Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 53.618886][ T3638] loop5: detected capacity change from 0 to 65536
[ 53.627191][ T3636] loop1: detected capacity change from 0 to 65536
[ 53.676865][ T3639] loop2: detected capacity change from 0 to 65536
[ 53.688476][ T3638] XFS (loop5): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 53.699700][ T3636] XFS (loop1): Mounting V4 Filesystem
[ 53.708812][ T3638] XFS (loop5): Mounting V4 Filesystem
[ 53.712023][ T3635] loop0: detected capacity change from 0 to 65536
[ 53.719343][ T3637] loop4: detected capacity change from 0 to 65536
[ 53.721652][ T3636] XFS (loop1): totally zeroed log
[ 53.734866][ T3636] XFS (loop1): Ending clean mount
[ 53.742985][ T3638] XFS (loop5): totally zeroed log
[ 53.745654][ T3636] XFS (loop1): Quotacheck needed: Please wait.
[ 53.754043][ T3641] loop3: detected capacity change from 0 to 65536
[ 53.761163][ T3639] XFS (loop2): Mounting V4 Filesystem
[ 53.770455][ T3636] XFS (loop1): Quotacheck: Done.
[ 53.775546][ T3638] XFS (loop5): Ending clean mount
[ 53.776955][ T3636] xfs filesystem being mounted at /root/syzkaller.SehUPF/0/file0 supports timestamps until 2038 (0x7fffffff)
[ 53.782273][ T3635] XFS (loop0): Mounting V4 Filesystem
[ 53.804172][ T3639] XFS (loop2): totally zeroed log
[ 53.807898][ T3638] XFS (loop5): Quotacheck needed: Please wait.
[ 53.811763][ T3637] XFS (loop4): Mounting V4 Filesystem
[ 53.825912][ T3630] XFS (loop1): Unmounting Filesystem
[ 53.826326][ T3638] XFS (loop5): Quotacheck: Done.
[ 53.834026][ T3639] XFS (loop2): Ending clean mount
[ 53.837016][ T3638] xfs filesystem being mounted at /root/syzkaller.e8U6H0/0/file0 supports timestamps until 2038 (0x7fffffff)
[ 53.848199][ T3639] XFS (loop2): Quotacheck needed: Please wait.
[ 53.870384][ T3630] syz-executor231: attempt to access beyond end of device
[ 53.870384][ T3630] loop1: rw=432129, sector=65536, nr_sectors = 64 limit=65536
[ 53.878468][ T3637] XFS (loop4): totally zeroed log
[ 53.890673][ T52] XFS (loop1): log I/O error -5
[ 53.895114][ T3634] XFS (loop5): Unmounting Filesystem
[ 53.895723][ T52] XFS (loop1): Filesystem has been shut down due to log error (0x2).
[ 53.910152][ T3634] syz-executor231: attempt to access beyond end of device
[ 53.910152][ T3634] loop5: rw=432129, sector=65536, nr_sectors = 64 limit=65536
[ 53.910289][ T3635] XFS (loop0): totally zeroed log
[ 53.929632][ T1194] XFS (loop5): log I/O error -5
[ 53.930531][ T52] XFS (loop1): Please unmount the filesystem and rectify the problem(s).
[ 53.935815][ T1194] XFS (loop5): Filesystem has been shut down due to log error (0x2).
[ 53.935832][ T1194] XFS (loop5): Please unmount the filesystem and rectify the problem(s).
[ 53.951129][ T3637] XFS (loop4): Ending clean mount
[ 53.953094][ T52] ==================================================================
[ 53.962037][ T3641] XFS (loop3): Mounting V4 Filesystem
[ 53.965972][ T52] BUG: KASAN: use-after-free in __lock_acquire+0x77/0x1f80
[ 53.966054][ T52] Read of size 8 at addr ffff888017201658 by task kworker/0:1H/52
[ 53.966068][ T52]
[ 53.966073][ T52] CPU: 0 PID: 52 Comm: kworker/0:1H Not tainted 6.1.22-syzkaller #0
[ 53.966088][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 54.016833][ T52] Workqueue: xfs-log/loop1 xlog_ioend_work
[ 54.022642][ T52] Call Trace:
[ 54.025929][ T52]
[ 54.028850][ T52] dump_stack_lvl+0x1e3/0x2cb
[ 54.033532][ T52] ? irq_work_queue+0xcd/0x150
[ 54.038290][ T52] ? nf_tcp_handle_invalid+0x642/0x642
[ 54.043755][ T52] ? panic+0x75d/0x75d
[ 54.047819][ T52] ? _printk+0xd1/0x111
[ 54.051968][ T52] ? __lock_acquire+0x1f80/0x1f80
[ 54.056982][ T52] print_report+0x15f/0x4f0
[ 54.061483][ T52] ? __bfs+0x359/0x6e0
[ 54.065564][ T52] ? __virt_addr_valid+0x22b/0x2e0
[ 54.070667][ T52] ? __phys_addr+0xb6/0x170
[ 54.075177][ T52] ? __lock_acquire+0x77/0x1f80
[ 54.080299][ T52] kasan_report+0x136/0x160
[ 54.084794][ T52] ? __lock_acquire+0x77/0x1f80
[ 54.089633][ T52] __lock_acquire+0x77/0x1f80
[ 54.094304][ T52] ? validate_chain+0x115/0x58e0
[ 54.099231][ T52] lock_acquire+0x1f8/0x5a0
[ 54.103725][ T52] ? xfs_trans_committed_bulk+0xd6/0x830
[ 54.109351][ T52] ? read_lock_is_recursive+0x10/0x10
[ 54.114723][ T52] _raw_spin_lock+0x2a/0x40
[ 54.119218][ T52] ? xfs_trans_committed_bulk+0xd6/0x830
[ 54.124839][ T52] xfs_trans_committed_bulk+0xd6/0x830
[ 54.130298][ T52] ? print_irqtrace_events+0x210/0x210
[ 54.135853][ T52] ? xfs_trans_del_item+0x100/0x100
[ 54.141053][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.146258][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.151465][ T52] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 54.157451][ T52] xlog_cil_committed+0x269/0xed0
[ 54.162471][ T52] ? _raw_spin_unlock_irqrestore+0x8b/0x130
[ 54.168360][ T52] ? lockdep_hardirqs_on+0x94/0x130
[ 54.173553][ T52] ? xlog_cil_process_committed+0x1a0/0x1a0
[ 54.179437][ T52] ? xlog_state_shutdown_callbacks+0x2ae/0x3a0
[ 54.185596][ T52] ? __lock_acquire+0x1f80/0x1f80
[ 54.190609][ T52] xlog_cil_process_committed+0x155/0x1a0
[ 54.196323][ T52] xlog_state_shutdown_callbacks+0x2b6/0x3a0
[ 54.202296][ T52] ? xlog_assign_tail_lsn+0x80/0x80
[ 54.207487][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.212690][ T52] xlog_force_shutdown+0x328/0x380
[ 54.217791][ T52] xlog_ioend_work+0xa9/0x100
[ 54.222460][ T52] process_one_work+0x8aa/0x11f0
[ 54.227396][ T52] ? worker_detach_from_pool+0x260/0x260
[ 54.233107][ T52] ? _raw_spin_lock_irqsave+0x120/0x120
[ 54.238662][ T52] ? kthread_data+0x4e/0xc0
[ 54.243167][ T52] ? wq_worker_running+0x97/0x190
[ 54.248179][ T52] worker_thread+0xa5f/0x1210
[ 54.252848][ T52] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 54.258822][ T52] ? _raw_spin_unlock+0x40/0x40
[ 54.263670][ T52] kthread+0x268/0x300
[ 54.267724][ T52] ? rcu_lock_release+0x20/0x20
[ 54.272562][ T52] ? kthread_blkcg+0xd0/0xd0
[ 54.277154][ T52] ret_from_fork+0x1f/0x30
[ 54.281568][ T52]
[ 54.284575][ T52]
[ 54.286887][ T52] Allocated by task 3636:
[ 54.291200][ T52] kasan_set_track+0x4b/0x70
[ 54.295781][ T52] __kasan_kmalloc+0x97/0xb0
[ 54.300361][ T52] __kmalloc+0xb2/0x230
[ 54.304507][ T52] kmem_alloc+0x15c/0x420
[ 54.308822][ T52] xfs_trans_ail_init+0x20/0x240
[ 54.313749][ T52] xfs_log_mount+0x213/0x770
[ 54.318351][ T52] xfs_mountfs+0xcbb/0x1f00
[ 54.322844][ T52] xfs_fs_fill_super+0xf90/0x11e0
[ 54.327862][ T52] get_tree_bdev+0x3fe/0x620
[ 54.332457][ T52] vfs_get_tree+0x88/0x270
[ 54.336867][ T52] do_new_mount+0x28b/0xad0
[ 54.341361][ T52] __se_sys_mount+0x2d5/0x3c0
[ 54.346037][ T52] do_syscall_64+0x3d/0xb0
[ 54.350444][ T52] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.356339][ T52]
[ 54.358661][ T52] Freed by task 3630:
[ 54.362625][ T52] kasan_set_track+0x4b/0x70
[ 54.367225][ T52] kasan_save_free_info+0x27/0x40
[ 54.372237][ T52] ____kasan_slab_free+0xd6/0x120
[ 54.377253][ T52] __kmem_cache_free+0x25c/0x3c0
[ 54.382186][ T52] xfs_log_unmount+0x51/0xc0
[ 54.386778][ T52] xfs_unmountfs+0x12c/0x1e0
[ 54.391384][ T52] xfs_fs_put_super+0x6c/0x2c0
[ 54.396280][ T52] generic_shutdown_super+0x130/0x340
[ 54.401745][ T52] kill_block_super+0x7a/0xe0
[ 54.406427][ T52] deactivate_locked_super+0xa0/0x110
[ 54.411792][ T52] cleanup_mnt+0x490/0x520
[ 54.416198][ T52] task_work_run+0x246/0x300
[ 54.420780][ T52] exit_to_user_mode_loop+0xd9/0x100
[ 54.426053][ T52] exit_to_user_mode_prepare+0xb1/0x140
[ 54.431583][ T52] syscall_exit_to_user_mode+0x60/0x270
[ 54.437118][ T52] do_syscall_64+0x49/0xb0
[ 54.441521][ T52] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.447419][ T52]
[ 54.449737][ T52] The buggy address belongs to the object at ffff888017201600
[ 54.449737][ T52] which belongs to the cache kmalloc-256 of size 256
[ 54.463872][ T52] The buggy address is located 88 bytes inside of
[ 54.463872][ T52] 256-byte region [ffff888017201600, ffff888017201700)
[ 54.477051][ T52]
[ 54.479368][ T52] The buggy address belongs to the physical page:
[ 54.485774][ T52] page:ffffea00005c8000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17200
[ 54.495999][ T52] head:ffffea00005c8000 order:1 compound_mapcount:0 compound_pincount:0
[ 54.504304][ T52] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.512274][ T52] raw: 00fff00000010200 ffffea00007a6b80 dead000000000002 ffff888012441b40
[ 54.520856][ T52] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 54.529430][ T52] page dumped because: kasan: bad access detected
[ 54.535842][ T52] page_owner tracks the page as allocated
[ 54.541543][ T52] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3012172188, free_ts 0
[ 54.561153][ T52] get_page_from_freelist+0x32ed/0x3480
[ 54.566696][ T52] __alloc_pages+0x28d/0x770
[ 54.571278][ T52] alloc_page_interleave+0x22/0x1c0
[ 54.576462][ T52] alloc_slab_page+0x6a/0x150
[ 54.581124][ T52] new_slab+0x84/0x2d0
[ 54.585198][ T52] ___slab_alloc+0xa71/0x1080
[ 54.589860][ T52] __kmem_cache_alloc_node+0x19f/0x260
[ 54.595304][ T52] __kmalloc_node+0xa2/0x230
[ 54.600764][ T52] mempool_init_node+0x127/0x480
[ 54.605690][ T52] mempool_init+0x36/0x50
[ 54.610010][ T52] bioset_init+0x4cd/0x6d0
[ 54.614416][ T52] do_one_initcall+0x265/0x8f0
[ 54.619168][ T52] do_initcall_level+0x157/0x207
[ 54.624107][ T52] do_initcalls+0x49/0x86
[ 54.628425][ T52] kernel_init_freeable+0x473/0x61f
[ 54.633615][ T52] kernel_init+0x19/0x290
[ 54.637953][ T52] page_owner free stack trace missing
[ 54.643325][ T52]
[ 54.645646][ T52] Memory state around the buggy address:
[ 54.651258][ T52] ffff888017201500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.659322][ T52] ffff888017201580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.667408][ T52] >ffff888017201600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.675454][ T52] ^
[ 54.682651][ T52] ffff888017201680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.690718][ T52] ffff888017201700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.698775][ T52] ==================================================================
[ 54.706823][ T52] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 54.714002][ T52] CPU: 0 PID: 52 Comm: kworker/0:1H Not tainted 6.1.22-syzkaller #0
[ 54.721971][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 54.732021][ T52] Workqueue: xfs-log/loop1 xlog_ioend_work
[ 54.737827][ T52] Call Trace:
[ 54.741096][ T52]
[ 54.744032][ T52] dump_stack_lvl+0x1e3/0x2cb
[ 54.748704][ T52] ? nf_tcp_handle_invalid+0x642/0x642
[ 54.754151][ T52] ? panic+0x75d/0x75d
[ 54.758214][ T52] ? lock_release+0xd6/0xa20
[ 54.763138][ T52] ? vscnprintf+0x59/0x80
[ 54.767544][ T52] panic+0x318/0x75d
[ 54.771431][ T52] ? check_panic_on_warn+0x1d/0xa0
[ 54.776531][ T52] ? memcpy_page_flushcache+0xfc/0xfc
[ 54.781893][ T52] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 54.787774][ T52] ? _raw_spin_unlock+0x40/0x40
[ 54.792616][ T52] ? print_report+0x4a3/0x4f0
[ 54.797294][ T52] check_panic_on_warn+0x7e/0xa0
[ 54.802221][ T52] ? __lock_acquire+0x77/0x1f80
[ 54.807058][ T52] end_report+0x66/0x110
[ 54.811293][ T52] kasan_report+0x143/0x160
[ 54.815790][ T52] ? __lock_acquire+0x77/0x1f80
[ 54.820628][ T52] __lock_acquire+0x77/0x1f80
[ 54.825313][ T52] ? validate_chain+0x115/0x58e0
[ 54.830245][ T52] lock_acquire+0x1f8/0x5a0
[ 54.834741][ T52] ? xfs_trans_committed_bulk+0xd6/0x830
[ 54.840367][ T52] ? read_lock_is_recursive+0x10/0x10
[ 54.845738][ T52] _raw_spin_lock+0x2a/0x40
[ 54.850241][ T52] ? xfs_trans_committed_bulk+0xd6/0x830
[ 54.855861][ T52] xfs_trans_committed_bulk+0xd6/0x830
[ 54.861311][ T52] ? print_irqtrace_events+0x210/0x210
[ 54.866762][ T52] ? xfs_trans_del_item+0x100/0x100
[ 54.871947][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.877142][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.882326][ T52] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 54.888298][ T52] xlog_cil_committed+0x269/0xed0
[ 54.893309][ T52] ? _raw_spin_unlock_irqrestore+0x8b/0x130
[ 54.899209][ T52] ? lockdep_hardirqs_on+0x94/0x130
[ 54.904587][ T52] ? xlog_cil_process_committed+0x1a0/0x1a0
[ 54.910472][ T52] ? xlog_state_shutdown_callbacks+0x2ae/0x3a0
[ 54.916618][ T52] ? __lock_acquire+0x1f80/0x1f80
[ 54.921741][ T52] xlog_cil_process_committed+0x155/0x1a0
[ 54.927452][ T52] xlog_state_shutdown_callbacks+0x2b6/0x3a0
[ 54.933429][ T52] ? xlog_assign_tail_lsn+0x80/0x80
[ 54.938614][ T52] ? do_raw_spin_unlock+0x137/0x8a0
[ 54.943802][ T52] xlog_force_shutdown+0x328/0x380
[ 54.948903][ T52] xlog_ioend_work+0xa9/0x100
[ 54.953574][ T52] process_one_work+0x8aa/0x11f0
[ 54.958509][ T52] ? worker_detach_from_pool+0x260/0x260
[ 54.964217][ T52] ? _raw_spin_lock_irqsave+0x120/0x120
[ 54.969751][ T52] ? kthread_data+0x4e/0xc0
[ 54.974436][ T52] ? wq_worker_running+0x97/0x190
[ 54.979447][ T52] worker_thread+0xa5f/0x1210
[ 54.984123][ T52] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 54.990184][ T52] ? _raw_spin_unlock+0x40/0x40
[ 54.995033][ T52] kthread+0x268/0x300
[ 54.999089][ T52] ? rcu_lock_release+0x20/0x20
[ 55.004014][ T52] ? kthread_blkcg+0xd0/0xd0
[ 55.008591][ T52] ret_from_fork+0x1f/0x30
[ 55.013001][ T52]
[ 55.016065][ T52] Kernel Offset: disabled
[ 55.020377][ T52] Rebooting in 86400 seconds..