vfs_setxattr_noperm+0x12d/0x660 [ 326.387210][ T7458] vfs_setxattr+0x16b/0x2f0 [ 326.387251][ T7458] ? __pfx_vfs_setxattr+0x10/0x10 [ 326.387288][ T7458] ? mnt_get_write_access+0x223/0x2a0 [ 326.387318][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.387352][ T7458] filename_setxattr+0x274/0x600 [ 326.387399][ T7458] ? __pfx_filename_setxattr+0x10/0x10 [ 326.387438][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.387467][ T7458] ? getname_flags+0x1e5/0x540 [ 326.387507][ T7458] path_setxattrat+0x364/0x3a0 [ 326.387544][ T7458] ? __pfx_path_setxattrat+0x10/0x10 [ 326.387609][ T7458] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.387637][ T7458] ? rcu_is_watching+0x15/0xb0 [ 326.387674][ T7458] __x64_sys_lsetxattr+0xbf/0xe0 [ 326.387715][ T7458] do_syscall_64+0xfa/0x3b0 [ 326.387743][ T7458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.387767][ T7458] ? __switch_to_asm+0x39/0x70 [ 326.387800][ T7458] ? __switch_to_asm+0x33/0x70 [ 326.387838][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.387862][ T7458] RIP: 0033:0x7f3cdbf794f9 [ 326.387884][ T7458] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 326.387906][ T7458] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 326.387932][ T7458] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 326.387951][ T7458] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 326.387970][ T7458] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 326.387987][ T7458] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 326.388003][ T7458] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 326.388042][ T7458] [ 327.086823][ T7457] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 327.107957][ T7458] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 327.120324][ T7458] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7442] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... umount2 resumed>) = 0 [ 327.137249][ T7457] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 327.143179][ T7458] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 327.161610][ T7457] XFS (loop3): Starting recovery (logdev: internal) [pid 5871] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7458] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./35/file1") = 0 [pid 5871] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./35/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./35") = 0 [pid 5871] mkdir("./36", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7458] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] <... mount resumed>) = 0 [pid 7458] <... futex resumed>) = 0 [pid 7457] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7441] exit_group(0 [pid 7442] <... futex resumed>) = ? [pid 7441] <... exit_group resumed>) = ? [pid 7457] <... openat resumed>) = 3 [pid 7442] +++ exited with 0 +++ [pid 7458] +++ exited with 0 +++ [pid 7457] chdir("./file1" [pid 7441] +++ exited with 0 +++ [pid 7457] <... chdir resumed>) = 0 [pid 7457] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7441, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=91 /* 0.91 s */} --- [pid 7457] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 7457] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7456] <... futex resumed>) = 0 [pid 7457] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7456] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7457] <... futex resumed>) = 0 [pid 7456] <... futex resumed>) = 1 [pid 7457] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... restart_syscall resumed>) = 0 [pid 7457] <... openat resumed>) = 4 [pid 7457] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7457] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", [pid 7456] <... futex resumed>) = 0 [pid 7456] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7457] <... futex resumed>) = 0 [pid 7456] <... futex resumed>) = 1 [pid 7457] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5873] getdents64(3, [ 327.185438][ T7457] XFS (loop3): Ending recovery (logdev: internal) [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7457] <... pwritev2 resumed>) = 65007 [pid 7457] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7456] <... futex resumed>) = 0 [pid 7456] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7457] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 327.250946][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 327.264649][ T7457] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7457] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7456] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] <... umount2 resumed>) = 0 [pid 7457] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7457] <... futex resumed>) = 0 [pid 7456] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7457] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7456] <... futex resumed>) = 0 [pid 5873] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7456] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./36/file1") = 0 [ 327.302636][ T7457] XFS (loop3): Unmount and run xfs_repair [ 327.327853][ T7457] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [pid 5873] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7456] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7468 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./36/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./36") = 0 [pid 5873] mkdir("./37", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 327.347705][ T7457] CPU: 1 UID: 0 PID: 7457 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 327.347741][ T7457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.347757][ T7457] Call Trace: [ 327.347768][ T7457] [ 327.347780][ T7457] dump_stack_lvl+0x189/0x250 [ 327.347817][ T7457] ? __pfx__xfs_alert_tag+0x10/0x10 [ 327.347856][ T7457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.347890][ T7457] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 327.347938][ T7457] xfs_corruption_error+0x122/0x170 [ 327.347976][ T7457] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 327.348016][ T7457] xfs_alloc_fixup_trees+0x95e/0xd20 [ 327.348055][ T7457] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 327.348096][ T7457] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 327.348126][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348154][ T7457] ? rcu_is_watching+0x15/0xb0 [ 327.348184][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348212][ T7457] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 327.348244][ T7457] ? rcu_is_watching+0x15/0xb0 [ 327.348282][ T7457] xfs_alloc_cur_finish+0xd3/0x4b0 [ 327.348312][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348342][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348376][ T7457] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 327.348433][ T7457] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 327.348461][ T7457] ? xfs_group_grab+0x28/0x480 [ 327.348497][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348525][ T7457] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 327.348558][ T7457] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 327.348604][ T7457] xfs_alloc_vextent_start_ag+0x388/0x850 [ 327.348637][ T7457] xfs_bmapi_allocate+0x188e/0x2e00 [ 327.348685][ T7457] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 327.348709][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348747][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.348767][ T7457] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 327.348790][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] close(3./strace-static-x86_64: Process 7468 attached ) = 0 [pid 7468] set_robust_list(0x55555d962760, 24 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7468] <... set_robust_list resumed>) = 0 [pid 7468] chdir("./36" [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7469 [pid 7468] <... chdir resumed>) = 0 [pid 7468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7468] setpgid(0, 0) = 0 [pid 7468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7468] write(3, "1000", 4) = 4 [pid 7468] close(3) = 0 [pid 7468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7468] write(1, "executing program\n", 18executing program ) = 18 [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7468] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7468] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7470 attached [pid 7470] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7468] <... clone3 resumed> => {parent_tid=[7470]}, 88) = 7470 [pid 7470] <... rseq resumed>) = 0 [pid 7468] rt_sigprocmask(SIG_SETMASK, [], [pid 7470] set_robust_list(0x7f3cdbf259a0, 24 [pid 7468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7470] <... set_robust_list resumed>) = 0 [pid 7468] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] rt_sigprocmask(SIG_SETMASK, [], [pid 7468] <... futex resumed>) = 0 [pid 7470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7470] memfd_create("syzkaller", 0) = 3 [pid 7470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 327.348810][ T7457] ? xfs_iext_prev+0x35a/0x370 [ 327.348838][ T7457] ? xfs_iext_get_extent+0x1bb/0x370 [ 327.348861][ T7457] xfs_bmapi_write+0x7df/0x1260 [ 327.348905][ T7457] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 327.348964][ T7457] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 327.348994][ T7457] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 327.349017][ T7457] ? kasan_save_track+0x4f/0x80 [ 327.349040][ T7457] ? kasan_save_track+0x3e/0x80 [ 327.349058][ T7457] ? kasan_save_free_info+0x46/0x50 [ 327.349085][ T7457] ? kmem_cache_free+0x18f/0x400 [ 327.349107][ T7457] ? __xfs_trans_commit+0x3e0/0xbd0 [ 327.349125][ T7457] ? xfs_trans_roll+0x130/0x450 [ 327.349142][ T7457] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 327.349172][ T7457] xfs_attr_set_iter+0x2d4/0x4b70 [ 327.349197][ T7457] ? filename_setxattr+0x274/0x600 [ 327.349222][ T7457] ? path_setxattrat+0x364/0x3a0 [ 327.349238][ T7457] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 327.349276][ T7457] ? __pfx_xfs_attr_set_iter+0x10/0x10 ./strace-static-x86_64: Process 7469 attached [ 327.349318][ T7457] ? kasan_quarantine_put+0xdd/0x220 [ 327.349338][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349358][ T7457] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.349388][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349413][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349433][ T7457] ? kmem_cache_free+0x18f/0x400 [ 327.349454][ T7457] ? __xfs_trans_commit+0x3e0/0xbd0 [ 327.349477][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349497][ T7457] ? __xfs_trans_commit+0x4c7/0xbd0 [ 327.349529][ T7457] xfs_attr_finish_item+0xed/0x320 [ 327.349559][ T7457] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 327.349586][ T7457] xfs_defer_finish_one+0x5c8/0xcf0 [ 327.349630][ T7457] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 327.349667][ T7457] xfs_defer_finish_noroll+0x910/0x12d0 [ 327.349696][ T7457] ? xfs_trans_commit+0x10b/0x1c0 [ 327.349719][ T7457] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 327.349744][ T7457] ? inode_set_ctime_current+0x740/0xb40 [ 327.349779][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349800][ T7457] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 327.349829][ T7457] xfs_trans_commit+0x10b/0x1c0 [ 327.349849][ T7457] ? __pfx_xfs_trans_commit+0x10/0x10 [ 327.349873][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.349893][ T7457] ? xfs_trans_log_inode+0x12c/0x1a0 [ 327.349922][ T7457] xfs_attr_set+0xdc6/0x1210 [ 327.349959][ T7457] ? __pfx_xfs_attr_set+0x10/0x10 [ 327.349984][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350004][ T7457] ? __lock_acquire+0xab9/0xd20 [ 327.350036][ T7457] ? xfs_da_hashname+0x59d/0x740 [ 327.350060][ T7457] ? do_raw_spin_lock+0x121/0x290 [ 327.350091][ T7457] ? xfs_attr_change+0x2ac/0x390 [ 327.350117][ T7457] xfs_xattr_set+0x14d/0x250 [ 327.350141][ T7457] ? __pfx_xfs_xattr_set+0x10/0x10 [ 327.350174][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350194][ T7457] ? evm_protect_xattr+0x4d4/0xa90 [ 327.350214][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350235][ T7457] ? rcu_is_watching+0x15/0xb0 [ 327.350260][ T7457] ? __pfx_evm_protect_xattr+0x10/0x10 [pid 7470] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 7469] set_robust_list(0x55555d962760, 24 [pid 7470] munmap(0x7f3cd3a00000, 138412032 [pid 7469] <... set_robust_list resumed>) = 0 [pid 7469] chdir("./37") = 0 [pid 7469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7469] setpgid(0, 0) = 0 [pid 7469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7469] write(3, "1000", 4) = 4 [pid 7469] close(3) = 0 [pid 7469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7469] write(1, "executing program\n", 18executing program ) = 18 [ 327.350280][ T7457] ? __pfx_xfs_xattr_set+0x10/0x10 [ 327.350301][ T7457] __vfs_setxattr+0x43c/0x480 [ 327.350337][ T7457] __vfs_setxattr_noperm+0x12d/0x660 [ 327.350369][ T7457] vfs_setxattr+0x16b/0x2f0 [ 327.350400][ T7457] ? __pfx_vfs_setxattr+0x10/0x10 [ 327.350422][ T7457] ? mnt_get_write_access+0x223/0x2a0 [ 327.350444][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350470][ T7457] filename_setxattr+0x274/0x600 [ 327.350505][ T7457] ? __pfx_filename_setxattr+0x10/0x10 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7470] <... munmap resumed>) = 0 [pid 7469] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7469] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7471]}, 88) = 7471 [pid 7469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7469] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7470] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 7471 attached ) = 4 [pid 7471] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7470] ioctl(4, LOOP_SET_FD, 3 [ 327.350533][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350554][ T7457] ? getname_flags+0x1e5/0x540 [ 327.350584][ T7457] path_setxattrat+0x364/0x3a0 [ 327.350611][ T7457] ? __pfx_path_setxattrat+0x10/0x10 [ 327.350660][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350681][ T7457] ? rcu_is_watching+0x15/0xb0 [ 327.350708][ T7457] __x64_sys_lsetxattr+0xbf/0xe0 [ 327.350737][ T7457] do_syscall_64+0xfa/0x3b0 [ 327.350755][ T7457] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.350783][ T7457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.350800][ T7457] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.350821][ T7457] ? exc_page_fault+0x9f/0xf0 [ 327.350851][ T7457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.350869][ T7457] RIP: 0033:0x7f3cdbf794f9 [ 327.350886][ T7457] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 327.350901][ T7457] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 327.350920][ T7457] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 327.350934][ T7457] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 327.350947][ T7457] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 327.350959][ T7457] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 327.350972][ T7457] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 327.351001][ T7457] [pid 7471] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7470] <... ioctl resumed>) = 0 [pid 7471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7470] close(3 [pid 7471] memfd_create("syzkaller", 0 [pid 7470] <... close resumed>) = 0 [pid 7471] <... memfd_create resumed>) = 3 [pid 7470] close(4 [pid 7471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7470] <... close resumed>) = 0 [pid 7471] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7470] mkdir("./file1", 0777) = 0 [pid 7457] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7470] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7457] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7457] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7456] exit_group(0 [pid 7457] <... futex resumed>) = ? [pid 7456] <... exit_group resumed>) = ? [pid 7457] +++ exited with 0 +++ [pid 7456] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7456, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=120 /* 1.20 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 327.351217][ T7457] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 327.938737][ T7470] loop0: detected capacity change from 0 to 32768 [ 327.944129][ T7457] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 328.079884][ T7457] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 328.091216][ T7470] XFS: noikeep mount option is deprecated. [ 328.128526][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7471] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [ 328.184197][ T7470] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./37/file1") = 0 [pid 5874] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./37/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./37") = 0 [ 328.230973][ T7470] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5874] mkdir("./38", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7470] <... mount resumed>) = 0 [pid 7470] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7470] chdir("./file1") = 0 [pid 7470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7470] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7470] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7468] <... futex resumed>) = 0 [pid 7468] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] <... futex resumed>) = 0 [pid 7470] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7470] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7470] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7468] <... futex resumed>) = 1 [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7468] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] <... futex resumed>) = 0 [pid 7468] <... futex resumed>) = 1 [pid 7470] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7470] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7470] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7468] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] <... futex resumed>) = 0 [ 328.274716][ T7470] XFS (loop0): Starting recovery (logdev: internal) [ 328.295324][ T7470] XFS (loop0): Ending recovery (logdev: internal) [pid 7470] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7468] <... futex resumed>) = 1 [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7470] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 328.341825][ T7470] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 328.366699][ T7470] XFS (loop0): Unmount and run xfs_repair [pid 7470] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7468] <... futex resumed>) = 0 [pid 7468] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7468] <... futex resumed>) = 0 [ 328.389964][ T7470] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 328.417456][ T7470] CPU: 1 UID: 0 PID: 7470 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7468] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 328.417488][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.417503][ T7470] Call Trace: [ 328.417514][ T7470] [ 328.417524][ T7470] dump_stack_lvl+0x189/0x250 [ 328.417559][ T7470] ? __pfx__xfs_alert_tag+0x10/0x10 [ 328.417596][ T7470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.417632][ T7470] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 328.417679][ T7470] xfs_corruption_error+0x122/0x170 [ 328.417719][ T7470] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 328.417754][ T7470] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7480 [ 328.417783][ T7470] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 328.417824][ T7470] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 328.417855][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.417884][ T7470] ? rcu_is_watching+0x15/0xb0 [ 328.417914][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.417942][ T7470] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 328.417974][ T7470] ? rcu_is_watching+0x15/0xb0 [ 328.418013][ T7470] xfs_alloc_cur_finish+0xd3/0x4b0 [ 328.418042][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418072][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418105][ T7470] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 328.418160][ T7470] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 328.418190][ T7470] ? xfs_group_grab+0x28/0x480 [ 328.418225][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418253][ T7470] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 328.418286][ T7470] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 328.418334][ T7470] xfs_alloc_vextent_start_ag+0x388/0x850 [ 328.418378][ T7470] xfs_bmapi_allocate+0x188e/0x2e00 [pid 7471] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7480 attached [pid 7471] munmap(0x7f3cd3a00000, 138412032 [pid 7480] set_robust_list(0x55555d962760, 24 [pid 7471] <... munmap resumed>) = 0 [pid 7480] <... set_robust_list resumed>) = 0 [pid 7471] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7480] chdir("./38" [pid 7471] <... openat resumed>) = 4 [ 328.418442][ T7470] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 328.418475][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418526][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418555][ T7470] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 328.418579][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.418608][ T7470] ? xfs_iext_prev+0x35a/0x370 [ 328.418646][ T7470] ? xfs_iext_get_extent+0x1bb/0x370 [ 328.418678][ T7470] xfs_bmapi_write+0x7df/0x1260 [ 328.418736][ T7470] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 7480] <... chdir resumed>) = 0 [pid 7480] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7471] ioctl(4, LOOP_SET_FD, 3 [pid 7480] <... prctl resumed>) = 0 [pid 7480] setpgid(0, 0 [pid 7471] <... ioctl resumed>) = 0 [pid 7480] <... setpgid resumed>) = 0 [pid 7471] close(3 [pid 7480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7471] <... close resumed>) = 0 [pid 7480] <... openat resumed>) = 3 [pid 7471] close(4 [pid 7480] write(3, "1000", 4 [pid 7471] <... close resumed>) = 0 [pid 7480] <... write resumed>) = 4 [pid 7480] close(3) = 0 [pid 7471] mkdir("./file1", 0777) = 0 [pid 7480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7480] write(1, "executing program\n", 18executing program ) = 18 [ 328.418815][ T7470] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 328.418857][ T7470] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 328.418887][ T7470] ? kasan_save_track+0x4f/0x80 [ 328.418914][ T7470] ? kasan_save_track+0x3e/0x80 [ 328.418940][ T7470] ? kasan_save_free_info+0x46/0x50 [ 328.418978][ T7470] ? kmem_cache_free+0x18f/0x400 [ 328.419007][ T7470] ? __xfs_trans_commit+0x3e0/0xbd0 [ 328.419033][ T7470] ? xfs_trans_roll+0x130/0x450 [ 328.419057][ T7470] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 7471] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7480] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7481]}, 88) = 7481 [pid 7480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7480] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7468] exit_group(0) = ? [ 328.419098][ T7470] xfs_attr_set_iter+0x2d4/0x4b70 [ 328.419133][ T7470] ? filename_setxattr+0x274/0x600 [ 328.419167][ T7470] ? path_setxattrat+0x364/0x3a0 [ 328.419189][ T7470] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 328.419242][ T7470] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 328.419299][ T7470] ? kasan_quarantine_put+0xdd/0x220 [ 328.419326][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.419355][ T7470] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.419403][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.419438][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.419466][ T7470] ? kmem_cache_free+0x18f/0x400 [ 328.419495][ T7470] ? __xfs_trans_commit+0x3e0/0xbd0 [ 328.419527][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.419555][ T7470] ? __xfs_trans_commit+0x4c7/0xbd0 [ 328.419582][ T7470] ? xfs_trans_dup+0xc3/0x5f0 [ 328.419622][ T7470] xfs_attr_finish_item+0xed/0x320 [ 328.419663][ T7470] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 328.419701][ T7470] xfs_defer_finish_one+0x5c8/0xcf0 [ 328.419760][ T7470] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 328.419810][ T7470] xfs_defer_finish_noroll+0x910/0x12d0 [ 328.419849][ T7470] ? xfs_trans_commit+0x10b/0x1c0 [ 328.419881][ T7470] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 328.419915][ T7470] ? inode_set_ctime_current+0x740/0xb40 [ 328.419962][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.419990][ T7470] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 328.420030][ T7470] xfs_trans_commit+0x10b/0x1c0 [ 328.420057][ T7470] ? __pfx_xfs_trans_commit+0x10/0x10 [ 328.420089][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 ./strace-static-x86_64: Process 7481 attached [pid 7481] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7481] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7481] memfd_create("syzkaller", 0) = 3 [pid 7481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 328.420117][ T7470] ? xfs_trans_log_inode+0x12c/0x1a0 [ 328.420158][ T7470] xfs_attr_set+0xdc6/0x1210 [ 328.420207][ T7470] ? __pfx_xfs_attr_set+0x10/0x10 [ 328.420242][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.420271][ T7470] ? __lock_acquire+0xab9/0xd20 [ 328.420307][ T7470] ? xfs_da_hashname+0x59d/0x740 [ 328.420339][ T7470] ? do_raw_spin_lock+0x121/0x290 [ 328.420387][ T7470] ? xfs_attr_change+0x2ac/0x390 [ 328.420422][ T7470] xfs_xattr_set+0x14d/0x250 [ 328.420453][ T7470] ? __pfx_xfs_xattr_set+0x10/0x10 [ 328.420498][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.420526][ T7470] ? evm_protect_xattr+0x4d4/0xa90 [ 328.420553][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.420581][ T7470] ? rcu_is_watching+0x15/0xb0 [ 328.420614][ T7470] ? __pfx_evm_protect_xattr+0x10/0x10 [ 328.420642][ T7470] ? __pfx_xfs_xattr_set+0x10/0x10 [ 328.420669][ T7470] __vfs_setxattr+0x43c/0x480 [ 328.420717][ T7470] __vfs_setxattr_noperm+0x12d/0x660 [ 328.420761][ T7470] vfs_setxattr+0x16b/0x2f0 [ 328.420802][ T7470] ? __pfx_vfs_setxattr+0x10/0x10 [ 328.420832][ T7470] ? mnt_get_write_access+0x223/0x2a0 [ 328.420862][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.420897][ T7470] filename_setxattr+0x274/0x600 [ 328.420944][ T7470] ? __pfx_filename_setxattr+0x10/0x10 [ 328.420983][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.421031][ T7470] ? getname_flags+0x1e5/0x540 [ 328.421072][ T7470] path_setxattrat+0x364/0x3a0 [ 328.421108][ T7470] ? __pfx_path_setxattrat+0x10/0x10 [ 328.421174][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.421202][ T7470] ? rcu_is_watching+0x15/0xb0 [ 328.421238][ T7470] __x64_sys_lsetxattr+0xbf/0xe0 [ 328.421279][ T7470] do_syscall_64+0xfa/0x3b0 [ 328.421303][ T7470] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.421341][ T7470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.421371][ T7470] ? srso_alias_return_thunk+0x5/0xfbef5 [ 328.421399][ T7470] ? exc_page_fault+0x9f/0xf0 [ 328.421439][ T7470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.421463][ T7470] RIP: 0033:0x7f3cdbf794f9 [ 328.421485][ T7470] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 328.421506][ T7470] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 328.421532][ T7470] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 328.421552][ T7470] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 328.421570][ T7470] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 328.421587][ T7470] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 328.421604][ T7470] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 328.421643][ T7470] [ 328.421654][ T7470] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 328.650476][ T7471] loop2: detected capacity change from 0 to 32768 [ 328.652770][ T7470] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7481] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7470] <... lsetxattr resumed>) = ? [pid 7470] +++ exited with 0 +++ [pid 7468] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7468, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=106 /* 1.06 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5871] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./36/file1") = 0 [pid 5871] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./36/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./36") = 0 [pid 5871] mkdir("./37", 0777) = 0 [ 328.678143][ T7471] XFS: noikeep mount option is deprecated. [ 328.684699][ T7470] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 329.097780][ T7471] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 329.174028][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7481] <... write resumed>) = 16777216 [pid 7481] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7481] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 329.289431][ T7471] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 329.328549][ T7481] loop3: detected capacity change from 0 to 32768 [pid 7481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7481] close(3) = 0 [pid 7481] close(4) = 0 [pid 7481] mkdir("./file1", 0777) = 0 [pid 7481] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7471] <... mount resumed>) = 0 [pid 7471] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7471] chdir("./file1") = 0 [pid 7471] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [pid 7471] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7469] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7471] <... openat resumed>) = 4 [pid 7471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [pid 7471] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 329.335014][ T7471] XFS (loop2): Starting recovery (logdev: internal) [ 329.353876][ T7481] XFS: noikeep mount option is deprecated. [ 329.360768][ T7471] XFS (loop2): Ending recovery (logdev: internal) [pid 7469] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7471] <... pwritev2 resumed>) = 65007 [pid 7471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7471] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7469] <... futex resumed>) = 0 [pid 7469] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7471] <... futex resumed>) = 0 [pid 7469] <... futex resumed>) = 1 [pid 7471] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 329.399584][ T7481] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 329.421517][ T7471] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7471] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [pid 7471] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7469] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... close resumed>) = 0 [ 329.448466][ T7471] XFS (loop2): Unmount and run xfs_repair [ 329.457052][ T7471] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 329.473058][ T7471] CPU: 1 UID: 0 PID: 7471 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 329.473091][ T7471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7469] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 7498 attached [pid 7469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7498] set_robust_list(0x55555d962760, 24) = 0 [pid 7498] chdir("./37") = 0 [pid 7498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7498] setpgid(0, 0) = 0 [pid 7498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7498] write(3, "1000", 4) = 4 [pid 7498] close(3) = 0 [pid 7498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7498] write(1, "executing program\n", 18) = 18 [pid 7498] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7498] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7498] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7499]}, 88) = 7499 [pid 7498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7498] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 329.473107][ T7471] Call Trace: [ 329.473120][ T7471] [ 329.473131][ T7471] dump_stack_lvl+0x189/0x250 [ 329.473165][ T7471] ? __pfx__xfs_alert_tag+0x10/0x10 [ 329.473203][ T7471] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.473238][ T7471] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 329.473285][ T7471] xfs_corruption_error+0x122/0x170 [ 329.473324][ T7471] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 329.473366][ T7471] xfs_alloc_fixup_trees+0x95e/0xd20 [ 329.473395][ T7471] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7498] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7499 attached [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7498 [pid 7499] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7481] <... mount resumed>) = 0 [pid 7499] <... rseq resumed>) = 0 [pid 7499] set_robust_list(0x7f3cdbf259a0, 24 [pid 7481] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7499] <... set_robust_list resumed>) = 0 [pid 7481] <... openat resumed>) = 3 [ 329.473437][ T7471] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 329.473468][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.473498][ T7471] ? rcu_is_watching+0x15/0xb0 [ 329.473528][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.473557][ T7471] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 329.473589][ T7471] ? rcu_is_watching+0x15/0xb0 [ 329.473628][ T7471] xfs_alloc_cur_finish+0xd3/0x4b0 [ 329.473658][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.473688][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7499] rt_sigprocmask(SIG_SETMASK, [], [pid 7481] chdir("./file1" [pid 7499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7481] <... chdir resumed>) = 0 [pid 7499] memfd_create("syzkaller", 0 [pid 7481] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7499] <... memfd_create resumed>) = 3 [pid 7481] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7481] <... futex resumed>) = 1 [pid 7480] <... futex resumed>) = 0 [pid 7499] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7481] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7480] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7480] <... futex resumed>) = 0 [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7481] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7481] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7480] <... futex resumed>) = 0 [pid 7481] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7480] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7481] <... pwritev2 resumed>) = 65007 [pid 7481] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7480] <... futex resumed>) = 0 [pid 7480] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7481] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7481] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7481] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7480] <... futex resumed>) = 0 [pid 7480] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7481] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 329.473722][ T7471] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 329.473779][ T7471] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 329.473809][ T7471] ? xfs_group_grab+0x28/0x480 [ 329.473845][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.473874][ T7471] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 329.473907][ T7471] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 329.473954][ T7471] xfs_alloc_vextent_start_ag+0x388/0x850 [ 329.473993][ T7471] xfs_bmapi_allocate+0x188e/0x2e00 [ 329.474057][ T7471] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 329.474113][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.474141][ T7471] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 329.474165][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.474193][ T7471] ? xfs_iext_prev+0x35a/0x370 [ 329.474232][ T7471] ? xfs_iext_get_extent+0x1bb/0x370 [ 329.474263][ T7471] xfs_bmapi_write+0x7df/0x1260 [ 329.474322][ T7471] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 329.474406][ T7471] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 7480] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7499] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7480] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 329.474448][ T7471] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 329.474478][ T7471] ? kasan_save_track+0x4f/0x80 [ 329.474504][ T7471] ? kasan_save_track+0x3e/0x80 [ 329.474529][ T7471] ? kasan_save_free_info+0x46/0x50 [ 329.474566][ T7471] ? kmem_cache_free+0x18f/0x400 [ 329.474595][ T7471] ? __xfs_trans_commit+0x3e0/0xbd0 [ 329.474620][ T7471] ? xfs_trans_roll+0x130/0x450 [ 329.474644][ T7471] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 329.474684][ T7471] xfs_attr_set_iter+0x2d4/0x4b70 [ 329.474718][ T7471] ? filename_setxattr+0x274/0x600 [ 329.474751][ T7471] ? path_setxattrat+0x364/0x3a0 [ 329.474773][ T7471] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 329.474825][ T7471] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 329.474882][ T7471] ? kasan_quarantine_put+0xdd/0x220 [ 329.474908][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.474936][ T7471] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.474977][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475009][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475037][ T7471] ? kmem_cache_free+0x18f/0x400 [ 329.475065][ T7471] ? __xfs_trans_commit+0x3e0/0xbd0 [ 329.475096][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475124][ T7471] ? __xfs_trans_commit+0x4c7/0xbd0 [ 329.475167][ T7471] xfs_attr_finish_item+0xed/0x320 [ 329.475208][ T7471] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 329.475246][ T7471] xfs_defer_finish_one+0x5c8/0xcf0 [ 329.475306][ T7471] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 329.475360][ T7471] xfs_defer_finish_noroll+0x910/0x12d0 [ 329.475400][ T7471] ? xfs_trans_commit+0x10b/0x1c0 [ 329.475432][ T7471] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 329.475466][ T7471] ? inode_set_ctime_current+0x740/0xb40 [ 329.475514][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475542][ T7471] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 329.475583][ T7471] xfs_trans_commit+0x10b/0x1c0 [ 329.475609][ T7471] ? __pfx_xfs_trans_commit+0x10/0x10 [ 329.475641][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475669][ T7471] ? xfs_trans_log_inode+0x12c/0x1a0 [ 329.475709][ T7471] xfs_attr_set+0xdc6/0x1210 [ 329.475758][ T7471] ? __pfx_xfs_attr_set+0x10/0x10 [pid 7499] <... write resumed>) = 16777216 [pid 7471] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7499] munmap(0x7f3cd3a00000, 138412032 [pid 7471] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7469] exit_group(0 [pid 7471] <... futex resumed>) = ? [pid 7469] <... exit_group resumed>) = ? [pid 7471] +++ exited with 0 +++ [pid 7469] +++ exited with 0 +++ [ 329.475792][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.475821][ T7471] ? __lock_acquire+0xab9/0xd20 [ 329.475857][ T7471] ? xfs_da_hashname+0x59d/0x740 [ 329.475888][ T7471] ? do_raw_spin_lock+0x121/0x290 [ 329.475931][ T7471] ? xfs_attr_change+0x2ac/0x390 [ 329.475966][ T7471] xfs_xattr_set+0x14d/0x250 [ 329.475997][ T7471] ? __pfx_xfs_xattr_set+0x10/0x10 [ 329.476042][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.476071][ T7471] ? evm_protect_xattr+0x4d4/0xa90 [ 329.476098][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7469, si_uid=0, si_status=0, si_utime=0, si_stime=61 /* 0.61 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7499] <... munmap resumed>) = 0 [pid 7499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 329.476127][ T7471] ? rcu_is_watching+0x15/0xb0 [ 329.476160][ T7471] ? __pfx_evm_protect_xattr+0x10/0x10 [ 329.476188][ T7471] ? __pfx_xfs_xattr_set+0x10/0x10 [ 329.476216][ T7471] __vfs_setxattr+0x43c/0x480 [ 329.476264][ T7471] __vfs_setxattr_noperm+0x12d/0x660 [ 329.476308][ T7471] vfs_setxattr+0x16b/0x2f0 [ 329.476356][ T7471] ? __pfx_vfs_setxattr+0x10/0x10 [ 329.476386][ T7471] ? mnt_get_write_access+0x223/0x2a0 [ 329.476417][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.476451][ T7471] filename_setxattr+0x274/0x600 [ 329.476498][ T7471] ? __pfx_filename_setxattr+0x10/0x10 [ 329.476537][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.476565][ T7471] ? getname_flags+0x1e5/0x540 [ 329.476605][ T7471] path_setxattrat+0x364/0x3a0 [ 329.476641][ T7471] ? __pfx_path_setxattrat+0x10/0x10 [ 329.476705][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.476732][ T7471] ? rcu_is_watching+0x15/0xb0 [ 329.476774][ T7471] __x64_sys_lsetxattr+0xbf/0xe0 [ 329.476816][ T7471] do_syscall_64+0xfa/0x3b0 [pid 7499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7499] close(3) = 0 [pid 7499] close(4) = 0 [pid 7499] mkdir("./file1", 0777) = 0 [ 329.476840][ T7471] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.476877][ T7471] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.476900][ T7471] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.476927][ T7471] ? exc_page_fault+0x9f/0xf0 [ 329.476966][ T7471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.476989][ T7471] RIP: 0033:0x7f3cdbf794f9 [ 329.477010][ T7471] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 329.477031][ T7471] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 329.477056][ T7471] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 329.477074][ T7471] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 329.477092][ T7471] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 329.477108][ T7471] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 329.477125][ T7471] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 329.477163][ T7471] [ 329.498211][ T7481] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 329.514692][ T7471] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 329.529354][ T7481] XFS (loop3): Starting recovery (logdev: internal) [ 329.542921][ T7471] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 329.579036][ T7481] XFS (loop3): Ending recovery (logdev: internal) [ 329.582637][ T7471] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 329.642989][ T7481] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 329.643435][ T7481] XFS (loop3): Unmount and run xfs_repair [ 329.654190][ T7481] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 329.994238][ T7499] loop0: detected capacity change from 0 to 32768 [ 329.996903][ T7481] CPU: 0 UID: 0 PID: 7481 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 329.996934][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.996948][ T7481] Call Trace: [ 329.996957][ T7481] [ 329.996968][ T7481] dump_stack_lvl+0x189/0x250 [ 329.997003][ T7481] ? __pfx__xfs_alert_tag+0x10/0x10 [ 329.997040][ T7481] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.997074][ T7481] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 329.997127][ T7481] xfs_corruption_error+0x122/0x170 [pid 7499] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7480] exit_group(0) = ? [ 329.997165][ T7481] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 329.997200][ T7481] xfs_alloc_fixup_trees+0x95e/0xd20 [ 329.997228][ T7481] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 329.997269][ T7481] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 329.997299][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997327][ T7481] ? rcu_is_watching+0x15/0xb0 [ 329.997357][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997384][ T7481] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 329.997415][ T7481] ? rcu_is_watching+0x15/0xb0 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [ 329.997453][ T7481] xfs_alloc_cur_finish+0xd3/0x4b0 [ 329.997482][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997512][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997545][ T7481] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 329.997602][ T7481] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 329.997630][ T7481] ? xfs_group_grab+0x28/0x480 [ 329.997666][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997694][ T7481] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 5873] rmdir("./37/file1") = 0 [pid 5873] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./37/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./37") = 0 [pid 5873] mkdir("./38", 0777) = 0 [ 329.997726][ T7481] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 329.997774][ T7481] xfs_alloc_vextent_start_ag+0x388/0x850 [ 329.997813][ T7481] xfs_bmapi_allocate+0x188e/0x2e00 [ 329.997876][ T7481] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 329.997908][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997958][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.997985][ T7481] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 329.998009][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.998036][ T7481] ? xfs_iext_prev+0x35a/0x370 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7481] <... lsetxattr resumed>) = ? [pid 7481] +++ exited with 0 +++ [pid 7480] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7480, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=100 /* 1.00 s */} --- [pid 5874] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... openat resumed>) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 329.998074][ T7481] ? xfs_iext_get_extent+0x1bb/0x370 [ 329.998108][ T7481] xfs_bmapi_write+0x7df/0x1260 [ 329.998167][ T7481] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 329.998245][ T7481] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 329.998285][ T7481] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 329.998315][ T7481] ? kasan_save_track+0x4f/0x80 [ 329.998341][ T7481] ? kasan_save_track+0x3e/0x80 [ 329.998365][ T7481] ? kasan_save_free_info+0x46/0x50 [ 329.998401][ T7481] ? kmem_cache_free+0x18f/0x400 [ 329.998433][ T7481] ? __xfs_trans_commit+0x3e0/0xbd0 [ 329.998457][ T7481] ? xfs_trans_roll+0x130/0x450 [ 329.998480][ T7481] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 329.998519][ T7481] xfs_attr_set_iter+0x2d4/0x4b70 [ 329.998552][ T7481] ? filename_setxattr+0x274/0x600 [ 329.998584][ T7481] ? path_setxattrat+0x364/0x3a0 [ 329.998606][ T7481] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 329.998657][ T7481] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 329.998712][ T7481] ? kasan_quarantine_put+0xdd/0x220 [ 329.998738][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.998765][ T7481] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.998807][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.998840][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.998868][ T7481] ? kmem_cache_free+0x18f/0x400 [ 329.998895][ T7481] ? __xfs_trans_commit+0x3e0/0xbd0 [ 329.998926][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.998953][ T7481] ? __xfs_trans_commit+0x4c7/0xbd0 [ 329.998996][ T7481] xfs_attr_finish_item+0xed/0x320 [ 329.999035][ T7481] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 329.999072][ T7481] xfs_defer_finish_one+0x5c8/0xcf0 [ 329.999134][ T7481] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 329.999183][ T7481] xfs_defer_finish_noroll+0x910/0x12d0 [ 329.999221][ T7481] ? xfs_trans_commit+0x10b/0x1c0 [ 329.999253][ T7481] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 329.999286][ T7481] ? inode_set_ctime_current+0x740/0xb40 [ 329.999332][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.999360][ T7481] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7508 attached [pid 7508] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7508 [pid 7508] <... set_robust_list resumed>) = 0 [ 329.999398][ T7481] xfs_trans_commit+0x10b/0x1c0 [ 329.999425][ T7481] ? __pfx_xfs_trans_commit+0x10/0x10 [ 329.999456][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.999484][ T7481] ? xfs_trans_log_inode+0x12c/0x1a0 [ 329.999523][ T7481] xfs_attr_set+0xdc6/0x1210 [ 329.999571][ T7481] ? __pfx_xfs_attr_set+0x10/0x10 [ 329.999604][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.999631][ T7481] ? __lock_acquire+0xab9/0xd20 [ 329.999667][ T7481] ? xfs_da_hashname+0x59d/0x740 [pid 7508] chdir("./38") = 0 [pid 7508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7508] setpgid(0, 0) = 0 [pid 7508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7508] write(3, "1000", 4) = 4 [pid 7508] close(3) = 0 [pid 7508] symlink("/dev/binderfs", "./binderfs") = 0 [ 329.999698][ T7481] ? do_raw_spin_lock+0x121/0x290 [ 329.999740][ T7481] ? xfs_attr_change+0x2ac/0x390 [ 329.999774][ T7481] xfs_xattr_set+0x14d/0x250 [ 329.999805][ T7481] ? __pfx_xfs_xattr_set+0x10/0x10 [ 329.999849][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.999877][ T7481] ? evm_protect_xattr+0x4d4/0xa90 [ 329.999903][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.999930][ T7481] ? rcu_is_watching+0x15/0xb0 [ 329.999964][ T7481] ? __pfx_evm_protect_xattr+0x10/0x10 [ 329.999991][ T7481] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 7508] write(1, "executing program\n", 18executing program ) = 18 [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7508] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7508] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7509 attached [pid 7509] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7508] <... clone3 resumed> => {parent_tid=[7509]}, 88) = 7509 [pid 7508] rt_sigprocmask(SIG_SETMASK, [], [pid 7509] <... rseq resumed>) = 0 [pid 7508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7509] set_robust_list(0x7f3cdbf259a0, 24 [pid 7508] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7509] <... set_robust_list resumed>) = 0 [pid 7508] <... futex resumed>) = 0 [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 330.000018][ T7481] __vfs_setxattr+0x43c/0x480 [ 330.000066][ T7481] __vfs_setxattr_noperm+0x12d/0x660 [ 330.000113][ T7481] vfs_setxattr+0x16b/0x2f0 [ 330.000153][ T7481] ? __pfx_vfs_setxattr+0x10/0x10 [ 330.000183][ T7481] ? mnt_get_write_access+0x223/0x2a0 [ 330.000212][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.000246][ T7481] filename_setxattr+0x274/0x600 [ 330.000292][ T7481] ? __pfx_filename_setxattr+0x10/0x10 [ 330.000329][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7509] memfd_create("syzkaller", 0) = 3 [pid 7509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 330.000357][ T7481] ? getname_flags+0x1e5/0x540 [ 330.000397][ T7481] path_setxattrat+0x364/0x3a0 [ 330.000433][ T7481] ? __pfx_path_setxattrat+0x10/0x10 [ 330.000497][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.000525][ T7481] ? rcu_is_watching+0x15/0xb0 [ 330.000560][ T7481] __x64_sys_lsetxattr+0xbf/0xe0 [ 330.000600][ T7481] do_syscall_64+0xfa/0x3b0 [ 330.000624][ T7481] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.000661][ T7481] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.000684][ T7481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.000712][ T7481] ? exc_page_fault+0x9f/0xf0 [ 330.000751][ T7481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.000775][ T7481] RIP: 0033:0x7f3cdbf794f9 [ 330.000797][ T7481] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 330.000818][ T7481] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 330.000844][ T7481] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 330.000863][ T7481] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 330.000882][ T7481] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 330.000897][ T7481] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 330.000914][ T7481] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 330.000953][ T7481] [ 330.000964][ T7481] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 330.044498][ T7499] XFS: noikeep mount option is deprecated. [ 330.081612][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 330.107967][ T7481] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 330.357060][ T7499] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 330.359480][ T7481] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 330.440345][ T7499] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 331.020970][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7509] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./38/file1") = 0 [pid 5874] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./38/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./38") = 0 [pid 5874] mkdir("./39", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 331.089163][ T7499] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7509] <... write resumed>) = 16777216 [pid 7509] munmap(0x7f3cd3a00000, 138412032 [pid 7499] <... mount resumed>) = 0 [pid 7499] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7499] chdir("./file1") = 0 [pid 7499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7499] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7498] <... futex resumed>) = 0 [pid 7499] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7498] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7499] <... futex resumed>) = 0 [pid 7498] <... futex resumed>) = 1 [pid 7499] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7498] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7499] <... openat resumed>) = 4 [pid 7499] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7498] <... futex resumed>) = 0 [pid 7499] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7498] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7499] <... futex resumed>) = 0 [pid 7499] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7498] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7499] <... pwritev2 resumed>) = 65007 [pid 7499] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7498] <... futex resumed>) = 0 [pid 7499] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7498] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7499] <... futex resumed>) = 0 [pid 7498] <... futex resumed>) = 1 [pid 7499] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 331.146965][ T7499] XFS (loop0): Ending recovery (logdev: internal) [pid 7498] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7509] <... munmap resumed>) = 0 [pid 7509] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7509] ioctl(4, LOOP_SET_FD, 3 [pid 7499] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7509] <... ioctl resumed>) = 0 [pid 7498] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7498] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7509] close(3) = 0 [pid 7509] close(4 [pid 7498] <... futex resumed>) = 0 [pid 7509] <... close resumed>) = 0 [pid 7509] mkdir("./file1", 0777 [pid 7498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7509] <... mkdir resumed>) = 0 [pid 7509] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7498] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [ 331.188323][ T7499] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 331.214661][ T7499] XFS (loop0): Unmount and run xfs_repair [ 331.222201][ T7509] loop2: detected capacity change from 0 to 32768 [pid 7499] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7499] <... futex resumed>) = 0 [pid 7498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7499] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7510]}, 88) = 7510 [pid 7498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7498] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7498] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7510 attached [pid 7510] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7510] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 331.242579][ T7509] XFS: noikeep mount option is deprecated. [ 331.258005][ T7510] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 331.272972][ T7510] CPU: 1 UID: 0 PID: 7510 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 331.273006][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 331.273022][ T7510] Call Trace: [ 331.273032][ T7510] [ 331.273043][ T7510] dump_stack_lvl+0x189/0x250 [ 331.273078][ T7510] ? __pfx__xfs_alert_tag+0x10/0x10 [ 331.273114][ T7510] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.273147][ T7510] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 331.273196][ T7510] xfs_corruption_error+0x122/0x170 [ 331.273235][ T7510] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 331.273270][ T7510] xfs_alloc_fixup_trees+0x95e/0xd20 [ 331.273305][ T7510] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 331.273346][ T7510] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 331.273377][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.273406][ T7510] ? rcu_is_watching+0x15/0xb0 [ 331.273437][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.273466][ T7510] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 331.273498][ T7510] ? rcu_is_watching+0x15/0xb0 [ 331.273538][ T7510] xfs_alloc_cur_finish+0xd3/0x4b0 [ 331.273568][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7510] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5874] <... close resumed>) = 0 [ 331.273598][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.273632][ T7510] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 331.273690][ T7510] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 331.273720][ T7510] ? xfs_group_grab+0x28/0x480 [ 331.273756][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.273784][ T7510] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 331.273817][ T7510] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 331.273865][ T7510] xfs_alloc_vextent_start_ag+0x388/0x850 [ 331.273904][ T7510] xfs_bmapi_allocate+0x188e/0x2e00 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7498] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 7516 attached [pid 7516] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7516 [ 331.273968][ T7510] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 331.274001][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274051][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274079][ T7510] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 331.274102][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274130][ T7510] ? xfs_iext_prev+0x35a/0x370 [ 331.274168][ T7510] ? xfs_iext_get_extent+0x1bb/0x370 [ 331.274199][ T7510] xfs_bmapi_write+0x7df/0x1260 [ 331.274258][ T7510] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 7516] <... set_robust_list resumed>) = 0 [pid 7516] chdir("./39") = 0 [pid 7516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7516] setpgid(0, 0) = 0 [pid 7516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7516] write(3, "1000", 4) = 4 [pid 7516] close(3) = 0 executing program [pid 7516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7516] write(1, "executing program\n", 18) = 18 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7516] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7520]}, 88) = 7520 [pid 7516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7516] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7520 attached [ 331.274342][ T7510] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 331.274383][ T7510] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 331.274414][ T7510] ? kasan_save_track+0x4f/0x80 [ 331.274441][ T7510] ? kasan_save_track+0x3e/0x80 [ 331.274466][ T7510] ? kasan_save_free_info+0x46/0x50 [ 331.274503][ T7510] ? kmem_cache_free+0x18f/0x400 [ 331.274532][ T7510] ? __xfs_trans_commit+0x3e0/0xbd0 [ 331.274558][ T7510] ? xfs_trans_roll+0x130/0x450 [ 331.274582][ T7510] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 7520] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7510] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7520] <... rseq resumed>) = 0 [pid 7520] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7520] memfd_create("syzkaller", 0) = 3 [pid 7520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7510] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] futex(0x7f3cdc0036d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7498] exit_group(0) = ? [pid 7510] <... futex resumed>) = ? [pid 7510] +++ exited with 0 +++ [pid 7499] <... futex resumed>) = ? [pid 7499] +++ exited with 0 +++ [pid 7498] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7498, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=106 /* 1.06 s */} --- [pid 5871] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 331.274622][ T7510] xfs_attr_set_iter+0x2d4/0x4b70 [ 331.274656][ T7510] ? filename_setxattr+0x274/0x600 [ 331.274689][ T7510] ? path_setxattrat+0x364/0x3a0 [ 331.274711][ T7510] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 331.274762][ T7510] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 331.274819][ T7510] ? kasan_quarantine_put+0xdd/0x220 [ 331.274845][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274873][ T7510] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.274914][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274947][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.274975][ T7510] ? kmem_cache_free+0x18f/0x400 [ 331.275004][ T7510] ? __xfs_trans_commit+0x3e0/0xbd0 [ 331.275035][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.275063][ T7510] ? __xfs_trans_commit+0x4c7/0xbd0 [ 331.275107][ T7510] xfs_attr_finish_item+0xed/0x320 [ 331.275147][ T7510] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 331.275185][ T7510] xfs_defer_finish_one+0x5c8/0xcf0 [ 331.275245][ T7510] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 331.275301][ T7510] xfs_defer_finish_noroll+0x910/0x12d0 [ 331.275341][ T7510] ? xfs_trans_commit+0x10b/0x1c0 [ 331.275373][ T7510] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 331.275406][ T7510] ? inode_set_ctime_current+0x740/0xb40 [ 331.275454][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.275482][ T7510] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 331.275521][ T7510] xfs_trans_commit+0x10b/0x1c0 [ 331.275547][ T7510] ? __pfx_xfs_trans_commit+0x10/0x10 [ 331.275579][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 331.275607][ T7510] ? xfs_trans_log_inode+0x12c/0x1a0 [ 331.275647][ T7510] xfs_attr_set+0xdc6/0x1210 [ 331.275696][ T7510] ? __pfx_xfs_attr_set+0x10/0x10 [ 331.275730][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.275758][ T7510] ? __lock_acquire+0xab9/0xd20 [ 331.275794][ T7510] ? xfs_da_hashname+0x59d/0x740 [ 331.275826][ T7510] ? do_raw_spin_lock+0x121/0x290 [ 331.275869][ T7510] ? xfs_attr_change+0x2ac/0x390 [ 331.275904][ T7510] xfs_xattr_set+0x14d/0x250 [ 331.275936][ T7510] ? __pfx_xfs_xattr_set+0x10/0x10 [ 331.275981][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.276010][ T7510] ? evm_protect_xattr+0x4d4/0xa90 [ 331.276037][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.276065][ T7510] ? rcu_is_watching+0x15/0xb0 [ 331.276100][ T7510] ? __pfx_evm_protect_xattr+0x10/0x10 [ 331.276128][ T7510] ? __pfx_xfs_xattr_set+0x10/0x10 [ 331.276155][ T7510] __vfs_setxattr+0x43c/0x480 [ 331.276204][ T7510] __vfs_setxattr_noperm+0x12d/0x660 [ 331.276247][ T7510] vfs_setxattr+0x16b/0x2f0 [ 331.276293][ T7510] ? __pfx_vfs_setxattr+0x10/0x10 [ 331.276324][ T7510] ? mnt_get_write_access+0x223/0x2a0 [ 331.276354][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.276388][ T7510] filename_setxattr+0x274/0x600 [ 331.276434][ T7510] ? __pfx_filename_setxattr+0x10/0x10 [ 331.276473][ T7510] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.276500][ T7510] ? getname_flags+0x1e5/0x540 [ 331.276541][ T7510] path_setxattrat+0x364/0x3a0 [ 331.276578][ T7510] ? __pfx_path_setxattrat+0x10/0x10 [ 331.276642][ T7510] ? __might_fault+0xb0/0x130 [ 331.276680][ T7510] __x64_sys_lsetxattr+0xbf/0xe0 [ 331.276721][ T7510] do_syscall_64+0xfa/0x3b0 [ 331.276754][ T7510] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.276778][ T7510] ? __switch_to_asm+0x39/0x70 [ 331.276811][ T7510] ? __switch_to_asm+0x33/0x70 [ 331.276848][ T7510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.276872][ T7510] RIP: 0033:0x7f3cdbf794f9 [ 331.276894][ T7510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 331.276914][ T7510] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 331.276940][ T7510] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 331.276959][ T7510] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 331.276977][ T7510] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 331.276994][ T7510] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 331.277011][ T7510] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 331.277049][ T7510] [pid 7520] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 331.404221][ T7509] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 331.458187][ T7510] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 331.481875][ T7509] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 331.488832][ T7510] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 331.525867][ T7509] XFS (loop2): Starting recovery (logdev: internal) [pid 7520] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7509] <... mount resumed>) = 0 [pid 7509] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7509] chdir("./file1") = 0 [pid 7509] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7520] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7509] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7520] ioctl(4, LOOP_SET_FD, 3 [pid 7509] <... futex resumed>) = 1 [pid 7508] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7508] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7509] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./37/file1") = 0 [pid 7520] <... ioctl resumed>) = 0 [pid 7509] <... openat resumed>) = 4 [pid 5871] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7520] close(3 [pid 7509] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7520] <... close resumed>) = 0 [pid 7509] <... futex resumed>) = 1 [pid 7520] close(4 [pid 7509] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7520] <... close resumed>) = 0 [pid 7520] mkdir("./file1", 0777) = 0 [pid 7508] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7520] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7508] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] newfstatat(AT_FDCWD, "./37/binderfs", [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./37/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [ 331.528857][ T7510] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 331.546586][ T7509] XFS (loop2): Ending recovery (logdev: internal) [ 332.010138][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 332.033790][ T7520] loop3: detected capacity change from 0 to 32768 [pid 5871] close(3) = 0 [pid 5871] rmdir("./37" [pid 7509] <... futex resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7509] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5871] mkdir("./38", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7509] <... pwritev2 resumed>) = 65007 [pid 7509] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 7509] <... futex resumed>) = 1 [pid 7508] <... futex resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7509] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7508] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 332.072107][ T7520] XFS: noikeep mount option is deprecated. [ 332.095406][ T7509] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 332.102133][ T7520] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] close(3 [pid 7508] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7509] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7509] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7509] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7508] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7509] <... futex resumed>) = 0 [pid 7508] <... futex resumed>) = 1 [pid 7508] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 332.147616][ T7520] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 332.157890][ T7509] XFS (loop2): Unmount and run xfs_repair [pid 7509] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7508] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 332.189437][ T7509] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 332.225206][ T7520] XFS (loop3): Starting recovery (logdev: internal) [ 332.251716][ T7509] CPU: 1 UID: 0 PID: 7509 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 332.251753][ T7509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 332.251769][ T7509] Call Trace: [ 332.251779][ T7509] [ 332.251790][ T7509] dump_stack_lvl+0x189/0x250 [ 332.251829][ T7509] ? __pfx__xfs_alert_tag+0x10/0x10 [ 332.251867][ T7509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.251901][ T7509] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 332.251949][ T7509] xfs_corruption_error+0x122/0x170 [ 332.251988][ T7509] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 332.252023][ T7509] xfs_alloc_fixup_trees+0x95e/0xd20 [ 332.252052][ T7509] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 332.252093][ T7509] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 332.252123][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252153][ T7509] ? rcu_is_watching+0x15/0xb0 [ 332.252183][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252212][ T7509] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 executing program [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7529 attached [pid 7529] set_robust_list(0x55555d962760, 24) = 0 [pid 7529] chdir("./38") = 0 [pid 7529] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7529 [pid 7529] <... prctl resumed>) = 0 [pid 7529] setpgid(0, 0) = 0 [pid 7529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7529] write(3, "1000", 4) = 4 [pid 7529] close(3) = 0 [pid 7529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7529] write(1, "executing program\n", 18) = 18 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7529] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7530 attached [pid 7530] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7529] <... clone3 resumed> => {parent_tid=[7530]}, 88) = 7530 [pid 7530] <... rseq resumed>) = 0 [pid 7529] rt_sigprocmask(SIG_SETMASK, [], [pid 7530] set_robust_list(0x7f3cdbf259a0, 24 [pid 7529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7530] <... set_robust_list resumed>) = 0 [pid 7529] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7530] rt_sigprocmask(SIG_SETMASK, [], [pid 7529] <... futex resumed>) = 0 [pid 7530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7530] memfd_create("syzkaller", 0) = 3 [pid 7530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 332.252244][ T7509] ? rcu_is_watching+0x15/0xb0 [ 332.252289][ T7509] xfs_alloc_cur_finish+0xd3/0x4b0 [ 332.252319][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252349][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252384][ T7509] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 332.252443][ T7509] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 332.252474][ T7509] ? xfs_group_grab+0x28/0x480 [ 332.252511][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252540][ T7509] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 332.252575][ T7509] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 332.252623][ T7509] xfs_alloc_vextent_start_ag+0x388/0x850 [ 332.252663][ T7509] xfs_bmapi_allocate+0x188e/0x2e00 [ 332.252728][ T7509] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 332.252762][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252812][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252841][ T7509] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 332.252865][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.252893][ T7509] ? xfs_iext_prev+0x35a/0x370 [ 332.252932][ T7509] ? xfs_iext_get_extent+0x1bb/0x370 [ 332.252963][ T7509] xfs_bmapi_write+0x7df/0x1260 [ 332.253021][ T7509] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 332.253098][ T7509] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 332.253139][ T7509] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 332.253170][ T7509] ? kasan_save_track+0x4f/0x80 [ 332.253196][ T7509] ? kasan_save_track+0x3e/0x80 [ 332.253220][ T7509] ? kasan_save_free_info+0x46/0x50 [ 332.253257][ T7509] ? kmem_cache_free+0x18f/0x400 [pid 7530] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7520] <... mount resumed>) = 0 [pid 7520] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7520] chdir("./file1") = 0 [pid 7520] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7520] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7516] <... futex resumed>) = 0 [pid 7516] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7520] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7520] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7516] <... futex resumed>) = 0 [pid 7516] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 332.253292][ T7509] ? __xfs_trans_commit+0x3e0/0xbd0 [ 332.253317][ T7509] ? xfs_trans_roll+0x130/0x450 [ 332.253341][ T7509] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 332.253381][ T7509] xfs_attr_set_iter+0x2d4/0x4b70 [ 332.253416][ T7509] ? filename_setxattr+0x274/0x600 [ 332.253450][ T7509] ? path_setxattrat+0x364/0x3a0 [ 332.253471][ T7509] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 332.253524][ T7509] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 332.253581][ T7509] ? kasan_quarantine_put+0xdd/0x220 [ 332.253607][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7520] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7520] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7516] <... futex resumed>) = 0 [pid 7520] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7516] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7520] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7520] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7516] <... futex resumed>) = 0 [pid 7516] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7516] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7520] <... futex resumed>) = 1 [pid 7520] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7509] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7509] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 332.253636][ T7509] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.253679][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.253714][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.253742][ T7509] ? kmem_cache_free+0x18f/0x400 [ 332.253771][ T7509] ? __xfs_trans_commit+0x3e0/0xbd0 [ 332.253803][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.253832][ T7509] ? __xfs_trans_commit+0x4c7/0xbd0 [ 332.253877][ T7509] xfs_attr_finish_item+0xed/0x320 [pid 7509] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7508] exit_group(0) = ? [pid 7509] <... futex resumed>) = ? [pid 7509] +++ exited with 0 +++ [pid 7508] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7508, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=117 /* 1.17 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 332.253918][ T7509] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 332.253955][ T7509] xfs_defer_finish_one+0x5c8/0xcf0 [ 332.254016][ T7509] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 332.254064][ T7509] xfs_defer_finish_noroll+0x910/0x12d0 [ 332.254103][ T7509] ? xfs_trans_commit+0x10b/0x1c0 [ 332.254135][ T7509] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 332.254169][ T7509] ? inode_set_ctime_current+0x740/0xb40 [ 332.254216][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.254244][ T7509] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 332.254290][ T7509] xfs_trans_commit+0x10b/0x1c0 [ 332.254317][ T7509] ? __pfx_xfs_trans_commit+0x10/0x10 [ 332.254349][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.254377][ T7509] ? xfs_trans_log_inode+0x12c/0x1a0 [ 332.254417][ T7509] xfs_attr_set+0xdc6/0x1210 [ 332.254466][ T7509] ? __pfx_xfs_attr_set+0x10/0x10 [ 332.254500][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.254528][ T7509] ? __lock_acquire+0xab9/0xd20 [ 332.254565][ T7509] ? xfs_da_hashname+0x59d/0x740 [ 332.254597][ T7509] ? do_raw_spin_lock+0x121/0x290 [ 332.254640][ T7509] ? xfs_attr_change+0x2ac/0x390 [ 332.254675][ T7509] xfs_xattr_set+0x14d/0x250 [ 332.254708][ T7509] ? __pfx_xfs_xattr_set+0x10/0x10 [ 332.254753][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.254782][ T7509] ? evm_protect_xattr+0x4d4/0xa90 [ 332.254808][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.254836][ T7509] ? rcu_is_watching+0x15/0xb0 [ 332.254870][ T7509] ? __pfx_evm_protect_xattr+0x10/0x10 [ 332.254898][ T7509] ? __pfx_xfs_xattr_set+0x10/0x10 [ 332.254927][ T7509] __vfs_setxattr+0x43c/0x480 [pid 5873] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 332.254977][ T7509] __vfs_setxattr_noperm+0x12d/0x660 [ 332.255022][ T7509] vfs_setxattr+0x16b/0x2f0 [ 332.255064][ T7509] ? __pfx_vfs_setxattr+0x10/0x10 [ 332.255095][ T7509] ? mnt_get_write_access+0x223/0x2a0 [ 332.255126][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.255160][ T7509] filename_setxattr+0x274/0x600 [ 332.255206][ T7509] ? __pfx_filename_setxattr+0x10/0x10 [ 332.255244][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.255273][ T7509] ? getname_flags+0x1e5/0x540 [ 332.255320][ T7509] path_setxattrat+0x364/0x3a0 [pid 7530] <... write resumed>) = 16777216 [ 332.255357][ T7509] ? __pfx_path_setxattrat+0x10/0x10 [ 332.255433][ T7509] __x64_sys_lsetxattr+0xbf/0xe0 [ 332.255474][ T7509] do_syscall_64+0xfa/0x3b0 [ 332.255498][ T7509] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.255537][ T7509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.255560][ T7509] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.255589][ T7509] ? exc_page_fault+0x9f/0xf0 [ 332.255630][ T7509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.255655][ T7509] RIP: 0033:0x7f3cdbf794f9 [pid 7530] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 332.255677][ T7509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 332.255699][ T7509] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 332.255727][ T7509] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 332.255746][ T7509] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 332.255765][ T7509] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7530] ioctl(4, LOOP_SET_FD, 3) = 0 [ 332.255782][ T7509] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 332.255799][ T7509] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 332.255838][ T7509] [ 332.255848][ T7509] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 332.367241][ T7520] XFS (loop3): Ending recovery (logdev: internal) [ 332.394712][ T7509] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7530] close(3) = 0 [pid 7530] close(4) = 0 [pid 7530] mkdir("./file1", 0777) = 0 [ 332.554672][ T7520] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 332.556471][ T7509] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 332.569013][ T7520] XFS (loop3): Unmount and run xfs_repair [ 332.584326][ T7520] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 332.889911][ T7530] loop0: detected capacity change from 0 to 32768 [pid 7530] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7516] exit_group(0) = ? [ 332.892381][ T7520] CPU: 0 UID: 0 PID: 7520 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 332.892412][ T7520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 332.892428][ T7520] Call Trace: [ 332.892438][ T7520] [ 332.892449][ T7520] dump_stack_lvl+0x189/0x250 [ 332.892485][ T7520] ? __pfx__xfs_alert_tag+0x10/0x10 [ 332.892523][ T7520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.892557][ T7520] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 332.892604][ T7520] xfs_corruption_error+0x122/0x170 [ 332.892642][ T7520] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 332.892676][ T7520] xfs_alloc_fixup_trees+0x95e/0xd20 [ 332.892705][ T7520] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 332.892745][ T7520] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 332.892775][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.892803][ T7520] ? rcu_is_watching+0x15/0xb0 [ 332.892833][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.892859][ T7520] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 332.892891][ T7520] ? rcu_is_watching+0x15/0xb0 [pid 7520] <... lsetxattr resumed>) = ? [pid 7520] +++ exited with 0 +++ [pid 7516] +++ exited with 0 +++ [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7516, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=92 /* 0.92 s */} --- [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 5873] newfstatat(AT_FDCWD, "./38/file1", [pid 5874] <... restart_syscall resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] <... openat resumed>) = 4 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] newfstatat(4, "", [pid 5874] <... openat resumed>) = 3 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, [pid 5874] newfstatat(3, "", [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, [pid 5874] getdents64(3, [pid 5873] <... getdents64 resumed>0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] close(4) = 0 [pid 5874] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] rmdir("./38/file1") = 0 [ 332.892930][ T7520] xfs_alloc_cur_finish+0xd3/0x4b0 [ 332.892959][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.892989][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.893022][ T7520] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 332.893079][ T7520] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 332.893108][ T7520] ? xfs_group_grab+0x28/0x480 [ 332.893144][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.893171][ T7520] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 332.893205][ T7520] xfs_alloc_vextent_iterate_ags+0x640/0x940 [pid 5873] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./38/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./38") = 0 [ 332.893253][ T7520] xfs_alloc_vextent_start_ag+0x388/0x850 [ 332.893301][ T7520] xfs_bmapi_allocate+0x188e/0x2e00 [ 332.893365][ T7520] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 332.893397][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.893446][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.893474][ T7520] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 332.893498][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.893525][ T7520] ? xfs_iext_prev+0x35a/0x370 [pid 5873] mkdir("./39", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 332.893562][ T7520] ? xfs_iext_get_extent+0x1bb/0x370 [ 332.893593][ T7520] xfs_bmapi_write+0x7df/0x1260 [ 332.893652][ T7520] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 332.893729][ T7520] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 332.893770][ T7520] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 332.893800][ T7520] ? kasan_save_track+0x4f/0x80 [ 332.893825][ T7520] ? kasan_save_track+0x3e/0x80 [ 332.893850][ T7520] ? kasan_save_free_info+0x46/0x50 [ 332.893886][ T7520] ? kmem_cache_free+0x18f/0x400 [ 332.893914][ T7520] ? __xfs_trans_commit+0x3e0/0xbd0 [ 332.893939][ T7520] ? xfs_trans_roll+0x130/0x450 [ 332.893962][ T7520] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 332.894001][ T7520] xfs_attr_set_iter+0x2d4/0x4b70 [ 332.894035][ T7520] ? filename_setxattr+0x274/0x600 [ 332.894068][ T7520] ? path_setxattrat+0x364/0x3a0 [ 332.894089][ T7520] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 332.894141][ T7520] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 332.894197][ T7520] ? kasan_quarantine_put+0xdd/0x220 [ 332.894222][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894249][ T7520] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.894294][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894327][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894355][ T7520] ? kmem_cache_free+0x18f/0x400 [ 332.894383][ T7520] ? __xfs_trans_commit+0x3e0/0xbd0 [ 332.894414][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894441][ T7520] ? __xfs_trans_commit+0x4c7/0xbd0 [ 332.894484][ T7520] xfs_attr_finish_item+0xed/0x320 [ 332.894523][ T7520] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 332.894560][ T7520] xfs_defer_finish_one+0x5c8/0xcf0 [ 332.894619][ T7520] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 332.894667][ T7520] xfs_defer_finish_noroll+0x910/0x12d0 [ 332.894706][ T7520] ? xfs_trans_commit+0x10b/0x1c0 [ 332.894738][ T7520] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 332.894771][ T7520] ? inode_set_ctime_current+0x740/0xb40 [ 332.894818][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894845][ T7520] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 332.894885][ T7520] xfs_trans_commit+0x10b/0x1c0 [ 332.894911][ T7520] ? __pfx_xfs_trans_commit+0x10/0x10 [ 332.894943][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.894970][ T7520] ? xfs_trans_log_inode+0x12c/0x1a0 [ 332.895009][ T7520] xfs_attr_set+0xdc6/0x1210 [ 332.895057][ T7520] ? __pfx_xfs_attr_set+0x10/0x10 [ 332.895090][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.895118][ T7520] ? __lock_acquire+0xab9/0xd20 [ 332.895154][ T7520] ? xfs_da_hashname+0x59d/0x740 [ 332.895185][ T7520] ? do_raw_spin_lock+0x121/0x290 [ 332.895228][ T7520] ? xfs_attr_change+0x2ac/0x390 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7536 attached [pid 7536] set_robust_list(0x55555d962760, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7536 [pid 7536] <... set_robust_list resumed>) = 0 [pid 7536] chdir("./39") = 0 [pid 7536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 332.895262][ T7520] xfs_xattr_set+0x14d/0x250 [ 332.895299][ T7520] ? __pfx_xfs_xattr_set+0x10/0x10 [ 332.895343][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.895371][ T7520] ? evm_protect_xattr+0x4d4/0xa90 [ 332.895397][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.895424][ T7520] ? rcu_is_watching+0x15/0xb0 [ 332.895458][ T7520] ? __pfx_evm_protect_xattr+0x10/0x10 [ 332.895486][ T7520] ? __pfx_xfs_xattr_set+0x10/0x10 [ 332.895513][ T7520] __vfs_setxattr+0x43c/0x480 [ 332.895561][ T7520] __vfs_setxattr_noperm+0x12d/0x660 [pid 7536] setpgid(0, 0) = 0 [pid 7536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7536] write(3, "1000", 4) = 4 [pid 7536] close(3) = 0 [pid 7536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7536] write(1, "executing program\n", 18executing program ) = 18 [pid 7536] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7536] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7536] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 332.895604][ T7520] vfs_setxattr+0x16b/0x2f0 [ 332.895645][ T7520] ? __pfx_vfs_setxattr+0x10/0x10 [ 332.895675][ T7520] ? mnt_get_write_access+0x223/0x2a0 [ 332.895705][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.895739][ T7520] filename_setxattr+0x274/0x600 [ 332.895785][ T7520] ? __pfx_filename_setxattr+0x10/0x10 [ 332.895823][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.895851][ T7520] ? getname_flags+0x1e5/0x540 [ 332.895891][ T7520] path_setxattrat+0x364/0x3a0 [pid 7536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7537 attached [pid 7537] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7536] <... clone3 resumed> => {parent_tid=[7537]}, 88) = 7537 [pid 7537] <... rseq resumed>) = 0 [pid 7536] rt_sigprocmask(SIG_SETMASK, [], [pid 7537] set_robust_list(0x7f3cdbf259a0, 24 [pid 7536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7537] <... set_robust_list resumed>) = 0 [pid 7537] rt_sigprocmask(SIG_SETMASK, [], [pid 7536] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7536] <... futex resumed>) = 0 [pid 7537] memfd_create("syzkaller", 0 [pid 7536] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7537] <... memfd_create resumed>) = 3 [pid 7537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 332.895927][ T7520] ? __pfx_path_setxattrat+0x10/0x10 [ 332.895992][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.896019][ T7520] ? rcu_is_watching+0x15/0xb0 [ 332.896054][ T7520] __x64_sys_lsetxattr+0xbf/0xe0 [ 332.896094][ T7520] do_syscall_64+0xfa/0x3b0 [ 332.896119][ T7520] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.896156][ T7520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.896180][ T7520] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.896207][ T7520] ? exc_page_fault+0x9f/0xf0 [ 332.896246][ T7520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.896278][ T7520] RIP: 0033:0x7f3cdbf794f9 [ 332.896308][ T7520] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 332.896330][ T7520] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 332.896356][ T7520] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 332.896375][ T7520] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 332.896393][ T7520] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 332.896410][ T7520] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 332.896426][ T7520] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 332.896465][ T7520] [ 332.896475][ T7520] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 332.903726][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 332.911238][ T7520] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 332.976405][ T7530] XFS: noikeep mount option is deprecated. [ 332.976856][ T7520] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 333.120088][ T7530] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 333.754085][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7537] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./39/file1") = 0 [pid 5874] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./39/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./39") = 0 [pid 5874] mkdir("./40", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7537] <... write resumed>) = 16777216 [pid 7537] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7537] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 333.937801][ T7530] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7537] close(3) = 0 [pid 7537] close(4) = 0 [pid 7537] mkdir("./file1", 0777) = 0 [ 333.998965][ T7537] loop2: detected capacity change from 0 to 32768 [ 333.999405][ T7530] XFS (loop0): Starting recovery (logdev: internal) [ 334.028766][ T7537] XFS: noikeep mount option is deprecated. [ 334.044687][ T7537] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7537] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... close resumed>) = 0 [pid 7530] <... mount resumed>) = 0 [pid 7530] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7530] chdir("./file1") = 0 [pid 7530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7530] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7529] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7549 ./strace-static-x86_64: Process 7549 attached [pid 7530] <... openat resumed>) = 4 [pid 7549] set_robust_list(0x55555d962760, 24 [ 334.073813][ T7537] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 334.077805][ T7530] XFS (loop0): Ending recovery (logdev: internal) [ 334.110556][ T7537] XFS (loop2): Starting recovery (logdev: internal) [pid 7530] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7529] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7549] <... set_robust_list resumed>) = 0 [pid 7549] chdir("./40") = 0 [pid 7549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7549] setpgid(0, 0executing program ) = 0 [pid 7537] <... mount resumed>) = 0 [pid 7549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7549] write(3, "1000", 4 [pid 7537] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7549] <... write resumed>) = 4 [pid 7549] close(3 [pid 7537] <... openat resumed>) = 3 [pid 7549] <... close resumed>) = 0 [pid 7537] chdir("./file1" [pid 7549] symlink("/dev/binderfs", "./binderfs" [pid 7537] <... chdir resumed>) = 0 [pid 7549] <... symlink resumed>) = 0 [pid 7537] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7549] write(1, "executing program\n", 18) = 18 [pid 7537] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7537] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7536] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = 0 [pid 7537] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7536] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7530] <... pwritev2 resumed>) = 65007 [pid 7549] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7536] <... futex resumed>) = 0 [pid 7530] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7537] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7536] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] <... futex resumed>) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7530] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7529] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7537] <... openat resumed>) = 4 [pid 7530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7529] <... futex resumed>) = 0 [pid 7549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7530] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7549] <... mmap resumed>) = 0x7f3cdbf05000 [pid 7537] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7537] <... futex resumed>) = 1 [pid 7549] <... mprotect resumed>) = 0 [pid 7537] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7550 attached => {parent_tid=[7550]}, 88) = 7550 [pid 7550] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7549] rt_sigprocmask(SIG_SETMASK, [], [pid 7550] <... rseq resumed>) = 0 [pid 7549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7550] set_robust_list(0x7f3cdbf259a0, 24 [pid 7549] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7550] <... set_robust_list resumed>) = 0 [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7550] memfd_create("syzkaller", 0 [pid 7536] <... futex resumed>) = 0 [pid 7550] <... memfd_create resumed>) = 3 [pid 7536] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7530] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7537] <... futex resumed>) = 0 [pid 7536] <... futex resumed>) = 1 [pid 7530] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] <... mmap resumed>) = 0x7f3cd3a00000 [pid 7537] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7536] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] <... futex resumed>) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7529] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7537] <... pwritev2 resumed>) = 65007 [ 334.138290][ T7537] XFS (loop2): Ending recovery (logdev: internal) [ 334.169818][ T7530] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 334.181417][ T7530] XFS (loop0): Unmount and run xfs_repair [pid 7530] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7537] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7536] <... futex resumed>) = 0 [pid 7537] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7536] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7536] <... futex resumed>) = 0 [pid 7537] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 334.209444][ T7530] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 334.224225][ T7537] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 334.226558][ T7530] CPU: 1 UID: 0 PID: 7530 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 334.226589][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 7536] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7529] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 334.226604][ T7530] Call Trace: [ 334.226615][ T7530] [ 334.226625][ T7530] dump_stack_lvl+0x189/0x250 [ 334.226660][ T7530] ? __pfx__xfs_alert_tag+0x10/0x10 [ 334.226697][ T7530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.226731][ T7530] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 334.226782][ T7530] xfs_corruption_error+0x122/0x170 [ 334.226819][ T7530] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 334.226854][ T7530] xfs_alloc_fixup_trees+0x95e/0xd20 [ 334.226882][ T7530] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 334.226922][ T7530] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 334.226952][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.226980][ T7530] ? rcu_is_watching+0x15/0xb0 [ 334.227010][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227054][ T7530] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 334.227084][ T7530] ? rcu_is_watching+0x15/0xb0 [ 334.227123][ T7530] xfs_alloc_cur_finish+0xd3/0x4b0 [ 334.227153][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227183][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7537] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7536] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7536] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7536] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7537] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 7537] <... futex resumed>) = 0 [pid 7537] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7536] <... clone3 resumed> => {parent_tid=[7551]}, 88) = 7551 [pid 7536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7536] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7536] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7550] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216./strace-static-x86_64: Process 7551 attached [pid 7536] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7551] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7551] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 334.227216][ T7530] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 334.227272][ T7530] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 334.227302][ T7530] ? xfs_group_grab+0x28/0x480 [ 334.227337][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227364][ T7530] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 334.227397][ T7530] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 334.227444][ T7530] xfs_alloc_vextent_start_ag+0x388/0x850 [ 334.227483][ T7530] xfs_bmapi_allocate+0x188e/0x2e00 [ 334.227546][ T7530] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 334.227578][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227628][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227655][ T7530] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 334.227678][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.227706][ T7530] ? xfs_iext_prev+0x35a/0x370 [ 334.227743][ T7530] ? xfs_iext_get_extent+0x1bb/0x370 [ 334.227774][ T7530] xfs_bmapi_write+0x7df/0x1260 [ 334.227831][ T7530] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 334.227908][ T7530] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 7551] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7530] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7530] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7530] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7529] exit_group(0) = ? [pid 7530] <... futex resumed>) = ? [pid 7530] +++ exited with 0 +++ [pid 7529] +++ exited with 0 +++ [ 334.227949][ T7530] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 334.227979][ T7530] ? kasan_save_track+0x4f/0x80 [ 334.228004][ T7530] ? kasan_save_track+0x3e/0x80 [ 334.228043][ T7530] ? kasan_save_free_info+0x46/0x50 [ 334.228080][ T7530] ? kmem_cache_free+0x18f/0x400 [ 334.228108][ T7530] ? __xfs_trans_commit+0x3e0/0xbd0 [ 334.228133][ T7530] ? xfs_trans_roll+0x130/0x450 [ 334.228155][ T7530] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 334.228194][ T7530] xfs_attr_set_iter+0x2d4/0x4b70 [ 334.228228][ T7530] ? filename_setxattr+0x274/0x600 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7529, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=116 /* 1.16 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 334.228261][ T7530] ? path_setxattrat+0x364/0x3a0 [ 334.228282][ T7530] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 334.228334][ T7530] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 334.228390][ T7530] ? kasan_quarantine_put+0xdd/0x220 [ 334.228416][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.228443][ T7530] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.228482][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.228516][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.228543][ T7530] ? kmem_cache_free+0x18f/0x400 [pid 5871] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 334.228571][ T7530] ? __xfs_trans_commit+0x3e0/0xbd0 [ 334.228602][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.228629][ T7530] ? __xfs_trans_commit+0x4c7/0xbd0 [ 334.228672][ T7530] xfs_attr_finish_item+0xed/0x320 [ 334.228710][ T7530] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 334.228747][ T7530] xfs_defer_finish_one+0x5c8/0xcf0 [ 334.228806][ T7530] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 334.228854][ T7530] xfs_defer_finish_noroll+0x910/0x12d0 [ 334.228893][ T7530] ? xfs_trans_commit+0x10b/0x1c0 [ 334.228924][ T7530] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 5871] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7550] <... write resumed>) = 16777216 [ 334.228957][ T7530] ? inode_set_ctime_current+0x740/0xb40 [ 334.229004][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.229044][ T7530] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 334.229084][ T7530] xfs_trans_commit+0x10b/0x1c0 [ 334.229110][ T7530] ? __pfx_xfs_trans_commit+0x10/0x10 [ 334.229141][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.229169][ T7530] ? xfs_trans_log_inode+0x12c/0x1a0 [ 334.229208][ T7530] xfs_attr_set+0xdc6/0x1210 [ 334.229256][ T7530] ? __pfx_xfs_attr_set+0x10/0x10 [pid 7550] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7550] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7550] close(3) = 0 [pid 7550] close(4) = 0 [pid 7550] mkdir("./file1", 0777) = 0 [ 334.229289][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.229316][ T7530] ? __lock_acquire+0xab9/0xd20 [ 334.229352][ T7530] ? xfs_da_hashname+0x59d/0x740 [ 334.229384][ T7530] ? do_raw_spin_lock+0x121/0x290 [ 334.229426][ T7530] ? xfs_attr_change+0x2ac/0x390 [ 334.229460][ T7530] xfs_xattr_set+0x14d/0x250 [ 334.229491][ T7530] ? __pfx_xfs_xattr_set+0x10/0x10 [ 334.229535][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.229562][ T7530] ? evm_protect_xattr+0x4d4/0xa90 [ 334.229588][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7550] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7551] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7551] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7536] exit_group(0 [pid 7537] <... futex resumed>) = ? [pid 7536] <... exit_group resumed>) = ? [pid 7551] +++ exited with 0 +++ [pid 7537] +++ exited with 0 +++ [pid 7536] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7536, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=74 /* 0.74 s */} --- [ 334.229616][ T7530] ? rcu_is_watching+0x15/0xb0 [ 334.229649][ T7530] ? __pfx_evm_protect_xattr+0x10/0x10 [ 334.229677][ T7530] ? __pfx_xfs_xattr_set+0x10/0x10 [ 334.229704][ T7530] __vfs_setxattr+0x43c/0x480 [ 334.229752][ T7530] __vfs_setxattr_noperm+0x12d/0x660 [ 334.229794][ T7530] vfs_setxattr+0x16b/0x2f0 [ 334.229835][ T7530] ? __pfx_vfs_setxattr+0x10/0x10 [ 334.229865][ T7530] ? mnt_get_write_access+0x223/0x2a0 [ 334.229895][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5873] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5873] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 334.229928][ T7530] filename_setxattr+0x274/0x600 [ 334.229974][ T7530] ? __pfx_filename_setxattr+0x10/0x10 [ 334.230012][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.230052][ T7530] ? getname_flags+0x1e5/0x540 [ 334.230092][ T7530] path_setxattrat+0x364/0x3a0 [ 334.230129][ T7530] ? __pfx_path_setxattrat+0x10/0x10 [ 334.230193][ T7530] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.230220][ T7530] ? rcu_is_watching+0x15/0xb0 [ 334.230256][ T7530] __x64_sys_lsetxattr+0xbf/0xe0 [ 334.230296][ T7530] do_syscall_64+0xfa/0x3b0 [ 334.230323][ T7530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.230346][ T7530] ? asm_common_interrupt+0x26/0x40 [ 334.230376][ T7530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.230400][ T7530] RIP: 0033:0x7f3cdbf794f9 [ 334.230421][ T7530] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 334.230442][ T7530] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 334.230473][ T7530] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 334.230492][ T7530] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 334.230510][ T7530] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 334.230526][ T7530] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 334.230543][ T7530] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 334.230582][ T7530] [ 334.231213][ T7530] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 334.256810][ T7537] XFS (loop2): Unmount and run xfs_repair [ 334.262973][ T7530] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 334.389128][ T7551] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 334.392251][ T7530] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 5873] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./38/file1") = 0 [pid 5871] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./38/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./38") = 0 [pid 5871] mkdir("./39", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 334.406856][ T7551] CPU: 0 UID: 0 PID: 7551 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 334.406890][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.406905][ T7551] Call Trace: [ 334.406916][ T7551] [ 334.406927][ T7551] dump_stack_lvl+0x189/0x250 [ 334.406963][ T7551] ? __pfx__xfs_alert_tag+0x10/0x10 [ 334.407001][ T7551] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.407035][ T7551] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 334.407088][ T7551] xfs_corruption_error+0x122/0x170 [ 334.407127][ T7551] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 334.407162][ T7551] xfs_alloc_fixup_trees+0x95e/0xd20 [ 334.407191][ T7551] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 334.407231][ T7551] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 334.407261][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407289][ T7551] ? rcu_is_watching+0x15/0xb0 [ 334.407320][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407348][ T7551] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 334.407378][ T7551] ? rcu_is_watching+0x15/0xb0 [ 334.407417][ T7551] xfs_alloc_cur_finish+0xd3/0x4b0 [ 334.407446][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407476][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407509][ T7551] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 334.407566][ T7551] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 334.407595][ T7551] ? xfs_group_grab+0x28/0x480 [ 334.407631][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407658][ T7551] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 334.407691][ T7551] xfs_alloc_vextent_iterate_ags+0x640/0x940 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7552 ./strace-static-x86_64: Process 7552 attached [pid 7552] set_robust_list(0x55555d962760, 24) = 0 [pid 7552] chdir("./39") = 0 [pid 7552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 334.407738][ T7551] xfs_alloc_vextent_start_ag+0x388/0x850 [ 334.407777][ T7551] xfs_bmapi_allocate+0x188e/0x2e00 [ 334.407840][ T7551] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 334.407872][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407922][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.407949][ T7551] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 334.407973][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.408000][ T7551] ? xfs_iext_prev+0x35a/0x370 [ 334.408037][ T7551] ? xfs_iext_get_extent+0x1bb/0x370 [pid 7552] setpgid(0, 0) = 0 [pid 7552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7552] write(3, "1000", 4) = 4 [pid 7552] close(3) = 0 [pid 7552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7552] write(1, "executing program\n", 18executing program ) = 18 [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [ 334.408074][ T7551] xfs_bmapi_write+0x7df/0x1260 [ 334.408132][ T7551] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 334.408210][ T7551] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 334.408250][ T7551] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 334.408281][ T7551] ? kasan_save_track+0x4f/0x80 [ 334.408306][ T7551] ? kasan_save_track+0x3e/0x80 [ 334.408330][ T7551] ? kasan_save_free_info+0x46/0x50 [ 334.408366][ T7551] ? kmem_cache_free+0x18f/0x400 [ 334.408394][ T7551] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 7552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7552] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7553 attached => {parent_tid=[7553]}, 88) = 7553 [pid 7552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7553] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7552] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7553] <... rseq resumed>) = 0 [pid 7553] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7553] memfd_create("syzkaller", 0) = 3 [ 334.408419][ T7551] ? xfs_trans_roll+0x130/0x450 [ 334.408443][ T7551] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 334.408482][ T7551] xfs_attr_set_iter+0x2d4/0x4b70 [ 334.408516][ T7551] ? filename_setxattr+0x274/0x600 [ 334.408548][ T7551] ? path_setxattrat+0x364/0x3a0 [ 334.408569][ T7551] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 334.408619][ T7551] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 334.408675][ T7551] ? kasan_quarantine_put+0xdd/0x220 [ 334.408701][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 334.408730][ T7551] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.408777][ T7551] ? irqentry_exit+0x74/0x90 [ 334.408798][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.408825][ T7551] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.408863][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.408902][ T7551] ? xfs_trans_add_item+0x24/0x2d0 [ 334.408936][ T7551] xfs_attr_finish_item+0xed/0x320 [ 334.408976][ T7551] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 334.409012][ T7551] xfs_defer_finish_one+0x5c8/0xcf0 [ 334.409080][ T7551] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 334.409128][ T7551] xfs_defer_finish_noroll+0x910/0x12d0 [ 334.409167][ T7551] ? xfs_trans_commit+0x10b/0x1c0 [ 334.409199][ T7551] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 334.409232][ T7551] ? inode_set_ctime_current+0x740/0xb40 [ 334.409279][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.409306][ T7551] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 334.409346][ T7551] xfs_trans_commit+0x10b/0x1c0 [ 334.409372][ T7551] ? __pfx_xfs_trans_commit+0x10/0x10 [ 334.409404][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.409432][ T7551] ? xfs_trans_log_inode+0x12c/0x1a0 [ 334.409471][ T7551] xfs_attr_set+0xdc6/0x1210 [ 334.409518][ T7551] ? __pfx_xfs_attr_set+0x10/0x10 [ 334.409551][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.409579][ T7551] ? __lock_acquire+0xab9/0xd20 [ 334.409615][ T7551] ? xfs_da_hashname+0x59d/0x740 [ 334.409646][ T7551] ? do_raw_spin_lock+0x121/0x290 [ 334.409688][ T7551] ? xfs_attr_change+0x2ac/0x390 [ 334.409722][ T7551] xfs_xattr_set+0x14d/0x250 [ 334.409754][ T7551] ? __pfx_xfs_xattr_set+0x10/0x10 [ 334.409798][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.409826][ T7551] ? evm_protect_xattr+0x4d4/0xa90 [ 334.409852][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.409879][ T7551] ? rcu_is_watching+0x15/0xb0 [ 334.409913][ T7551] ? __pfx_evm_protect_xattr+0x10/0x10 [ 334.409940][ T7551] ? __pfx_xfs_xattr_set+0x10/0x10 [ 334.409968][ T7551] __vfs_setxattr+0x43c/0x480 [ 334.410016][ T7551] __vfs_setxattr_noperm+0x12d/0x660 [ 334.410064][ T7551] vfs_setxattr+0x16b/0x2f0 [ 334.410105][ T7551] ? __pfx_vfs_setxattr+0x10/0x10 [ 334.410134][ T7551] ? mnt_get_write_access+0x223/0x2a0 [ 334.410164][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.410198][ T7551] filename_setxattr+0x274/0x600 [ 334.410244][ T7551] ? __pfx_filename_setxattr+0x10/0x10 [ 334.410282][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.410309][ T7551] ? getname_flags+0x1e5/0x540 [ 334.410350][ T7551] path_setxattrat+0x364/0x3a0 [ 334.410386][ T7551] ? __pfx_path_setxattrat+0x10/0x10 [ 334.410451][ T7551] ? srso_alias_return_thunk+0x5/0xfbef5 [ 334.410478][ T7551] ? rcu_is_watching+0x15/0xb0 [ 334.410514][ T7551] __x64_sys_lsetxattr+0xbf/0xe0 [ 334.410554][ T7551] do_syscall_64+0xfa/0x3b0 [ 334.410581][ T7551] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.410605][ T7551] ? __switch_to_asm+0x39/0x70 [ 334.410637][ T7551] ? __switch_to_asm+0x33/0x70 [ 334.410675][ T7551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.410699][ T7551] RIP: 0033:0x7f3cdbf794f9 [pid 7553] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 334.410722][ T7551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 334.410743][ T7551] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 334.410769][ T7551] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 334.410788][ T7551] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 334.410805][ T7551] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 7553] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 334.410821][ T7551] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 334.410837][ T7551] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 334.410876][ T7551] [ 334.410887][ T7551] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 334.680639][ T7550] loop3: detected capacity change from 0 to 32768 [ 334.685742][ T7551] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7553] close(3) = 0 [pid 7553] close(4) = 0 [pid 7553] mkdir("./file1", 0777) = 0 [ 334.693111][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 334.698846][ T7551] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 334.710409][ T7550] XFS: noikeep mount option is deprecated. [ 335.652441][ T7553] loop0: detected capacity change from 0 to 32768 [ 335.686150][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 335.730811][ T7553] XFS: noikeep mount option is deprecated. [ 335.752465][ T7550] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7553] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./39/file1") = 0 [pid 5873] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./39/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./39") = 0 [pid 5873] mkdir("./40", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 335.786942][ T7553] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 335.829160][ T7550] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 335.851013][ T7550] XFS (loop3): Starting recovery (logdev: internal) [pid 5873] close(3 [pid 7550] <... mount resumed>) = 0 [pid 7550] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7550] chdir("./file1") = 0 [pid 7550] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7550] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7550] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = 1 [pid 7550] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7550] <... openat resumed>) = 4 [pid 7550] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7550] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [ 335.888160][ T7550] XFS (loop3): Ending recovery (logdev: internal) [ 335.926705][ T7553] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7550] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7549] <... futex resumed>) = 0 [pid 7550] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7553] <... mount resumed>) = 0 [pid 7550] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = 1 [pid 7553] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7550] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7553] <... openat resumed>) = 3 [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7553] chdir("./file1" [pid 5873] <... close resumed>) = 0 [pid 7553] <... chdir resumed>) = 0 [pid 7550] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7553] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7550] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7553] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7549] <... futex resumed>) = 0 [pid 7550] <... futex resumed>) = 1 [pid 7550] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7570 attached [pid 7553] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] set_robust_list(0x55555d962760, 24 [pid 7553] <... futex resumed>) = 1 [pid 7552] <... futex resumed>) = 0 [pid 7550] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = 1 [pid 7570] <... set_robust_list resumed>) = 0 [pid 7553] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7552] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7549] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7570 [pid 7570] chdir("./40" [pid 7552] <... futex resumed>) = 0 [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7570] <... chdir resumed>) = 0 [pid 7553] <... openat resumed>) = 4 [pid 7570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 335.963060][ T7553] XFS (loop0): Starting recovery (logdev: internal) [ 335.981841][ T7553] XFS (loop0): Ending recovery (logdev: internal) [ 335.991950][ T7550] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 336.003631][ T7550] XFS (loop3): Unmount and run xfs_repair [pid 7553] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] setpgid(0, 0) = 0 [pid 7570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7553] <... futex resumed>) = 1 [pid 7552] <... futex resumed>) = 0 [pid 7570] write(3, "1000", 4 [pid 7553] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7552] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] <... write resumed>) = 4 [pid 7553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7552] <... futex resumed>) = 0 [pid 7570] close(3 [pid 7553] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7570] <... close resumed>) = 0 [pid 7570] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7570] write(1, "executing program\n", 18) = 18 [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7570] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7553] <... pwritev2 resumed>) = 65007 [pid 7553] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7553] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7552] <... futex resumed>) = 0 [pid 7552] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7553] <... futex resumed>) = 0 [pid 7552] <... futex resumed>) = 1 [pid 7553] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 336.038678][ T7550] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 336.051970][ T7550] CPU: 0 UID: 0 PID: 7550 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 336.051995][ T7550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.052007][ T7550] Call Trace: [ 336.052016][ T7550] [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7553] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7553] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7553] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7571 attached [pid 7552] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7571] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7570] <... clone3 resumed> => {parent_tid=[7571]}, 88) = 7571 [pid 7552] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7571] <... rseq resumed>) = 0 [pid 7570] rt_sigprocmask(SIG_SETMASK, [], [pid 7553] <... futex resumed>) = 0 [pid 7552] <... futex resumed>) = 1 [pid 7571] set_robust_list(0x7f3cdbf259a0, 24 [pid 7570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7553] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7552] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7571] <... set_robust_list resumed>) = 0 [pid 7570] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7571] rt_sigprocmask(SIG_SETMASK, [], [pid 7570] <... futex resumed>) = 0 [pid 7571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7571] memfd_create("syzkaller", 0 [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7571] <... memfd_create resumed>) = 3 [pid 7571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 336.052024][ T7550] dump_stack_lvl+0x189/0x250 [ 336.052052][ T7550] ? __pfx__xfs_alert_tag+0x10/0x10 [ 336.052083][ T7550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.052123][ T7550] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 336.052179][ T7550] xfs_corruption_error+0x122/0x170 [ 336.052226][ T7550] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 336.052267][ T7550] xfs_alloc_fixup_trees+0x95e/0xd20 [ 336.052309][ T7550] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 336.052355][ T7550] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 336.052391][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.052424][ T7550] ? rcu_is_watching+0x15/0xb0 [ 336.052459][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.052490][ T7550] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 336.052526][ T7550] ? rcu_is_watching+0x15/0xb0 [ 336.052574][ T7550] xfs_alloc_cur_finish+0xd3/0x4b0 [ 336.052610][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.052646][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.052683][ T7550] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 336.052749][ T7550] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 336.052783][ T7550] ? xfs_group_grab+0x28/0x480 [ 336.052830][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.052865][ T7550] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 336.052906][ T7550] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 336.052963][ T7550] xfs_alloc_vextent_start_ag+0x388/0x850 [ 336.053013][ T7550] xfs_bmapi_allocate+0x188e/0x2e00 [ 336.053085][ T7550] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 336.053125][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.053186][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.053219][ T7550] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 336.053248][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.053281][ T7550] ? xfs_iext_prev+0x35a/0x370 [ 336.053332][ T7550] ? xfs_iext_get_extent+0x1bb/0x370 [ 336.053366][ T7550] xfs_bmapi_write+0x7df/0x1260 [ 336.053425][ T7550] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 336.053503][ T7550] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 336.053547][ T7550] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 336.053578][ T7550] ? kasan_save_track+0x4f/0x80 [pid 7550] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7550] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7550] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] exit_group(0) = ? [pid 7550] <... futex resumed>) = ? [pid 7550] +++ exited with 0 +++ [pid 7549] +++ exited with 0 +++ [pid 7552] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7549, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=136 /* 1.36 s */} --- [pid 5874] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 336.053605][ T7550] ? kasan_save_track+0x3e/0x80 [ 336.053629][ T7550] ? kasan_save_free_info+0x46/0x50 [ 336.053667][ T7550] ? kmem_cache_free+0x18f/0x400 [ 336.053696][ T7550] ? __xfs_trans_commit+0x3e0/0xbd0 [ 336.053721][ T7550] ? xfs_trans_roll+0x130/0x450 [ 336.053745][ T7550] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 336.053785][ T7550] xfs_attr_set_iter+0x2d4/0x4b70 [ 336.053821][ T7550] ? filename_setxattr+0x274/0x600 [ 336.053855][ T7550] ? path_setxattrat+0x364/0x3a0 [ 336.053877][ T7550] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 336.053930][ T7550] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 336.053987][ T7550] ? kasan_quarantine_put+0xdd/0x220 [ 336.054014][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054041][ T7550] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.054083][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054117][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054146][ T7550] ? kmem_cache_free+0x18f/0x400 [ 336.054175][ T7550] ? __xfs_trans_commit+0x3e0/0xbd0 [ 336.054207][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054235][ T7550] ? __xfs_trans_commit+0x4c7/0xbd0 [ 336.054279][ T7550] xfs_attr_finish_item+0xed/0x320 [ 336.054333][ T7550] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 336.054371][ T7550] xfs_defer_finish_one+0x5c8/0xcf0 [ 336.054433][ T7550] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 336.054483][ T7550] xfs_defer_finish_noroll+0x910/0x12d0 [ 336.054524][ T7550] ? xfs_trans_commit+0x10b/0x1c0 [ 336.054557][ T7550] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 336.054592][ T7550] ? inode_set_ctime_current+0x740/0xb40 [ 336.054640][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054669][ T7550] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 336.054710][ T7550] xfs_trans_commit+0x10b/0x1c0 [ 336.054737][ T7550] ? __pfx_xfs_trans_commit+0x10/0x10 [ 336.054769][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054798][ T7550] ? xfs_trans_log_inode+0x12c/0x1a0 [ 336.054838][ T7550] xfs_attr_set+0xdc6/0x1210 [ 336.054888][ T7550] ? __pfx_xfs_attr_set+0x10/0x10 [ 336.054923][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.054952][ T7550] ? __lock_acquire+0xab9/0xd20 [pid 7571] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7552] exit_group(0) = ? [pid 7571] <... write resumed>) = 16777216 [ 336.054989][ T7550] ? xfs_da_hashname+0x59d/0x740 [ 336.055022][ T7550] ? do_raw_spin_lock+0x121/0x290 [ 336.055065][ T7550] ? xfs_attr_change+0x2ac/0x390 [ 336.055099][ T7550] xfs_xattr_set+0x14d/0x250 [ 336.055132][ T7550] ? __pfx_xfs_xattr_set+0x10/0x10 [ 336.055177][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.055206][ T7550] ? evm_protect_xattr+0x4d4/0xa90 [ 336.055233][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.055262][ T7550] ? rcu_is_watching+0x15/0xb0 [pid 7571] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7571] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 336.055306][ T7550] ? __pfx_evm_protect_xattr+0x10/0x10 [ 336.055336][ T7550] ? __pfx_xfs_xattr_set+0x10/0x10 [ 336.055364][ T7550] __vfs_setxattr+0x43c/0x480 [ 336.055414][ T7550] __vfs_setxattr_noperm+0x12d/0x660 [ 336.055458][ T7550] vfs_setxattr+0x16b/0x2f0 [ 336.055501][ T7550] ? __pfx_vfs_setxattr+0x10/0x10 [ 336.055531][ T7550] ? mnt_get_write_access+0x223/0x2a0 [ 336.055563][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.055595][ T7550] filename_setxattr+0x274/0x600 [ 336.055639][ T7550] ? __pfx_filename_setxattr+0x10/0x10 [pid 7571] ioctl(4, LOOP_SET_FD, 3) = 0 [ 336.055676][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.055703][ T7550] ? getname_flags+0x1e5/0x540 [ 336.055743][ T7550] path_setxattrat+0x364/0x3a0 [ 336.055780][ T7550] ? __pfx_path_setxattrat+0x10/0x10 [ 336.055844][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.055871][ T7550] ? rcu_is_watching+0x15/0xb0 [ 336.055907][ T7550] __x64_sys_lsetxattr+0xbf/0xe0 [ 336.055948][ T7550] do_syscall_64+0xfa/0x3b0 [ 336.055974][ T7550] ? lockdep_hardirqs_on+0x9c/0x150 [pid 7571] close(3 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./40/file1", [pid 7571] <... close resumed>) = 0 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7571] close(4 [pid 5874] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7571] <... close resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7571] mkdir("./file1", 0777 [pid 5874] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7571] <... mkdir resumed>) = 0 [pid 5874] <... openat resumed>) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./40/file1" [pid 7571] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... rmdir resumed>) = 0 [pid 5874] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./40/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./40") = 0 [pid 5874] mkdir("./41", 0777) = 0 [ 336.056011][ T7550] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.056034][ T7550] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.056061][ T7550] ? exc_page_fault+0x9f/0xf0 [ 336.056101][ T7550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.056126][ T7550] RIP: 0033:0x7f3cdbf794f9 [ 336.056147][ T7550] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 336.056170][ T7550] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 336.056197][ T7550] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 336.056216][ T7550] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 336.056235][ T7550] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 336.056252][ T7550] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 336.056270][ T7550] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 336.056319][ T7550] [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 336.056384][ T7550] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 336.079077][ T7553] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 336.079132][ T7553] XFS (loop0): Unmount and run xfs_repair [ 336.084773][ T7550] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 336.119684][ T7553] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 336.122086][ T7550] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 336.150449][ T7553] CPU: 1 UID: 0 PID: 7553 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 336.150482][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.150497][ T7553] Call Trace: [ 336.150509][ T7553] [ 336.150520][ T7553] dump_stack_lvl+0x189/0x250 [ 336.150554][ T7553] ? __pfx__xfs_alert_tag+0x10/0x10 [ 336.150591][ T7553] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.150626][ T7553] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 336.150672][ T7553] xfs_corruption_error+0x122/0x170 [ 336.150711][ T7553] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 336.150746][ T7553] xfs_alloc_fixup_trees+0x95e/0xd20 [ 336.150775][ T7553] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 336.150816][ T7553] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 336.150846][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.150874][ T7553] ? rcu_is_watching+0x15/0xb0 [ 336.150905][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.150932][ T7553] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 336.150963][ T7553] ? rcu_is_watching+0x15/0xb0 [ 336.151002][ T7553] xfs_alloc_cur_finish+0xd3/0x4b0 [ 336.151032][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151070][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151104][ T7553] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 336.151161][ T7553] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 336.151190][ T7553] ? xfs_group_grab+0x28/0x480 [ 336.151226][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151254][ T7553] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 336.151287][ T7553] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 336.151335][ T7553] xfs_alloc_vextent_start_ag+0x388/0x850 [ 336.151374][ T7553] xfs_bmapi_allocate+0x188e/0x2e00 [ 336.151438][ T7553] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 336.151469][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151519][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151546][ T7553] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7575 attached , child_tidptr=0x55555d962750) = 7575 [ 336.151569][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.151597][ T7553] ? xfs_iext_prev+0x35a/0x370 [ 336.151634][ T7553] ? xfs_iext_get_extent+0x1bb/0x370 [ 336.151665][ T7553] xfs_bmapi_write+0x7df/0x1260 [ 336.151724][ T7553] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 336.151801][ T7553] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 336.151841][ T7553] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 336.151871][ T7553] ? kasan_save_track+0x4f/0x80 [ 336.151897][ T7553] ? kasan_save_track+0x3e/0x80 [ 336.151921][ T7553] ? kasan_save_free_info+0x46/0x50 [pid 7575] set_robust_list(0x55555d962760, 24) = 0 [pid 7575] chdir("./41") = 0 [pid 7575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7553] <... lsetxattr resumed>) = ? [pid 7553] +++ exited with 0 +++ [pid 7552] +++ exited with 0 +++ [pid 7575] setpgid(0, 0) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7552, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=124 /* 1.24 s */} --- [ 336.151958][ T7553] ? kmem_cache_free+0x18f/0x400 [ 336.151986][ T7553] ? __xfs_trans_commit+0x3e0/0xbd0 [ 336.152010][ T7553] ? xfs_trans_roll+0x130/0x450 [ 336.152034][ T7553] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 336.152079][ T7553] xfs_attr_set_iter+0x2d4/0x4b70 [ 336.152112][ T7553] ? filename_setxattr+0x274/0x600 [ 336.152145][ T7553] ? path_setxattrat+0x364/0x3a0 [ 336.152166][ T7553] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 336.152217][ T7553] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 7575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7575] <... openat resumed>) = 3 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7575] write(3, "1000", 4 [pid 5871] getdents64(3, [pid 7575] <... write resumed>) = 4 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 7575] close(3) = 0 [pid 5871] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7575] write(1, "executing program\n", 18executing program ) = 18 [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7575] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7575] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 336.152273][ T7553] ? kasan_quarantine_put+0xdd/0x220 [ 336.152298][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.152326][ T7553] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.152365][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.152399][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.152426][ T7553] ? kmem_cache_free+0x18f/0x400 [ 336.152453][ T7553] ? __xfs_trans_commit+0x3e0/0xbd0 [ 336.152484][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.152512][ T7553] ? __xfs_trans_commit+0x4c7/0xbd0 [pid 7575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7578 attached => {parent_tid=[7578]}, 88) = 7578 [pid 7578] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7575] rt_sigprocmask(SIG_SETMASK, [], [pid 7578] <... rseq resumed>) = 0 [pid 7575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7578] set_robust_list(0x7f3cdbf259a0, 24 [pid 7575] <... futex resumed>) = 0 [pid 7578] <... set_robust_list resumed>) = 0 [pid 7578] rt_sigprocmask(SIG_SETMASK, [], [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7578] memfd_create("syzkaller", 0) = 3 [pid 7578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 336.152538][ T7553] ? xfs_trans_dup+0xc3/0x5f0 [ 336.152577][ T7553] xfs_attr_finish_item+0xed/0x320 [ 336.152616][ T7553] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 336.152652][ T7553] xfs_defer_finish_one+0x5c8/0xcf0 [ 336.152711][ T7553] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 336.152759][ T7553] xfs_defer_finish_noroll+0x910/0x12d0 [ 336.152798][ T7553] ? xfs_trans_commit+0x10b/0x1c0 [ 336.152830][ T7553] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 336.152862][ T7553] ? inode_set_ctime_current+0x740/0xb40 [ 336.152909][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.152936][ T7553] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 336.152975][ T7553] xfs_trans_commit+0x10b/0x1c0 [ 336.153001][ T7553] ? __pfx_xfs_trans_commit+0x10/0x10 [ 336.153033][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153067][ T7553] ? xfs_trans_log_inode+0x12c/0x1a0 [ 336.153106][ T7553] xfs_attr_set+0xdc6/0x1210 [ 336.153154][ T7553] ? __pfx_xfs_attr_set+0x10/0x10 [ 336.153187][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153214][ T7553] ? __lock_acquire+0xab9/0xd20 [ 336.153250][ T7553] ? xfs_da_hashname+0x59d/0x740 [ 336.153282][ T7553] ? do_raw_spin_lock+0x121/0x290 [ 336.153323][ T7553] ? xfs_attr_change+0x2ac/0x390 [ 336.153357][ T7553] xfs_xattr_set+0x14d/0x250 [ 336.153389][ T7553] ? __pfx_xfs_xattr_set+0x10/0x10 [ 336.153433][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153461][ T7553] ? evm_protect_xattr+0x4d4/0xa90 [ 336.153487][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153514][ T7553] ? rcu_is_watching+0x15/0xb0 [ 336.153547][ T7553] ? __pfx_evm_protect_xattr+0x10/0x10 [ 336.153575][ T7553] ? __pfx_xfs_xattr_set+0x10/0x10 [ 336.153602][ T7553] __vfs_setxattr+0x43c/0x480 [ 336.153650][ T7553] __vfs_setxattr_noperm+0x12d/0x660 [ 336.153693][ T7553] vfs_setxattr+0x16b/0x2f0 [ 336.153735][ T7553] ? __pfx_vfs_setxattr+0x10/0x10 [ 336.153764][ T7553] ? mnt_get_write_access+0x223/0x2a0 [ 336.153794][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153828][ T7553] filename_setxattr+0x274/0x600 [ 336.153874][ T7553] ? __pfx_filename_setxattr+0x10/0x10 [ 336.153912][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.153939][ T7553] ? getname_flags+0x1e5/0x540 [ 336.153980][ T7553] path_setxattrat+0x364/0x3a0 [ 336.154016][ T7553] ? __pfx_path_setxattrat+0x10/0x10 [ 336.154090][ T7553] ? srso_alias_return_thunk+0x5/0xfbef5 [ 336.154118][ T7553] ? rcu_is_watching+0x15/0xb0 [ 336.154154][ T7553] __x64_sys_lsetxattr+0xbf/0xe0 [ 336.154194][ T7553] do_syscall_64+0xfa/0x3b0 [ 336.154221][ T7553] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.154244][ T7553] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 336.154277][ T7553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.154300][ T7553] RIP: 0033:0x7f3cdbf794f9 [ 336.154323][ T7553] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 336.154344][ T7553] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 336.154369][ T7553] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 336.154387][ T7553] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 336.154405][ T7553] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 336.154421][ T7553] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 336.154438][ T7553] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 336.154476][ T7553] [ 336.154487][ T7553] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 336.590458][ T7571] loop2: detected capacity change from 0 to 32768 [ 336.600828][ T7553] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 336.606111][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 336.610323][ T7553] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 336.652433][ T7571] XFS: noikeep mount option is deprecated. [ 337.063022][ T7571] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 337.549919][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7578] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5871] <... umount2 resumed>) = 0 [pid 7578] munmap(0x7f3cd3a00000, 138412032 [pid 5871] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./39/file1") = 0 [pid 5871] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./39/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./39") = 0 [pid 5871] mkdir("./40", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 337.611814][ T7571] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 337.649431][ T7571] XFS (loop2): Starting recovery (logdev: internal) [pid 5871] close(3 [pid 7578] <... munmap resumed>) = 0 [pid 7578] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7578] close(3) = 0 [pid 7578] close(4) = 0 [pid 7578] mkdir("./file1", 0777) = 0 [ 337.701707][ T7578] loop3: detected capacity change from 0 to 32768 [ 337.729637][ T7578] XFS: noikeep mount option is deprecated. [ 337.782926][ T7578] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7578] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7571] <... mount resumed>) = 0 [pid 7571] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7571] chdir("./file1") = 0 [pid 7571] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7571] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7570] <... futex resumed>) = 0 [pid 7570] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7571] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7570] <... futex resumed>) = 0 [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7571] <... openat resumed>) = 4 [pid 7571] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7571] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7570] <... futex resumed>) = 0 [pid 7570] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7571] <... futex resumed>) = 0 [ 337.861393][ T7571] XFS (loop2): Ending recovery (logdev: internal) [ 337.899716][ T7578] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7571] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7571] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7571] <... futex resumed>) = 1 [pid 7570] <... futex resumed>) = 0 [pid 7571] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7570] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7570] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7590 attached [pid 7571] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7590] set_robust_list(0x55555d962760, 24) = 0 [pid 7590] chdir("./40") = 0 [pid 7590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7590] setpgid(0, 0) = 0 executing program [pid 7590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7590] write(3, "1000", 4) = 4 [pid 7590] close(3) = 0 [pid 7590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7590] write(1, "executing program\n", 18) = 18 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7590] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7590] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7590 [pid 7590] <... rt_sigprocmask resumed>[], 8) = 0 [ 337.970577][ T7578] XFS (loop3): Starting recovery (logdev: internal) [ 337.983856][ T7571] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7591 attached => {parent_tid=[7591]}, 88) = 7591 [pid 7590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7590] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7591] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7590] <... futex resumed>) = 0 [pid 7591] <... rseq resumed>) = 0 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7591] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7591] memfd_create("syzkaller", 0) = 3 [pid 7591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7571] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7571] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7570] <... futex resumed>) = 0 [pid 7571] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7570] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7570] <... futex resumed>) = 0 [pid 7571] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 338.017017][ T7571] XFS (loop2): Unmount and run xfs_repair [ 338.048037][ T7571] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 338.074420][ T7571] CPU: 1 UID: 0 PID: 7571 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 338.074457][ T7571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.074473][ T7571] Call Trace: [ 338.074483][ T7571] [ 338.074494][ T7571] dump_stack_lvl+0x189/0x250 [ 338.074532][ T7571] ? __pfx__xfs_alert_tag+0x10/0x10 [ 338.074569][ T7571] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.074603][ T7571] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 338.074650][ T7571] xfs_corruption_error+0x122/0x170 [ 338.074689][ T7571] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 338.074723][ T7571] xfs_alloc_fixup_trees+0x95e/0xd20 [ 338.074751][ T7571] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 338.074792][ T7571] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 338.074822][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.074851][ T7571] ? rcu_is_watching+0x15/0xb0 [ 338.074881][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.074909][ T7571] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 338.074940][ T7571] ? rcu_is_watching+0x15/0xb0 [ 338.074979][ T7571] xfs_alloc_cur_finish+0xd3/0x4b0 [ 338.075009][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075039][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075080][ T7571] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 338.075137][ T7571] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 338.075166][ T7571] ? xfs_group_grab+0x28/0x480 [ 338.075202][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075230][ T7571] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 338.075263][ T7571] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 338.075311][ T7571] xfs_alloc_vextent_start_ag+0x388/0x850 [ 338.075350][ T7571] xfs_bmapi_allocate+0x188e/0x2e00 [ 338.075414][ T7571] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 338.075446][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075496][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075524][ T7571] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 338.075548][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.075575][ T7571] ? xfs_iext_prev+0x35a/0x370 [ 338.075613][ T7571] ? xfs_iext_get_extent+0x1bb/0x370 [ 338.075643][ T7571] xfs_bmapi_write+0x7df/0x1260 [ 338.075702][ T7571] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 338.075779][ T7571] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 338.075820][ T7571] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 338.075850][ T7571] ? kasan_save_track+0x4f/0x80 [ 338.075876][ T7571] ? kasan_save_track+0x3e/0x80 [ 338.075900][ T7571] ? kasan_save_free_info+0x46/0x50 [ 338.075937][ T7571] ? kmem_cache_free+0x18f/0x400 [ 338.075965][ T7571] ? __xfs_trans_commit+0x3e0/0xbd0 [ 338.075990][ T7571] ? xfs_trans_roll+0x130/0x450 [ 338.076014][ T7571] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 338.076052][ T7571] xfs_attr_set_iter+0x2d4/0x4b70 [ 338.076089][ T7571] ? filename_setxattr+0x274/0x600 [ 338.076123][ T7571] ? path_setxattrat+0x364/0x3a0 [ 338.076142][ T7571] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 338.076194][ T7571] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 338.076250][ T7571] ? kasan_quarantine_put+0xdd/0x220 [ 338.076276][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.076305][ T7571] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.076346][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.076383][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.076411][ T7571] ? kmem_cache_free+0x18f/0x400 [ 338.076440][ T7571] ? __xfs_trans_commit+0x3e0/0xbd0 [ 338.076471][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.076499][ T7571] ? __xfs_trans_commit+0x4c7/0xbd0 [ 338.076542][ T7571] xfs_attr_finish_item+0xed/0x320 [ 338.076582][ T7571] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 338.076619][ T7571] xfs_defer_finish_one+0x5c8/0xcf0 [ 338.076678][ T7571] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 338.076726][ T7571] xfs_defer_finish_noroll+0x910/0x12d0 [ 338.076770][ T7571] ? xfs_trans_commit+0x10b/0x1c0 [ 338.076801][ T7571] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 338.076835][ T7571] ? inode_set_ctime_current+0x740/0xb40 [ 338.076885][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.076912][ T7571] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 338.076953][ T7571] xfs_trans_commit+0x10b/0x1c0 [ 338.076980][ T7571] ? __pfx_xfs_trans_commit+0x10/0x10 [ 338.077011][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077039][ T7571] ? xfs_trans_log_inode+0x12c/0x1a0 [ 338.077086][ T7571] xfs_attr_set+0xdc6/0x1210 [ 338.077135][ T7571] ? __pfx_xfs_attr_set+0x10/0x10 [ 338.077168][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077196][ T7571] ? __lock_acquire+0xab9/0xd20 [ 338.077233][ T7571] ? xfs_da_hashname+0x59d/0x740 [ 338.077264][ T7571] ? do_raw_spin_lock+0x121/0x290 [ 338.077306][ T7571] ? xfs_attr_change+0x2ac/0x390 [ 338.077339][ T7571] xfs_xattr_set+0x14d/0x250 [ 338.077371][ T7571] ? __pfx_xfs_xattr_set+0x10/0x10 [ 338.077415][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077443][ T7571] ? evm_protect_xattr+0x4d4/0xa90 [ 338.077469][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077497][ T7571] ? rcu_is_watching+0x15/0xb0 [ 338.077529][ T7571] ? __pfx_evm_protect_xattr+0x10/0x10 [ 338.077561][ T7571] ? __pfx_xfs_xattr_set+0x10/0x10 [ 338.077588][ T7571] __vfs_setxattr+0x43c/0x480 [ 338.077637][ T7571] __vfs_setxattr_noperm+0x12d/0x660 [ 338.077680][ T7571] vfs_setxattr+0x16b/0x2f0 [ 338.077721][ T7571] ? __pfx_vfs_setxattr+0x10/0x10 [ 338.077751][ T7571] ? mnt_get_write_access+0x223/0x2a0 [ 338.077782][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077815][ T7571] filename_setxattr+0x274/0x600 [ 338.077862][ T7571] ? __pfx_filename_setxattr+0x10/0x10 [ 338.077900][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.077927][ T7571] ? getname_flags+0x1e5/0x540 [ 338.077968][ T7571] path_setxattrat+0x364/0x3a0 [ 338.078004][ T7571] ? __pfx_path_setxattrat+0x10/0x10 [ 338.078075][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.078103][ T7571] ? rcu_is_watching+0x15/0xb0 [ 338.078139][ T7571] __x64_sys_lsetxattr+0xbf/0xe0 [ 338.078179][ T7571] do_syscall_64+0xfa/0x3b0 [ 338.078205][ T7571] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.078243][ T7571] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.078266][ T7571] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.078294][ T7571] ? exc_page_fault+0x9f/0xf0 [ 338.078334][ T7571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.078358][ T7571] RIP: 0033:0x7f3cdbf794f9 [ 338.078380][ T7571] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 338.078402][ T7571] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 338.078429][ T7571] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 338.078448][ T7571] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 338.078466][ T7571] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 338.078482][ T7571] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 338.078498][ T7571] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 338.078536][ T7571] [pid 7570] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7591] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7570] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7571] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7571] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] exit_group(0) = ? [pid 7571] +++ exited with 0 +++ [pid 7570] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7570, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=87 /* 0.87 s */} --- [pid 5873] restart_syscall(<... resuming interrupted clone ...> [pid 7578] <... mount resumed>) = 0 [pid 5873] <... restart_syscall resumed>) = 0 [pid 7578] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5873] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7578] <... openat resumed>) = 3 [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7578] chdir("./file1") = 0 [pid 5873] <... openat resumed>) = 3 [pid 7578] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5873] newfstatat(3, "", [pid 7578] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7575] <... futex resumed>) = 0 [pid 7578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7575] <... futex resumed>) = 0 [pid 7578] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7578] <... openat resumed>) = 4 [pid 7578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7575] <... futex resumed>) = 0 [pid 7578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7578] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [ 338.813840][ T7571] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 338.824464][ T7571] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 338.841912][ T7571] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 338.854371][ T7578] XFS (loop3): Ending recovery (logdev: internal) [pid 7575] <... futex resumed>) = 0 [pid 7578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7578] <... futex resumed>) = 0 [pid 7575] <... futex resumed>) = 1 [pid 7578] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... umount2 resumed>) = 0 [pid 7591] <... write resumed>) = 16777216 [pid 7578] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7591] munmap(0x7f3cd3a00000, 138412032 [pid 7578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7578] <... futex resumed>) = 0 [pid 7575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7578] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7575] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] newfstatat(AT_FDCWD, "./40/file1", [pid 7578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7575] <... futex resumed>) = 0 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 338.896968][ T7578] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 338.910434][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 338.923210][ T7578] XFS (loop3): Unmount and run xfs_repair [pid 7578] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7575] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7591] <... munmap resumed>) = 0 [pid 7591] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./40/file1" [pid 7591] <... openat resumed>) = 4 [pid 7591] ioctl(4, LOOP_SET_FD, 3 [pid 5873] <... rmdir resumed>) = 0 [pid 5873] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./40/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [ 338.968328][ T7578] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 338.987949][ T7578] CPU: 1 UID: 0 PID: 7578 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 338.987984][ T7578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.988000][ T7578] Call Trace: [pid 5873] rmdir("./40") = 0 [pid 5873] mkdir("./41", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 338.988015][ T7578] [ 338.988026][ T7578] dump_stack_lvl+0x189/0x250 [ 338.988069][ T7578] ? __pfx__xfs_alert_tag+0x10/0x10 [ 338.988107][ T7578] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.988141][ T7578] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 338.988187][ T7578] xfs_corruption_error+0x122/0x170 [ 338.988226][ T7578] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 338.988259][ T7578] xfs_alloc_fixup_trees+0x95e/0xd20 [ 338.988287][ T7578] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 5873] close(3 [pid 7591] <... ioctl resumed>) = 0 [pid 7591] close(3) = 0 [pid 7591] close(4) = 0 [pid 7591] mkdir("./file1", 0777) = 0 [pid 7575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 338.988328][ T7578] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 338.988360][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.988389][ T7578] ? rcu_is_watching+0x15/0xb0 [ 338.988419][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.988446][ T7578] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 338.988478][ T7578] ? rcu_is_watching+0x15/0xb0 [ 338.988518][ T7578] xfs_alloc_cur_finish+0xd3/0x4b0 [ 338.988548][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.988579][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.988613][ T7578] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 338.988670][ T7578] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 338.988701][ T7578] ? xfs_group_grab+0x28/0x480 [ 338.988738][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.988767][ T7578] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 338.988806][ T7578] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 338.988854][ T7578] xfs_alloc_vextent_start_ag+0x388/0x850 [ 338.988894][ T7578] xfs_bmapi_allocate+0x188e/0x2e00 [ 338.988960][ T7578] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 338.988994][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989050][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989084][ T7578] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 338.989107][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989135][ T7578] ? xfs_iext_prev+0x35a/0x370 [ 338.989173][ T7578] ? xfs_iext_get_extent+0x1bb/0x370 [ 338.989204][ T7578] xfs_bmapi_write+0x7df/0x1260 [ 338.989264][ T7578] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 338.989344][ T7578] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 338.989386][ T7578] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 338.989417][ T7578] ? kasan_save_track+0x4f/0x80 [ 338.989443][ T7578] ? kasan_save_track+0x3e/0x80 [ 338.989467][ T7578] ? kasan_save_free_info+0x46/0x50 [ 338.989504][ T7578] ? kmem_cache_free+0x18f/0x400 [ 338.989532][ T7578] ? __xfs_trans_commit+0x3e0/0xbd0 [ 338.989558][ T7578] ? xfs_trans_roll+0x130/0x450 [ 338.989582][ T7578] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 338.989622][ T7578] xfs_attr_set_iter+0x2d4/0x4b70 [ 338.989657][ T7578] ? filename_setxattr+0x274/0x600 [ 338.989689][ T7578] ? path_setxattrat+0x364/0x3a0 [ 338.989712][ T7578] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 338.989764][ T7578] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 338.989821][ T7578] ? kasan_quarantine_put+0xdd/0x220 [ 338.989848][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989877][ T7578] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.989920][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989955][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.989983][ T7578] ? kmem_cache_free+0x18f/0x400 [ 338.990012][ T7578] ? __xfs_trans_commit+0x3e0/0xbd0 [pid 7591] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... close resumed>) = 0 [ 338.990044][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.990081][ T7578] ? __xfs_trans_commit+0x4c7/0xbd0 [ 338.990125][ T7578] xfs_attr_finish_item+0xed/0x320 [ 338.990170][ T7578] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 338.990208][ T7578] xfs_defer_finish_one+0x5c8/0xcf0 [ 338.990266][ T7578] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 338.990313][ T7578] xfs_defer_finish_noroll+0x910/0x12d0 [ 338.990353][ T7578] ? xfs_trans_commit+0x10b/0x1c0 [ 338.990384][ T7578] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7592 attached [pid 7592] set_robust_list(0x55555d962760, 24 [pid 7578] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7592 [pid 7592] <... set_robust_list resumed>) = 0 [pid 7578] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7575] exit_group(0 [pid 7592] chdir("./41" [pid 7578] <... futex resumed>) = ? [pid 7592] <... chdir resumed>) = 0 [pid 7578] +++ exited with 0 +++ [pid 7575] <... exit_group resumed>) = ? [pid 7592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7592] setpgid(0, 0) = 0 [pid 7575] +++ exited with 0 +++ [pid 7592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7575, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- [pid 7592] <... openat resumed>) = 3 [pid 7592] write(3, "1000", 4) = 4 [pid 7592] close(3) = 0 [pid 7592] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7592] write(1, "executing program\n", 18) = 18 [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7592] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7592] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 338.990416][ T7578] ? inode_set_ctime_current+0x740/0xb40 [ 338.990462][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.990490][ T7578] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 338.990530][ T7578] xfs_trans_commit+0x10b/0x1c0 [ 338.990557][ T7578] ? __pfx_xfs_trans_commit+0x10/0x10 [ 338.990589][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.990617][ T7578] ? xfs_trans_log_inode+0x12c/0x1a0 [ 338.990627][ T7591] loop0: detected capacity change from 0 to 32768 [ 338.990656][ T7578] xfs_attr_set+0xdc6/0x1210 [pid 7592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 5874] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7592] <... clone3 resumed> => {parent_tid=[7601]}, 88) = 7601 [pid 5874] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7592] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... openat resumed>) = 3 [pid 7592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] newfstatat(3, "", [pid 7592] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7592] <... futex resumed>) = 0 [pid 5874] getdents64(3, [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7601 attached [pid 7601] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7601] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 338.990699][ T7578] ? __pfx_xfs_attr_set+0x10/0x10 [ 338.990732][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.990760][ T7578] ? __lock_acquire+0xab9/0xd20 [ 338.990796][ T7578] ? xfs_da_hashname+0x59d/0x740 [ 338.990826][ T7578] ? do_raw_spin_lock+0x121/0x290 [ 338.990868][ T7578] ? xfs_attr_change+0x2ac/0x390 [ 338.990902][ T7578] xfs_xattr_set+0x14d/0x250 [ 338.990934][ T7578] ? __pfx_xfs_xattr_set+0x10/0x10 [ 338.990978][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.991006][ T7578] ? evm_protect_xattr+0x4d4/0xa90 [pid 7601] memfd_create("syzkaller", 0) = 3 [pid 7601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 338.991033][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.991071][ T7578] ? rcu_is_watching+0x15/0xb0 [ 338.991104][ T7578] ? __pfx_evm_protect_xattr+0x10/0x10 [ 338.991132][ T7578] ? __pfx_xfs_xattr_set+0x10/0x10 [ 338.991159][ T7578] __vfs_setxattr+0x43c/0x480 [ 338.991208][ T7578] __vfs_setxattr_noperm+0x12d/0x660 [ 338.991251][ T7578] vfs_setxattr+0x16b/0x2f0 [ 338.991291][ T7578] ? __pfx_vfs_setxattr+0x10/0x10 [ 338.991321][ T7578] ? mnt_get_write_access+0x223/0x2a0 [ 338.991351][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.991385][ T7578] filename_setxattr+0x274/0x600 [ 338.991430][ T7578] ? __pfx_filename_setxattr+0x10/0x10 [ 338.991468][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.991496][ T7578] ? getname_flags+0x1e5/0x540 [ 338.991536][ T7578] path_setxattrat+0x364/0x3a0 [ 338.991572][ T7578] ? __pfx_path_setxattrat+0x10/0x10 [ 338.991637][ T7578] ? srso_alias_return_thunk+0x5/0xfbef5 [ 338.991664][ T7578] ? rcu_is_watching+0x15/0xb0 [ 338.991700][ T7578] __x64_sys_lsetxattr+0xbf/0xe0 [ 338.991739][ T7578] do_syscall_64+0xfa/0x3b0 [ 338.991767][ T7578] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.991790][ T7578] ? asm_common_interrupt+0x26/0x40 [ 338.991820][ T7578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.991844][ T7578] RIP: 0033:0x7f3cdbf794f9 [ 338.991866][ T7578] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 338.991887][ T7578] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 338.991912][ T7578] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 338.991931][ T7578] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 338.991949][ T7578] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 338.991964][ T7578] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 338.991981][ T7578] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 338.992019][ T7578] [ 338.992448][ T7578] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 339.090498][ T7591] XFS: noikeep mount option is deprecated. [ 339.341874][ T7578] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 339.353562][ T7591] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 339.357490][ T7578] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 339.379005][ T7591] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7601] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./41/file1") = 0 [pid 5874] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 339.723725][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 339.750979][ T7591] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] unlink("./41/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./41") = 0 [pid 5874] mkdir("./42", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7591] <... mount resumed>) = 0 [pid 7601] <... write resumed>) = 16777216 [pid 7591] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7591] chdir("./file1") = 0 [pid 7591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7591] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7590] <... futex resumed>) = 0 [pid 7591] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [ 339.799388][ T7591] XFS (loop0): Ending recovery (logdev: internal) [pid 7590] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] munmap(0x7f3cd3a00000, 138412032 [pid 7591] <... openat resumed>) = 4 [pid 7590] <... futex resumed>) = 0 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7591] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7590] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7591] <... futex resumed>) = 0 [pid 7590] <... futex resumed>) = 1 [pid 7591] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7591] <... pwritev2 resumed>) = 65007 [pid 7591] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7590] <... futex resumed>) = 0 [pid 7590] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7591] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7590] <... futex resumed>) = 0 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... munmap resumed>) = 0 [pid 7591] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7601] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7601] ioctl(4, LOOP_SET_FD, 3 [pid 7591] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7591] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7590] <... futex resumed>) = 0 [ 339.877877][ T7591] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 339.904758][ T7591] XFS (loop0): Unmount and run xfs_repair [ 339.918265][ T7601] loop2: detected capacity change from 0 to 32768 [pid 7590] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7591] <... futex resumed>) = 0 [pid 7590] <... futex resumed>) = 1 [pid 7591] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7590] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... ioctl resumed>) = 0 [pid 7601] close(3) = 0 [pid 7601] close(4) = 0 [ 339.930133][ T7591] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 339.953047][ T7591] CPU: 1 UID: 0 PID: 7591 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 339.953082][ T7591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 339.953098][ T7591] Call Trace: [ 339.953109][ T7591] [ 339.953119][ T7591] dump_stack_lvl+0x189/0x250 [ 339.953156][ T7591] ? __pfx__xfs_alert_tag+0x10/0x10 [ 339.953194][ T7591] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.953230][ T7591] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 339.953283][ T7591] xfs_corruption_error+0x122/0x170 [ 339.953322][ T7591] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 339.953357][ T7591] xfs_alloc_fixup_trees+0x95e/0xd20 [ 339.953394][ T7591] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 7601] mkdir("./file1", 0777 [pid 7590] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... close resumed>) = 0 [pid 7601] <... mkdir resumed>) = 0 [ 339.953436][ T7591] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 339.953467][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.953496][ T7591] ? rcu_is_watching+0x15/0xb0 [ 339.953526][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.953554][ T7591] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 339.953586][ T7591] ? rcu_is_watching+0x15/0xb0 [ 339.953625][ T7591] xfs_alloc_cur_finish+0xd3/0x4b0 [ 339.953655][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.953686][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7601] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7606 attached , child_tidptr=0x55555d962750) = 7606 [pid 7606] set_robust_list(0x55555d962760, 24) = 0 [ 339.953720][ T7591] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 339.953779][ T7591] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 339.953808][ T7591] ? xfs_group_grab+0x28/0x480 [ 339.953845][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.953874][ T7591] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 339.953908][ T7591] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 339.953956][ T7591] xfs_alloc_vextent_start_ag+0x388/0x850 [ 339.953995][ T7591] xfs_bmapi_allocate+0x188e/0x2e00 [ 339.954060][ T7591] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [pid 7606] chdir("./42") = 0 [pid 7606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7606] setpgid(0, 0) = 0 [pid 7606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7606] write(3, "1000", 4) = 4 [pid 7606] close(3) = 0 [pid 7606] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7606] write(1, "executing program\n", 18) = 18 [pid 7606] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 339.954094][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.954144][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.954172][ T7591] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 339.954197][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.954225][ T7591] ? xfs_iext_prev+0x35a/0x370 [ 339.954263][ T7591] ? xfs_iext_get_extent+0x1bb/0x370 [ 339.954294][ T7591] xfs_bmapi_write+0x7df/0x1260 [ 339.954354][ T7591] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 339.954440][ T7591] xfs_attr_rmtval_set_blk+0x15b/0x320 [pid 7606] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7611 attached [pid 7611] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7606] <... clone3 resumed> => {parent_tid=[7611]}, 88) = 7611 [pid 7611] <... rseq resumed>) = 0 [pid 7606] rt_sigprocmask(SIG_SETMASK, [], [pid 7611] set_robust_list(0x7f3cdbf259a0, 24 [pid 7606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7611] <... set_robust_list resumed>) = 0 [pid 7611] rt_sigprocmask(SIG_SETMASK, [], [pid 7606] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7606] <... futex resumed>) = 0 [pid 7611] memfd_create("syzkaller", 0 [pid 7606] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7611] <... memfd_create resumed>) = 3 [pid 7611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 339.954481][ T7591] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 339.954512][ T7591] ? kasan_save_track+0x4f/0x80 [ 339.954539][ T7591] ? kasan_save_track+0x3e/0x80 [ 339.954563][ T7591] ? kasan_save_free_info+0x46/0x50 [ 339.954601][ T7591] ? kmem_cache_free+0x18f/0x400 [ 339.954630][ T7591] ? __xfs_trans_commit+0x3e0/0xbd0 [ 339.954655][ T7591] ? xfs_trans_roll+0x130/0x450 [ 339.954680][ T7591] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 339.954720][ T7591] xfs_attr_set_iter+0x2d4/0x4b70 [ 339.954756][ T7591] ? filename_setxattr+0x274/0x600 [pid 7591] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7591] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7591] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7590] exit_group(0 [pid 7591] <... futex resumed>) = ? [ 339.954790][ T7591] ? path_setxattrat+0x364/0x3a0 [ 339.954812][ T7591] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 339.954865][ T7591] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 339.954922][ T7591] ? kasan_quarantine_put+0xdd/0x220 [ 339.954949][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.954978][ T7591] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.955018][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955054][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955082][ T7591] ? kmem_cache_free+0x18f/0x400 [pid 7590] <... exit_group resumed>) = ? [pid 7591] +++ exited with 0 +++ [pid 7590] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7590, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=103 /* 1.03 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 339.955110][ T7591] ? __xfs_trans_commit+0x3e0/0xbd0 [ 339.955142][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955170][ T7591] ? __xfs_trans_commit+0x4c7/0xbd0 [ 339.955213][ T7591] xfs_attr_finish_item+0xed/0x320 [ 339.955254][ T7591] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 339.955291][ T7591] xfs_defer_finish_one+0x5c8/0xcf0 [ 339.955351][ T7591] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 339.955410][ T7591] xfs_defer_finish_noroll+0x910/0x12d0 [ 339.955450][ T7591] ? xfs_trans_commit+0x10b/0x1c0 [ 339.955484][ T7591] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 339.955518][ T7591] ? inode_set_ctime_current+0x740/0xb40 [ 339.955567][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955595][ T7591] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 339.955635][ T7591] xfs_trans_commit+0x10b/0x1c0 [ 339.955662][ T7591] ? __pfx_xfs_trans_commit+0x10/0x10 [ 339.955695][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955724][ T7591] ? xfs_trans_log_inode+0x12c/0x1a0 [ 339.955764][ T7591] xfs_attr_set+0xdc6/0x1210 [ 339.955813][ T7591] ? __pfx_xfs_attr_set+0x10/0x10 [pid 5871] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 339.955848][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.955876][ T7591] ? __lock_acquire+0xab9/0xd20 [ 339.955913][ T7591] ? xfs_da_hashname+0x59d/0x740 [ 339.955946][ T7591] ? do_raw_spin_lock+0x121/0x290 [ 339.955990][ T7591] ? xfs_attr_change+0x2ac/0x390 [ 339.956026][ T7591] xfs_xattr_set+0x14d/0x250 [ 339.956058][ T7591] ? __pfx_xfs_xattr_set+0x10/0x10 [ 339.956104][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.956133][ T7591] ? evm_protect_xattr+0x4d4/0xa90 [ 339.956160][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.956188][ T7591] ? rcu_is_watching+0x15/0xb0 [ 339.956222][ T7591] ? __pfx_evm_protect_xattr+0x10/0x10 [ 339.956250][ T7591] ? __pfx_xfs_xattr_set+0x10/0x10 [ 339.956278][ T7591] __vfs_setxattr+0x43c/0x480 [ 339.956327][ T7591] __vfs_setxattr_noperm+0x12d/0x660 [ 339.956378][ T7591] vfs_setxattr+0x16b/0x2f0 [ 339.956420][ T7591] ? __pfx_vfs_setxattr+0x10/0x10 [ 339.956450][ T7591] ? mnt_get_write_access+0x223/0x2a0 [ 339.956480][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.956514][ T7591] filename_setxattr+0x274/0x600 [ 339.956562][ T7591] ? __pfx_filename_setxattr+0x10/0x10 [ 339.956602][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.956631][ T7591] ? getname_flags+0x1e5/0x540 [ 339.956673][ T7591] path_setxattrat+0x364/0x3a0 [ 339.956711][ T7591] ? __pfx_path_setxattrat+0x10/0x10 [ 339.956782][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.956811][ T7591] ? rcu_is_watching+0x15/0xb0 [ 339.956848][ T7591] __x64_sys_lsetxattr+0xbf/0xe0 [ 339.956888][ T7591] do_syscall_64+0xfa/0x3b0 [ 339.956912][ T7591] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.956950][ T7591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.956974][ T7591] ? srso_alias_return_thunk+0x5/0xfbef5 [ 339.957002][ T7591] ? exc_page_fault+0x9f/0xf0 [ 339.957042][ T7591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.957067][ T7591] RIP: 0033:0x7f3cdbf794f9 [ 339.957088][ T7591] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7611] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 339.957110][ T7591] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 339.957136][ T7591] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 339.957155][ T7591] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 339.957174][ T7591] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 339.957190][ T7591] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 339.957208][ T7591] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 339.957247][ T7591] [pid 7611] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7611] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 340.041989][ T7601] XFS: noikeep mount option is deprecated. [ 340.058763][ T7591] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 340.139799][ T7601] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 340.145631][ T7591] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 340.168996][ T7601] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7601] <... mount resumed>) = 0 [pid 7601] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7611] close(3 [pid 7601] <... openat resumed>) = 3 [pid 7611] <... close resumed>) = 0 [pid 7601] chdir("./file1" [pid 7611] close(4 [pid 7601] <... chdir resumed>) = 0 [pid 7611] <... close resumed>) = 0 [pid 7601] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7611] mkdir("./file1", 0777 [pid 7601] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7611] <... mkdir resumed>) = 0 [pid 7601] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 340.202234][ T7591] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 340.225075][ T7601] XFS (loop2): Starting recovery (logdev: internal) [ 340.684761][ T7611] loop3: detected capacity change from 0 to 32768 [ 340.702117][ T7601] XFS (loop2): Ending recovery (logdev: internal) [ 340.705943][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7611] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7592] <... futex resumed>) = 0 [pid 7592] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] <... futex resumed>) = 0 [pid 7601] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... openat resumed>) = 4 [pid 7601] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7601] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7592] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] <... futex resumed>) = 0 [pid 7601] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./40/file1") = 0 [pid 5871] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./40/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [ 340.735703][ T7611] XFS: noikeep mount option is deprecated. [pid 5871] rmdir("./40") = 0 [pid 7601] <... pwritev2 resumed>) = 65007 [pid 5871] mkdir("./41", 0777) = 0 [pid 7601] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7592] <... futex resumed>) = 0 [pid 7592] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7601] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7592] <... futex resumed>) = 0 [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 340.790471][ T7611] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 340.812728][ T7601] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 340.818706][ T7611] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] close(3 [pid 7601] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7601] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7592] <... futex resumed>) = 0 [pid 7592] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7601] <... futex resumed>) = 0 [pid 7592] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 340.836293][ T7601] XFS (loop2): Unmount and run xfs_repair [pid 7601] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7592] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 340.869870][ T7601] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 340.898599][ T7611] XFS (loop3): Starting recovery (logdev: internal) [ 340.937850][ T7601] CPU: 0 UID: 0 PID: 7601 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 340.937888][ T7601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 340.937904][ T7601] Call Trace: [ 340.937913][ T7601] [ 340.937925][ T7601] dump_stack_lvl+0x189/0x250 [ 340.937962][ T7601] ? __pfx__xfs_alert_tag+0x10/0x10 [ 340.938002][ T7601] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.938037][ T7601] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 5871] <... close resumed>) = 0 [ 340.938085][ T7601] xfs_corruption_error+0x122/0x170 [ 340.938126][ T7601] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 340.938162][ T7601] xfs_alloc_fixup_trees+0x95e/0xd20 [ 340.938191][ T7601] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 340.938233][ T7601] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 340.938265][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938294][ T7601] ? rcu_is_watching+0x15/0xb0 [ 340.938332][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938360][ T7601] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7620 ./strace-static-x86_64: Process 7620 attached [pid 7611] <... mount resumed>) = 0 [pid 7611] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7611] chdir("./file1") = 0 [pid 7620] set_robust_list(0x55555d962760, 24) = 0 [pid 7611] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7620] chdir("./41" [pid 7611] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7620] <... chdir resumed>) = 0 [pid 7611] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7620] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7611] <... futex resumed>) = 1 [ 340.938391][ T7601] ? rcu_is_watching+0x15/0xb0 [ 340.938431][ T7601] xfs_alloc_cur_finish+0xd3/0x4b0 [ 340.938460][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938490][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938524][ T7601] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 340.938581][ T7601] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 340.938610][ T7601] ? xfs_group_grab+0x28/0x480 [ 340.938647][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7620] <... prctl resumed>) = 0 [pid 7611] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7620] setpgid(0, 0) = 0 [pid 7620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7620] write(3, "1000", 4 [pid 7606] <... futex resumed>) = 0 [pid 7620] <... write resumed>) = 4 [pid 7606] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7620] close(3 [pid 7611] <... futex resumed>) = 0 [pid 7606] <... futex resumed>) = 1 [pid 7620] <... close resumed>) = 0 [pid 7611] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7606] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7620] write(1, "executing program\n", 18 [pid 7611] <... openat resumed>) = 4 executing program [pid 7611] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7620] <... write resumed>) = 18 [pid 7611] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7606] <... futex resumed>) = 0 [pid 7620] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7606] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7620] <... futex resumed>) = 0 [pid 7611] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7606] <... futex resumed>) = 0 [pid 7620] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7606] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7620] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7620] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 340.938674][ T7601] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 340.938708][ T7601] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 340.938755][ T7601] xfs_alloc_vextent_start_ag+0x388/0x850 [ 340.938795][ T7601] xfs_bmapi_allocate+0x188e/0x2e00 [ 340.938859][ T7601] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 340.938892][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938943][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.938971][ T7601] ? xfs_iext_lookup_extent+0x41e/0x7e0 [pid 7620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7621]}, 88) = 7621 [pid 7620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7611] <... pwritev2 resumed>) = 65007 [pid 7611] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7611] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7606] <... futex resumed>) = 0 [pid 7606] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7611] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040./strace-static-x86_64: Process 7621 attached [pid 7606] <... futex resumed>) = 0 [pid 7621] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7606] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7601] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7621] <... rseq resumed>) = 0 [pid 7601] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7592] exit_group(0 [pid 7621] set_robust_list(0x7f3cdbf259a0, 24 [pid 7601] <... futex resumed>) = -1 (errno 18446744073709551343) [pid 7621] <... set_robust_list resumed>) = 0 [pid 7601] +++ exited with 0 +++ [pid 7592] <... exit_group resumed>) = ? [pid 7621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 340.938995][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.939024][ T7601] ? xfs_iext_prev+0x35a/0x370 [ 340.939062][ T7601] ? xfs_iext_get_extent+0x1bb/0x370 [ 340.939094][ T7601] xfs_bmapi_write+0x7df/0x1260 [ 340.939153][ T7601] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 340.939232][ T7601] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 340.939273][ T7601] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 340.939308][ T7601] ? kasan_save_track+0x4f/0x80 [ 340.939334][ T7601] ? kasan_save_track+0x3e/0x80 [pid 7621] memfd_create("syzkaller", 0) = 3 [pid 7621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7592] +++ exited with 0 +++ [pid 7606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7606] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7606] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7622]}, 88) = 7622 [pid 7606] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7622 attached NULL, 8) = 0 [pid 7606] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7606] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7622] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7622] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 340.939359][ T7601] ? kasan_save_free_info+0x46/0x50 [ 340.939396][ T7601] ? kmem_cache_free+0x18f/0x400 [ 340.939425][ T7601] ? __xfs_trans_commit+0x3e0/0xbd0 [ 340.939450][ T7601] ? xfs_trans_roll+0x130/0x450 [ 340.939474][ T7601] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 340.939514][ T7601] xfs_attr_set_iter+0x2d4/0x4b70 [ 340.939548][ T7601] ? filename_setxattr+0x274/0x600 [ 340.939581][ T7601] ? path_setxattrat+0x364/0x3a0 [ 340.939603][ T7601] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 340.939655][ T7601] ? __pfx_xfs_attr_set_iter+0x10/0x10 [pid 7622] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7592, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=96 /* 0.96 s */} --- [pid 5873] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 340.939712][ T7601] ? kasan_quarantine_put+0xdd/0x220 [ 340.939738][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.939766][ T7601] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.939807][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.939842][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.939870][ T7601] ? kmem_cache_free+0x18f/0x400 [ 340.939904][ T7601] ? __xfs_trans_commit+0x3e0/0xbd0 [ 340.939935][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.939963][ T7601] ? __xfs_trans_commit+0x4c7/0xbd0 [ 340.940006][ T7601] xfs_attr_finish_item+0xed/0x320 [ 340.940046][ T7601] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 340.940083][ T7601] xfs_defer_finish_one+0x5c8/0xcf0 [ 340.940143][ T7601] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 340.940192][ T7601] xfs_defer_finish_noroll+0x910/0x12d0 [ 340.940230][ T7601] ? xfs_trans_commit+0x10b/0x1c0 [ 340.940262][ T7601] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 340.940296][ T7601] ? inode_set_ctime_current+0x740/0xb40 [ 340.940351][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.940379][ T7601] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 340.940419][ T7601] xfs_trans_commit+0x10b/0x1c0 [ 340.940445][ T7601] ? __pfx_xfs_trans_commit+0x10/0x10 [ 340.940477][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.940505][ T7601] ? xfs_trans_log_inode+0x12c/0x1a0 [ 340.940546][ T7601] xfs_attr_set+0xdc6/0x1210 [ 340.940596][ T7601] ? __pfx_xfs_attr_set+0x10/0x10 [ 340.940630][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.940659][ T7601] ? __lock_acquire+0xab9/0xd20 [ 340.940696][ T7601] ? xfs_da_hashname+0x59d/0x740 [ 340.940728][ T7601] ? do_raw_spin_lock+0x121/0x290 [ 340.940771][ T7601] ? xfs_attr_change+0x2ac/0x390 [ 340.940805][ T7601] xfs_xattr_set+0x14d/0x250 [ 340.940837][ T7601] ? __pfx_xfs_xattr_set+0x10/0x10 [ 340.940881][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.940909][ T7601] ? evm_protect_xattr+0x4d4/0xa90 [ 340.940936][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.940964][ T7601] ? rcu_is_watching+0x15/0xb0 [ 340.940998][ T7601] ? __pfx_evm_protect_xattr+0x10/0x10 [ 340.941026][ T7601] ? __pfx_xfs_xattr_set+0x10/0x10 [ 340.941078][ T7601] __vfs_setxattr+0x43c/0x480 [ 340.941126][ T7601] __vfs_setxattr_noperm+0x12d/0x660 [ 340.941170][ T7601] vfs_setxattr+0x16b/0x2f0 [ 340.941211][ T7601] ? __pfx_vfs_setxattr+0x10/0x10 [ 340.941242][ T7601] ? mnt_get_write_access+0x223/0x2a0 [ 340.941272][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.941313][ T7601] filename_setxattr+0x274/0x600 [ 340.941360][ T7601] ? __pfx_filename_setxattr+0x10/0x10 [ 340.941399][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.941427][ T7601] ? getname_flags+0x1e5/0x540 [ 340.941469][ T7601] path_setxattrat+0x364/0x3a0 [ 340.941506][ T7601] ? __pfx_path_setxattrat+0x10/0x10 [ 340.941571][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [ 340.941600][ T7601] ? rcu_is_watching+0x15/0xb0 [ 340.941637][ T7601] __x64_sys_lsetxattr+0xbf/0xe0 [ 340.941677][ T7601] do_syscall_64+0xfa/0x3b0 [ 340.941701][ T7601] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.941739][ T7601] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.941762][ T7601] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7621] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7606] exit_group(0) = ? [ 340.941789][ T7601] ? exc_page_fault+0x9f/0xf0 [ 340.941828][ T7601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.941852][ T7601] RIP: 0033:0x7f3cdbf794f9 [ 340.941874][ T7601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 340.941895][ T7601] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 340.941922][ T7601] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [pid 7621] <... write resumed>) = 16777216 [ 340.941941][ T7601] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 340.941960][ T7601] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 340.941976][ T7601] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 340.941993][ T7601] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 340.942031][ T7601] [ 340.988145][ T7601] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 341.034206][ T7611] XFS (loop3): Ending recovery (logdev: internal) [pid 7621] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7621] ioctl(4, LOOP_SET_FD, 3 [pid 7611] <... open resumed>) = ? [pid 7611] +++ exited with 0 +++ [ 341.070818][ T7601] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 341.165181][ T7611] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 341.169507][ T7601] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 341.176037][ T7611] XFS (loop3): Unmount and run xfs_repair [ 341.688616][ T7621] loop0: detected capacity change from 0 to 32768 [pid 7621] <... ioctl resumed>) = 0 [ 341.693016][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 341.704996][ T7622] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 341.721106][ T7622] CPU: 1 UID: 0 PID: 7622 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7621] close(3 [pid 5873] <... umount2 resumed>) = 0 [pid 5873] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./41/file1") = 0 [pid 5873] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./41/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./41") = 0 [pid 5873] mkdir("./42", 0777) = 0 [ 341.721143][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.721159][ T7622] Call Trace: [ 341.721171][ T7622] [ 341.721182][ T7622] dump_stack_lvl+0x189/0x250 [ 341.721219][ T7622] ? __pfx__xfs_alert_tag+0x10/0x10 [ 341.721254][ T7622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.721286][ T7622] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 341.721332][ T7622] xfs_corruption_error+0x122/0x170 [ 341.721370][ T7622] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 341.721402][ T7622] xfs_alloc_fixup_trees+0x95e/0xd20 [ 341.721430][ T7622] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 341.721470][ T7622] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 341.721499][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.721527][ T7622] ? rcu_is_watching+0x15/0xb0 [ 341.721556][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.721584][ T7622] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 341.721615][ T7622] ? rcu_is_watching+0x15/0xb0 [ 341.721654][ T7622] xfs_alloc_cur_finish+0xd3/0x4b0 [ 341.721687][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.721716][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.721750][ T7622] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 341.721806][ T7622] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 341.721835][ T7622] ? xfs_group_grab+0x28/0x480 [ 341.721872][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.721900][ T7622] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 341.721933][ T7622] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 341.721981][ T7622] xfs_alloc_vextent_start_ag+0x388/0x850 [ 341.722021][ T7622] xfs_bmapi_allocate+0x188e/0x2e00 [ 341.722095][ T7622] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 341.722129][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.722179][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.722206][ T7622] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 341.722229][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.722258][ T7622] ? xfs_iext_prev+0x35a/0x370 [ 341.722296][ T7622] ? xfs_iext_get_extent+0x1bb/0x370 [ 341.722327][ T7622] xfs_bmapi_write+0x7df/0x1260 [ 341.722386][ T7622] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 341.722465][ T7622] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 341.722506][ T7622] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 341.722537][ T7622] ? kasan_save_track+0x4f/0x80 [ 341.722562][ T7622] ? kasan_save_track+0x3e/0x80 [ 341.722587][ T7622] ? kasan_save_free_info+0x46/0x50 [ 341.722625][ T7622] ? kmem_cache_free+0x18f/0x400 [ 341.722653][ T7622] ? __xfs_trans_commit+0x3e0/0xbd0 [ 341.722678][ T7622] ? xfs_trans_roll+0x130/0x450 [ 341.722702][ T7622] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 341.722742][ T7622] xfs_attr_set_iter+0x2d4/0x4b70 [ 341.722776][ T7622] ? filename_setxattr+0x274/0x600 [ 341.722810][ T7622] ? path_setxattrat+0x364/0x3a0 [ 341.722832][ T7622] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 341.722884][ T7622] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 341.722939][ T7622] ? kasan_quarantine_put+0xdd/0x220 [ 341.722965][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.722992][ T7622] ? lockdep_hardirqs_on+0x9c/0x150 [ 341.723031][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723074][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723101][ T7622] ? kmem_cache_free+0x18f/0x400 [ 341.723129][ T7622] ? __xfs_trans_commit+0x3e0/0xbd0 [ 341.723160][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723187][ T7622] ? __xfs_trans_commit+0x4c7/0xbd0 [ 341.723229][ T7622] xfs_attr_finish_item+0xed/0x320 [ 341.723269][ T7622] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 341.723304][ T7622] xfs_defer_finish_one+0x5c8/0xcf0 [ 341.723361][ T7622] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 341.723409][ T7622] xfs_defer_finish_noroll+0x910/0x12d0 [ 341.723448][ T7622] ? xfs_trans_commit+0x10b/0x1c0 [ 341.723480][ T7622] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 341.723512][ T7622] ? inode_set_ctime_current+0x740/0xb40 [ 341.723559][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723586][ T7622] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 341.723626][ T7622] xfs_trans_commit+0x10b/0x1c0 [ 341.723652][ T7622] ? __pfx_xfs_trans_commit+0x10/0x10 [ 341.723683][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723711][ T7622] ? xfs_trans_log_inode+0x12c/0x1a0 [ 341.723750][ T7622] xfs_attr_set+0xdc6/0x1210 [ 341.723797][ T7622] ? __pfx_xfs_attr_set+0x10/0x10 [ 341.723831][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.723859][ T7622] ? __lock_acquire+0xab9/0xd20 [ 341.723895][ T7622] ? xfs_da_hashname+0x59d/0x740 [ 341.723926][ T7622] ? do_raw_spin_lock+0x121/0x290 [ 341.723969][ T7622] ? xfs_attr_change+0x2ac/0x390 [ 341.724004][ T7622] xfs_xattr_set+0x14d/0x250 [ 341.724036][ T7622] ? __pfx_xfs_xattr_set+0x10/0x10 [ 341.724089][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.724117][ T7622] ? evm_protect_xattr+0x4d4/0xa90 [ 341.724143][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.724171][ T7622] ? rcu_is_watching+0x15/0xb0 [ 341.724205][ T7622] ? __pfx_evm_protect_xattr+0x10/0x10 [ 341.724232][ T7622] ? __pfx_xfs_xattr_set+0x10/0x10 [ 341.724260][ T7622] __vfs_setxattr+0x43c/0x480 [ 341.724308][ T7622] __vfs_setxattr_noperm+0x12d/0x660 [ 341.724351][ T7622] vfs_setxattr+0x16b/0x2f0 [ 341.724392][ T7622] ? __pfx_vfs_setxattr+0x10/0x10 [ 341.724422][ T7622] ? mnt_get_write_access+0x223/0x2a0 [ 341.724452][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.724486][ T7622] filename_setxattr+0x274/0x600 [ 341.724532][ T7622] ? __pfx_filename_setxattr+0x10/0x10 [ 341.724569][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.724597][ T7622] ? getname_flags+0x1e5/0x540 [ 341.724634][ T7622] path_setxattrat+0x364/0x3a0 [ 341.724665][ T7622] ? __pfx_path_setxattrat+0x10/0x10 [ 341.724723][ T7622] ? srso_alias_return_thunk+0x5/0xfbef5 [ 341.724750][ T7622] ? rcu_is_watching+0x15/0xb0 [ 341.724785][ T7622] __x64_sys_lsetxattr+0xbf/0xe0 [ 341.724821][ T7622] do_syscall_64+0xfa/0x3b0 [ 341.724845][ T7622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.724867][ T7622] ? __switch_to_asm+0x39/0x70 [ 341.724899][ T7622] ? __switch_to_asm+0x33/0x70 [ 341.724935][ T7622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.724959][ T7622] RIP: 0033:0x7f3cdbf794f9 [ 341.724981][ T7622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 341.725002][ T7622] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 341.725028][ T7622] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 341.725047][ T7622] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 341.725074][ T7622] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 341.725090][ T7622] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 341.725107][ T7622] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 341.725145][ T7622] [ 342.410714][ T7622] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 5873] close(3 [pid 7621] <... close resumed>) = 0 [pid 7621] close(4) = 0 [pid 7621] mkdir("./file1", 0777) = 0 [pid 7621] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5873] <... close resumed>) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7624 attached , child_tidptr=0x55555d962750) = 7624 [pid 7624] set_robust_list(0x55555d962760, 24) = 0 [pid 7624] chdir("./42") = 0 [pid 7622] <... lsetxattr resumed>) = ? [ 342.499099][ T7621] XFS: noikeep mount option is deprecated. [ 342.516090][ T7622] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 342.539965][ T7622] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 7624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7624] setpgid(0, 0 [pid 7622] +++ exited with 0 +++ [pid 7606] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7606, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=99 /* 0.99 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...> [pid 7624] <... setpgid resumed>) = 0 [pid 7624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] <... restart_syscall resumed>) = 0 [pid 7624] <... openat resumed>) = 3 [pid 5874] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7624] write(3, "1000", 4 [pid 5874] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7624] <... write resumed>) = 4 [pid 5874] <... openat resumed>) = 3 [pid 5874] newfstatat(3, "", [pid 7624] close(3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, [pid 7624] <... close resumed>) = 0 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7624] write(1, "executing program\n", 18executing program ) = 18 [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7624] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7632 attached [pid 7632] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7624] <... clone3 resumed> => {parent_tid=[7632]}, 88) = 7632 [pid 7632] <... rseq resumed>) = 0 [pid 7632] set_robust_list(0x7f3cdbf259a0, 24 [pid 7624] rt_sigprocmask(SIG_SETMASK, [], [pid 7632] <... set_robust_list resumed>) = 0 [pid 7632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7632] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7624] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7632] memfd_create("syzkaller", 0 [pid 7624] <... futex resumed>) = 0 [ 342.599863][ T7621] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 342.631256][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7632] <... memfd_create resumed>) = 3 [pid 7632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 342.647891][ T7621] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 342.690846][ T7621] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 7621] <... mount resumed>) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4 [pid 7621] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... close resumed>) = 0 [pid 7621] <... openat resumed>) = 3 [pid 5874] rmdir("./42/file1") = 0 [pid 7621] chdir("./file1") = 0 [pid 7621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7620] <... futex resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7621] <... futex resumed>) = 1 [pid 7620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7621] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7620] <... futex resumed>) = 0 [pid 7620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./42/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./42" [pid 7621] <... openat resumed>) = 4 [pid 5874] <... rmdir resumed>) = 0 [pid 7621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7620] <... futex resumed>) = 0 [pid 7621] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7620] <... futex resumed>) = 0 [pid 7621] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] mkdir("./43", 0777) = 0 [pid 7632] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7621] <... pwritev2 resumed>) = 65007 [pid 5874] <... openat resumed>) = 3 [pid 7621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 7621] <... futex resumed>) = 1 [pid 7620] <... futex resumed>) = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 7621] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7620] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] close(3 [pid 7621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7620] <... futex resumed>) = 0 [ 342.731157][ T7621] XFS (loop0): Ending recovery (logdev: internal) [pid 7620] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7621] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7620] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7620] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7633]}, 88) = 7633 [pid 7620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7620] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7620] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7633 attached [pid 7633] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7633] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7633] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7621] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7621] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 342.818097][ T7621] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 342.850940][ T7621] XFS (loop0): Unmount and run xfs_repair [pid 7621] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 342.879249][ T7633] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 342.919863][ T7633] CPU: 0 UID: 0 PID: 7633 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 342.919900][ T7633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.919916][ T7633] Call Trace: [ 342.919926][ T7633] [ 342.919937][ T7633] dump_stack_lvl+0x189/0x250 [ 342.919974][ T7633] ? __pfx__xfs_alert_tag+0x10/0x10 [ 342.920013][ T7633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.920048][ T7633] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 342.920096][ T7633] xfs_corruption_error+0x122/0x170 [ 342.920136][ T7633] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 342.920171][ T7633] xfs_alloc_fixup_trees+0x95e/0xd20 [ 342.920200][ T7633] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 342.920242][ T7633] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 342.920273][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920303][ T7633] ? rcu_is_watching+0x15/0xb0 [ 342.920339][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920368][ T7633] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 342.920400][ T7633] ? rcu_is_watching+0x15/0xb0 [ 342.920440][ T7633] xfs_alloc_cur_finish+0xd3/0x4b0 [ 342.920471][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920501][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920536][ T7633] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 342.920594][ T7633] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 342.920624][ T7633] ? xfs_group_grab+0x28/0x480 [ 342.920662][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920690][ T7633] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7632] <... write resumed>) = 16777216 [pid 5874] <... close resumed>) = 0 [pid 7632] munmap(0x7f3cd3a00000, 138412032 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7634 attached [pid 7634] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7634 [pid 7634] <... set_robust_list resumed>) = 0 [pid 7634] chdir("./43") = 0 [pid 7634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7634] setpgid(0, 0) = 0 [pid 7634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7632] <... munmap resumed>) = 0 [ 342.920724][ T7633] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 342.920773][ T7633] xfs_alloc_vextent_start_ag+0x388/0x850 [ 342.920813][ T7633] xfs_bmapi_allocate+0x188e/0x2e00 [ 342.920878][ T7633] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 342.920916][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920967][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.920995][ T7633] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 342.921019][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7634] <... openat resumed>) = 3 [pid 7634] write(3, "1000", 4) = 4 [pid 7634] close(3) = 0 [pid 7634] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7634] write(1, "executing program\n", 18) = 18 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7634] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7634] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7635 attached => {parent_tid=[7635]}, 88) = 7635 [pid 7634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7635] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7634] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7635] <... rseq resumed>) = 0 [pid 7634] <... futex resumed>) = 0 [pid 7635] set_robust_list(0x7f3cdbf259a0, 24 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7635] <... set_robust_list resumed>) = 0 [pid 7635] rt_sigprocmask(SIG_SETMASK, [], [pid 7632] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7632] <... openat resumed>) = 4 [pid 7635] memfd_create("syzkaller", 0 [pid 7632] ioctl(4, LOOP_SET_FD, 3 [pid 7635] <... memfd_create resumed>) = 3 [ 342.921048][ T7633] ? xfs_iext_prev+0x35a/0x370 [ 342.921112][ T7633] ? xfs_iext_get_extent+0x1bb/0x370 [ 342.921143][ T7633] xfs_bmapi_write+0x7df/0x1260 [ 342.921203][ T7633] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 342.921283][ T7633] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 342.921330][ T7633] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 342.921361][ T7633] ? kasan_save_track+0x4f/0x80 [ 342.921388][ T7633] ? kasan_save_track+0x3e/0x80 [ 342.921414][ T7633] ? kasan_save_free_info+0x46/0x50 [pid 7635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7620] exit_group(0 [pid 7621] <... futex resumed>) = ? [pid 7620] <... exit_group resumed>) = ? [ 342.921452][ T7633] ? kmem_cache_free+0x18f/0x400 [ 342.921481][ T7633] ? __xfs_trans_commit+0x3e0/0xbd0 [ 342.921507][ T7633] ? xfs_trans_roll+0x130/0x450 [ 342.921531][ T7633] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 342.921571][ T7633] xfs_attr_set_iter+0x2d4/0x4b70 [ 342.921607][ T7633] ? filename_setxattr+0x274/0x600 [ 342.921640][ T7633] ? path_setxattrat+0x364/0x3a0 [ 342.921662][ T7633] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 342.921716][ T7633] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 342.921773][ T7633] ? kasan_quarantine_put+0xdd/0x220 [pid 7621] +++ exited with 0 +++ [pid 7632] <... ioctl resumed>) = 0 [pid 7632] close(3) = 0 [pid 7632] close(4) = 0 [pid 7632] mkdir("./file1", 0777) = 0 [ 342.921800][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.921829][ T7633] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.921870][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.921905][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.921933][ T7633] ? kmem_cache_free+0x18f/0x400 [ 342.921962][ T7633] ? __xfs_trans_commit+0x3e0/0xbd0 [ 342.921994][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.922022][ T7633] ? __xfs_trans_commit+0x4c7/0xbd0 [ 342.922066][ T7633] xfs_attr_finish_item+0xed/0x320 [ 342.922107][ T7633] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 342.922145][ T7633] xfs_defer_finish_one+0x5c8/0xcf0 [ 342.922206][ T7633] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 342.922255][ T7633] xfs_defer_finish_noroll+0x910/0x12d0 [ 342.922295][ T7633] ? xfs_trans_commit+0x10b/0x1c0 [ 342.922334][ T7633] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 342.922369][ T7633] ? inode_set_ctime_current+0x740/0xb40 [ 342.922418][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.922447][ T7633] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 342.922487][ T7633] xfs_trans_commit+0x10b/0x1c0 [ 342.922515][ T7633] ? __pfx_xfs_trans_commit+0x10/0x10 [ 342.922547][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.922575][ T7633] ? xfs_trans_log_inode+0x12c/0x1a0 [ 342.922616][ T7633] xfs_attr_set+0xdc6/0x1210 [ 342.922666][ T7633] ? __pfx_xfs_attr_set+0x10/0x10 [ 342.922701][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.922729][ T7633] ? __lock_acquire+0xab9/0xd20 [ 342.922766][ T7633] ? xfs_da_hashname+0x59d/0x740 [ 342.922799][ T7633] ? do_raw_spin_lock+0x121/0x290 [ 342.922842][ T7633] ? xfs_attr_change+0x2ac/0x390 [ 342.922881][ T7633] xfs_xattr_set+0x14d/0x250 [ 342.922914][ T7633] ? __pfx_xfs_xattr_set+0x10/0x10 [ 342.922959][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.922988][ T7633] ? evm_protect_xattr+0x4d4/0xa90 [ 342.923015][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.923043][ T7633] ? rcu_is_watching+0x15/0xb0 [ 342.923077][ T7633] ? __pfx_evm_protect_xattr+0x10/0x10 [ 342.923106][ T7633] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 7632] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 342.923134][ T7633] __vfs_setxattr+0x43c/0x480 [ 342.923184][ T7633] __vfs_setxattr_noperm+0x12d/0x660 [ 342.923228][ T7633] vfs_setxattr+0x16b/0x2f0 [ 342.923270][ T7633] ? __pfx_vfs_setxattr+0x10/0x10 [ 342.923301][ T7633] ? mnt_get_write_access+0x223/0x2a0 [ 342.923336][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.923371][ T7633] filename_setxattr+0x274/0x600 [ 342.923420][ T7633] ? __pfx_filename_setxattr+0x10/0x10 [ 342.923459][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.923487][ T7633] ? getname_flags+0x1e5/0x540 [ 342.923530][ T7633] path_setxattrat+0x364/0x3a0 [ 342.923567][ T7633] ? __pfx_path_setxattrat+0x10/0x10 [ 342.923633][ T7633] ? srso_alias_return_thunk+0x5/0xfbef5 [ 342.923661][ T7633] ? rcu_is_watching+0x15/0xb0 [ 342.923698][ T7633] __x64_sys_lsetxattr+0xbf/0xe0 [ 342.923739][ T7633] do_syscall_64+0xfa/0x3b0 [ 342.923767][ T7633] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.923792][ T7633] ? __switch_to_asm+0x39/0x70 [ 342.923825][ T7633] ? __switch_to_asm+0x33/0x70 [ 342.923864][ T7633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.923888][ T7633] RIP: 0033:0x7f3cdbf794f9 [ 342.923911][ T7633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 342.923934][ T7633] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 342.923960][ T7633] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 342.923979][ T7633] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 342.923998][ T7633] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 342.924014][ T7633] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 342.924031][ T7633] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 342.924070][ T7633] [ 342.942150][ T7633] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 343.145000][ T7632] loop2: detected capacity change from 0 to 32768 [pid 7635] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 7633] <... lsetxattr resumed>) = ? [pid 7635] munmap(0x7f3cd3a00000, 138412032 [pid 7633] +++ exited with 0 +++ [pid 7620] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7620, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=113 /* 1.13 s */} --- [pid 5871] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 343.153138][ T7633] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 343.243541][ T7632] XFS: noikeep mount option is deprecated. [ 343.245277][ T7633] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 343.668904][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7635] <... munmap resumed>) = 0 [ 343.670255][ T7632] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7635] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7635] close(3) = 0 [pid 7635] close(4) = 0 [pid 7635] mkdir("./file1", 0777) = 0 [pid 7635] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./41/file1") = 0 [pid 5871] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./41/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./41") = 0 [pid 5871] mkdir("./42", 0777) = 0 [ 343.723479][ T7635] loop3: detected capacity change from 0 to 32768 [ 343.753842][ T7635] XFS: noikeep mount option is deprecated. [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 343.787988][ T7632] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 343.811576][ T7632] XFS (loop2): Starting recovery (logdev: internal) [ 343.853821][ T7635] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 343.884828][ T7632] XFS (loop2): Ending recovery (logdev: internal) [pid 5871] close(3 [pid 7632] <... mount resumed>) = 0 [pid 7632] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7632] chdir("./file1") = 0 [pid 7632] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7632] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7632] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7624] <... futex resumed>) = 0 [pid 7624] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7632] <... futex resumed>) = 0 [pid 7632] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7632] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7624] <... futex resumed>) = 0 [pid 7624] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7632] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7632] <... pwritev2 resumed>) = 65007 [pid 7632] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7624] <... futex resumed>) = 0 [pid 7624] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 343.901030][ T7635] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 343.942216][ T7632] XFS (loop2): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7632] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 5871] <... close resumed>) = 0 [pid 7632] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7652 attached [pid 7632] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7624] <... futex resumed>) = 0 [pid 7652] set_robust_list(0x55555d962760, 24) = 0 [pid 7624] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7632] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7624] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7652] chdir("./42") = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7652 [ 343.964411][ T7635] XFS (loop3): Starting recovery (logdev: internal) [ 343.972336][ T7632] XFS (loop2): Unmount and run xfs_repair [ 343.984773][ T7632] XFS (loop2): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 343.994553][ T7635] XFS (loop3): Ending recovery (logdev: internal) [pid 7652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7635] <... mount resumed>) = 0 [pid 7652] setpgid(0, 0 [pid 7635] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 7652] <... setpgid resumed>) = 0 [pid 7635] <... openat resumed>) = 3 [pid 7652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7635] chdir("./file1" [pid 7652] <... openat resumed>) = 3 [pid 7635] <... chdir resumed>) = 0 [pid 7635] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7652] write(3, "1000", 4 [pid 7635] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7624] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7652] <... write resumed>) = 4 [pid 7635] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7652] close(3) = 0 [pid 7652] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7652] write(1, "executing program\n", 18 [pid 7635] <... futex resumed>) = 1 [pid 7652] <... write resumed>) = 18 [pid 7635] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7652] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7652] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7652] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7653]}, 88) = 7653 [pid 7652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7652] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 343.998516][ T7632] CPU: 0 UID: 0 PID: 7632 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 343.998548][ T7632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 343.998565][ T7632] Call Trace: [ 343.998576][ T7632] [ 343.998587][ T7632] dump_stack_lvl+0x189/0x250 [ 343.998624][ T7632] ? __pfx__xfs_alert_tag+0x10/0x10 [ 343.998663][ T7632] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.998698][ T7632] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 343.998744][ T7632] xfs_corruption_error+0x122/0x170 [pid 7652] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7653 attached [pid 7634] <... futex resumed>) = 0 [pid 7653] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7634] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7635] <... futex resumed>) = 0 [pid 7634] <... futex resumed>) = 1 [pid 7653] <... rseq resumed>) = 0 [pid 7635] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7653] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7635] <... openat resumed>) = 4 [pid 7653] rt_sigprocmask(SIG_SETMASK, [], [pid 7635] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7635] <... futex resumed>) = 1 [pid 7634] <... futex resumed>) = 0 [pid 7653] memfd_create("syzkaller", 0 [pid 7635] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7634] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7635] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7634] <... futex resumed>) = 0 [pid 7653] <... memfd_create resumed>) = 3 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7635] <... pwritev2 resumed>) = 65007 [pid 7635] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7635] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7634] <... futex resumed>) = 0 [ 343.998782][ T7632] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 343.998817][ T7632] xfs_alloc_fixup_trees+0x95e/0xd20 [ 343.998846][ T7632] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 343.998887][ T7632] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 343.998917][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.998945][ T7632] ? rcu_is_watching+0x15/0xb0 [ 343.998976][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999003][ T7632] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 343.999034][ T7632] ? rcu_is_watching+0x15/0xb0 [ 343.999073][ T7632] xfs_alloc_cur_finish+0xd3/0x4b0 [pid 7634] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7635] <... futex resumed>) = 0 [pid 7635] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7635] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7635] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7634] <... futex resumed>) = 0 [pid 7634] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7634] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7635] <... futex resumed>) = 1 [ 343.999103][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999133][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999167][ T7632] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 343.999225][ T7632] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 343.999254][ T7632] ? xfs_group_grab+0x28/0x480 [ 343.999293][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999321][ T7632] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 343.999360][ T7632] xfs_alloc_vextent_iterate_ags+0x640/0x940 [pid 7635] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7632] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 343.999409][ T7632] xfs_alloc_vextent_start_ag+0x388/0x850 [ 343.999448][ T7632] xfs_bmapi_allocate+0x188e/0x2e00 [ 343.999513][ T7632] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 343.999545][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999594][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999622][ T7632] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 343.999646][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 343.999673][ T7632] ? xfs_iext_prev+0x35a/0x370 [ 343.999714][ T7632] ? xfs_iext_get_extent+0x1bb/0x370 [ 343.999744][ T7632] xfs_bmapi_write+0x7df/0x1260 [pid 7632] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7632] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7624] exit_group(0 [pid 7632] <... futex resumed>) = ? [pid 7624] <... exit_group resumed>) = ? [pid 7632] +++ exited with 0 +++ [pid 7624] +++ exited with 0 +++ [pid 5873] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7624, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- [pid 5873] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 343.999803][ T7632] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 343.999881][ T7632] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 343.999922][ T7632] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 343.999952][ T7632] ? kasan_save_track+0x4f/0x80 [ 343.999978][ T7632] ? kasan_save_track+0x3e/0x80 [ 344.000002][ T7632] ? kasan_save_free_info+0x46/0x50 [ 344.000038][ T7632] ? kmem_cache_free+0x18f/0x400 [ 344.000067][ T7632] ? __xfs_trans_commit+0x3e0/0xbd0 [ 344.000092][ T7632] ? xfs_trans_roll+0x130/0x450 [ 344.000115][ T7632] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 344.000154][ T7632] xfs_attr_set_iter+0x2d4/0x4b70 [ 344.000188][ T7632] ? filename_setxattr+0x274/0x600 [ 344.000221][ T7632] ? path_setxattrat+0x364/0x3a0 [ 344.000243][ T7632] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 344.000294][ T7632] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 344.000356][ T7632] ? kasan_quarantine_put+0xdd/0x220 [ 344.000381][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.000409][ T7632] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.000449][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.000483][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.000510][ T7632] ? kmem_cache_free+0x18f/0x400 [ 344.000538][ T7632] ? __xfs_trans_commit+0x3e0/0xbd0 [ 344.000569][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.000597][ T7632] ? __xfs_trans_commit+0x4c7/0xbd0 [ 344.000640][ T7632] xfs_attr_finish_item+0xed/0x320 [ 344.000679][ T7632] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 344.000716][ T7632] xfs_defer_finish_one+0x5c8/0xcf0 [ 344.000776][ T7632] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 344.000824][ T7632] xfs_defer_finish_noroll+0x910/0x12d0 [ 344.000863][ T7632] ? xfs_trans_commit+0x10b/0x1c0 [ 344.000894][ T7632] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 344.000927][ T7632] ? inode_set_ctime_current+0x740/0xb40 [ 344.000974][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.001001][ T7632] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 344.001041][ T7632] xfs_trans_commit+0x10b/0x1c0 [ 344.001092][ T7632] ? __pfx_xfs_trans_commit+0x10/0x10 [ 344.001125][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7653] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7634] exit_group(0) = ? [ 344.001152][ T7632] ? xfs_trans_log_inode+0x12c/0x1a0 [ 344.001192][ T7632] xfs_attr_set+0xdc6/0x1210 [ 344.001241][ T7632] ? __pfx_xfs_attr_set+0x10/0x10 [ 344.001274][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.001302][ T7632] ? __lock_acquire+0xab9/0xd20 [ 344.001342][ T7632] ? xfs_da_hashname+0x59d/0x740 [ 344.001373][ T7632] ? do_raw_spin_lock+0x121/0x290 [ 344.001415][ T7632] ? xfs_attr_change+0x2ac/0x390 [ 344.001449][ T7632] xfs_xattr_set+0x14d/0x250 [pid 7653] <... write resumed>) = 16777216 [ 344.001481][ T7632] ? __pfx_xfs_xattr_set+0x10/0x10 [ 344.001526][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.001553][ T7632] ? evm_protect_xattr+0x4d4/0xa90 [ 344.001580][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.001607][ T7632] ? rcu_is_watching+0x15/0xb0 [ 344.001641][ T7632] ? __pfx_evm_protect_xattr+0x10/0x10 [ 344.001669][ T7632] ? __pfx_xfs_xattr_set+0x10/0x10 [ 344.001696][ T7632] __vfs_setxattr+0x43c/0x480 [ 344.001744][ T7632] __vfs_setxattr_noperm+0x12d/0x660 [ 344.001787][ T7632] vfs_setxattr+0x16b/0x2f0 [pid 7653] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 344.001828][ T7632] ? __pfx_vfs_setxattr+0x10/0x10 [ 344.001858][ T7632] ? mnt_get_write_access+0x223/0x2a0 [ 344.001889][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.001922][ T7632] filename_setxattr+0x274/0x600 [ 344.001969][ T7632] ? __pfx_filename_setxattr+0x10/0x10 [ 344.002007][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.002034][ T7632] ? getname_flags+0x1e5/0x540 [ 344.002075][ T7632] path_setxattrat+0x364/0x3a0 [ 344.002111][ T7632] ? __pfx_path_setxattrat+0x10/0x10 [ 344.002176][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7653] ioctl(4, LOOP_SET_FD, 3) = 0 [ 344.002203][ T7632] ? rcu_is_watching+0x15/0xb0 [ 344.002239][ T7632] __x64_sys_lsetxattr+0xbf/0xe0 [ 344.002279][ T7632] do_syscall_64+0xfa/0x3b0 [ 344.002304][ T7632] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.002351][ T7632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.002375][ T7632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.002402][ T7632] ? exc_page_fault+0x9f/0xf0 [ 344.002443][ T7632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.002467][ T7632] RIP: 0033:0x7f3cdbf794f9 [ 344.002489][ T7632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 344.002511][ T7632] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 344.002537][ T7632] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 344.002556][ T7632] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 344.002574][ T7632] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7653] close(3) = 0 [pid 7653] close(4) = 0 [pid 7653] mkdir("./file1", 0777) = 0 [ 344.002591][ T7632] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 344.002608][ T7632] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 344.002646][ T7632] [ 344.002657][ T7632] XFS (loop2): Corruption detected. Unmount and run xfs_repair [ 344.108528][ T7635] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7653] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7635] <... lsetxattr resumed>) = ? [pid 7635] +++ exited with 0 +++ [pid 7634] +++ exited with 0 +++ [pid 5873] <... umount2 resumed>) = 0 [ 344.118735][ T7632] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 344.122317][ T7635] XFS (loop3): Unmount and run xfs_repair [ 344.125505][ T7632] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 344.155093][ T7635] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 344.549579][ T7653] loop0: detected capacity change from 0 to 32768 [ 344.551532][ T7635] CPU: 1 UID: 0 PID: 7635 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7634, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=89 /* 0.89 s */} --- [pid 5873] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] newfstatat(AT_FDCWD, "./42/file1", [pid 5874] <... openat resumed>) = 3 [pid 5873] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] getdents64(3, [pid 5873] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5873] <... openat resumed>) = 4 [pid 5874] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5873] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5873] close(4) = 0 [pid 5873] rmdir("./42/file1") = 0 [pid 5873] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5873] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] unlink("./42/binderfs") = 0 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5873] rmdir("./42") = 0 [pid 5873] mkdir("./43", 0777) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 344.551563][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.551578][ T7635] Call Trace: [ 344.551589][ T7635] [ 344.551599][ T7635] dump_stack_lvl+0x189/0x250 [ 344.551634][ T7635] ? __pfx__xfs_alert_tag+0x10/0x10 [ 344.551672][ T7635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.551706][ T7635] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 344.551754][ T7635] xfs_corruption_error+0x122/0x170 [ 344.551791][ T7635] ? xfs_alloc_fixup_trees+0x929/0xd20 [pid 5873] ioctl(3, LOOP_CLR_FD) = 0 [ 344.551826][ T7635] xfs_alloc_fixup_trees+0x95e/0xd20 [ 344.551855][ T7635] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 344.551895][ T7635] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 344.551925][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.551953][ T7635] ? rcu_is_watching+0x15/0xb0 [ 344.551983][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552011][ T7635] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 344.552042][ T7635] ? rcu_is_watching+0x15/0xb0 [ 344.552081][ T7635] xfs_alloc_cur_finish+0xd3/0x4b0 [ 344.552110][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552139][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552179][ T7635] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 344.552236][ T7635] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 344.552265][ T7635] ? xfs_group_grab+0x28/0x480 [ 344.552301][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552329][ T7635] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 344.552362][ T7635] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 344.552409][ T7635] xfs_alloc_vextent_start_ag+0x388/0x850 [ 344.552449][ T7635] xfs_bmapi_allocate+0x188e/0x2e00 [ 344.552512][ T7635] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 344.552544][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552593][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552621][ T7635] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 344.552644][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.552671][ T7635] ? xfs_iext_prev+0x35a/0x370 [ 344.552709][ T7635] ? xfs_iext_get_extent+0x1bb/0x370 [ 344.552739][ T7635] xfs_bmapi_write+0x7df/0x1260 [ 344.552797][ T7635] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 344.552874][ T7635] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 344.552915][ T7635] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 344.552945][ T7635] ? kasan_save_track+0x4f/0x80 [ 344.552970][ T7635] ? kasan_save_track+0x3e/0x80 [ 344.552994][ T7635] ? kasan_save_free_info+0x46/0x50 [ 344.553030][ T7635] ? kmem_cache_free+0x18f/0x400 [ 344.553058][ T7635] ? __xfs_trans_commit+0x3e0/0xbd0 [ 344.553083][ T7635] ? xfs_trans_roll+0x130/0x450 [ 344.553106][ T7635] ? xfs_defer_trans_roll+0x17e/0x5b0 [pid 5873] close(3) = 0 [pid 5873] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7659 attached [pid 7659] set_robust_list(0x55555d962760, 24) = 0 [pid 7659] chdir("./43") = 0 [pid 7659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7659] setpgid(0, 0) = 0 [pid 7659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7659] write(3, "1000", 4) = 4 [pid 7659] close(3) = 0 [pid 5873] <... clone resumed>, child_tidptr=0x55555d962750) = 7659 [pid 7659] symlink("/dev/binderfs", "./binderfs") = 0 [ 344.553150][ T7635] xfs_attr_set_iter+0x2d4/0x4b70 [ 344.553183][ T7635] ? filename_setxattr+0x274/0x600 [ 344.553215][ T7635] ? path_setxattrat+0x364/0x3a0 [ 344.553237][ T7635] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 344.553288][ T7635] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 344.553344][ T7635] ? kasan_quarantine_put+0xdd/0x220 [ 344.553369][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.553397][ T7635] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.553436][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.553469][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7659] write(1, "executing program\n", 18executing program ) = 18 [pid 7659] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7659] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7659] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7660]}, 88) = 7660 [pid 7659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7659] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7659] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7660 attached [pid 7660] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7660] set_robust_list(0x7f3cdbf259a0, 24) = 0 [ 344.553497][ T7635] ? kmem_cache_free+0x18f/0x400 [ 344.553524][ T7635] ? __xfs_trans_commit+0x3e0/0xbd0 [ 344.553555][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.553582][ T7635] ? __xfs_trans_commit+0x4c7/0xbd0 [ 344.553625][ T7635] xfs_attr_finish_item+0xed/0x320 [ 344.553664][ T7635] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 344.553700][ T7635] xfs_defer_finish_one+0x5c8/0xcf0 [ 344.553758][ T7635] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 344.553806][ T7635] xfs_defer_finish_noroll+0x910/0x12d0 [pid 7660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7660] memfd_create("syzkaller", 0) = 3 [pid 7660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 344.553845][ T7635] ? xfs_trans_commit+0x10b/0x1c0 [ 344.553876][ T7635] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 344.553909][ T7635] ? inode_set_ctime_current+0x740/0xb40 [ 344.553955][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.553983][ T7635] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 344.554022][ T7635] xfs_trans_commit+0x10b/0x1c0 [ 344.554048][ T7635] ? __pfx_xfs_trans_commit+0x10/0x10 [ 344.554079][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554107][ T7635] ? xfs_trans_log_inode+0x12c/0x1a0 [ 344.554152][ T7635] xfs_attr_set+0xdc6/0x1210 [ 344.554200][ T7635] ? __pfx_xfs_attr_set+0x10/0x10 [ 344.554233][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554260][ T7635] ? __lock_acquire+0xab9/0xd20 [ 344.554296][ T7635] ? xfs_da_hashname+0x59d/0x740 [ 344.554327][ T7635] ? do_raw_spin_lock+0x121/0x290 [ 344.554369][ T7635] ? xfs_attr_change+0x2ac/0x390 [ 344.554402][ T7635] xfs_xattr_set+0x14d/0x250 [ 344.554434][ T7635] ? __pfx_xfs_xattr_set+0x10/0x10 [ 344.554478][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554505][ T7635] ? evm_protect_xattr+0x4d4/0xa90 [ 344.554532][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554559][ T7635] ? rcu_is_watching+0x15/0xb0 [ 344.554592][ T7635] ? __pfx_evm_protect_xattr+0x10/0x10 [ 344.554620][ T7635] ? __pfx_xfs_xattr_set+0x10/0x10 [ 344.554648][ T7635] __vfs_setxattr+0x43c/0x480 [ 344.554695][ T7635] __vfs_setxattr_noperm+0x12d/0x660 [ 344.554737][ T7635] vfs_setxattr+0x16b/0x2f0 [ 344.554778][ T7635] ? __pfx_vfs_setxattr+0x10/0x10 [ 344.554807][ T7635] ? mnt_get_write_access+0x223/0x2a0 [ 344.554837][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554871][ T7635] filename_setxattr+0x274/0x600 [ 344.554917][ T7635] ? __pfx_filename_setxattr+0x10/0x10 [ 344.554954][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.554982][ T7635] ? getname_flags+0x1e5/0x540 [ 344.555022][ T7635] path_setxattrat+0x364/0x3a0 [ 344.555058][ T7635] ? __pfx_path_setxattrat+0x10/0x10 [ 344.555122][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.555154][ T7635] ? rcu_is_watching+0x15/0xb0 [ 344.555190][ T7635] __x64_sys_lsetxattr+0xbf/0xe0 [ 344.555229][ T7635] do_syscall_64+0xfa/0x3b0 [ 344.555253][ T7635] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.555290][ T7635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.555313][ T7635] ? srso_alias_return_thunk+0x5/0xfbef5 [ 344.555341][ T7635] ? exc_page_fault+0x9f/0xf0 [ 344.555380][ T7635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.555404][ T7635] RIP: 0033:0x7f3cdbf794f9 [ 344.555427][ T7635] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 344.555448][ T7635] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 344.555474][ T7635] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 344.555492][ T7635] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 344.555509][ T7635] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 344.555525][ T7635] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 344.555542][ T7635] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 344.555581][ T7635] [ 344.555591][ T7635] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 344.573251][ T5873] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 344.578700][ T7635] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 344.652927][ T7653] XFS: noikeep mount option is deprecated. [pid 7660] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 344.657432][ T7635] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 344.737965][ T7653] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 345.482294][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7660] munmap(0x7f3cd3a00000, 138412032 [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7660] <... munmap resumed>) = 0 [pid 7660] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5874] newfstatat(AT_FDCWD, "./43/file1", [pid 7660] ioctl(4, LOOP_SET_FD, 3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7660] <... ioctl resumed>) = 0 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7660] close(3 [pid 5874] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7660] <... close resumed>) = 0 [pid 5874] <... openat resumed>) = 4 [pid 7660] close(4) = 0 [pid 7660] mkdir("./file1", 0777) = 0 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./43/file1") = 0 [ 345.544900][ T7653] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 345.560638][ T7660] loop2: detected capacity change from 0 to 32768 [ 345.567267][ T7653] XFS (loop0): Starting recovery (logdev: internal) [pid 7660] mount("/dev/loop2", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./43/binderfs" [pid 7653] <... mount resumed>) = 0 [pid 7653] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... unlink resumed>) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./43" [pid 7653] <... openat resumed>) = 3 [pid 5874] <... rmdir resumed>) = 0 [pid 5874] mkdir("./44", 0777 [pid 7653] chdir("./file1" [pid 5874] <... mkdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7653] <... chdir resumed>) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 7653] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] close(3 [pid 7653] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7653] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7653] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7652] <... futex resumed>) = 0 [pid 7652] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7653] <... futex resumed>) = 0 [pid 7652] <... futex resumed>) = 1 [pid 7653] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7652] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7653] <... openat resumed>) = 4 [pid 7653] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7652] <... futex resumed>) = 0 [pid 7653] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7652] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7652] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7653] <... pwritev2 resumed>) = 65007 [ 345.591554][ T7660] XFS: noikeep mount option is deprecated. [ 345.601150][ T7653] XFS (loop0): Ending recovery (logdev: internal) [ 345.617890][ T7660] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7653] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7652] <... futex resumed>) = 0 [pid 7652] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7652] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 345.670052][ T7653] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [pid 7653] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7652] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7652] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7652] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} => {parent_tid=[7672]}, 88) = 7672 [pid 7652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7652] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7672 attached [pid 7652] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7672] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053) = 0 [pid 7672] set_robust_list(0x7f3cdbf049a0, 24) = 0 [pid 7672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7672] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7653] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7653] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 345.713699][ T7653] XFS (loop0): Unmount and run xfs_repair [ 345.731459][ T7660] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 345.750643][ T7672] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 345.768920][ T7672] CPU: 0 UID: 0 PID: 7672 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 345.768958][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 345.768974][ T7672] Call Trace: [ 345.768985][ T7672] [ 345.768996][ T7672] dump_stack_lvl+0x189/0x250 [ 345.769033][ T7672] ? __pfx__xfs_alert_tag+0x10/0x10 [ 345.769071][ T7672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.769118][ T7672] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 7653] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7652] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 345.769164][ T7672] xfs_corruption_error+0x122/0x170 [ 345.769202][ T7672] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 345.769236][ T7672] xfs_alloc_fixup_trees+0x95e/0xd20 [ 345.769265][ T7672] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 345.769305][ T7672] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 345.769334][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769363][ T7672] ? rcu_is_watching+0x15/0xb0 [ 345.769393][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769420][ T7672] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7673 attached [pid 7660] <... mount resumed>) = 0 [pid 7673] set_robust_list(0x55555d962760, 24 [pid 7660] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7673 [pid 7673] <... set_robust_list resumed>) = 0 [pid 7660] <... openat resumed>) = 3 [pid 7673] chdir("./44") = 0 [pid 7660] chdir("./file1" [pid 7673] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7660] <... chdir resumed>) = 0 [pid 7673] <... prctl resumed>) = 0 [ 345.769452][ T7672] ? rcu_is_watching+0x15/0xb0 [ 345.769490][ T7672] xfs_alloc_cur_finish+0xd3/0x4b0 [ 345.769519][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769549][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769582][ T7672] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 345.769639][ T7672] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 345.769668][ T7672] ? xfs_group_grab+0x28/0x480 [ 345.769705][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769733][ T7672] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 7673] setpgid(0, 0 [pid 7660] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7673] <... setpgid resumed>) = 0 [pid 7660] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7660] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7659] <... futex resumed>) = 0 [pid 7659] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7659] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7660] <... futex resumed>) = 1 [pid 7660] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7673] <... openat resumed>) = 3 [pid 7673] write(3, "1000", 4) = 4 [pid 7673] close(3) = 0 [pid 7673] symlink("/dev/binderfs", "./binderfs") = 0 [ 345.769766][ T7672] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 345.769813][ T7672] xfs_alloc_vextent_start_ag+0x388/0x850 [ 345.769851][ T7672] xfs_bmapi_allocate+0x188e/0x2e00 [ 345.769915][ T7672] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 345.769948][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.769997][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.770025][ T7672] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 345.770049][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.770076][ T7672] ? xfs_iext_prev+0x35a/0x370 [pid 7673] write(1, "executing program\n", 18executing program ) = 18 [pid 7659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7659] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbee4000 [pid 7659] mprotect(0x7f3cdbee5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7659] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7673] <... futex resumed>) = 0 [pid 7659] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7673] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf04990, parent_tid=0x7f3cdbf04990, exit_signal=0, stack=0x7f3cdbee4000, stack_size=0x20240, tls=0x7f3cdbf046c0} [pid 7673] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7659] <... clone3 resumed> => {parent_tid=[7674]}, 88) = 7674 [pid 7673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7660] <... openat resumed>) = 4 [pid 7659] rt_sigprocmask(SIG_SETMASK, [], [pid 7660] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7660] <... futex resumed>) = 0 [pid 7659] futex(0x7f3cdc0036d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7660] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7659] <... futex resumed>) = 0 [pid 7659] futex(0x7f3cdc0036dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7673] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7675]}, 88) = 7675 [pid 7673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7673] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7674 attached ./strace-static-x86_64: Process 7675 attached [pid 7674] rseq(0x7f3cdbf04fe0, 0x20, 0, 0x53053053 [pid 7675] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7674] <... rseq resumed>) = 0 [pid 7675] <... rseq resumed>) = 0 [pid 7674] set_robust_list(0x7f3cdbf049a0, 24 [pid 7675] set_robust_list(0x7f3cdbf259a0, 24 [pid 7674] <... set_robust_list resumed>) = 0 [pid 7675] <... set_robust_list resumed>) = 0 [pid 7674] rt_sigprocmask(SIG_SETMASK, [], [pid 7675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7675] memfd_create("syzkaller", 0 [pid 7674] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7675] <... memfd_create resumed>) = 3 [pid 7675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 345.770122][ T7672] ? xfs_iext_get_extent+0x1bb/0x370 [ 345.770152][ T7672] xfs_bmapi_write+0x7df/0x1260 [ 345.770212][ T7672] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 345.770289][ T7672] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 345.770330][ T7672] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 345.770360][ T7672] ? kasan_save_track+0x4f/0x80 [ 345.770385][ T7672] ? kasan_save_track+0x3e/0x80 [ 345.770410][ T7672] ? kasan_save_free_info+0x46/0x50 [ 345.770447][ T7672] ? kmem_cache_free+0x18f/0x400 [ 345.770475][ T7672] ? __xfs_trans_commit+0x3e0/0xbd0 [ 345.770500][ T7672] ? xfs_trans_roll+0x130/0x450 [ 345.770524][ T7672] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 345.770564][ T7672] xfs_attr_set_iter+0x2d4/0x4b70 [ 345.770597][ T7672] ? filename_setxattr+0x274/0x600 [ 345.770631][ T7672] ? path_setxattrat+0x364/0x3a0 [ 345.770652][ T7672] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 345.770703][ T7672] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 345.770759][ T7672] ? kasan_quarantine_put+0xdd/0x220 [ 345.770785][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7675] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7659] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7660] <... futex resumed>) = 0 [pid 7659] <... futex resumed>) = 1 [pid 7660] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 345.770813][ T7672] ? lockdep_hardirqs_on+0x9c/0x150 [ 345.770853][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.770887][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.770914][ T7672] ? kmem_cache_free+0x18f/0x400 [ 345.770942][ T7672] ? __xfs_trans_commit+0x3e0/0xbd0 [ 345.770974][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771002][ T7672] ? __xfs_trans_commit+0x4c7/0xbd0 [ 345.771044][ T7672] xfs_attr_finish_item+0xed/0x320 [ 345.771091][ T7672] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 345.771128][ T7672] xfs_defer_finish_one+0x5c8/0xcf0 [pid 7659] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7659] futex(0x7f3cdc0036ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbec3000 [pid 7659] mprotect(0x7f3cdbec4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 345.771188][ T7672] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 345.771237][ T7672] xfs_defer_finish_noroll+0x910/0x12d0 [ 345.771276][ T7672] ? xfs_trans_commit+0x10b/0x1c0 [ 345.771308][ T7672] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 345.771340][ T7672] ? inode_set_ctime_current+0x740/0xb40 [ 345.771388][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771416][ T7672] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 345.771456][ T7672] xfs_trans_commit+0x10b/0x1c0 [ 345.771482][ T7672] ? __pfx_xfs_trans_commit+0x10/0x10 [pid 7659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbee3990, parent_tid=0x7f3cdbee3990, exit_signal=0, stack=0x7f3cdbec3000, stack_size=0x20240, tls=0x7f3cdbee36c0} => {parent_tid=[7676]}, 88) = 7676 [pid 7659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7659] futex(0x7f3cdc0036e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 345.771514][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771542][ T7672] ? xfs_trans_log_inode+0x12c/0x1a0 [ 345.771581][ T7672] xfs_attr_set+0xdc6/0x1210 [ 345.771630][ T7672] ? __pfx_xfs_attr_set+0x10/0x10 [ 345.771664][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771692][ T7672] ? __lock_acquire+0xab9/0xd20 [ 345.771728][ T7672] ? xfs_da_hashname+0x59d/0x740 [ 345.771761][ T7672] ? do_raw_spin_lock+0x121/0x290 [ 345.771802][ T7672] ? xfs_attr_change+0x2ac/0x390 [ 345.771837][ T7672] xfs_xattr_set+0x14d/0x250 [ 345.771869][ T7672] ? __pfx_xfs_xattr_set+0x10/0x10 [ 345.771913][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771941][ T7672] ? evm_protect_xattr+0x4d4/0xa90 [ 345.771969][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.771996][ T7672] ? rcu_is_watching+0x15/0xb0 [ 345.772030][ T7672] ? __pfx_evm_protect_xattr+0x10/0x10 [ 345.772058][ T7672] ? __pfx_xfs_xattr_set+0x10/0x10 [ 345.772092][ T7672] __vfs_setxattr+0x43c/0x480 [ 345.772141][ T7672] __vfs_setxattr_noperm+0x12d/0x660 [ 345.772184][ T7672] vfs_setxattr+0x16b/0x2f0 [ 345.772225][ T7672] ? __pfx_vfs_setxattr+0x10/0x10 [ 345.772256][ T7672] ? mnt_get_write_access+0x223/0x2a0 [ 345.772286][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.772319][ T7672] filename_setxattr+0x274/0x600 [ 345.772366][ T7672] ? __pfx_filename_setxattr+0x10/0x10 [ 345.772403][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.772432][ T7672] ? getname_flags+0x1e5/0x540 [ 345.772472][ T7672] path_setxattrat+0x364/0x3a0 [ 345.772508][ T7672] ? __pfx_path_setxattrat+0x10/0x10 [pid 7659] futex(0x7f3cdc0036ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7676 attached [pid 7672] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7676] rseq(0x7f3cdbee3fe0, 0x20, 0, 0x53053053 [pid 7672] futex(0x7f3cdc0036dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7652] exit_group(0 [pid 7676] <... rseq resumed>) = 0 [pid 7672] <... futex resumed>) = ? [pid 7653] <... futex resumed>) = ? [pid 7652] <... exit_group resumed>) = ? [pid 7676] set_robust_list(0x7f3cdbee39a0, 24 [pid 7672] +++ exited with 0 +++ [pid 7653] +++ exited with 0 +++ [pid 7652] +++ exited with 0 +++ [pid 7676] <... set_robust_list resumed>) = 0 [pid 7676] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7652, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=153 /* 1.53 s */} --- [pid 7676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7676] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 345.772571][ T7672] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.772598][ T7672] ? rcu_is_watching+0x15/0xb0 [ 345.772634][ T7672] __x64_sys_lsetxattr+0xbf/0xe0 [ 345.772675][ T7672] do_syscall_64+0xfa/0x3b0 [ 345.772702][ T7672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.772725][ T7672] ? __switch_to_asm+0x39/0x70 [ 345.772758][ T7672] ? __switch_to_asm+0x33/0x70 [ 345.772797][ T7672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.772821][ T7672] RIP: 0033:0x7f3cdbf794f9 [pid 5871] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7675] <... write resumed>) = 16777216 [ 345.772842][ T7672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 345.772864][ T7672] RSP: 002b:00007f3cdbf04168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 345.772890][ T7672] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 345.772909][ T7672] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 345.772928][ T7672] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [pid 7675] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7675] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7675] ioctl(4, LOOP_SET_FD, 3) = 0 [ 345.772944][ T7672] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036dc [ 345.772961][ T7672] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 345.772999][ T7672] [ 345.774186][ T7672] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 345.827903][ T7660] XFS (loop2): Starting recovery (logdev: internal) [ 345.835343][ T7672] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7675] close(3) = 0 [pid 7675] close(4) = 0 [pid 7675] mkdir("./file1", 0777) = 0 [ 345.854999][ T7660] XFS (loop2): Ending recovery (logdev: internal) [ 345.868565][ T7672] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 346.233088][ T7660] XFS (loop2): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 [ 346.459323][ T7675] loop3: detected capacity change from 0 to 32768 [ 346.483033][ T7675] XFS: noikeep mount option is deprecated. [ 346.515858][ T7660] XFS (loop2): Unmount and run xfs_repair [ 346.517092][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 346.521885][ T7660] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 346.538062][ T7660] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 346.547556][ T7660] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 346.556423][ T7660] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 346.567262][ T7660] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [pid 7675] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7659] exit_group(0) = ? [ 346.571052][ T7675] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 346.576244][ T7660] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 346.595011][ T7660] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 346.604565][ T7660] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 346.614005][ T7660] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./42/file1" [pid 7660] <... open resumed>) = ? [pid 7660] +++ exited with 0 +++ [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./42/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./42") = 0 [ 346.623386][ T7660] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117 [ 346.662723][ T7675] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] mkdir("./43", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7675] <... mount resumed>) = 0 [pid 7675] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7675] chdir("./file1") = 0 [pid 7675] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7675] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7675] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7673] <... futex resumed>) = 0 [pid 7673] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7675] <... futex resumed>) = 0 [pid 7673] <... futex resumed>) = 1 [pid 7675] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7675] <... openat resumed>) = 4 [pid 7675] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7673] <... futex resumed>) = 0 [pid 7675] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7673] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7673] <... futex resumed>) = 0 [pid 7675] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [ 346.688576][ T7675] XFS (loop3): Starting recovery (logdev: internal) [ 346.720407][ T7675] XFS (loop3): Ending recovery (logdev: internal) [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7675] <... pwritev2 resumed>) = 65007 [pid 7675] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7675] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7673] <... futex resumed>) = 0 [pid 7673] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7675] <... futex resumed>) = 0 [pid 7673] <... futex resumed>) = 1 [pid 7675] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7675] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7675] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7673] <... futex resumed>) = 0 [pid 7675] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7673] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7673] <... futex resumed>) = 0 [pid 7675] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 346.794732][ T7675] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 346.811716][ T7675] XFS (loop3): Unmount and run xfs_repair [pid 7673] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... close resumed>) = 0 [ 346.836439][ T7675] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 346.851033][ T7675] CPU: 0 UID: 0 PID: 7675 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 346.851069][ T7675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 346.851085][ T7675] Call Trace: [ 346.851095][ T7675] [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7673] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7685 ./strace-static-x86_64: Process 7685 attached [ 346.851106][ T7675] dump_stack_lvl+0x189/0x250 [ 346.851143][ T7675] ? __pfx__xfs_alert_tag+0x10/0x10 [ 346.851182][ T7675] ? __pfx_dump_stack_lvl+0x10/0x10 [ 346.851217][ T7675] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 346.851266][ T7675] xfs_corruption_error+0x122/0x170 [ 346.851305][ T7675] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 346.851347][ T7675] xfs_alloc_fixup_trees+0x95e/0xd20 [ 346.851376][ T7675] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 346.851417][ T7675] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 7685] set_robust_list(0x55555d962760, 24) = 0 [pid 7685] chdir("./43") = 0 [pid 7685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7685] setpgid(0, 0) = 0 [pid 7685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7685] write(3, "1000", 4) = 4 [pid 7685] close(3) = 0 [pid 7685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7685] write(1, "executing program\n", 18executing program ) = 18 [ 346.851448][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.851476][ T7675] ? rcu_is_watching+0x15/0xb0 [ 346.851507][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.851535][ T7675] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 346.851566][ T7675] ? rcu_is_watching+0x15/0xb0 [ 346.851605][ T7675] xfs_alloc_cur_finish+0xd3/0x4b0 [ 346.851635][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.851665][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.851699][ T7675] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7685] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7685] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7686]}, 88) = 7686 [pid 7685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7685] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7686 attached [pid 7686] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7686] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7686] memfd_create("syzkaller", 0) = 3 [ 346.851755][ T7675] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 346.851785][ T7675] ? xfs_group_grab+0x28/0x480 [ 346.851821][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.851849][ T7675] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 346.851883][ T7675] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 346.851931][ T7675] xfs_alloc_vextent_start_ag+0x388/0x850 [ 346.851971][ T7675] xfs_bmapi_allocate+0x188e/0x2e00 [ 346.852036][ T7675] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 346.852069][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 346.852119][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.852147][ T7675] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 346.852171][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.852199][ T7675] ? xfs_iext_prev+0x35a/0x370 [ 346.852237][ T7675] ? xfs_iext_get_extent+0x1bb/0x370 [ 346.852268][ T7675] xfs_bmapi_write+0x7df/0x1260 [ 346.852333][ T7675] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 346.852412][ T7675] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 346.852453][ T7675] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 346.852483][ T7675] ? kasan_save_track+0x4f/0x80 [ 346.852509][ T7675] ? kasan_save_track+0x3e/0x80 [ 346.852534][ T7675] ? kasan_save_free_info+0x46/0x50 [ 346.852571][ T7675] ? kmem_cache_free+0x18f/0x400 [ 346.852600][ T7675] ? __xfs_trans_commit+0x3e0/0xbd0 [ 346.852625][ T7675] ? xfs_trans_roll+0x130/0x450 [ 346.852649][ T7675] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 346.852689][ T7675] xfs_attr_set_iter+0x2d4/0x4b70 [ 346.852723][ T7675] ? filename_setxattr+0x274/0x600 [ 346.852756][ T7675] ? path_setxattrat+0x364/0x3a0 [ 346.852778][ T7675] ? __x64_sys_lsetxattr+0xbf/0xe0 [pid 7673] exit_group(0) = ? [ 346.852829][ T7675] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 346.852886][ T7675] ? kasan_quarantine_put+0xdd/0x220 [ 346.852913][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.852942][ T7675] ? lockdep_hardirqs_on+0x9c/0x150 [ 346.852983][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853017][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853046][ T7675] ? kmem_cache_free+0x18f/0x400 [ 346.853074][ T7675] ? __xfs_trans_commit+0x3e0/0xbd0 [ 346.853106][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853134][ T7675] ? __xfs_trans_commit+0x4c7/0xbd0 [ 346.853177][ T7675] xfs_attr_finish_item+0xed/0x320 [ 346.853218][ T7675] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 346.853255][ T7675] xfs_defer_finish_one+0x5c8/0xcf0 [ 346.853314][ T7675] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 346.853368][ T7675] xfs_defer_finish_noroll+0x910/0x12d0 [ 346.853407][ T7675] ? xfs_trans_commit+0x10b/0x1c0 [ 346.853439][ T7675] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 346.853473][ T7675] ? inode_set_ctime_current+0x740/0xb40 [ 346.853521][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853549][ T7675] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 346.853589][ T7675] xfs_trans_commit+0x10b/0x1c0 [ 346.853615][ T7675] ? __pfx_xfs_trans_commit+0x10/0x10 [ 346.853648][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853676][ T7675] ? xfs_trans_log_inode+0x12c/0x1a0 [ 346.853716][ T7675] xfs_attr_set+0xdc6/0x1210 [ 346.853766][ T7675] ? __pfx_xfs_attr_set+0x10/0x10 [ 346.853801][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.853829][ T7675] ? __lock_acquire+0xab9/0xd20 [ 346.853866][ T7675] ? xfs_da_hashname+0x59d/0x740 [ 346.853898][ T7675] ? do_raw_spin_lock+0x121/0x290 [ 346.853941][ T7675] ? xfs_attr_change+0x2ac/0x390 [ 346.853975][ T7675] xfs_xattr_set+0x14d/0x250 [ 346.854006][ T7675] ? __pfx_xfs_xattr_set+0x10/0x10 [ 346.854050][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854078][ T7675] ? evm_protect_xattr+0x4d4/0xa90 [ 346.854105][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854133][ T7675] ? rcu_is_watching+0x15/0xb0 [ 346.854167][ T7675] ? __pfx_evm_protect_xattr+0x10/0x10 [ 346.854195][ T7675] ? __pfx_xfs_xattr_set+0x10/0x10 [ 346.854222][ T7675] __vfs_setxattr+0x43c/0x480 [ 346.854270][ T7675] __vfs_setxattr_noperm+0x12d/0x660 [ 346.854313][ T7675] vfs_setxattr+0x16b/0x2f0 [ 346.854358][ T7675] ? __pfx_vfs_setxattr+0x10/0x10 [ 346.854388][ T7675] ? mnt_get_write_access+0x223/0x2a0 [ 346.854418][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854454][ T7675] filename_setxattr+0x274/0x600 [ 346.854500][ T7675] ? __pfx_filename_setxattr+0x10/0x10 [ 346.854539][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854567][ T7675] ? getname_flags+0x1e5/0x540 [ 346.854608][ T7675] path_setxattrat+0x364/0x3a0 [ 346.854645][ T7675] ? __pfx_path_setxattrat+0x10/0x10 [ 346.854710][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854738][ T7675] ? rcu_is_watching+0x15/0xb0 [ 346.854774][ T7675] __x64_sys_lsetxattr+0xbf/0xe0 [ 346.854814][ T7675] do_syscall_64+0xfa/0x3b0 [ 346.854838][ T7675] ? lockdep_hardirqs_on+0x9c/0x150 [ 346.854876][ T7675] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7686] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [ 346.854899][ T7675] ? srso_alias_return_thunk+0x5/0xfbef5 [ 346.854927][ T7675] ? exc_page_fault+0x9f/0xf0 [ 346.854967][ T7675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.854991][ T7675] RIP: 0033:0x7f3cdbf794f9 [ 346.855013][ T7675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 346.855034][ T7675] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [pid 7686] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 346.855061][ T7675] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 346.855079][ T7675] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 346.855098][ T7675] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 346.855114][ T7675] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 346.855131][ T7675] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 346.855169][ T7675] [ 346.855180][ T7675] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 7686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7686] close(3) = 0 [pid 7686] close(4) = 0 [pid 7686] mkdir("./file1", 0777) = 0 [pid 7686] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7675] <... lsetxattr resumed>) = ? [pid 7675] +++ exited with 0 +++ [pid 7673] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7673, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=102 /* 1.02 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 347.504441][ T7686] loop0: detected capacity change from 0 to 32768 [ 347.513095][ T7675] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 347.560710][ T7675] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 347.564752][ T7686] XFS: noikeep mount option is deprecated. [pid 5874] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5874] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./44/file1") = 0 [pid 5874] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./44/binderfs") = 0 [ 347.595130][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 347.614093][ T7686] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./44") = 0 [pid 5874] mkdir("./45", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7686] <... mount resumed>) = 0 [pid 5874] ioctl(3, LOOP_CLR_FD [pid 7686] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5874] <... ioctl resumed>) = 0 [pid 7686] <... openat resumed>) = 3 [pid 5874] close(3 [pid 7686] chdir("./file1") = 0 [pid 7686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7685] <... futex resumed>) = 0 [pid 7686] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7685] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7686] <... openat resumed>) = 4 [ 347.673918][ T7686] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 347.695683][ T7686] XFS (loop0): Starting recovery (logdev: internal) [ 347.715202][ T7686] XFS (loop0): Ending recovery (logdev: internal) [pid 7686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7685] <... futex resumed>) = 0 [pid 7686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7685] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7686] <... futex resumed>) = 0 [pid 7685] <... futex resumed>) = 1 [pid 7686] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7686] <... pwritev2 resumed>) = 65007 [pid 7686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7685] <... futex resumed>) = 0 [pid 7685] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7686] <... futex resumed>) = 0 [pid 7685] <... futex resumed>) = 1 [pid 7686] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7686] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7686] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7685] <... futex resumed>) = 0 [pid 7686] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7685] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7686] <... futex resumed>) = 0 [pid 7685] <... futex resumed>) = 1 [pid 7686] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 347.768588][ T7686] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 347.782371][ T7686] XFS (loop0): Unmount and run xfs_repair [ 347.793107][ T7686] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 347.807511][ T7686] CPU: 0 UID: 0 PID: 7686 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 347.807546][ T7686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.807562][ T7686] Call Trace: [ 347.807573][ T7686] [ 347.807583][ T7686] dump_stack_lvl+0x189/0x250 [ 347.807621][ T7686] ? __pfx__xfs_alert_tag+0x10/0x10 [ 347.807658][ T7686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.807692][ T7686] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 347.807740][ T7686] xfs_corruption_error+0x122/0x170 [ 347.807780][ T7686] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 347.807815][ T7686] xfs_alloc_fixup_trees+0x95e/0xd20 [ 347.807845][ T7686] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 347.807886][ T7686] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 347.807917][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.807947][ T7686] ? rcu_is_watching+0x15/0xb0 [ 347.807977][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808005][ T7686] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 347.808036][ T7686] ? rcu_is_watching+0x15/0xb0 [pid 7685] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7695 [ 347.808075][ T7686] xfs_alloc_cur_finish+0xd3/0x4b0 [ 347.808113][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808143][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808176][ T7686] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 347.808233][ T7686] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 347.808262][ T7686] ? xfs_group_grab+0x28/0x480 [ 347.808298][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808326][ T7686] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 347.808359][ T7686] xfs_alloc_vextent_iterate_ags+0x640/0x940 ./strace-static-x86_64: Process 7695 attached [pid 7695] set_robust_list(0x55555d962760, 24) = 0 [ 347.808406][ T7686] xfs_alloc_vextent_start_ag+0x388/0x850 [ 347.808445][ T7686] xfs_bmapi_allocate+0x188e/0x2e00 [ 347.808509][ T7686] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 347.808542][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808592][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808620][ T7686] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 347.808644][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.808671][ T7686] ? xfs_iext_prev+0x35a/0x370 [ 347.808710][ T7686] ? xfs_iext_get_extent+0x1bb/0x370 [pid 7695] chdir("./45") = 0 [pid 7695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7695] setpgid(0, 0) = 0 [pid 7695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7695] write(3, "1000", 4) = 4 [pid 7695] close(3) = 0 [pid 7695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7695] write(1, "executing program\n", 18executing program ) = 18 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7695] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7695] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [ 347.808741][ T7686] xfs_bmapi_write+0x7df/0x1260 [ 347.808806][ T7686] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 347.808884][ T7686] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 347.808926][ T7686] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 347.808956][ T7686] ? kasan_save_track+0x4f/0x80 [ 347.808982][ T7686] ? kasan_save_track+0x3e/0x80 [ 347.809006][ T7686] ? kasan_save_free_info+0x46/0x50 [ 347.809043][ T7686] ? kmem_cache_free+0x18f/0x400 [ 347.809071][ T7686] ? __xfs_trans_commit+0x3e0/0xbd0 [ 347.809101][ T7686] ? xfs_trans_roll+0x130/0x450 [pid 7695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7696 attached => {parent_tid=[7696]}, 88) = 7696 [pid 7696] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7696] <... rseq resumed>) = 0 [pid 7695] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7696] set_robust_list(0x7f3cdbf259a0, 24 [pid 7695] <... futex resumed>) = 0 [pid 7696] <... set_robust_list resumed>) = 0 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7696] memfd_create("syzkaller", 0) = 3 [pid 7696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 347.809124][ T7686] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 347.809163][ T7686] xfs_attr_set_iter+0x2d4/0x4b70 [ 347.809197][ T7686] ? filename_setxattr+0x274/0x600 [ 347.809231][ T7686] ? path_setxattrat+0x364/0x3a0 [ 347.809259][ T7686] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 347.809310][ T7686] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 347.809365][ T7686] ? kasan_quarantine_put+0xdd/0x220 [ 347.809391][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.809419][ T7686] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.809461][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.809495][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.809527][ T7686] ? kmem_cache_free+0x18f/0x400 [ 347.809556][ T7686] ? __xfs_trans_commit+0x3e0/0xbd0 [ 347.809588][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.809616][ T7686] ? __xfs_trans_commit+0x4c7/0xbd0 [ 347.809660][ T7686] xfs_attr_finish_item+0xed/0x320 [ 347.809699][ T7686] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 347.809736][ T7686] xfs_defer_finish_one+0x5c8/0xcf0 [ 347.809795][ T7686] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 347.809844][ T7686] xfs_defer_finish_noroll+0x910/0x12d0 [ 347.809883][ T7686] ? xfs_trans_commit+0x10b/0x1c0 [ 347.809915][ T7686] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 347.809948][ T7686] ? inode_set_ctime_current+0x740/0xb40 [ 347.809995][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810022][ T7686] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 347.810062][ T7686] xfs_trans_commit+0x10b/0x1c0 [ 347.810096][ T7686] ? __pfx_xfs_trans_commit+0x10/0x10 [ 347.810129][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810157][ T7686] ? xfs_trans_log_inode+0x12c/0x1a0 [ 347.810197][ T7686] xfs_attr_set+0xdc6/0x1210 [ 347.810245][ T7686] ? __pfx_xfs_attr_set+0x10/0x10 [ 347.810279][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810307][ T7686] ? __lock_acquire+0xab9/0xd20 [ 347.810343][ T7686] ? xfs_da_hashname+0x59d/0x740 [ 347.810375][ T7686] ? do_raw_spin_lock+0x121/0x290 [ 347.810419][ T7686] ? xfs_attr_change+0x2ac/0x390 [ 347.810453][ T7686] xfs_xattr_set+0x14d/0x250 [ 347.810486][ T7686] ? __pfx_xfs_xattr_set+0x10/0x10 [pid 7696] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7685] exit_group(0) = ? [ 347.810531][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810559][ T7686] ? evm_protect_xattr+0x4d4/0xa90 [ 347.810586][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810613][ T7686] ? rcu_is_watching+0x15/0xb0 [ 347.810647][ T7686] ? __pfx_evm_protect_xattr+0x10/0x10 [ 347.810675][ T7686] ? __pfx_xfs_xattr_set+0x10/0x10 [ 347.810702][ T7686] __vfs_setxattr+0x43c/0x480 [ 347.810751][ T7686] __vfs_setxattr_noperm+0x12d/0x660 [ 347.810794][ T7686] vfs_setxattr+0x16b/0x2f0 [ 347.810835][ T7686] ? __pfx_vfs_setxattr+0x10/0x10 [ 347.810865][ T7686] ? mnt_get_write_access+0x223/0x2a0 [ 347.810895][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.810929][ T7686] filename_setxattr+0x274/0x600 [ 347.810975][ T7686] ? __pfx_filename_setxattr+0x10/0x10 [ 347.811013][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.811041][ T7686] ? getname_flags+0x1e5/0x540 [ 347.811081][ T7686] path_setxattrat+0x364/0x3a0 [ 347.811123][ T7686] ? __pfx_path_setxattrat+0x10/0x10 [ 347.811189][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.811217][ T7686] ? rcu_is_watching+0x15/0xb0 [ 347.811253][ T7686] __x64_sys_lsetxattr+0xbf/0xe0 [ 347.811294][ T7686] do_syscall_64+0xfa/0x3b0 [ 347.811318][ T7686] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.811356][ T7686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.811379][ T7686] ? srso_alias_return_thunk+0x5/0xfbef5 [ 347.811406][ T7686] ? exc_page_fault+0x9f/0xf0 [ 347.811445][ T7686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.811470][ T7686] RIP: 0033:0x7f3cdbf794f9 [ 347.811492][ T7686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 347.811513][ T7686] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 347.811539][ T7686] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 347.811557][ T7686] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 347.811576][ T7686] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [pid 7696] <... write resumed>) = 16777216 [pid 7696] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7696] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 347.811592][ T7686] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 347.811608][ T7686] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 347.811647][ T7686] [ 347.811658][ T7686] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 348.498382][ T7686] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [pid 7696] ioctl(4, LOOP_SET_FD, 3 [pid 7686] <... lsetxattr resumed>) = ? [pid 7696] <... ioctl resumed>) = 0 [pid 7686] +++ exited with 0 +++ [pid 7685] +++ exited with 0 +++ [pid 7696] close(3) = 0 [pid 7696] close(4) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7685, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=106 /* 1.06 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7696] mkdir("./file1", 0777 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7696] <... mkdir resumed>) = 0 [ 348.514454][ T7686] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 348.523240][ T7696] loop3: detected capacity change from 0 to 32768 [pid 7696] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5871] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 348.566350][ T7696] XFS: noikeep mount option is deprecated. [ 348.573787][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5871] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./43/file1") = 0 [pid 5871] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./43/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [ 348.630840][ T7696] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 348.666224][ T7696] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 5871] rmdir("./43") = 0 [pid 5871] mkdir("./44", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7696] <... mount resumed>) = 0 [pid 7696] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7696] chdir("./file1") = 0 [pid 7696] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7696] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7696] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7695] <... futex resumed>) = 0 [pid 7695] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7696] <... futex resumed>) = 0 [pid 7695] <... futex resumed>) = 1 [pid 7696] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7696] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 348.687129][ T7696] XFS (loop3): Starting recovery (logdev: internal) [ 348.705782][ T7696] XFS (loop3): Ending recovery (logdev: internal) [pid 7695] <... futex resumed>) = 0 [pid 7696] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7695] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7696] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7695] <... futex resumed>) = 0 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7696] <... pwritev2 resumed>) = 65007 [pid 7696] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7695] <... futex resumed>) = 0 [pid 7696] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7695] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7695] <... futex resumed>) = 0 [pid 7696] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7696] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7696] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7695] <... futex resumed>) = 0 [pid 7696] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7695] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7695] <... futex resumed>) = 0 [pid 7696] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 348.761732][ T7696] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 348.774751][ T7696] XFS (loop3): Unmount and run xfs_repair [ 348.801563][ T7696] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 348.815297][ T7696] CPU: 1 UID: 0 PID: 7696 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 348.815330][ T7696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 348.815346][ T7696] Call Trace: [ 348.815355][ T7696] [ 348.815366][ T7696] dump_stack_lvl+0x189/0x250 [ 348.815401][ T7696] ? __pfx__xfs_alert_tag+0x10/0x10 [pid 7695] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... close resumed>) = 0 [ 348.815438][ T7696] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.815473][ T7696] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 348.815520][ T7696] xfs_corruption_error+0x122/0x170 [ 348.815558][ T7696] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 348.815592][ T7696] xfs_alloc_fixup_trees+0x95e/0xd20 [ 348.815621][ T7696] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 348.815662][ T7696] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 348.815692][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.815721][ T7696] ? rcu_is_watching+0x15/0xb0 [ 348.815752][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.815781][ T7696] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 348.815813][ T7696] ? rcu_is_watching+0x15/0xb0 [ 348.815852][ T7696] xfs_alloc_cur_finish+0xd3/0x4b0 [ 348.815882][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.815912][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.815946][ T7696] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 348.816003][ T7696] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 348.816032][ T7696] ? xfs_group_grab+0x28/0x480 [ 348.816068][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.816101][ T7696] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 348.816135][ T7696] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 348.816182][ T7696] xfs_alloc_vextent_start_ag+0x388/0x850 [ 348.816220][ T7696] xfs_bmapi_allocate+0x188e/0x2e00 [ 348.816284][ T7696] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 348.816317][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.816367][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.816395][ T7696] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 348.816418][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.816446][ T7696] ? xfs_iext_prev+0x35a/0x370 [ 348.816485][ T7696] ? xfs_iext_get_extent+0x1bb/0x370 [ 348.816516][ T7696] xfs_bmapi_write+0x7df/0x1260 [ 348.816575][ T7696] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 348.816654][ T7696] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 348.816695][ T7696] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 348.816726][ T7696] ? kasan_save_track+0x4f/0x80 [ 348.816757][ T7696] ? kasan_save_track+0x3e/0x80 [ 348.816781][ T7696] ? kasan_save_free_info+0x46/0x50 [ 348.816818][ T7696] ? kmem_cache_free+0x18f/0x400 [ 348.816847][ T7696] ? __xfs_trans_commit+0x3e0/0xbd0 [ 348.816872][ T7696] ? xfs_trans_roll+0x130/0x450 [ 348.816896][ T7696] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 348.816935][ T7696] xfs_attr_set_iter+0x2d4/0x4b70 [ 348.816970][ T7696] ? filename_setxattr+0x274/0x600 [ 348.817003][ T7696] ? path_setxattrat+0x364/0x3a0 [ 348.817024][ T7696] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 348.817076][ T7696] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 348.817139][ T7696] ? kasan_quarantine_put+0xdd/0x220 [ 348.817166][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817194][ T7696] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.817234][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817267][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817295][ T7696] ? kmem_cache_free+0x18f/0x400 [ 348.817323][ T7696] ? __xfs_trans_commit+0x3e0/0xbd0 [ 348.817354][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817381][ T7696] ? __xfs_trans_commit+0x4c7/0xbd0 [ 348.817424][ T7696] xfs_attr_finish_item+0xed/0x320 [ 348.817463][ T7696] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 348.817501][ T7696] xfs_defer_finish_one+0x5c8/0xcf0 [ 348.817560][ T7696] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 348.817608][ T7696] xfs_defer_finish_noroll+0x910/0x12d0 [ 348.817647][ T7696] ? xfs_trans_commit+0x10b/0x1c0 [ 348.817680][ T7696] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 348.817713][ T7696] ? inode_set_ctime_current+0x740/0xb40 [ 348.817761][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817789][ T7696] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 348.817829][ T7696] xfs_trans_commit+0x10b/0x1c0 [ 348.817855][ T7696] ? __pfx_xfs_trans_commit+0x10/0x10 [ 348.817887][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.817914][ T7696] ? xfs_trans_log_inode+0x12c/0x1a0 [ 348.817955][ T7696] xfs_attr_set+0xdc6/0x1210 [ 348.818002][ T7696] ? __pfx_xfs_attr_set+0x10/0x10 [ 348.818036][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818064][ T7696] ? __lock_acquire+0xab9/0xd20 [ 348.818108][ T7696] ? xfs_da_hashname+0x59d/0x740 [ 348.818140][ T7696] ? do_raw_spin_lock+0x121/0x290 [ 348.818182][ T7696] ? xfs_attr_change+0x2ac/0x390 [ 348.818217][ T7696] xfs_xattr_set+0x14d/0x250 [ 348.818248][ T7696] ? __pfx_xfs_xattr_set+0x10/0x10 [ 348.818292][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818320][ T7696] ? evm_protect_xattr+0x4d4/0xa90 [ 348.818347][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818375][ T7696] ? rcu_is_watching+0x15/0xb0 [ 348.818409][ T7696] ? __pfx_evm_protect_xattr+0x10/0x10 [ 348.818437][ T7696] ? __pfx_xfs_xattr_set+0x10/0x10 [ 348.818465][ T7696] __vfs_setxattr+0x43c/0x480 [ 348.818513][ T7696] __vfs_setxattr_noperm+0x12d/0x660 [ 348.818556][ T7696] vfs_setxattr+0x16b/0x2f0 [ 348.818597][ T7696] ? __pfx_vfs_setxattr+0x10/0x10 [ 348.818627][ T7696] ? mnt_get_write_access+0x223/0x2a0 [ 348.818656][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818690][ T7696] filename_setxattr+0x274/0x600 [ 348.818736][ T7696] ? __pfx_filename_setxattr+0x10/0x10 [ 348.818778][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818806][ T7696] ? getname_flags+0x1e5/0x540 [ 348.818847][ T7696] path_setxattrat+0x364/0x3a0 [ 348.818882][ T7696] ? __pfx_path_setxattrat+0x10/0x10 [ 348.818946][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.818974][ T7696] ? rcu_is_watching+0x15/0xb0 [ 348.819010][ T7696] __x64_sys_lsetxattr+0xbf/0xe0 [ 348.819050][ T7696] do_syscall_64+0xfa/0x3b0 [ 348.819073][ T7696] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.819116][ T7696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.819139][ T7696] ? srso_alias_return_thunk+0x5/0xfbef5 [ 348.819168][ T7696] ? exc_page_fault+0x9f/0xf0 [ 348.819207][ T7696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.819232][ T7696] RIP: 0033:0x7f3cdbf794f9 [ 348.819254][ T7696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 348.819275][ T7696] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 348.819301][ T7696] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 348.819320][ T7696] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7705 attached [pid 7695] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7705] set_robust_list(0x55555d962760, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7705 [pid 7705] <... set_robust_list resumed>) = 0 [ 348.819338][ T7696] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 348.819354][ T7696] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 348.819371][ T7696] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 348.819409][ T7696] [ 349.489174][ T7696] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 7705] chdir("./44") = 0 [pid 7705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7705] setpgid(0, 0) = 0 [pid 7705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7705] write(3, "1000", 4) = 4 [pid 7705] close(3) = 0 [pid 7705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7705] write(1, "executing program\n", 18executing program ) = 18 [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7705] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7705] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7706]}, 88) = 7706 [pid 7705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7705] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7706 attached [pid 7706] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7706] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7706] memfd_create("syzkaller", 0) = 3 [pid 7706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7696] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7696] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7696] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7695] exit_group(0 [pid 7696] <... futex resumed>) = ? [pid 7695] <... exit_group resumed>) = ? [pid 7696] +++ exited with 0 +++ [pid 7695] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7695, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- [ 349.500309][ T7696] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 349.527693][ T7696] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 349.551297][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5874] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5874] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./45/file1") = 0 [pid 5874] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./45/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./45") = 0 [pid 5874] mkdir("./46", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7706] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... close resumed>) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7707 attached [pid 7707] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7707 [pid 7707] <... set_robust_list resumed>) = 0 [pid 7707] chdir("./46") = 0 [pid 7707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7707] setpgid(0, 0) = 0 [pid 7707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7707] write(3, "1000", 4) = 4 [pid 7707] close(3) = 0 executing program [pid 7707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7707] write(1, "executing program\n", 18) = 18 [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7707] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7707] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7708 attached [pid 7708] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7707] <... clone3 resumed> => {parent_tid=[7708]}, 88) = 7708 [pid 7708] <... rseq resumed>) = 0 [pid 7707] rt_sigprocmask(SIG_SETMASK, [], [pid 7708] set_robust_list(0x7f3cdbf259a0, 24 [pid 7707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7708] <... set_robust_list resumed>) = 0 [pid 7707] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] rt_sigprocmask(SIG_SETMASK, [], [pid 7707] <... futex resumed>) = 0 [pid 7708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7708] memfd_create("syzkaller", 0) = 3 [pid 7708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7706] <... write resumed>) = 16777216 [pid 7708] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7706] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 349.890782][ T7706] loop0: detected capacity change from 0 to 32768 [pid 7706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7706] close(3) = 0 [pid 7706] close(4) = 0 [pid 7706] mkdir("./file1", 0777) = 0 [pid 7706] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7708] <... write resumed>) = 16777216 [ 349.963273][ T7706] XFS: noikeep mount option is deprecated. [pid 7708] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7708] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] kill(-7659, SIGKILL) = 0 [pid 5873] kill(7659, SIGKILL) = 0 [ 350.015586][ T7706] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 350.036667][ T7708] loop3: detected capacity change from 0 to 32768 [ 350.045273][ T7706] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [pid 7708] close(3) = 0 [pid 7708] close(4) = 0 [pid 7708] mkdir("./file1", 0777) = 0 [pid 7708] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7706] <... mount resumed>) = 0 [pid 7706] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7706] chdir("./file1") = 0 [pid 7706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7706] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7706] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7705] <... futex resumed>) = 0 [pid 7705] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7706] <... futex resumed>) = 0 [pid 7705] <... futex resumed>) = 1 [pid 7706] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7706] <... openat resumed>) = 4 [pid 7706] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7705] <... futex resumed>) = 0 [pid 7706] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7705] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7705] <... futex resumed>) = 0 [pid 7706] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7706] <... pwritev2 resumed>) = 65007 [ 350.062509][ T7708] XFS: noikeep mount option is deprecated. [ 350.063928][ T7706] XFS (loop0): Starting recovery (logdev: internal) [ 350.088718][ T7706] XFS (loop0): Ending recovery (logdev: internal) [ 350.090809][ T7708] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7706] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7705] <... futex resumed>) = 0 [pid 7706] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7705] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7706] <... futex resumed>) = 0 [pid 7705] <... futex resumed>) = 1 [pid 7706] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7706] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7706] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7705] <... futex resumed>) = 0 [pid 7706] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7705] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7706] <... futex resumed>) = 0 [pid 7705] <... futex resumed>) = 1 [pid 7706] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 350.124842][ T7706] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 350.136403][ T7706] XFS (loop0): Unmount and run xfs_repair [ 350.141703][ T7708] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 350.160153][ T7706] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 350.173363][ T7706] CPU: 1 UID: 0 PID: 7706 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 350.173398][ T7706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.173412][ T7706] Call Trace: [ 350.173422][ T7706] [ 350.173433][ T7706] dump_stack_lvl+0x189/0x250 [ 350.173469][ T7706] ? __pfx__xfs_alert_tag+0x10/0x10 [ 350.173508][ T7706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.173543][ T7706] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 350.173591][ T7706] xfs_corruption_error+0x122/0x170 [ 350.173630][ T7706] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 350.173665][ T7706] xfs_alloc_fixup_trees+0x95e/0xd20 [ 350.173696][ T7706] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 350.173737][ T7706] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 350.173768][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.173798][ T7706] ? rcu_is_watching+0x15/0xb0 [ 350.173827][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.173855][ T7706] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 350.173887][ T7706] ? rcu_is_watching+0x15/0xb0 [ 350.173927][ T7706] xfs_alloc_cur_finish+0xd3/0x4b0 [ 350.173957][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.173987][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.174022][ T7706] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 350.174079][ T7706] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 350.174109][ T7706] ? xfs_group_grab+0x28/0x480 [ 350.174146][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.174174][ T7706] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 350.174209][ T7706] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 350.174258][ T7706] xfs_alloc_vextent_start_ag+0x388/0x850 [ 350.174299][ T7706] xfs_bmapi_allocate+0x188e/0x2e00 [ 350.174372][ T7706] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 350.174406][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.174458][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.174487][ T7706] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 350.174511][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.174539][ T7706] ? xfs_iext_prev+0x35a/0x370 [ 350.174578][ T7706] ? xfs_iext_get_extent+0x1bb/0x370 [ 350.174610][ T7706] xfs_bmapi_write+0x7df/0x1260 [ 350.174669][ T7706] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 350.174748][ T7706] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 350.174790][ T7706] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 350.174820][ T7706] ? kasan_save_track+0x4f/0x80 [ 350.174846][ T7706] ? kasan_save_track+0x3e/0x80 [ 350.174871][ T7706] ? kasan_save_free_info+0x46/0x50 [ 350.174908][ T7706] ? kmem_cache_free+0x18f/0x400 [ 350.174937][ T7706] ? __xfs_trans_commit+0x3e0/0xbd0 [ 350.174962][ T7706] ? xfs_trans_roll+0x130/0x450 [ 350.174986][ T7706] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 350.175026][ T7706] xfs_attr_set_iter+0x2d4/0x4b70 [ 350.175062][ T7706] ? filename_setxattr+0x274/0x600 [ 350.175095][ T7706] ? path_setxattrat+0x364/0x3a0 [ 350.175117][ T7706] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 350.175169][ T7706] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 350.175226][ T7706] ? kasan_quarantine_put+0xdd/0x220 [ 350.175252][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.175281][ T7706] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.175322][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.175361][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.175390][ T7706] ? kmem_cache_free+0x18f/0x400 [ 350.175418][ T7706] ? __xfs_trans_commit+0x3e0/0xbd0 [ 350.175450][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.175478][ T7706] ? __xfs_trans_commit+0x4c7/0xbd0 [ 350.175521][ T7706] xfs_attr_finish_item+0xed/0x320 [ 350.175561][ T7706] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 350.175599][ T7706] xfs_defer_finish_one+0x5c8/0xcf0 [ 350.175659][ T7706] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 350.175710][ T7706] xfs_defer_finish_noroll+0x910/0x12d0 [ 350.175751][ T7706] ? xfs_trans_commit+0x10b/0x1c0 [ 350.175784][ T7706] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 350.175818][ T7706] ? inode_set_ctime_current+0x740/0xb40 [ 350.175867][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.175896][ T7706] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 350.175937][ T7706] xfs_trans_commit+0x10b/0x1c0 [ 350.175964][ T7706] ? __pfx_xfs_trans_commit+0x10/0x10 [ 350.175997][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176026][ T7706] ? xfs_trans_log_inode+0x12c/0x1a0 [ 350.176067][ T7706] xfs_attr_set+0xdc6/0x1210 [ 350.176116][ T7706] ? __pfx_xfs_attr_set+0x10/0x10 [ 350.176151][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176179][ T7706] ? __lock_acquire+0xab9/0xd20 [ 350.176216][ T7706] ? xfs_da_hashname+0x59d/0x740 [ 350.176248][ T7706] ? do_raw_spin_lock+0x121/0x290 [ 350.176291][ T7706] ? xfs_attr_change+0x2ac/0x390 [ 350.176325][ T7706] xfs_xattr_set+0x14d/0x250 [ 350.176367][ T7706] ? __pfx_xfs_xattr_set+0x10/0x10 [ 350.176412][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176440][ T7706] ? evm_protect_xattr+0x4d4/0xa90 [ 350.176468][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176496][ T7706] ? rcu_is_watching+0x15/0xb0 [ 350.176531][ T7706] ? __pfx_evm_protect_xattr+0x10/0x10 [ 350.176559][ T7706] ? __pfx_xfs_xattr_set+0x10/0x10 [ 350.176586][ T7706] __vfs_setxattr+0x43c/0x480 [ 350.176636][ T7706] __vfs_setxattr_noperm+0x12d/0x660 [ 350.176680][ T7706] vfs_setxattr+0x16b/0x2f0 [ 350.176722][ T7706] ? __pfx_vfs_setxattr+0x10/0x10 [ 350.176758][ T7706] ? mnt_get_write_access+0x223/0x2a0 [ 350.176788][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176822][ T7706] filename_setxattr+0x274/0x600 [ 350.176868][ T7706] ? __pfx_filename_setxattr+0x10/0x10 [ 350.176906][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.176934][ T7706] ? getname_flags+0x1e5/0x540 [ 350.176975][ T7706] path_setxattrat+0x364/0x3a0 [ 350.177011][ T7706] ? __pfx_path_setxattrat+0x10/0x10 [ 350.177087][ T7706] __x64_sys_lsetxattr+0xbf/0xe0 [ 350.177127][ T7706] do_syscall_64+0xfa/0x3b0 [ 350.177151][ T7706] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.177190][ T7706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.177214][ T7706] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.177242][ T7706] ? exc_page_fault+0x9f/0xf0 [ 350.177280][ T7706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.177303][ T7706] RIP: 0033:0x7f3cdbf794f9 [ 350.177324][ T7706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 350.177346][ T7706] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 350.177378][ T7706] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 350.177397][ T7706] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 350.177415][ T7706] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 350.177432][ T7706] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 7705] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 350.177449][ T7706] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 350.177487][ T7706] [pid 7708] <... mount resumed>) = 0 [pid 7708] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7708] chdir("./file1") = 0 [pid 7708] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7707] <... futex resumed>) = 0 [pid 7708] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7707] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7707] <... futex resumed>) = 0 [pid 7708] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7708] <... openat resumed>) = 4 [pid 7708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7707] <... futex resumed>) = 0 [pid 7708] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7707] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7707] <... futex resumed>) = 0 [pid 7708] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7706] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7706] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7706] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7705] exit_group(0 [pid 7708] <... pwritev2 resumed>) = 65007 [pid 7708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7706] <... futex resumed>) = ? [pid 7705] <... exit_group resumed>) = ? [pid 7708] <... futex resumed>) = 1 [pid 7707] <... futex resumed>) = 0 [pid 7706] +++ exited with 0 +++ [pid 7708] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7707] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7708] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [ 350.857251][ T7706] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 350.868960][ T7708] XFS (loop3): Starting recovery (logdev: internal) [ 350.872212][ T7706] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 350.887411][ T7708] XFS (loop3): Ending recovery (logdev: internal) [ 350.894610][ T7706] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [pid 7705] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7705, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7708] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7707] <... futex resumed>) = 0 [pid 5871] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7708] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] getdents64(3, [pid 7708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7707] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7707] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 350.927809][ T7708] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 350.939412][ T7708] XFS (loop3): Unmount and run xfs_repair [ 350.950759][ T7708] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 350.951865][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7707] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./44/file1") = 0 [pid 5871] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./44/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./44") = 0 [ 350.963998][ T7708] CPU: 0 UID: 0 PID: 7708 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 350.964035][ T7708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 350.964052][ T7708] Call Trace: [ 350.964062][ T7708] [ 350.964073][ T7708] dump_stack_lvl+0x189/0x250 [ 350.964118][ T7708] ? __pfx__xfs_alert_tag+0x10/0x10 [ 350.964158][ T7708] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.964196][ T7708] ? __pfx_xfs_btree_lookup+0x10/0x10 [pid 5871] mkdir("./45", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 350.964248][ T7708] xfs_corruption_error+0x122/0x170 [ 350.964291][ T7708] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 350.964329][ T7708] xfs_alloc_fixup_trees+0x95e/0xd20 [ 350.964359][ T7708] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 350.964404][ T7708] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 350.964438][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.964465][ T7708] ? rcu_is_watching+0x15/0xb0 [ 350.964494][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.964522][ T7708] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 350.964553][ T7708] ? rcu_is_watching+0x15/0xb0 [ 350.964592][ T7708] xfs_alloc_cur_finish+0xd3/0x4b0 [ 350.964621][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.964650][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.964684][ T7708] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 350.964741][ T7708] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 350.964770][ T7708] ? xfs_group_grab+0x28/0x480 [ 350.964806][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.964833][ T7708] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [pid 5871] close(3 [pid 7707] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [ 350.964867][ T7708] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 350.964914][ T7708] xfs_alloc_vextent_start_ag+0x388/0x850 [ 350.964953][ T7708] xfs_bmapi_allocate+0x188e/0x2e00 [ 350.965016][ T7708] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 350.965048][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.965104][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.965131][ T7708] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 350.965155][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.965182][ T7708] ? xfs_iext_prev+0x35a/0x370 [pid 5873] getdents64(3, 0x55555d9637f0 /* 2 entries */, 32768) = 48 [pid 5873] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5873] close(3) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7725 [ 350.965220][ T7708] ? xfs_iext_get_extent+0x1bb/0x370 [ 350.965250][ T7708] xfs_bmapi_write+0x7df/0x1260 [ 350.965308][ T7708] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 350.965386][ T7708] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 350.965426][ T7708] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 350.965457][ T7708] ? kasan_save_track+0x4f/0x80 [ 350.965482][ T7708] ? kasan_save_track+0x3e/0x80 [ 350.965507][ T7708] ? kasan_save_free_info+0x46/0x50 [ 350.965543][ T7708] ? kmem_cache_free+0x18f/0x400 [ 350.965571][ T7708] ? __xfs_trans_commit+0x3e0/0xbd0 ./strace-static-x86_64: Process 7725 attached [pid 7725] set_robust_list(0x55555d962760, 24) = 0 [pid 7725] chdir("./45") = 0 [pid 7725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7725] setpgid(0, 0) = 0 [pid 7725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7725] write(3, "1000", 4) = 4 [ 350.965596][ T7708] ? xfs_trans_roll+0x130/0x450 [ 350.965619][ T7708] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 350.965659][ T7708] xfs_attr_set_iter+0x2d4/0x4b70 [ 350.965692][ T7708] ? filename_setxattr+0x274/0x600 [ 350.965725][ T7708] ? path_setxattrat+0x364/0x3a0 [ 350.965746][ T7708] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 350.965797][ T7708] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 350.965852][ T7708] ? kasan_quarantine_put+0xdd/0x220 [ 350.965878][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.965905][ T7708] ? lockdep_hardirqs_on+0x9c/0x150 [pid 7725] close(3) = 0 [pid 7725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7725] write(1, "executing program\n", 18executing program ) = 18 [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7725] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7725] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7725] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7725] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7726]}, 88) = 7726 [pid 7725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7725] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7726 attached [pid 7726] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7726] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7726] memfd_create("syzkaller", 0) = 3 [pid 7726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 350.965945][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.965979][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.966006][ T7708] ? kmem_cache_free+0x18f/0x400 [ 350.966034][ T7708] ? __xfs_trans_commit+0x3e0/0xbd0 [ 350.966065][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.966099][ T7708] ? __xfs_trans_commit+0x4c7/0xbd0 [ 350.966142][ T7708] xfs_attr_finish_item+0xed/0x320 [ 350.966182][ T7708] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 350.966218][ T7708] xfs_defer_finish_one+0x5c8/0xcf0 [ 350.966277][ T7708] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 350.966326][ T7708] xfs_defer_finish_noroll+0x910/0x12d0 [ 350.966364][ T7708] ? xfs_trans_commit+0x10b/0x1c0 [ 350.966396][ T7708] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 350.966428][ T7708] ? inode_set_ctime_current+0x740/0xb40 [ 350.966475][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.966502][ T7708] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 350.966541][ T7708] xfs_trans_commit+0x10b/0x1c0 [ 350.966567][ T7708] ? __pfx_xfs_trans_commit+0x10/0x10 [ 350.966599][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.966627][ T7708] ? xfs_trans_log_inode+0x12c/0x1a0 [ 350.966666][ T7708] xfs_attr_set+0xdc6/0x1210 [ 350.966714][ T7708] ? __pfx_xfs_attr_set+0x10/0x10 [ 350.966751][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.966778][ T7708] ? __lock_acquire+0xab9/0xd20 [ 350.966814][ T7708] ? xfs_da_hashname+0x59d/0x740 [ 350.966846][ T7708] ? do_raw_spin_lock+0x121/0x290 [ 350.966888][ T7708] ? xfs_attr_change+0x2ac/0x390 [ 350.966922][ T7708] xfs_xattr_set+0x14d/0x250 [ 350.966953][ T7708] ? __pfx_xfs_xattr_set+0x10/0x10 [ 350.966996][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967023][ T7708] ? evm_protect_xattr+0x4d4/0xa90 [ 350.967049][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967076][ T7708] ? rcu_is_watching+0x15/0xb0 [ 350.967115][ T7708] ? __pfx_evm_protect_xattr+0x10/0x10 [ 350.967142][ T7708] ? __pfx_xfs_xattr_set+0x10/0x10 [ 350.967169][ T7708] __vfs_setxattr+0x43c/0x480 [ 350.967217][ T7708] __vfs_setxattr_noperm+0x12d/0x660 [ 350.967259][ T7708] vfs_setxattr+0x16b/0x2f0 [ 350.967300][ T7708] ? __pfx_vfs_setxattr+0x10/0x10 [ 350.967330][ T7708] ? mnt_get_write_access+0x223/0x2a0 [ 350.967359][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967392][ T7708] filename_setxattr+0x274/0x600 [ 350.967438][ T7708] ? __pfx_filename_setxattr+0x10/0x10 [ 350.967476][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967503][ T7708] ? getname_flags+0x1e5/0x540 [ 350.967543][ T7708] path_setxattrat+0x364/0x3a0 [ 350.967579][ T7708] ? __pfx_path_setxattrat+0x10/0x10 [ 350.967644][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967670][ T7708] ? rcu_is_watching+0x15/0xb0 [ 350.967706][ T7708] __x64_sys_lsetxattr+0xbf/0xe0 [ 350.967745][ T7708] do_syscall_64+0xfa/0x3b0 [ 350.967769][ T7708] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.967806][ T7708] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.967829][ T7708] ? srso_alias_return_thunk+0x5/0xfbef5 [ 350.967856][ T7708] ? exc_page_fault+0x9f/0xf0 [ 350.967895][ T7708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.967919][ T7708] RIP: 0033:0x7f3cdbf794f9 [ 350.967941][ T7708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 350.967963][ T7708] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 350.967990][ T7708] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 350.968008][ T7708] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 350.968026][ T7708] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 350.968042][ T7708] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 350.968058][ T7708] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 350.968104][ T7708] [ 350.968754][ T7708] XFS (loop3): Corruption detected. Unmount and run xfs_repair [pid 7726] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7708] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7708] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7708] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7707] exit_group(0 [pid 7708] <... futex resumed>) = ? [pid 7707] <... exit_group resumed>) = ? [pid 7708] +++ exited with 0 +++ [pid 7707] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7707, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=106 /* 1.06 s */} --- [pid 7726] <... write resumed>) = 16777216 [pid 7726] munmap(0x7f3cd3a00000, 138412032) = 0 [ 351.659516][ T7708] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 351.682908][ T7708] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 7726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7726] ioctl(4, LOOP_SET_FD, 3 [pid 5874] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", [pid 7726] <... ioctl resumed>) = 0 [pid 7726] close(3 [pid 5874] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7726] <... close resumed>) = 0 [pid 5874] getdents64(3, [pid 7726] close(4) = 0 [pid 7726] mkdir("./file1", 0777 [pid 5874] <... getdents64 resumed>0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5874] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7726] <... mkdir resumed>) = 0 [ 351.745113][ T7726] loop0: detected capacity change from 0 to 32768 [ 351.766931][ T7726] XFS: noikeep mount option is deprecated. [ 351.769487][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 7726] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 5874] <... umount2 resumed>) = 0 [pid 5874] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./46/file1") = 0 [pid 5874] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 351.812045][ T7726] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./46/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./46") = 0 [pid 5874] mkdir("./47", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 351.861176][ T7726] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 351.895713][ T7726] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] close(3 [pid 7726] <... mount resumed>) = 0 [pid 7726] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7726] chdir("./file1") = 0 [pid 7726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 351.948459][ T7726] XFS (loop0): Ending recovery (logdev: internal) [pid 7726] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... close resumed>) = 0 [pid 7726] <... futex resumed>) = 1 [pid 7726] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7725] <... futex resumed>) = 0 [pid 7725] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7726] <... futex resumed>) = 0 [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7735 attached [pid 7726] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7735] set_robust_list(0x55555d962760, 24 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7735 [pid 7735] <... set_robust_list resumed>) = 0 [pid 7735] chdir("./47") = 0 [pid 7726] <... openat resumed>) = 4 [pid 7735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7735] setpgid(0, 0) = 0 [pid 7726] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7725] <... futex resumed>) = 0 [pid 7726] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7725] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7726] <... futex resumed>) = 0 [pid 7725] <... futex resumed>) = 1 [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7726] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7735] write(3, "1000", 4) = 4 [pid 7726] <... pwritev2 resumed>) = 65007 [pid 7735] close(3) = 0 [pid 7735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7726] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7735] write(1, "executing program\n", 18) = 18 [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7726] <... futex resumed>) = 1 [pid 7725] <... futex resumed>) = 0 [pid 7725] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7735] <... futex resumed>) = 0 [pid 7726] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7725] <... futex resumed>) = 0 [pid 7735] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7735] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7735] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE [pid 7726] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7726] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7735] <... mprotect resumed>) = 0 [pid 7726] <... futex resumed>) = 1 [pid 7725] <... futex resumed>) = 0 [pid 7726] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} [pid 7725] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7736 attached [pid 7726] <... futex resumed>) = 0 [pid 7725] <... futex resumed>) = 1 [pid 7726] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7736] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7735] <... clone3 resumed> => {parent_tid=[7736]}, 88) = 7736 [pid 7725] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7735] rt_sigprocmask(SIG_SETMASK, [], [pid 7736] <... rseq resumed>) = 0 [pid 7736] set_robust_list(0x7f3cdbf259a0, 24 [pid 7735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7736] <... set_robust_list resumed>) = 0 [pid 7735] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7736] rt_sigprocmask(SIG_SETMASK, [], [pid 7735] <... futex resumed>) = 0 [pid 7736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7736] memfd_create("syzkaller", 0 [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7736] <... memfd_create resumed>) = 3 [ 352.084652][ T7726] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 352.096730][ T7726] XFS (loop0): Unmount and run xfs_repair [pid 7736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [pid 7725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 352.124324][ T7726] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 352.138381][ T7726] CPU: 0 UID: 0 PID: 7726 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 352.138418][ T7726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 352.138434][ T7726] Call Trace: [ 352.138445][ T7726] [ 352.138456][ T7726] dump_stack_lvl+0x189/0x250 [ 352.138492][ T7726] ? __pfx__xfs_alert_tag+0x10/0x10 [ 352.138530][ T7726] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.138565][ T7726] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 352.138612][ T7726] xfs_corruption_error+0x122/0x170 [ 352.138651][ T7726] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 352.138686][ T7726] xfs_alloc_fixup_trees+0x95e/0xd20 [ 352.138715][ T7726] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 352.138756][ T7726] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 352.138792][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.138821][ T7726] ? rcu_is_watching+0x15/0xb0 [ 352.138851][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.138879][ T7726] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 352.138910][ T7726] ? rcu_is_watching+0x15/0xb0 [ 352.138949][ T7726] xfs_alloc_cur_finish+0xd3/0x4b0 [ 352.138979][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139009][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139043][ T7726] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 352.139109][ T7726] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 352.139139][ T7726] ? xfs_group_grab+0x28/0x480 [ 352.139175][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139203][ T7726] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 352.139237][ T7726] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 352.139284][ T7726] xfs_alloc_vextent_start_ag+0x388/0x850 [ 352.139324][ T7726] xfs_bmapi_allocate+0x188e/0x2e00 [ 352.139387][ T7726] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 352.139420][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139471][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139499][ T7726] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 352.139524][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.139552][ T7726] ? xfs_iext_prev+0x35a/0x370 [ 352.139590][ T7726] ? xfs_iext_get_extent+0x1bb/0x370 [ 352.139621][ T7726] xfs_bmapi_write+0x7df/0x1260 [ 352.139680][ T7726] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 352.139758][ T7726] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 352.139799][ T7726] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 352.139830][ T7726] ? kasan_save_track+0x4f/0x80 [ 352.139856][ T7726] ? kasan_save_track+0x3e/0x80 [ 352.139880][ T7726] ? kasan_save_free_info+0x46/0x50 [pid 7736] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7725] exit_group(0) = ? [ 352.139917][ T7726] ? kmem_cache_free+0x18f/0x400 [ 352.139946][ T7726] ? __xfs_trans_commit+0x3e0/0xbd0 [ 352.139972][ T7726] ? xfs_trans_roll+0x130/0x450 [ 352.139995][ T7726] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 352.140035][ T7726] xfs_attr_set_iter+0x2d4/0x4b70 [ 352.140069][ T7726] ? filename_setxattr+0x274/0x600 [ 352.140109][ T7726] ? path_setxattrat+0x364/0x3a0 [ 352.140131][ T7726] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 352.140183][ T7726] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 352.140239][ T7726] ? kasan_quarantine_put+0xdd/0x220 [ 352.140265][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.140294][ T7726] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.140334][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.140367][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.140395][ T7726] ? kmem_cache_free+0x18f/0x400 [ 352.140423][ T7726] ? __xfs_trans_commit+0x3e0/0xbd0 [ 352.140455][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.140483][ T7726] ? __xfs_trans_commit+0x4c7/0xbd0 [ 352.140526][ T7726] xfs_attr_finish_item+0xed/0x320 [pid 7736] <... write resumed>) = 16777216 [ 352.140566][ T7726] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 352.140603][ T7726] xfs_defer_finish_one+0x5c8/0xcf0 [ 352.140663][ T7726] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 352.140712][ T7726] xfs_defer_finish_noroll+0x910/0x12d0 [ 352.140751][ T7726] ? xfs_trans_commit+0x10b/0x1c0 [ 352.140783][ T7726] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 352.140817][ T7726] ? inode_set_ctime_current+0x740/0xb40 [ 352.140864][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.140892][ T7726] ? inode_maybe_inc_iversion+0x17c/0x1e0 [pid 7736] munmap(0x7f3cd3a00000, 138412032) = 0 [pid 7736] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7736] ioctl(4, LOOP_SET_FD, 3) = 0 [ 352.140932][ T7726] xfs_trans_commit+0x10b/0x1c0 [ 352.140958][ T7726] ? __pfx_xfs_trans_commit+0x10/0x10 [ 352.140991][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141019][ T7726] ? xfs_trans_log_inode+0x12c/0x1a0 [ 352.141059][ T7726] xfs_attr_set+0xdc6/0x1210 [ 352.141135][ T7726] ? __pfx_xfs_attr_set+0x10/0x10 [ 352.141170][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141198][ T7726] ? __lock_acquire+0xab9/0xd20 [ 352.141234][ T7726] ? xfs_da_hashname+0x59d/0x740 [ 352.141266][ T7726] ? do_raw_spin_lock+0x121/0x290 [pid 7736] close(3) = 0 [pid 7736] close(4) = 0 [pid 7736] mkdir("./file1", 0777) = 0 [ 352.141308][ T7726] ? xfs_attr_change+0x2ac/0x390 [ 352.141343][ T7726] xfs_xattr_set+0x14d/0x250 [ 352.141374][ T7726] ? __pfx_xfs_xattr_set+0x10/0x10 [ 352.141419][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141447][ T7726] ? evm_protect_xattr+0x4d4/0xa90 [ 352.141474][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141502][ T7726] ? rcu_is_watching+0x15/0xb0 [ 352.141536][ T7726] ? __pfx_evm_protect_xattr+0x10/0x10 [ 352.141564][ T7726] ? __pfx_xfs_xattr_set+0x10/0x10 [ 352.141592][ T7726] __vfs_setxattr+0x43c/0x480 [ 352.141641][ T7726] __vfs_setxattr_noperm+0x12d/0x660 [ 352.141684][ T7726] vfs_setxattr+0x16b/0x2f0 [ 352.141726][ T7726] ? __pfx_vfs_setxattr+0x10/0x10 [ 352.141756][ T7726] ? mnt_get_write_access+0x223/0x2a0 [ 352.141786][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141820][ T7726] filename_setxattr+0x274/0x600 [ 352.141866][ T7726] ? __pfx_filename_setxattr+0x10/0x10 [ 352.141905][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.141932][ T7726] ? getname_flags+0x1e5/0x540 [ 352.141972][ T7726] path_setxattrat+0x364/0x3a0 [ 352.142008][ T7726] ? __pfx_path_setxattrat+0x10/0x10 [ 352.142073][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.142107][ T7726] ? rcu_is_watching+0x15/0xb0 [ 352.142143][ T7726] __x64_sys_lsetxattr+0xbf/0xe0 [ 352.142183][ T7726] do_syscall_64+0xfa/0x3b0 [ 352.142206][ T7726] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.142245][ T7726] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.142268][ T7726] ? srso_alias_return_thunk+0x5/0xfbef5 [ 352.142296][ T7726] ? exc_page_fault+0x9f/0xf0 [ 352.142337][ T7726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.142360][ T7726] RIP: 0033:0x7f3cdbf794f9 [ 352.142382][ T7726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 352.142403][ T7726] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 352.142429][ T7726] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 352.142448][ T7726] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 352.142465][ T7726] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 352.142482][ T7726] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 352.142498][ T7726] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 352.142537][ T7726] [ 352.142645][ T7726] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 352.575768][ T7736] loop3: detected capacity change from 0 to 32768 [pid 7736] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7726] <... lsetxattr resumed>) = ? [pid 7726] +++ exited with 0 +++ [pid 7725] +++ exited with 0 +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7725, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=111 /* 1.11 s */} --- [pid 5871] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 352.580848][ T7726] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 352.603414][ T7736] XFS: noikeep mount option is deprecated. [ 352.605250][ T7726] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 352.827819][ T7736] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5871] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 352.892044][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 352.911919][ T7736] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 352.931853][ T7736] XFS (loop3): Starting recovery (logdev: internal) [pid 5871] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7736] <... mount resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7736] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] <... openat resumed>) = 4 [pid 7736] chdir("./file1") = 0 [pid 7736] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7736] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] newfstatat(4, "", [pid 7735] <... futex resumed>) = 0 [pid 7735] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7736] <... futex resumed>) = 1 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7736] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./45/file1") = 0 [pid 5871] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7736] <... openat resumed>) = 4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7736] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 352.949051][ T7736] XFS (loop3): Ending recovery (logdev: internal) [pid 5871] unlink("./45/binderfs" [pid 7735] <... futex resumed>) = 0 [pid 7736] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7735] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... unlink resumed>) = 0 [pid 7735] <... futex resumed>) = 0 [pid 7736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] getdents64(3, [pid 7736] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 5871] <... getdents64 resumed>0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./45") = 0 [pid 7736] <... pwritev2 resumed>) = 65007 [pid 5871] mkdir("./46", 0777 [pid 7736] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7735] <... futex resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 7736] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7735] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7735] <... futex resumed>) = 0 [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7736] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7736] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7735] <... futex resumed>) = 0 [pid 7736] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7735] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7736] <... futex resumed>) = 0 [ 353.038209][ T7736] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 353.050144][ T7736] XFS (loop3): Unmount and run xfs_repair [pid 7735] <... futex resumed>) = 1 [pid 7736] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [ 353.079960][ T7736] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 353.107460][ T7736] CPU: 0 UID: 0 PID: 7736 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 353.107495][ T7736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.107511][ T7736] Call Trace: [ 353.107521][ T7736] [ 353.107533][ T7736] dump_stack_lvl+0x189/0x250 [ 353.107566][ T7736] ? __pfx__xfs_alert_tag+0x10/0x10 [ 353.107604][ T7736] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.107639][ T7736] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 353.107687][ T7736] xfs_corruption_error+0x122/0x170 [ 353.107725][ T7736] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 353.107760][ T7736] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 7735] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 353.107789][ T7736] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 353.107830][ T7736] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 353.107861][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.107890][ T7736] ? rcu_is_watching+0x15/0xb0 [ 353.107921][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.107950][ T7736] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 353.107982][ T7736] ? rcu_is_watching+0x15/0xb0 [ 353.108022][ T7736] xfs_alloc_cur_finish+0xd3/0x4b0 [ 353.108053][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7745 ./strace-static-x86_64: Process 7745 attached [pid 7745] set_robust_list(0x55555d962760, 24) = 0 [ 353.108084][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.108117][ T7736] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 353.108174][ T7736] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 353.108204][ T7736] ? xfs_group_grab+0x28/0x480 [ 353.108241][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.108269][ T7736] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 353.108303][ T7736] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 353.108351][ T7736] xfs_alloc_vextent_start_ag+0x388/0x850 [ 353.108391][ T7736] xfs_bmapi_allocate+0x188e/0x2e00 [pid 7745] chdir("./46") = 0 [pid 7745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7745] setpgid(0, 0) = 0 [pid 7745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7745] write(3, "1000", 4) = 4 [pid 7745] close(3) = 0 [pid 7745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7745] write(1, "executing program\n", 18executing program ) = 18 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7745] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [ 353.108464][ T7736] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 353.108497][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.108548][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.108576][ T7736] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 353.108600][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.108628][ T7736] ? xfs_iext_prev+0x35a/0x370 [ 353.108667][ T7736] ? xfs_iext_get_extent+0x1bb/0x370 [ 353.108698][ T7736] xfs_bmapi_write+0x7df/0x1260 [ 353.108757][ T7736] ? __pfx_xfs_bmapi_write+0x10/0x10 [pid 7745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7745] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7746 attached [pid 7746] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7745] <... clone3 resumed> => {parent_tid=[7746]}, 88) = 7746 [pid 7746] set_robust_list(0x7f3cdbf259a0, 24 [pid 7745] rt_sigprocmask(SIG_SETMASK, [], [pid 7746] <... set_robust_list resumed>) = 0 [pid 7745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7745] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7746] memfd_create("syzkaller", 0 [pid 7745] <... futex resumed>) = 0 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7746] <... memfd_create resumed>) = 3 [pid 7746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 353.108841][ T7736] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 353.108882][ T7736] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 353.108913][ T7736] ? kasan_save_track+0x4f/0x80 [ 353.108939][ T7736] ? kasan_save_track+0x3e/0x80 [ 353.108963][ T7736] ? kasan_save_free_info+0x46/0x50 [ 353.109001][ T7736] ? kmem_cache_free+0x18f/0x400 [ 353.109030][ T7736] ? __xfs_trans_commit+0x3e0/0xbd0 [ 353.109055][ T7736] ? xfs_trans_roll+0x130/0x450 [ 353.109079][ T7736] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 353.109119][ T7736] xfs_attr_set_iter+0x2d4/0x4b70 [ 353.109154][ T7736] ? filename_setxattr+0x274/0x600 [ 353.109187][ T7736] ? path_setxattrat+0x364/0x3a0 [ 353.109209][ T7736] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 353.109261][ T7736] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 353.109319][ T7736] ? kasan_quarantine_put+0xdd/0x220 [ 353.109345][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.109374][ T7736] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.109422][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.109456][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.109485][ T7736] ? kmem_cache_free+0x18f/0x400 [ 353.109513][ T7736] ? __xfs_trans_commit+0x3e0/0xbd0 [ 353.109544][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.109573][ T7736] ? __xfs_trans_commit+0x4c7/0xbd0 [ 353.109600][ T7736] ? xfs_trans_dup+0xc3/0x5f0 [ 353.109640][ T7736] xfs_attr_finish_item+0xed/0x320 [ 353.109680][ T7736] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 353.109718][ T7736] xfs_defer_finish_one+0x5c8/0xcf0 [ 353.109778][ T7736] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 353.109827][ T7736] xfs_defer_finish_noroll+0x910/0x12d0 [ 353.109867][ T7736] ? xfs_trans_commit+0x10b/0x1c0 [ 353.109899][ T7736] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 353.109934][ T7736] ? inode_set_ctime_current+0x740/0xb40 [ 353.109982][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110009][ T7736] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 353.110051][ T7736] xfs_trans_commit+0x10b/0x1c0 [ 353.110076][ T7736] ? __pfx_xfs_trans_commit+0x10/0x10 [ 353.110109][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110138][ T7736] ? xfs_trans_log_inode+0x12c/0x1a0 [pid 7746] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7735] exit_group(0) = ? [ 353.110178][ T7736] xfs_attr_set+0xdc6/0x1210 [ 353.110227][ T7736] ? __pfx_xfs_attr_set+0x10/0x10 [ 353.110263][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110291][ T7736] ? __lock_acquire+0xab9/0xd20 [ 353.110327][ T7736] ? xfs_da_hashname+0x59d/0x740 [ 353.110359][ T7736] ? do_raw_spin_lock+0x121/0x290 [ 353.110402][ T7736] ? xfs_attr_change+0x2ac/0x390 [ 353.110444][ T7736] xfs_xattr_set+0x14d/0x250 [ 353.110476][ T7736] ? __pfx_xfs_xattr_set+0x10/0x10 [ 353.110522][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110550][ T7736] ? evm_protect_xattr+0x4d4/0xa90 [ 353.110578][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110606][ T7736] ? rcu_is_watching+0x15/0xb0 [ 353.110639][ T7736] ? __pfx_evm_protect_xattr+0x10/0x10 [ 353.110667][ T7736] ? __pfx_xfs_xattr_set+0x10/0x10 [ 353.110694][ T7736] __vfs_setxattr+0x43c/0x480 [ 353.110742][ T7736] __vfs_setxattr_noperm+0x12d/0x660 [ 353.110785][ T7736] vfs_setxattr+0x16b/0x2f0 [ 353.110827][ T7736] ? __pfx_vfs_setxattr+0x10/0x10 [ 353.110857][ T7736] ? mnt_get_write_access+0x223/0x2a0 [ 353.110888][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.110923][ T7736] filename_setxattr+0x274/0x600 [ 353.110969][ T7736] ? __pfx_filename_setxattr+0x10/0x10 [ 353.111009][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.111036][ T7736] ? getname_flags+0x1e5/0x540 [ 353.111078][ T7736] path_setxattrat+0x364/0x3a0 [ 353.111114][ T7736] ? __pfx_path_setxattrat+0x10/0x10 [ 353.111178][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.111206][ T7736] ? rcu_is_watching+0x15/0xb0 [ 353.111242][ T7736] __x64_sys_lsetxattr+0xbf/0xe0 [ 353.111282][ T7736] do_syscall_64+0xfa/0x3b0 [ 353.111305][ T7736] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.111343][ T7736] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.111367][ T7736] ? srso_alias_return_thunk+0x5/0xfbef5 [ 353.111394][ T7736] ? exc_page_fault+0x9f/0xf0 [ 353.111440][ T7736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.111463][ T7736] RIP: 0033:0x7f3cdbf794f9 [pid 7746] <... write resumed>) = 16777216 [pid 7746] munmap(0x7f3cd3a00000, 138412032) = 0 [ 353.111485][ T7736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 353.111505][ T7736] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 353.111531][ T7736] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 353.111549][ T7736] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 353.111568][ T7736] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 353.111584][ T7736] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [pid 7746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7746] close(3) = 0 [pid 7746] close(4) = 0 [pid 7746] mkdir("./file1", 0777) = 0 [ 353.111602][ T7736] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 353.111640][ T7736] [ 353.111963][ T7736] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 353.795790][ T7746] loop0: detected capacity change from 0 to 32768 [ 353.801582][ T7736] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 353.822507][ T7736] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [pid 7746] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [pid 7736] <... lsetxattr resumed>) = ? [pid 7736] +++ exited with 0 +++ [pid 7735] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7735, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=112 /* 1.12 s */} --- [pid 5874] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 353.831630][ T7746] XFS: noikeep mount option is deprecated. [pid 5874] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5874] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [ 353.860135][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 353.881055][ T7746] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] rmdir("./47/file1") = 0 [pid 5874] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./47/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./47") = 0 [pid 5874] mkdir("./48", 0777) = 0 [ 353.937671][ T7746] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 353.958627][ T7746] XFS (loop0): Starting recovery (logdev: internal) [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [pid 5874] close(3 [pid 7746] <... mount resumed>) = 0 [pid 7746] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7746] chdir("./file1") = 0 [pid 7746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7746] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7746] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7745] <... futex resumed>) = 0 [ 353.981900][ T7746] XFS (loop0): Ending recovery (logdev: internal) [pid 7745] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7746] <... futex resumed>) = 0 [pid 7746] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 7746] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7745] <... futex resumed>) = 0 [pid 7745] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7746] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 65007 [pid 7746] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7745] <... futex resumed>) = 0 [pid 7745] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7746] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040) = -1 EUCLEAN (Structure needs cleaning) [pid 7746] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7745] <... futex resumed>) = 0 [pid 7746] <... futex resumed>) = 1 [ 354.044225][ T7746] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 354.072038][ T7746] XFS (loop0): Unmount and run xfs_repair [pid 7745] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7746] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7745] <... futex resumed>) = 0 [pid 7745] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... close resumed>) = 0 [ 354.093016][ T7746] XFS (loop0): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 354.109098][ T7746] CPU: 1 UID: 0 PID: 7746 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 354.109133][ T7746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.109150][ T7746] Call Trace: [ 354.109161][ T7746] [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d962750) = 7755 ./strace-static-x86_64: Process 7755 attached [pid 7745] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7755] set_robust_list(0x55555d962760, 24) = 0 [pid 7755] chdir("./48") = 0 [pid 7755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7755] setpgid(0, 0) = 0 [pid 7755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7755] write(3, "1000", 4) = 4 [pid 7755] close(3) = 0 [ 354.109171][ T7746] dump_stack_lvl+0x189/0x250 [ 354.109210][ T7746] ? __pfx__xfs_alert_tag+0x10/0x10 [ 354.109248][ T7746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.109283][ T7746] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 354.109332][ T7746] xfs_corruption_error+0x122/0x170 [ 354.109379][ T7746] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 354.109415][ T7746] xfs_alloc_fixup_trees+0x95e/0xd20 [ 354.109444][ T7746] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 354.109486][ T7746] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [pid 7755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7755] write(1, "executing program\n", 18executing program ) = 18 [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7755] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7755] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7756 attached => {parent_tid=[7756]}, 88) = 7756 [pid 7756] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7755] rt_sigprocmask(SIG_SETMASK, [], [pid 7756] <... rseq resumed>) = 0 [pid 7756] set_robust_list(0x7f3cdbf259a0, 24 [pid 7755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7756] <... set_robust_list resumed>) = 0 [pid 7755] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7756] rt_sigprocmask(SIG_SETMASK, [], [pid 7755] <... futex resumed>) = 0 [pid 7756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 354.109517][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.109544][ T7746] ? rcu_is_watching+0x15/0xb0 [ 354.109575][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.109602][ T7746] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 354.109634][ T7746] ? rcu_is_watching+0x15/0xb0 [ 354.109672][ T7746] xfs_alloc_cur_finish+0xd3/0x4b0 [ 354.109701][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.109731][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7756] memfd_create("syzkaller", 0) = 3 [pid 7756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 354.109765][ T7746] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 354.109823][ T7746] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 354.109852][ T7746] ? xfs_group_grab+0x28/0x480 [ 354.109889][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.109917][ T7746] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 354.109950][ T7746] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 354.109998][ T7746] xfs_alloc_vextent_start_ag+0x388/0x850 [ 354.110037][ T7746] xfs_bmapi_allocate+0x188e/0x2e00 [ 354.110102][ T7746] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 354.110136][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.110186][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.110215][ T7746] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 354.110239][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.110268][ T7746] ? xfs_iext_prev+0x35a/0x370 [ 354.110306][ T7746] ? xfs_iext_get_extent+0x1bb/0x370 [ 354.110337][ T7746] xfs_bmapi_write+0x7df/0x1260 [ 354.110402][ T7746] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 354.110480][ T7746] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 354.110521][ T7746] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 354.110552][ T7746] ? kasan_save_track+0x4f/0x80 [ 354.110578][ T7746] ? kasan_save_track+0x3e/0x80 [ 354.110603][ T7746] ? kasan_save_free_info+0x46/0x50 [ 354.110639][ T7746] ? kmem_cache_free+0x18f/0x400 [ 354.110667][ T7746] ? __xfs_trans_commit+0x3e0/0xbd0 [ 354.110691][ T7746] ? xfs_trans_roll+0x130/0x450 [ 354.110714][ T7746] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 354.110753][ T7746] xfs_attr_set_iter+0x2d4/0x4b70 [ 354.110786][ T7746] ? filename_setxattr+0x274/0x600 [ 354.110818][ T7746] ? path_setxattrat+0x364/0x3a0 [ 354.110840][ T7746] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 354.110892][ T7746] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 354.110949][ T7746] ? kasan_quarantine_put+0xdd/0x220 [ 354.110975][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111004][ T7746] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.111045][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111080][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111109][ T7746] ? kmem_cache_free+0x18f/0x400 [pid 7756] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 7745] exit_group(0) = ? [ 354.111137][ T7746] ? __xfs_trans_commit+0x3e0/0xbd0 [ 354.111169][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111197][ T7746] ? __xfs_trans_commit+0x4c7/0xbd0 [ 354.111222][ T7746] ? xfs_trans_dup+0xc3/0x5f0 [ 354.111261][ T7746] xfs_attr_finish_item+0xed/0x320 [ 354.111300][ T7746] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 354.111337][ T7746] xfs_defer_finish_one+0x5c8/0xcf0 [ 354.111402][ T7746] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 354.111451][ T7746] xfs_defer_finish_noroll+0x910/0x12d0 [ 354.111491][ T7746] ? xfs_trans_commit+0x10b/0x1c0 [ 354.111522][ T7746] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 354.111557][ T7746] ? inode_set_ctime_current+0x740/0xb40 [ 354.111604][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111632][ T7746] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 354.111672][ T7746] xfs_trans_commit+0x10b/0x1c0 [ 354.111699][ T7746] ? __pfx_xfs_trans_commit+0x10/0x10 [ 354.111731][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111759][ T7746] ? xfs_trans_log_inode+0x12c/0x1a0 [ 354.111800][ T7746] xfs_attr_set+0xdc6/0x1210 [ 354.111850][ T7746] ? __pfx_xfs_attr_set+0x10/0x10 [ 354.111884][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.111913][ T7746] ? __lock_acquire+0xab9/0xd20 [ 354.111950][ T7746] ? xfs_da_hashname+0x59d/0x740 [ 354.111982][ T7746] ? do_raw_spin_lock+0x121/0x290 [ 354.112025][ T7746] ? xfs_attr_change+0x2ac/0x390 [ 354.112060][ T7746] xfs_xattr_set+0x14d/0x250 [ 354.112092][ T7746] ? __pfx_xfs_xattr_set+0x10/0x10 [ 354.112136][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.112164][ T7746] ? evm_protect_xattr+0x4d4/0xa90 [ 354.112191][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.112219][ T7746] ? rcu_is_watching+0x15/0xb0 [ 354.112253][ T7746] ? __pfx_evm_protect_xattr+0x10/0x10 [ 354.112281][ T7746] ? __pfx_xfs_xattr_set+0x10/0x10 [ 354.112308][ T7746] __vfs_setxattr+0x43c/0x480 [ 354.112361][ T7746] __vfs_setxattr_noperm+0x12d/0x660 [ 354.112404][ T7746] vfs_setxattr+0x16b/0x2f0 [ 354.112445][ T7746] ? __pfx_vfs_setxattr+0x10/0x10 [ 354.112476][ T7746] ? mnt_get_write_access+0x223/0x2a0 [ 354.112505][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7756] <... write resumed>) = 16777216 [pid 7746] <... lsetxattr resumed>) = ? [pid 7756] munmap(0x7f3cd3a00000, 138412032 [pid 7746] +++ exited with 0 +++ [pid 7745] +++ exited with 0 +++ [ 354.112539][ T7746] filename_setxattr+0x274/0x600 [ 354.112586][ T7746] ? __pfx_filename_setxattr+0x10/0x10 [ 354.112624][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.112653][ T7746] ? getname_flags+0x1e5/0x540 [ 354.112694][ T7746] path_setxattrat+0x364/0x3a0 [ 354.112731][ T7746] ? __pfx_path_setxattrat+0x10/0x10 [ 354.112797][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.112825][ T7746] ? rcu_is_watching+0x15/0xb0 [ 354.112861][ T7746] __x64_sys_lsetxattr+0xbf/0xe0 [pid 7756] <... munmap resumed>) = 0 [pid 7756] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7745, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=83 /* 0.83 s */} --- [pid 7756] ioctl(4, LOOP_SET_FD, 3 [pid 5871] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [pid 5871] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7756] <... ioctl resumed>) = 0 [pid 7756] close(3) = 0 [pid 7756] close(4) = 0 [ 354.112902][ T7746] do_syscall_64+0xfa/0x3b0 [ 354.112926][ T7746] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.112964][ T7746] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.112988][ T7746] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.113016][ T7746] ? exc_page_fault+0x9f/0xf0 [ 354.113056][ T7746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.113080][ T7746] RIP: 0033:0x7f3cdbf794f9 [pid 7756] mkdir("./file1", 0777) = 0 [ 354.113102][ T7746] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 354.113123][ T7746] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 354.113149][ T7746] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 354.113168][ T7746] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 354.113187][ T7746] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 354.113203][ T7746] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 354.113220][ T7746] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 354.113259][ T7746] [ 354.113270][ T7746] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 354.579853][ T31] INFO: task kworker/1:2:2145 blocked for more than 143 seconds. [ 354.587669][ T7746] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 354.591485][ T31] Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 [ 354.595597][ T7746] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 354.616598][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.703530][ T7756] loop3: detected capacity change from 0 to 32768 [ 354.709179][ T31] task:kworker/1:2 state:D stack:25736 pid:2145 tgid:2145 ppid:2 task_flags:0x4248060 flags:0x00004000 [ 354.709261][ T31] Workqueue: xfs-conv/loop5 xfs_end_io [ 354.750872][ T7756] XFS: noikeep mount option is deprecated. [ 354.758518][ T31] [ 354.889606][ T31] Call Trace: [ 354.892902][ T31] [ 354.895829][ T31] __schedule+0x16f5/0x4d00 [ 354.900648][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 354.901511][ T7756] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 354.906040][ T31] ? schedule+0x165/0x360 [ 354.919156][ T31] ? __pfx___schedule+0x10/0x10 [ 354.924115][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 354.930255][ T31] ? schedule+0x91/0x360 [ 354.934657][ T31] schedule+0x165/0x360 [ 354.938021][ T7756] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 354.939063][ T31] schedule_preempt_disabled+0x13/0x30 [ 354.956094][ T31] rwsem_down_write_slowpath+0xbec/0x1030 [ 354.958910][ T7756] XFS (loop3): Starting recovery (logdev: internal) [ 354.962229][ T31] ? rwsem_down_write_slowpath+0x7ec/0x1030 [ 354.975049][ T31] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 354.980901][ T7756] XFS (loop3): Ending recovery (logdev: internal) [ 354.981615][ T31] ? __lock_acquire+0xab9/0xd20 [ 354.992596][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7756] mount("/dev/loop3", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid") = 0 [pid 7756] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 7756] chdir("./file1") = 0 [pid 7756] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7756] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7755] <... futex resumed>) = 0 [pid 7756] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7755] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7756] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 7755] <... futex resumed>) = 0 [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7756] <... openat resumed>) = 4 [pid 7756] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7755] <... futex resumed>) = 0 [pid 7755] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7756] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0 [pid 7755] <... futex resumed>) = 0 [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7756] <... pwritev2 resumed>) = 65007 [pid 7756] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7755] <... futex resumed>) = 0 [ 354.998310][ T31] down_write_nested+0x1b5/0x200 [ 355.003300][ T31] ? __pfx_down_write_nested+0x10/0x10 [ 355.008817][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.014518][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.020211][ T31] ? xfs_ilock+0x1f4/0x390 [ 355.024659][ T31] xfs_setfilesize+0xdb/0x440 [ 355.029427][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.035086][ T31] ? list_sort+0x566/0x7b0 [ 355.039592][ T31] ? __pfx_xfs_setfilesize+0x10/0x10 [pid 7755] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7756] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 040 [pid 7755] <... futex resumed>) = 0 [ 355.044905][ T31] ? __pfx_iomap_ioend_compare+0x10/0x10 [ 355.050603][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 355.052118][ T7756] XFS (loop3): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 355.056515][ T31] ? __pfx_list_sort+0x10/0x10 [ 355.072710][ T31] xfs_end_ioend+0x419/0x690 [ 355.077407][ T31] xfs_end_io+0x253/0x2d0 [ 355.081794][ T31] ? __pfx_xfs_end_io+0x10/0x10 [ 355.081859][ T7756] XFS (loop3): Unmount and run xfs_repair [ 355.086659][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7756] <... open resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 7756] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7755] <... futex resumed>) = 0 [pid 7756] <... futex resumed>) = 1 [pid 7755] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7756] lsetxattr("./file1", "trusted.overlay.upper", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65079, 0 [pid 7755] <... futex resumed>) = 0 [ 355.098141][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 355.103362][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 355.109137][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 355.114039][ T7756] XFS (loop3): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c. Caller xfs_alloc_fixup_trees+0x929/0xd20 [ 355.114888][ T31] process_scheduled_works+0xae1/0x17b0 [ 355.130392][ T7756] CPU: 1 UID: 0 PID: 7756 Comm: syz-executor289 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [pid 7755] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7756] <... lsetxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 355.130423][ T7756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.130439][ T7756] Call Trace: [ 355.130450][ T7756] [ 355.130461][ T7756] dump_stack_lvl+0x189/0x250 [ 355.130494][ T7756] ? __pfx__xfs_alert_tag+0x10/0x10 [ 355.130530][ T7756] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.130565][ T7756] ? __pfx_xfs_btree_lookup+0x10/0x10 [ 355.130611][ T7756] xfs_corruption_error+0x122/0x170 [ 355.130650][ T7756] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 355.130684][ T7756] xfs_alloc_fixup_trees+0x95e/0xd20 [pid 7756] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7755] exit_group(0 [pid 7756] <... futex resumed>) = 0 [pid 7756] futex(0x7f3cdc0036c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7755] <... exit_group resumed>) = ? [pid 7756] <... futex resumed>) = ? [pid 7756] +++ exited with 0 +++ [pid 7755] +++ exited with 0 +++ [pid 5874] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7755, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=43 /* 0.43 s */} --- [pid 5874] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 355.130713][ T7756] ? xfs_alloc_fixup_trees+0x929/0xd20 [ 355.130753][ T7756] ? __pfx_xfs_alloc_fixup_trees+0x10/0x10 [ 355.130783][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.130811][ T7756] ? rcu_is_watching+0x15/0xb0 [ 355.130842][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.130869][ T7756] ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0 [ 355.130901][ T7756] ? rcu_is_watching+0x15/0xb0 [ 355.130939][ T7756] xfs_alloc_cur_finish+0xd3/0x4b0 [ 355.130968][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5874] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5874] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 4 entries */, 32768) = 112 [ 355.130998][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.131031][ T7756] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 355.131088][ T7756] ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10 [ 355.131117][ T7756] ? xfs_group_grab+0x28/0x480 [ 355.131153][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.131186][ T7756] ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610 [ 355.131219][ T7756] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 355.131265][ T7756] xfs_alloc_vextent_start_ag+0x388/0x850 [ 355.131304][ T7756] xfs_bmapi_allocate+0x188e/0x2e00 [ 355.131367][ T7756] ? __pfx_xfs_bmapi_allocate+0x10/0x10 [ 355.131399][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.131449][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.131476][ T7756] ? xfs_iext_lookup_extent+0x41e/0x7e0 [ 355.131499][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.131527][ T7756] ? xfs_iext_prev+0x35a/0x370 [ 355.131564][ T7756] ? xfs_iext_get_extent+0x1bb/0x370 [ 355.131595][ T7756] xfs_bmapi_write+0x7df/0x1260 [ 355.131653][ T7756] ? __pfx_xfs_bmapi_write+0x10/0x10 [ 355.131730][ T7756] xfs_attr_rmtval_set_blk+0x15b/0x320 [ 355.131770][ T7756] ? __pfx_xfs_attr_rmtval_set_blk+0x10/0x10 [ 355.131800][ T7756] ? kasan_save_track+0x4f/0x80 [ 355.131826][ T7756] ? kasan_save_track+0x3e/0x80 [ 355.131850][ T7756] ? kasan_save_free_info+0x46/0x50 [ 355.131886][ T7756] ? kmem_cache_free+0x18f/0x400 [ 355.131914][ T7756] ? __xfs_trans_commit+0x3e0/0xbd0 [ 355.131938][ T7756] ? xfs_trans_roll+0x130/0x450 [ 355.131961][ T7756] ? xfs_defer_trans_roll+0x17e/0x5b0 [ 355.132000][ T7756] xfs_attr_set_iter+0x2d4/0x4b70 [ 355.132033][ T7756] ? filename_setxattr+0x274/0x600 [ 355.132065][ T7756] ? path_setxattrat+0x364/0x3a0 [ 355.132086][ T7756] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 355.132137][ T7756] ? __pfx_xfs_attr_set_iter+0x10/0x10 [ 355.132198][ T7756] ? kasan_quarantine_put+0xdd/0x220 [ 355.132223][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132251][ T7756] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.132289][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132323][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132351][ T7756] ? kmem_cache_free+0x18f/0x400 [ 355.132378][ T7756] ? __xfs_trans_commit+0x3e0/0xbd0 [ 355.132408][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132436][ T7756] ? __xfs_trans_commit+0x4c7/0xbd0 [ 355.132478][ T7756] xfs_attr_finish_item+0xed/0x320 [ 355.132517][ T7756] ? __pfx_xfs_attr_finish_item+0x10/0x10 [ 355.132554][ T7756] xfs_defer_finish_one+0x5c8/0xcf0 [ 355.132612][ T7756] ? __pfx_xfs_defer_finish_one+0x10/0x10 [ 355.132661][ T7756] xfs_defer_finish_noroll+0x910/0x12d0 [ 355.132698][ T7756] ? xfs_trans_commit+0x10b/0x1c0 [ 355.132729][ T7756] ? __pfx_xfs_defer_finish_noroll+0x10/0x10 [ 355.132763][ T7756] ? inode_set_ctime_current+0x740/0xb40 [ 355.132809][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132836][ T7756] ? inode_maybe_inc_iversion+0x17c/0x1e0 [ 355.132876][ T7756] xfs_trans_commit+0x10b/0x1c0 [ 355.132901][ T7756] ? __pfx_xfs_trans_commit+0x10/0x10 [ 355.132933][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.132961][ T7756] ? xfs_trans_log_inode+0x12c/0x1a0 [ 355.133000][ T7756] xfs_attr_set+0xdc6/0x1210 [ 355.133048][ T7756] ? __pfx_xfs_attr_set+0x10/0x10 [ 355.133080][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.133108][ T7756] ? __lock_acquire+0xab9/0xd20 [ 355.133144][ T7756] ? xfs_da_hashname+0x59d/0x740 [ 355.133179][ T7756] ? do_raw_spin_lock+0x121/0x290 [ 355.133221][ T7756] ? xfs_attr_change+0x2ac/0x390 [ 355.133255][ T7756] xfs_xattr_set+0x14d/0x250 [ 355.133286][ T7756] ? __pfx_xfs_xattr_set+0x10/0x10 [ 355.133331][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.133358][ T7756] ? evm_protect_xattr+0x4d4/0xa90 [ 355.133383][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.133411][ T7756] ? rcu_is_watching+0x15/0xb0 [ 355.133444][ T7756] ? __pfx_evm_protect_xattr+0x10/0x10 [ 355.133471][ T7756] ? __pfx_xfs_xattr_set+0x10/0x10 [ 355.133499][ T7756] __vfs_setxattr+0x43c/0x480 [ 355.133547][ T7756] __vfs_setxattr_noperm+0x12d/0x660 [ 355.133590][ T7756] vfs_setxattr+0x16b/0x2f0 [ 355.133630][ T7756] ? __pfx_vfs_setxattr+0x10/0x10 [ 355.133660][ T7756] ? mnt_get_write_access+0x223/0x2a0 [ 355.133691][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.133725][ T7756] filename_setxattr+0x274/0x600 [ 355.133770][ T7756] ? __pfx_filename_setxattr+0x10/0x10 [ 355.133808][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.133835][ T7756] ? getname_flags+0x1e5/0x540 [ 355.133876][ T7756] path_setxattrat+0x364/0x3a0 [ 355.133913][ T7756] ? __pfx_path_setxattrat+0x10/0x10 [ 355.133977][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.134004][ T7756] ? rcu_is_watching+0x15/0xb0 [ 355.134040][ T7756] __x64_sys_lsetxattr+0xbf/0xe0 [ 355.134080][ T7756] do_syscall_64+0xfa/0x3b0 [ 355.134103][ T7756] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.134140][ T7756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.134168][ T7756] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.134195][ T7756] ? exc_page_fault+0x9f/0xf0 [ 355.134235][ T7756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.134258][ T7756] RIP: 0033:0x7f3cdbf794f9 [ 355.134280][ T7756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 355.134301][ T7756] RSP: 002b:00007f3cdbf25168 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 355.134327][ T7756] RAX: ffffffffffffffda RBX: 00007f3cdc0036c8 RCX: 00007f3cdbf794f9 [ 355.134346][ T7756] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 355.134363][ T7756] RBP: 00007f3cdc0036c0 R08: 0000000000000000 R09: 0000000000000000 [ 355.134380][ T7756] R10: 000000000000fe37 R11: 0000000000000246 R12: 00007f3cdc0036cc [ 355.134397][ T7756] R13: 0000000000000016 R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 355.134435][ T7756] [ 355.134445][ T7756] XFS (loop3): Corruption detected. Unmount and run xfs_repair [ 355.146075][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 355.160972][ T7756] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0xcc0/0x12d0 (fs/xfs/libxfs/xfs_defer.c:721). Shutting down filesystem. [ 355.172234][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.174716][ T7756] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 355.178076][ T31] worker_thread+0x8a0/0xda0 [ 355.178117][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 355.178167][ T31] ? __kthread_parkme+0x7b/0x200 [ 355.178213][ T31] kthread+0x711/0x8a0 [ 355.178255][ T31] ? __pfx_worker_thread+0x10/0x10 [ 355.178287][ T31] ? __pfx_kthread+0x10/0x10 [ 355.178322][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.178358][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 355.890787][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 355.896431][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.901687][ T31] ? __pfx_kthread+0x10/0x10 [ 355.906325][ T31] ret_from_fork+0x3fc/0x770 [ 355.910967][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 355.916105][ T31] ? __switch_to_asm+0x39/0x70 [ 355.920953][ T31] ? __switch_to_asm+0x33/0x70 [ 355.925749][ T31] ? __pfx_kthread+0x10/0x10 [ 355.930441][ T31] ret_from_fork_asm+0x1a/0x30 [ 355.935270][ T31] [ 355.938510][ T31] INFO: task syz-executor289:5945 blocked for more than 144 seconds. [pid 5874] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 355.939251][ T5871] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 355.946614][ T31] Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 [ 355.963136][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.972027][ T31] task:syz-executor289 state:D stack:21864 pid:5945 tgid:5882 ppid:5876 task_flags:0x400040 flags:0x00004006 [ 355.984413][ T31] Call Trace: [ 355.987907][ T31] [ 355.991330][ T31] __schedule+0x16f5/0x4d00 [ 355.995889][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("./46/file1") = 0 [pid 5871] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 356.001931][ T31] ? schedule+0x165/0x360 [ 356.006299][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.012403][ T31] ? __pfx___schedule+0x10/0x10 [ 356.017603][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.023283][ T31] ? schedule+0x91/0x360 [ 356.027708][ T31] schedule+0x165/0x360 [ 356.032788][ T31] io_schedule+0x80/0xd0 [ 356.037317][ T31] folio_wait_bit_common+0x6b0/0xb90 [ 356.043595][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [pid 5871] unlink("./46/binderfs") = 0 [pid 5871] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./46") = 0 [pid 5871] mkdir("./47", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 356.049735][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 356.055783][ T31] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 356.062153][ T31] ? __lock_acquire+0xab9/0xd20 [ 356.067122][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.072813][ T31] ? rcu_is_watching+0x15/0xb0 [ 356.077668][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.083324][ T31] folio_wait_writeback+0xb0/0x100 [ 356.088866][ T31] __filemap_fdatawait_range+0x147/0x230 [ 356.094561][ T31] ? __pfx___filemap_fdatawait_range+0x10/0x10 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 356.100823][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.106484][ T31] ? wbc_detach_inode+0x4fe/0x750 [ 356.111864][ T31] file_write_and_wait_range+0x275/0x330 [ 356.118718][ T31] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 356.137319][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.143159][ T31] xfs_file_fsync+0x1a3/0xa30 [ 356.165992][ T31] ? __pfx_xfs_file_fsync+0x10/0x10 [ 356.171448][ T31] ? xfs_file_buffered_write+0x1dd/0x890 [ 356.177321][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.183363][ T31] ? vfs_fsync_range+0x12c/0x1c0 [ 356.188812][ T31] xfs_file_buffered_write+0x713/0x890 [ 356.194310][ T31] ? __pfx_xfs_file_buffered_write+0x10/0x10 [ 356.200942][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.206608][ T31] ? xfs_file_write_iter+0x37b/0xa60 [ 356.212042][ T31] do_iter_readv_writev+0x56e/0x7f0 [ 356.217678][ T31] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 356.223435][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 356.228981][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.234675][ T31] vfs_writev+0x31a/0x960 [ 356.239245][ T31] ? __lock_acquire+0xab9/0xd20 [ 356.244125][ T31] ? __pfx_vfs_writev+0x10/0x10 [ 356.249089][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.254752][ T31] ? __fget_files+0x2a/0x420 [ 356.259463][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7765 attached [pid 7765] set_robust_list(0x55555d962760, 24) = 0 [pid 7765] chdir("./47") = 0 [pid 7765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7765] setpgid(0, 0) = 0 [pid 7765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7765] write(3, "1000", 4) = 4 [pid 5871] <... clone resumed>, child_tidptr=0x55555d962750) = 7765 [pid 7765] close(3) = 0 [pid 7765] symlink("/dev/binderfs", "./binderfs") = 0 [ 356.265221][ T31] ? __fget_files+0x3a0/0x420 [ 356.270034][ T31] ? __fget_files+0x2a/0x420 [ 356.274692][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.280478][ T31] __se_sys_pwritev2+0x179/0x290 [ 356.285689][ T31] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 356.292326][ T31] ? rcu_is_watching+0x15/0xb0 [ 356.297437][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 356.303395][ T31] ? __x64_sys_pwritev2+0x20/0xc0 [ 356.308684][ T31] do_syscall_64+0xfa/0x3b0 [pid 7765] write(1, "executing program\n", 18executing program ) = 18 [pid 7765] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7765] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [pid 7765] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0} => {parent_tid=[7766]}, 88) = 7766 ./strace-static-x86_64: Process 7766 attached [pid 7766] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053 [pid 7765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7766] <... rseq resumed>) = 0 [pid 7765] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7766] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7765] <... futex resumed>) = 0 [pid 7766] rt_sigprocmask(SIG_SETMASK, [], [pid 7765] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7766] memfd_create("syzkaller", 0) = 3 [pid 7766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 356.313784][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.320247][ T31] ? __switch_to_asm+0x39/0x70 [ 356.325129][ T31] ? __switch_to_asm+0x33/0x70 [ 356.330257][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.336466][ T31] RIP: 0033:0x7f3cdbf794f9 [ 356.342074][ T31] RSP: 002b:00007f3cdbf04158 EFLAGS: 00000212 ORIG_RAX: 0000000000000148 [ 356.350614][ T31] RAX: ffffffffffffffda RBX: 00007f3cdc0036d8 RCX: 00007f3cdbf794f9 [ 356.359759][ T31] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000004 [ 356.368285][ T31] RBP: 00007f3cdc0036d0 R08: 0000000000000000 R09: 0000000000000000 [ 356.376279][ T31] R10: 0000000000000e7b R11: 0000000000000212 R12: 00007f3cdc0036dc [ 356.384314][ T31] R13: 000000000000006e R14: 00007ffc4c1d04e0 R15: 00007ffc4c1d05c8 [ 356.392504][ T31] [ 356.395634][ T31] [ 356.395634][ T31] Showing all locks held in the system: [ 356.396424][ T5874] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5874] <... umount2 resumed>) = 0 [ 356.429964][ T31] 1 lock held by pool_workqueue_/3: [ 356.435197][ T31] 1 lock held by khungtaskd/31: [ 356.446022][ T31] #0: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 356.461362][ T31] 4 locks held by kworker/0:2/971: [pid 5874] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7766] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216 [pid 5874] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5874] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] getdents64(4, 0x55555d96b830 /* 2 entries */, 32768) = 48 [pid 5874] getdents64(4, 0x55555d96b830 /* 0 entries */, 32768) = 0 [pid 5874] close(4) = 0 [pid 5874] rmdir("./48/file1") = 0 [pid 5874] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5874] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] unlink("./48/binderfs") = 0 [pid 5874] getdents64(3, 0x55555d9637f0 /* 0 entries */, 32768) = 0 [pid 5874] close(3) = 0 [pid 5874] rmdir("./48") = 0 [pid 5874] mkdir("./49", 0777) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5874] ioctl(3, LOOP_CLR_FD) = 0 [ 356.469715][ T31] #0: ffff8880272e8948 ((wq_completion)xfs-conv/loop2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 356.482001][ T31] #1: ffffc9000386fbc0 ((work_completion)(&ip->i_ioend_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 356.496621][ T31] #2: ffff888023f06618 (sb_internal#2){.+.+}-{0:0}, at: xfs_setfilesize+0xb3/0x440 [ 356.506930][ T31] #3: ffff88807416a7d8 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_setfilesize+0xdb/0x440 [ 356.517516][ T31] 4 locks held by kworker/1:2/2145: [ 356.536083][ T31] #0: ffff888024a75148 ((wq_completion)xfs-conv/loop5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 356.547992][ T31] #1: ffffc90004827bc0 ((work_completion)(&ip->i_ioend_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 356.577170][ T31] #2: ffff88806b42a618 (sb_internal#2){.+.+}-{0:0}, at: xfs_setfilesize+0xb3/0x440 [ 356.597318][ T31] #3: ffff8880741446d8 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_setfilesize+0xdb/0x440 [ 356.616953][ T31] 2 locks held by getty/5600: [ 356.626896][ T31] #0: ffff888033f110a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 356.646828][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 356.666859][ T31] 1 lock held by syz-executor289/5945: [ 356.672399][ T31] #0: ffff88806b42a428 (sb_writers#9){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 356.695056][ T31] 4 locks held by syz-executor289/5946: [ 356.705811][ T31] #0: ffff88806b42a428 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [pid 5874] close(3) = 0 [pid 5874] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 7767 attached [pid 7766] <... write resumed>) = 16777216 [pid 7767] set_robust_list(0x55555d962760, 24) = 0 [pid 5874] <... clone resumed>, child_tidptr=0x55555d962750) = 7767 [pid 7767] chdir("./49") = 0 [pid 7767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7767] setpgid(0, 0) = 0 [pid 7767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7767] write(3, "1000", 4) = 4 [pid 7767] close(3) = 0 [pid 7767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7767] write(1, "executing program\n", 18) = 18 [pid 7767] futex(0x7f3cdc0036cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7767] rt_sigaction(SIGRT_1, {sa_handler=0x7f3cdbfa0af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3cdbf411f0}, NULL, 8) = 0 [pid 7766] munmap(0x7f3cd3a00000, 138412032 [pid 7767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3cdbf05000 [ 356.727638][ T31] #1: ffff8880741448f0 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 356.739662][ T31] #2: ffff88806b42a618 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_inode+0x13c/0x4a0 [ 356.750603][ T31] #3: ffff8880741446d8 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_trans_alloc_inode+0x161/0x4a0 [ 356.761974][ T31] 4 locks held by syz-executor289/6007: [ 356.768951][ T31] #0: ffff88806a48a428 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [pid 7767] mprotect(0x7f3cdbf06000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7767] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3cdbf25990, parent_tid=0x7f3cdbf25990, exit_signal=0, stack=0x7f3cdbf05000, stack_size=0x20240, tls=0x7f3cdbf256c0}./strace-static-x86_64: Process 7768 attached => {parent_tid=[7768]}, 88) = 7768 [pid 7767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7767] futex(0x7f3cdc0036c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7767] futex(0x7f3cdc0036cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7768] rseq(0x7f3cdbf25fe0, 0x20, 0, 0x53053053) = 0 [pid 7768] set_robust_list(0x7f3cdbf259a0, 24) = 0 [pid 7768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7768] memfd_create("syzkaller", 0) = 3 [pid 7766] <... munmap resumed>) = 0 [pid 7768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cd3a00000 [ 356.778948][ T31] #1: ffff8880741467f0 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 356.790558][ T31] #2: ffff88806a48a618 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_inode+0x13c/0x4a0 [ 356.802388][ T31] #3: ffff8880741465d8 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_trans_alloc_inode+0x161/0x4a0 [ 356.815952][ T31] 4 locks held by syz-executor289/7400: [pid 7766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7766] close(3) = 0 [pid 7766] close(4) = 0 [pid 7766] mkdir("./file1", 0777) = 0 [ 356.823363][ T31] #0: ffff88807e078428 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 356.824449][ T7766] loop0: detected capacity change from 0 to 32768 [ 356.833296][ T31] #1: ffff8880741592b0 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 356.851855][ T31] #2: ffff88807e078618 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_inode+0x13c/0x4a0 [ 356.866284][ T7766] XFS: noikeep mount option is deprecated. [ 356.881038][ T31] #3: ffff888074159098 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_trans_alloc_inode+0x161/0x4a0 [ 356.893513][ T31] 1 lock held by syz-executor289/7674: [ 356.901294][ T31] #0: ffff888023f06428 (sb_writers#9){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 356.911177][ T31] 4 locks held by syz-executor289/7676: [ 356.918912][ T31] #0: ffff888023f06428 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 356.922699][ T7766] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 356.928466][ T31] #1: ffff88807416a9f0 (&sb->s_type->i_mutex_key#15){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0 [ 356.948121][ T31] #2: ffff888023f06618 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_inode+0x13c/0x4a0 [ 356.958797][ T31] #3: ffff88807416a7d8 (&xfs_nondir_ilock_class){++++}-{4:4}, at: xfs_trans_alloc_inode+0x161/0x4a0 [ 356.970560][ T31] 2 locks held by syz-executor289/7766: [ 356.977224][ T31] 2 locks held by syz-executor289/7768: [ 356.983526][ T31] [ 356.990739][ T31] ============================================= [ 356.990739][ T31] [ 357.000101][ T31] NMI backtrace for cpu 1 [ 357.000131][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 357.000161][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.000177][ T31] Call Trace: [pid 7766] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sysvgroups,,nouuid" [ 357.000188][ T31] [ 357.000198][ T31] dump_stack_lvl+0x189/0x250 [ 357.000232][ T31] ? __wake_up_klogd+0xd9/0x110 [ 357.000264][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.000294][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.000331][ T31] ? __pfx__printk+0x10/0x10 [ 357.000362][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.000405][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 357.000443][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 357.000474][ T31] ? _printk+0xcf/0x120 [ 357.000513][ T31] ? __pfx__printk+0x10/0x10 [ 357.000549][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 357.000579][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 357.000618][ T31] watchdog+0xfee/0x1030 [ 357.000645][ T31] ? watchdog+0x1de/0x1030 [ 357.000678][ T31] kthread+0x711/0x8a0 [ 357.000719][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.000742][ T31] ? __pfx_kthread+0x10/0x10 [ 357.000775][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.000809][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 357.000845][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.000874][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.000911][ T31] ? __pfx_kthread+0x10/0x10 [ 357.000948][ T31] ret_from_fork+0x3fc/0x770 [ 357.000980][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 357.001014][ T31] ? __switch_to_asm+0x39/0x70 [ 357.001047][ T31] ? __switch_to_asm+0x33/0x70 [ 357.001080][ T31] ? __pfx_kthread+0x10/0x10 [ 357.001147][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.001199][ T31] [ 357.001235][ T31] Sending NMI from CPU 1 to CPUs 0: [ 357.182232][ C0] NMI backtrace for cpu 0 [ 357.182253][ C0] CPU: 0 UID: 0 PID: 5922 Comm: udevd Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 357.182280][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.182294][ C0] RIP: 0010:lock_release+0x5/0x3e0 [ 357.182322][ C0] Code: 03 48 8b 3c 24 e9 08 fa ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49 89 fe 65 48 8b [ 357.182341][ C0] RSP: 0018:ffffc9000433f990 EFLAGS: 00000046 [ 357.182360][ C0] RAX: 0000000000000000 RBX: ffff88801b692780 RCX: 2039e734034f1a00 [ 357.182383][ C0] RDX: 0000000000000000 RSI: ffffffff82195d0d RDI: ffff8880b8640970 [ 357.182399][ C0] RBP: 0000000000000286 R08: 0000000000000000 R09: ffffffff82195d0d [ 357.182414][ C0] R10: dffffc0000000000 R11: fffffbfff1f43ddf R12: 0000000000000000 [ 357.182430][ C0] R13: 0000000000000000 R14: ffff88806b7f8000 R15: ffff8880b8640970 [ 357.182449][ C0] FS: 00007f7b9d843880(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 [ 357.182469][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 357.182484][ C0] CR2: 00007f3cd49ff000 CR3: 000000007e515000 CR4: 0000000000350ef0 [ 357.182502][ C0] Call Trace: [ 357.182511][ C0] [ 357.182520][ C0] put_cpu_partial+0x13f/0x250 [ 357.182555][ C0] ? put_cpu_partial+0x6d/0x250 [ 357.182592][ C0] __slab_free+0x2f7/0x400 [ 357.182626][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 357.182659][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.182685][ C0] ? __phys_addr+0xd3/0x180 [ 357.182717][ C0] qlist_free_all+0x97/0x140 [ 357.182742][ C0] kasan_quarantine_reduce+0x148/0x160 [ 357.182769][ C0] __kasan_slab_alloc+0x22/0x80 [ 357.182797][ C0] __kmalloc_noprof+0x224/0x4f0 [ 357.182822][ C0] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 357.182849][ C0] tomoyo_realpath_from_path+0xe3/0x5d0 [ 357.182873][ C0] ? tomoyo_domain+0xd9/0x130 [ 357.182898][ C0] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 357.182930][ C0] tomoyo_path_number_perm+0x1e8/0x5a0 [ 357.182963][ C0] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 357.182994][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.183029][ C0] ? __pfx_call_rcu+0x10/0x10 [ 357.183073][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.183098][ C0] ? fput_close_sync+0x119/0x200 [ 357.183135][ C0] ? __pfx_fput_close_sync+0x10/0x10 [ 357.183173][ C0] security_file_ioctl+0xcb/0x2d0 [ 357.183203][ C0] __se_sys_ioctl+0x47/0x170 [ 357.183228][ C0] do_syscall_64+0xfa/0x3b0 [ 357.183252][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.183273][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 357.183300][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.183321][ C0] RIP: 0033:0x7f7b9d11d378 [ 357.183339][ C0] Code: 00 00 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 07 89 d0 c3 0f 1f 40 00 48 8b 15 49 3a 0d [ 357.183357][ C0] RSP: 002b:00007ffd0e9529d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 357.183383][ C0] RAX: ffffffffffffffda RBX: 000055fab513fc70 RCX: 00007f7b9d11d378 [ 357.183400][ C0] RDX: 0000000000000000 RSI: 0000000000005331 RDI: 0000000000000009 [ 357.183414][ C0] RBP: 0000000000000009 R08: 0000000000000170 R09: 0000000000000003 [ 357.183428][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.183442][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009 [ 357.183467][ C0] [ 357.530207][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 357.537100][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) [ 357.548930][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.559001][ T31] Call Trace: [ 357.562290][ T31] [ 357.565224][ T31] dump_stack_lvl+0x99/0x250 [ 357.569838][ T31] ? __asan_memcpy+0x40/0x70 [ 357.574443][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.579661][ T31] ? __pfx__printk+0x10/0x10 [ 357.584274][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.589923][ T31] panic+0x2db/0x790 [ 357.593829][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.599480][ T31] ? __pfx_panic+0x10/0x10 [ 357.603910][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.609559][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 357.615384][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.621028][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 357.626413][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 357.632590][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.638241][ T31] watchdog+0x102d/0x1030 [ 357.642585][ T31] ? watchdog+0x1de/0x1030 [ 357.647015][ T31] kthread+0x711/0x8a0 [ 357.651104][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.655788][ T31] ? __pfx_kthread+0x10/0x10 [ 357.660396][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.666042][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 357.671295][ T31] ? srso_alias_return_thunk+0x5/0xfbef5 [ 357.676937][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.682156][ T31] ? __pfx_kthread+0x10/0x10 [ 357.686768][ T31] ret_from_fork+0x3fc/0x770 [ 357.691390][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 357.696535][ T31] ? __switch_to_asm+0x39/0x70 [ 357.701332][ T31] ? __switch_to_asm+0x33/0x70 [ 357.706114][ T31] ? __pfx_kthread+0x10/0x10 [ 357.710723][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.715518][ T31] [ 357.718780][ T31] Kernel Offset: disabled [ 357.723114][ T31] Rebooting in 86400 seconds..