nla_parse: 5 callbacks suppressed netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/14203 is trying to acquire lock: 000000008ed4e261 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 BTRFS error (device loop1): fail to start transaction for status update: -28 but task is already holding lock: 000000003c6109ae (sb_internal#3){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] 000000003c6109ae (sb_internal#3){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sb_internal#3){.+.+}: sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline] btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&fs_info->qgroup_ioctl_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 btrfs_ioctl_qgroup_limit fs/btrfs/ioctl.c:5386 [inline] btrfs_ioctl+0x3c0c/0x76d0 fs/btrfs/ioctl.c:6027 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_internal#3); lock(&fs_info->qgroup_ioctl_lock); lock(sb_internal#3); lock(&fs_info->qgroup_ioctl_lock); *** DEADLOCK *** 2 locks held by syz-executor.1/14203: #0: 00000000ab1f8e12 (sb_writers#24){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000ab1f8e12 (sb_writers#24){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418 #1: 000000003c6109ae (sb_internal#3){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #1: 000000003c6109ae (sb_internal#3){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 stack backtrace: CPU: 1 PID: 14203 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 btrfs_ioctl_qgroup_limit fs/btrfs/ioctl.c:5386 [inline] btrfs_ioctl+0x3c0c/0x76d0 fs/btrfs/ioctl.c:6027 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa6f4aec0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa6f305e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fa6f4c0bf80 RCX: 00007fa6f4aec0c9 RDX: 00000000200011c0 RSI: 000000008030942b RDI: 0000000000000004 RBP: 00007fa6f4b47ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffda6cc78ef R14: 00007fa6f305e300 R15: 0000000000022000 ntfs: volume version 3.1. syz-executor.5 (14333): drop_caches: 2 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 syz-executor.5 (14389): drop_caches: 2 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 syz-executor.5 (14410): drop_caches: 2 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by usbfs while 'syz-executor.0' sets config #1 BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): use zlib compression, level 3 BTRFS info (device loop5): enabling ssd optimizations BTRFS info (device loop5): using spread ssd allocation scheme BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents F2FS-fs (loop3): Unrecognized mount option "subj_rotext=unconfined_u" or missing value F2FS-fs (loop3): Unrecognized mount option "subj_rotext=unconfined_u" or missing value syz-executor.3 (14610): drop_caches: 2 syz-executor.3 (14610): drop_caches: 2 syz-executor.3 (14610): drop_caches: 2 syz-executor.3 (14610): drop_caches: 2 syz-executor.3 (14610): drop_caches: 2 syz-executor.3 (14610): drop_caches: 2 9pnet: Insufficient options for proto=fd syz-executor.3 (14632): drop_caches: 2 syz-executor.3 (14637): drop_caches: 2 syz-executor.3 (14637): drop_caches: 2 syz-executor.3 (14632): drop_caches: 2 syz-executor.3 (14638): drop_caches: 2 syz-executor.3 (14638): drop_caches: 2 XFS (loop4): Mounting V4 Filesystem BTRFS info (device loop5): enabling inode map caching XFS (loop4): Ending clean mount BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): use zlib compression, level 3 BTRFS info (device loop5): enabling ssd optimizations BTRFS info (device loop5): using spread ssd allocation scheme BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents XFS (loop4): Size Freespace BTree record corruption in AG 0 detected! XFS (loop4): start block 0x90000 block count 0x7fbe XFS (loop4): page discard on page 00000000f0b3bdaa, inode 0x29, offset 0. XFS (loop4): Size Freespace BTree record corruption in AG 0 detected! XFS (loop4): start block 0x90000 block count 0x7fbe XFS (loop4): page discard on page 000000004bfcdc02, inode 0x29, offset 4096. XFS (loop4): Size Freespace BTree record corruption in AG 0 detected! XFS (loop4): writeback error on sector 35712 XFS (loop4): start block 0x90000 block count 0x7fbe XFS (loop4): Internal error xfs_trans_cancel at line 1041 of file fs/xfs/xfs_trans.c. Caller xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 CPU: 1 PID: 14692 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 xfs_error_report fs/xfs/xfs_error.c:319 [inline] xfs_error_report+0xb0/0xc0 fs/xfs/xfs_error.c:306 xfs_trans_cancel+0x4cb/0x600 fs/xfs/xfs_trans.c:1041 xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 xfs_generic_create+0x4a1/0x660 fs/xfs/xfs_iops.c:166 vfs_mkdir+0x508/0x7a0 fs/namei.c:3819 syz-executor.3 (14701): drop_caches: 2 do_mkdirat+0x262/0x2d0 fs/namei.c:3842 syz-executor.3 (14701): drop_caches: 2 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fdb199db0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdb11b2c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007fdb19afb050 RCX: 00007fdb199db0c9 RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000006 RBP: 00007fdb19a36ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff5a16113f R14: 00007fdb11b2c300 R15: 0000000000022000 XFS (loop4): xfs_do_force_shutdown(0x8) called from line 1042 of file fs/xfs/xfs_trans.c. Return address = 00000000c52923e0 XFS (loop4): Corruption of in-memory data detected. Shutting down filesystem XFS (loop4): Please umount the filesystem and rectify the problem(s) syz-executor.4 (14603) used greatest stack depth: 21552 bytes left XFS (loop4): Unmounting Filesystem BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): use zlib compression, level 3 BTRFS info (device loop5): enabling ssd optimizations BTRFS info (device loop5): using spread ssd allocation scheme BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready XFS (loop5): Mounting V4 Filesystem IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready XFS (loop5): Ending clean mount IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): Mounting V4 Filesystem XFS (loop5): page discard on page 00000000fd41d6ec, inode 0x29, offset 0. XFS (loop0): Ending clean mount XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): Internal error xfs_trans_cancel at line 1041 of file fs/xfs/xfs_trans.c. Caller xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 CPU: 0 PID: 14909 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 xfs_error_report fs/xfs/xfs_error.c:319 [inline] xfs_error_report+0xb0/0xc0 fs/xfs/xfs_error.c:306 xfs_trans_cancel+0x4cb/0x600 fs/xfs/xfs_trans.c:1041 xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 xfs_generic_create+0x4a1/0x660 fs/xfs/xfs_iops.c:166 XFS (loop5): writeback error on sector 35712 vfs_mkdir+0x508/0x7a0 fs/namei.c:3819 do_mkdirat+0x262/0x2d0 fs/namei.c:3842 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0abdee40c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0ab6035168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007f0abe004050 RCX: 00007f0abdee40c9 RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000006 RBP: 00007f0abdf3fae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccdb74ddf R14: 00007f0ab6035300 R15: 0000000000022000 XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): xfs_do_force_shutdown(0x8) called from line 1042 of file fs/xfs/xfs_trans.c. Return address = 00000000c52923e0 XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): Corruption of in-memory data detected. Shutting down filesystem XFS (loop0): page discard on page 0000000027db1e08, inode 0x29, offset 0. XFS (loop5): Please umount the filesystem and rectify the problem(s) XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Unmounting Filesystem XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000406a4a58, inode 0x29, offset 4096. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000007cd2fbe, inode 0x29, offset 8192. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000a30fc6d0, inode 0x29, offset 12288. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000faebeba1, inode 0x29, offset 16384. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000e339900f, inode 0x29, offset 20480. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 000000005e7873e3, inode 0x29, offset 24576. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000055c19bd2, inode 0x29, offset 28672. IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready XFS (loop0): page discard on page 0000000046b22a68, inode 0x29, offset 32768. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000087bab3ee, inode 0x29, offset 36864. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000308333df, inode 0x29, offset 40960. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000077545a7a, inode 0x29, offset 45056. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000c754b973, inode 0x29, offset 49152. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000a447a14b, inode 0x29, offset 53248. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000559c9c32, inode 0x29, offset 57344. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000709d21ce, inode 0x29, offset 61440. XFS (loop0): Unmounting Filesystem UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. XFS (loop5): Mounting V4 Filesystem kauditd_printk_skb: 13 callbacks suppressed audit: type=1800 audit(1673149772.409:166): pid=14943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1357 res=0 XFS (loop5): Ending clean mount audit: type=1804 audit(1673149772.409:167): pid=14943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1660425562/syzkaller.UAUyTS/90/file0/bus" dev="loop3" ino=1357 res=1 XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 0000000016ff76fc, inode 0x29, offset 0. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): writeback error on sector 35712 XFS (loop5): start block 0x90000 block count 0x7fbe audit: type=1800 audit(1673149772.729:168): pid=14979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1357 res=0 XFS (loop5): Internal error xfs_trans_cancel at line 1041 of file fs/xfs/xfs_trans.c. Caller xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 CPU: 1 PID: 14986 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 xfs_error_report fs/xfs/xfs_error.c:319 [inline] xfs_error_report+0xb0/0xc0 fs/xfs/xfs_error.c:306 audit: type=1804 audit(1673149772.729:169): pid=14979 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1660425562/syzkaller.UAUyTS/91/file0/bus" dev="loop3" ino=1357 res=1 xfs_trans_cancel+0x4cb/0x600 fs/xfs/xfs_trans.c:1041 xfs_create+0x67e/0x1250 fs/xfs/xfs_inode.c:1270 xfs_generic_create+0x4a1/0x660 fs/xfs/xfs_iops.c:166 vfs_mkdir+0x508/0x7a0 fs/namei.c:3819 do_mkdirat+0x262/0x2d0 fs/namei.c:3842 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0abdee40c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0ab6035168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007f0abe004050 RCX: 00007f0abdee40c9 RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000006 RBP: 00007f0abdf3fae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccdb74ddf R14: 00007f0ab6035300 R15: 0000000000022000 XFS (loop5): xfs_do_force_shutdown(0x8) called from line 1042 of file fs/xfs/xfs_trans.c. Return address = 00000000c52923e0 XFS (loop5): Corruption of in-memory data detected. Shutting down filesystem XFS (loop5): Please umount the filesystem and rectify the problem(s) XFS (loop5): Unmounting Filesystem UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) audit: type=1800 audit(1673149773.259:170): pid=15025 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1357 res=0 XFS (loop0): Mounting V4 Filesystem audit: type=1804 audit(1673149773.279:171): pid=15025 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1660425562/syzkaller.UAUyTS/92/file0/bus" dev="loop3" ino=1357 res=1 XFS (loop0): Ending clean mount XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000027e93340, inode 0x29, offset 0. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000c3151f8d, inode 0x29, offset 4096. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 0000000036d21e29, inode 0x29, offset 8192. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000f5ea0716, inode 0x29, offset 12288. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 000000008c8ab000, inode 0x29, offset 16384. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000976274a5, inode 0x29, offset 20480. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000f6081ac7, inode 0x29, offset 24576. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 000000007cf830d5, inode 0x29, offset 28672. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 000000006e153bbc, inode 0x29, offset 32768. XFS (loop5): Mounting V4 Filesystem XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): Ending clean mount XFS (loop0): page discard on page 00000000fe6ef818, inode 0x29, offset 36864. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000f326ab25, inode 0x29, offset 40960. XFS (loop5): page discard on page 00000000fc9df386, inode 0x29, offset 0. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000f95d0715, inode 0x29, offset 45056. XFS (loop5): page discard on page 000000007fc2214c, inode 0x29, offset 4096. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000bfe12e4a, inode 0x29, offset 49152. XFS (loop5): page discard on page 00000000db9ec4ee, inode 0x29, offset 8192. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 00000000d34ab991, inode 0x29, offset 53248. XFS (loop5): page discard on page 000000004c08e0d8, inode 0x29, offset 12288. XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 00000000b5105c96, inode 0x29, offset 16384. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): page discard on page 000000000c16cc78, inode 0x29, offset 57344. XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): page discard on page 000000002f9bb604, inode 0x29, offset 20480. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop0): start block 0x90000 block count 0x7fbe XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop0): page discard on page 000000002875895d, inode 0x29, offset 61440. XFS (loop5): page discard on page 000000007a2a212a, inode 0x29, offset 24576. XFS (loop0): Unmounting Filesystem netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 0000000000643500, inode 0x29, offset 28672. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 00000000003c05e5, inode 0x29, offset 32768. netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'. XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 00000000c098b2d6, inode 0x29, offset 36864. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 00000000f08102e3, inode 0x29, offset 40960. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 0000000020578b22, inode 0x29, offset 45056. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 00000000a7e4e0c2, inode 0x29, offset 49152. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 000000009a53ddbe, inode 0x29, offset 53248. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 000000002479b3d3, inode 0x29, offset 57344. XFS (loop5): Size Freespace BTree record corruption in AG 0 detected! XFS (loop5): start block 0x90000 block count 0x7fbe XFS (loop5): page discard on page 000000001b6de8bb, inode 0x29, offset 61440. XFS (loop5): Unmounting Filesystem XFS (loop0): Mounting V4 Filesystem