Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program [ 608.289142][ T4099] loop0: detected capacity change from 0 to 65536 [ 608.299763][ T4099] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030. [ 608.302097][ T4099] XFS (loop0): correcting sb_features alignment problem [ 608.304566][ T4099] XFS (loop0): Mounting V4 Filesystem [ 608.308429][ T4099] XFS (loop0): totally zeroed log [ 608.311393][ T4099] XFS (loop0): Ending clean mount [ 608.317023][ T4099] XFS (loop0): Quotacheck needed: Please wait. [ 608.334807][ T4099] attempt to access beyond end of device [ 608.334807][ T4099] loop0: rw=432129, want=65600, limit=65536 [ 608.337834][ T149] XFS (loop0): log I/O error -5 [ 608.339919][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 608.341915][ T4099] XFS (loop0): Quotacheck: Done. [ 608.342729][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 608.345789][ T4099] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 608.353664][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 609.157378][ T4112] loop0: detected capacity change from 0 to 65536 [ 609.164425][ T4112] XFS (loop0): correcting sb_features alignment problem [ 609.166800][ T4112] XFS (loop0): Mounting V4 Filesystem [ 609.170130][ T4112] XFS (loop0): totally zeroed log [ 609.172613][ T4112] XFS (loop0): Ending clean mount [ 609.180927][ T4112] XFS (loop0): Quotacheck needed: Please wait. [ 609.196641][ T4112] attempt to access beyond end of device [ 609.196641][ T4112] loop0: rw=432129, want=65600, limit=65536 [ 609.199118][ T149] XFS (loop0): log I/O error -5 [ 609.200659][ T4112] XFS (loop0): Quotacheck: Unsuccessful (Error -5): Disabling quotas. [ 609.200698][ T149] ================================================================== [ 609.204161][ T149] BUG: KASAN: use-after-free in xfs_trans_committed_bulk+0x14c/0x70c [ 609.205885][ T149] Write of size 8 at addr ffff0000c5ecd7f0 by task kworker/1:1H/149 [ 609.207544][ T149] [ 609.208046][ T149] CPU: 1 PID: 149 Comm: kworker/1:1H Not tainted 5.15.102-syzkaller #0 [ 609.209827][ T149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 609.211950][ T149] Workqueue: xfs-log/loop0 xlog_ioend_work [ 609.213190][ T149] Call trace: [ 609.213906][ T149] dump_backtrace+0x0/0x530 [ 609.214864][ T149] show_stack+0x2c/0x3c [ 609.215727][ T149] dump_stack_lvl+0x108/0x170 [ 609.216778][ T149] print_address_description+0x7c/0x3f0 [ 609.217920][ T149] kasan_report+0x174/0x1e4 [ 609.218886][ T149] kasan_check_range+0x274/0x2b4 [ 609.220011][ T149] __kasan_check_write+0x44/0x54 [ 609.221068][ T149] xfs_trans_committed_bulk+0x14c/0x70c [ 609.222256][ T149] xlog_cil_committed+0x228/0xdd0 [ 609.223393][ T149] xlog_cil_process_committed+0x11c/0x174 [ 609.224607][ T149] xlog_state_shutdown_callbacks+0x23c/0x324 [ 609.225908][ T149] xlog_force_shutdown+0x1a8/0x208 [ 609.226970][ T149] xfs_do_force_shutdown+0x118/0x7b0 [ 609.228094][ T149] xlog_ioend_work+0xc0/0x114 [ 609.229055][ T149] process_one_work+0x84c/0x14b8 [ 609.230123][ T149] worker_thread+0x910/0x1034 [ 609.231143][ T149] kthread+0x37c/0x45c [ 609.232046][ T149] ret_from_fork+0x10/0x20 [ 609.232977][ T149] [ 609.233445][ T149] Allocated by task 4109: [ 609.234333][ T149] __kasan_slab_alloc+0x8c/0xcc [ 609.235360][ T149] slab_post_alloc_hook+0x74/0x3f4 [ 609.236459][ T149] kmem_cache_alloc+0x1dc/0x4cc [ 609.237495][ T149] xfs_buf_item_init+0x70/0x434 [ 609.238558][ T149] _xfs_trans_bjoin+0x54/0x14c [ 609.239605][ T149] xfs_trans_get_buf_map+0x44c/0xbc4 [ 609.240711][ T149] xfs_dquot_disk_alloc+0x74c/0xc6c [ 609.241867][ T149] xfs_qm_dqread+0x554/0xb64 [ 609.242827][ T149] xfs_qm_dqget+0x23c/0x510 [ 609.243810][ T149] xfs_qm_quotacheck_dqadjust+0xe0/0x810 [ 609.245038][ T149] xfs_qm_dqusage_adjust+0x36c/0x518 [ 609.246155][ T149] xfs_iwalk_ag_recs+0x514/0x9cc [ 609.247296][ T149] xfs_iwalk_run_callbacks+0x1bc/0x3b4 [ 609.248514][ T149] xfs_iwalk_ag+0x8d4/0x9b0 [ 609.249516][ T149] xfs_iwalk_ag_work+0x10c/0x1a8 [ 609.250579][ T149] xfs_pwork_work+0x80/0x1b8 [ 609.251576][ T149] process_one_work+0x84c/0x14b8 [ 609.252608][ T149] worker_thread+0x910/0x1034 [ 609.253635][ T149] kthread+0x37c/0x45c [ 609.254501][ T149] ret_from_fork+0x10/0x20 [ 609.255458][ T149] [ 609.255939][ T149] Freed by task 4112: [ 609.256857][ T149] kasan_set_track+0x4c/0x84 [ 609.257833][ T149] kasan_set_free_info+0x28/0x4c [ 609.258893][ T149] ____kasan_slab_free+0x118/0x164 [ 609.259945][ T149] __kasan_slab_free+0x18/0x28 [ 609.260991][ T149] slab_free_freelist_hook+0x128/0x1ec [ 609.262170][ T149] kmem_cache_free+0xdc/0x434 [ 609.263292][ T149] xfs_buf_item_free+0x54/0x64 [ 609.264389][ T149] xfs_buf_item_relse+0x280/0x57c [ 609.265420][ T149] xfs_buf_item_done+0x60/0x94 [ 609.266412][ T149] xfs_buf_ioend+0x438/0x940 [ 609.267398][ T149] xfs_buf_ioend_fail+0x78/0x90 [ 609.268392][ T149] __xfs_buf_submit+0x2d8/0x9fc [ 609.269450][ T149] xfs_buf_delwri_submit_buffers+0x6c0/0xaf8 [ 609.270750][ T149] xfs_buf_delwri_submit+0xbc/0x244 [ 609.271881][ T149] xfs_qm_quotacheck+0x34c/0x56c [ 609.272879][ T149] xfs_qm_mount_quotas+0x2ac/0x578 [ 609.273947][ T149] xfs_mountfs+0x11e4/0x1778 [ 609.274928][ T149] xfs_fs_fill_super+0xd64/0xf60 [ 609.276004][ T149] get_tree_bdev+0x360/0x54c [ 609.277027][ T149] xfs_fs_get_tree+0x28/0x38 [ 609.278068][ T149] vfs_get_tree+0x90/0x274 [ 609.278998][ T149] do_new_mount+0x25c/0x8c8 [ 609.280018][ T149] path_mount+0x590/0x104c [ 609.280975][ T149] __arm64_sys_mount+0x510/0x5e0 [ 609.282190][ T149] invoke_syscall+0x98/0x2b8 [ 609.283163][ T149] el0_svc_common+0x138/0x258 [ 609.284165][ T149] do_el0_svc+0x58/0x14c [ 609.285043][ T149] el0_svc+0x7c/0x1f0 [ 609.285906][ T149] el0t_64_sync_handler+0x84/0xe4 [ 609.286951][ T149] el0t_64_sync+0x1a0/0x1a4 [ 609.287930][ T149] [ 609.288484][ T149] The buggy address belongs to the object at ffff0000c5ecd7b0 [ 609.288484][ T149] which belongs to the cache xfs_buf_item of size 264 [ 609.291634][ T149] The buggy address is located 64 bytes inside of [ 609.291634][ T149] 264-byte region [ffff0000c5ecd7b0, ffff0000c5ecd8b8) [ 609.294531][ T149] The buggy address belongs to the page: [ 609.295723][ T149] page:000000007b48cb36 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ecd [ 609.297970][ T149] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 609.299613][ T149] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c61cd080 [ 609.301463][ T149] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 609.303309][ T149] page dumped because: kasan: bad access detected [ 609.304686][ T149] [ 609.305184][ T149] Memory state around the buggy address: [ 609.306415][ T149] ffff0000c5ecd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.308148][ T149] ffff0000c5ecd700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 609.310006][ T149] >ffff0000c5ecd780: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 609.311713][ T149] ^ [ 609.313452][ T149] ffff0000c5ecd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.315273][ T149] ffff0000c5ecd880: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa [ 609.316907][ T149] ================================================================== [ 609.318622][ T149] Disabling lock debugging due to kernel taint [ 609.320388][ T4098] XFS (loop0): Unmounting Filesystem [ 609.320483][ T149] ================================================================== [ 609.323302][ T149] BUG: KASAN: double-free or invalid-free in kfree+0x1b0/0x480 [ 609.324894][ T149] [ 609.325381][ T149] CPU: 1 PID: 149 Comm: kworker/1:1H Tainted: G B 5.15.102-syzkaller #0 [ 609.327554][ T149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 609.329957][ T149] Workqueue: xfs-log/loop0 xlog_ioend_work [ 609.331199][ T149] Call trace: [ 609.331840][ T149] dump_backtrace+0x0/0x530 [ 609.332744][ T149] show_stack+0x2c/0x3c [ 609.333676][ T149] dump_stack_lvl+0x108/0x170 [ 609.334671][ T149] print_address_description+0x7c/0x3f0 [ 609.335864][ T149] kasan_report_invalid_free+0x64/0x94 [ 609.337127][ T149] ____kasan_slab_free+0x134/0x164 [ 609.338254][ T149] __kasan_slab_free+0x18/0x28 [ 609.339281][ T149] slab_free_freelist_hook+0x128/0x1ec [ 609.340454][ T149] kfree+0x1b0/0x480 [ 609.341276][ T149] kvfree+0x40/0x50 [ 609.342075][ T149] xfs_buf_free+0x2b0/0x638 [ 609.343128][ T149] xfs_buf_rele+0x103c/0x171c [ 609.344102][ T149] xfs_buf_ioend+0x548/0x940 [ 609.345213][ T149] xfs_buf_ioend_fail+0x78/0x90 [ 609.346278][ T149] xfs_buf_item_unpin+0x2f4/0xb48 [ 609.347349][ T149] xfs_trans_committed_bulk+0x2b0/0x70c [ 609.348525][ T149] xlog_cil_committed+0x228/0xdd0 [ 609.349631][ T149] xlog_cil_process_committed+0x11c/0x174 [ 609.350908][ T149] xlog_state_shutdown_callbacks+0x23c/0x324 [ 609.352260][ T149] xlog_force_shutdown+0x1a8/0x208 [ 609.353500][ T149] xfs_do_force_shutdown+0x118/0x7b0 [ 609.354658][ T149] xlog_ioend_work+0xc0/0x114 [ 609.355710][ T149] process_one_work+0x84c/0x14b8 [ 609.356771][ T149] worker_thread+0x910/0x1034 [ 609.357785][ T149] kthread+0x37c/0x45c [ 609.358703][ T149] ret_from_fork+0x10/0x20 [ 609.359659][ T149] [ 609.360119][ T149] Allocated by task 4109: [ 609.361086][ T149] ____kasan_kmalloc+0xbc/0xfc [ 609.362201][ T149] __kasan_kmalloc+0x10/0x1c [ 609.363238][ T149] __kmalloc+0x26c/0x404 [ 609.364200][ T149] kmem_alloc+0x2ec/0x6c8 [ 609.365121][ T149] xfs_buf_get_map+0x670/0xd50 [ 609.366103][ T149] xfs_trans_get_buf_map+0x184/0xbc4 [ 609.367267][ T149] xfs_dquot_disk_alloc+0x74c/0xc6c [ 609.368354][ T149] xfs_qm_dqread+0x554/0xb64 [ 609.369338][ T149] xfs_qm_dqget+0x23c/0x510 [ 609.370329][ T149] xfs_qm_quotacheck_dqadjust+0xe0/0x810 [ 609.371604][ T149] xfs_qm_dqusage_adjust+0x36c/0x518 [ 609.372696][ T149] xfs_iwalk_ag_recs+0x514/0x9cc [ 609.373767][ T149] xfs_iwalk_run_callbacks+0x1bc/0x3b4 [ 609.374908][ T149] xfs_iwalk_ag+0x8d4/0x9b0 [ 609.375913][ T149] xfs_iwalk_ag_work+0x10c/0x1a8 [ 609.377026][ T149] xfs_pwork_work+0x80/0x1b8 [ 609.378018][ T149] process_one_work+0x84c/0x14b8 [ 609.379069][ T149] worker_thread+0x910/0x1034 [ 609.380034][ T149] kthread+0x37c/0x45c [ 609.380967][ T149] ret_from_fork+0x10/0x20 [ 609.381937][ T149] [ 609.382394][ T149] Freed by task 4112: [ 609.383319][ T149] kasan_set_track+0x4c/0x84 [ 609.384373][ T149] kasan_set_free_info+0x28/0x4c [ 609.385445][ T149] ____kasan_slab_free+0x118/0x164 [ 609.386623][ T149] __kasan_slab_free+0x18/0x28 [ 609.387729][ T149] slab_free_freelist_hook+0x128/0x1ec [ 609.388995][ T149] kfree+0x1b0/0x480 [ 609.389848][ T149] kvfree+0x40/0x50 [ 609.390739][ T149] xfs_buf_free+0x2b0/0x638 [ 609.391765][ T149] xfs_buf_rele+0x103c/0x171c [ 609.392781][ T149] xfs_buf_delwri_submit+0x1ac/0x244 [ 609.393870][ T149] xfs_qm_quotacheck+0x34c/0x56c [ 609.395031][ T149] xfs_qm_mount_quotas+0x2ac/0x578 [ 609.396123][ T149] xfs_mountfs+0x11e4/0x1778 [ 609.397202][ T149] xfs_fs_fill_super+0xd64/0xf60 [ 609.398231][ T149] get_tree_bdev+0x360/0x54c [ 609.399214][ T149] xfs_fs_get_tree+0x28/0x38 [ 609.400280][ T149] vfs_get_tree+0x90/0x274 [ 609.401260][ T149] do_new_mount+0x25c/0x8c8 [ 609.402313][ T149] path_mount+0x590/0x104c [ 609.403425][ T149] __arm64_sys_mount+0x510/0x5e0 [ 609.404663][ T149] invoke_syscall+0x98/0x2b8 [ 609.405740][ T149] el0_svc_common+0x138/0x258 [ 609.406759][ T149] do_el0_svc+0x58/0x14c [ 609.407757][ T149] el0_svc+0x7c/0x1f0 [ 609.408666][ T149] el0t_64_sync_handler+0x84/0xe4 [ 609.409825][ T149] el0t_64_sync+0x1a0/0x1a4 [ 609.410779][ T149] [ 609.411296][ T149] The buggy address belongs to the object at ffff0000d8152000 [ 609.411296][ T149] which belongs to the cache kmalloc-512 of size 512 [ 609.414517][ T149] The buggy address is located 0 bytes inside of [ 609.414517][ T149] 512-byte region [ffff0000d8152000, ffff0000d8152200) [ 609.417396][ T149] The buggy address belongs to the page: [ 609.418743][ T149] page:00000000d02c245d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118150 [ 609.420915][ T149] head:00000000d02c245d order:2 compound_mapcount:0 compound_pincount:0 [ 609.422781][ T149] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 609.424586][ T149] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002600 [ 609.426583][ T149] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 609.428522][ T149] page dumped because: kasan: bad access detected [ 609.430006][ T149] [ 609.430549][ T149] Memory state around the buggy address: [ 609.431775][ T149] ffff0000d8151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 609.433556][ T149] ffff0000d8151f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 609.435273][ T149] >ffff0000d8152000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.436996][ T149] ^ [ 609.437884][ T149] ffff0000d8152080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.439646][ T149] ffff0000d8152100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.441349][ T149] ================================================================== [ 609.443718][ T149] ================================================================== [ 609.445443][ T149] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0xdc/0x434 [ 609.447264][ T149] [ 609.447787][ T149] CPU: 1 PID: 149 Comm: kworker/1:1H Tainted: G B 5.15.102-syzkaller #0 [ 609.449974][ T149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 609.452075][ T149] Workqueue: xfs-log/loop0 xlog_ioend_work [ 609.453385][ T149] Call trace: [ 609.454148][ T149] dump_backtrace+0x0/0x530 [ 609.455162][ T149] show_stack+0x2c/0x3c [ 609.456093][ T149] dump_stack_lvl+0x108/0x170 [ 609.457132][ T149] print_address_description+0x7c/0x3f0 [ 609.458423][ T149] kasan_report_invalid_free+0x64/0x94 [ 609.459557][ T149] ____kasan_slab_free+0x134/0x164 [ 609.460636][ T149] __kasan_slab_free+0x18/0x28 [ 609.461707][ T149] slab_free_freelist_hook+0x128/0x1ec [ 609.462846][ T149] kmem_cache_free+0xdc/0x434 [ 609.463922][ T149] xfs_buf_free+0x310/0x638 [ 609.464882][ T149] xfs_buf_rele+0x103c/0x171c [ 609.465897][ T149] xfs_buf_ioend+0x548/0x940 [ 609.466977][ T149] xfs_buf_ioend_fail+0x78/0x90 [ 609.468025][ T149] xfs_buf_item_unpin+0x2f4/0xb48 [ 609.469202][ T149] xfs_trans_committed_bulk+0x2b0/0x70c [ 609.470314][ T149] xlog_cil_committed+0x228/0xdd0 [ 609.471459][ T149] xlog_cil_process_committed+0x11c/0x174 [ 609.472713][ T149] xlog_state_shutdown_callbacks+0x23c/0x324 [ 609.474009][ T149] xlog_force_shutdown+0x1a8/0x208 [ 609.475153][ T149] xfs_do_force_shutdown+0x118/0x7b0 [ 609.476305][ T149] xlog_ioend_work+0xc0/0x114 [ 609.477419][ T149] process_one_work+0x84c/0x14b8 [ 609.478479][ T149] worker_thread+0x910/0x1034 [ 609.479475][ T149] kthread+0x37c/0x45c [ 609.480381][ T149] ret_from_fork+0x10/0x20 [ 609.481301][ T149] [ 609.481776][ T149] Allocated by task 4109: [ 609.482740][ T149] __kasan_slab_alloc+0x8c/0xcc [ 609.483832][ T149] slab_post_alloc_hook+0x74/0x3f4 [ 609.484999][ T149] kmem_cache_alloc+0x1dc/0x4cc [ 609.486035][ T149] _xfs_buf_alloc+0x78/0xec8 [ 609.487027][ T149] xfs_buf_get_map+0x194/0xd50 [ 609.488018][ T149] xfs_trans_get_buf_map+0x184/0xbc4 [ 609.489146][ T149] xfs_dquot_disk_alloc+0x74c/0xc6c [ 609.490257][ T149] xfs_qm_dqread+0x554/0xb64 [ 609.491201][ T149] xfs_qm_dqget+0x23c/0x510 [ 609.492215][ T149] xfs_qm_quotacheck_dqadjust+0xe0/0x810 [ 609.493462][ T149] xfs_qm_dqusage_adjust+0x36c/0x518 [ 609.494605][ T149] xfs_iwalk_ag_recs+0x514/0x9cc [ 609.495719][ T149] xfs_iwalk_run_callbacks+0x1bc/0x3b4 [ 609.496947][ T149] xfs_iwalk_ag+0x8d4/0x9b0 [ 609.497944][ T149] xfs_iwalk_ag_work+0x10c/0x1a8 [ 609.499007][ T149] xfs_pwork_work+0x80/0x1b8 [ 609.499916][ T149] process_one_work+0x84c/0x14b8 [ 609.501110][ T149] worker_thread+0x910/0x1034 [ 609.502179][ T149] kthread+0x37c/0x45c [ 609.503097][ T149] ret_from_fork+0x10/0x20 [ 609.504149][ T149] [ 609.504639][ T149] Freed by task 4112: [ 609.505491][ T149] kasan_set_track+0x4c/0x84 [ 609.506498][ T149] kasan_set_free_info+0x28/0x4c [ 609.507577][ T149] ____kasan_slab_free+0x118/0x164 [ 609.508733][ T149] __kasan_slab_free+0x18/0x28 [ 609.509816][ T149] slab_free_freelist_hook+0x128/0x1ec [ 609.510983][ T149] kmem_cache_free+0xdc/0x434 [ 609.512065][ T149] xfs_buf_free+0x310/0x638 [ 609.513084][ T149] xfs_buf_rele+0x103c/0x171c [ 609.514087][ T149] xfs_buf_delwri_submit+0x1ac/0x244 [ 609.515166][ T149] xfs_qm_quotacheck+0x34c/0x56c [ 609.516290][ T149] xfs_qm_mount_quotas+0x2ac/0x578 [ 609.517456][ T149] xfs_mountfs+0x11e4/0x1778 [ 609.518450][ T149] xfs_fs_fill_super+0xd64/0xf60 [ 609.519487][ T149] get_tree_bdev+0x360/0x54c [ 609.520491][ T149] xfs_fs_get_tree+0x28/0x38 [ 609.521593][ T149] vfs_get_tree+0x90/0x274 [ 609.522543][ T149] do_new_mount+0x25c/0x8c8 [ 609.523486][ T149] path_mount+0x590/0x104c [ 609.524465][ T149] __arm64_sys_mount+0x510/0x5e0 [ 609.525552][ T149] invoke_syscall+0x98/0x2b8 [ 609.526497][ T149] el0_svc_common+0x138/0x258 [ 609.527599][ T149] do_el0_svc+0x58/0x14c [ 609.528505][ T149] el0_svc+0x7c/0x1f0 [ 609.529387][ T149] el0t_64_sync_handler+0x84/0xe4 [ 609.530507][ T149] el0t_64_sync+0x1a0/0x1a4 [ 609.531507][ T149] [ 609.531992][ T149] The buggy address belongs to the object at ffff0000d3d3bc00 [ 609.531992][ T149] which belongs to the cache xfs_buf of size 632 [ 609.535092][ T149] The buggy address is located 0 bytes inside of [ 609.535092][ T149] 632-byte region [ffff0000d3d3bc00, ffff0000d3d3be78) [ 609.537913][ T149] The buggy address belongs to the page: [ 609.539219][ T149] page:00000000da66447c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113d38 [ 609.541583][ T149] head:00000000da66447c order:2 compound_mapcount:0 compound_pincount:0 [ 609.543445][ T149] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 609.545218][ T149] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c61d0300 [ 609.547111][ T149] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000 [ 609.549013][ T149] page dumped because: kasan: bad access detected [ 609.550495][ T149] [ 609.550964][ T149] Memory state around the buggy address: [ 609.552199][ T149] ffff0000d3d3bb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 609.554030][ T149] ffff0000d3d3bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 609.555783][ T149] >ffff0000d3d3bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.557514][ T149] ^ [ 609.558401][ T149] ffff0000d3d3bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.560096][ T149] ffff0000d3d3bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 609.561836][ T149] ================================================================== [ 609.563837][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 609.566753][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 609.615579][ T4098] XFS (loop0): Internal error atomic_read(&pag->pag_ref) != 0 at line 194 of file fs/xfs/libxfs/xfs_ag.c. Caller xfs_free_perag+0x11c/0x1d8 [ 609.618675][ T4098] CPU: 0 PID: 4098 Comm: syz-executor276 Tainted: G B 5.15.102-syzkaller #0 [ 609.620807][ T4098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 609.622992][ T4098] Call trace: [ 609.623762][ T4098] dump_backtrace+0x0/0x530 [ 609.624721][ T4098] show_stack+0x2c/0x3c [ 609.625658][ T4098] dump_stack_lvl+0x108/0x170 [ 609.626722][ T4098] dump_stack+0x1c/0x58 [ 609.627679][ T4098] xfs_corruption_error+0x134/0x190 [ 609.628783][ T4098] xfs_free_perag+0x164/0x1d8 [ 609.629808][ T4098] xfs_unmountfs+0x148/0x1c8 [ 609.630771][ T4098] xfs_fs_put_super+0x70/0x250 [ 609.631846][ T4098] generic_shutdown_super+0x130/0x29c [ 609.633025][ T4098] kill_block_super+0x70/0xdc [ 609.634028][ T4098] deactivate_locked_super+0xb8/0x13c [ 609.635179][ T4098] deactivate_super+0x108/0x128 [ 609.636335][ T4098] cleanup_mnt+0x3c0/0x474 [ 609.637308][ T4098] __cleanup_mnt+0x20/0x30 [ 609.638182][ T4098] task_work_run+0x130/0x1e4 [ 609.639167][ T4098] do_notify_resume+0x262c/0x32b8 [ 609.640266][ T4098] el0_svc+0xfc/0x1f0 [ 609.641074][ T4098] el0t_64_sync_handler+0x84/0xe4 [ 609.642198][ T4098] el0t_64_sync+0x1a0/0x1a4 [ 609.643297][ T4098] XFS (loop0): Corruption detected. Unmount and run xfs_repair executing program [ 610.248275][ T4122] loop0: detected capacity change from 0 to 65536 [ 610.253849][ T4122] XFS (loop0): correcting sb_features alignment problem [ 610.256262][ T4122] XFS (loop0): Mounting V4 Filesystem [ 610.258829][ T4122] XFS (loop0): totally zeroed log [ 610.261276][ T4122] XFS (loop0): Ending clean mount [ 610.267521][ T4122] XFS (loop0): Quotacheck needed: Please wait. [ 610.277333][ T4122] attempt to access beyond end of device [ 610.277333][ T4122] loop0: rw=432129, want=65600, limit=65536 [ 610.279828][ T226] XFS (loop0): log I/O error -5 [ 610.281245][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 610.284129][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 610.286319][ T4122] XFS (loop0): Quotacheck: Done. [ 610.287341][ T4122] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 610.296702][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 610.885414][ T4131] loop0: detected capacity change from 0 to 65536 [ 610.890527][ T4131] XFS (loop0): correcting sb_features alignment problem [ 610.892553][ T4131] XFS (loop0): Mounting V4 Filesystem [ 610.894966][ T4131] XFS (loop0): totally zeroed log [ 610.896947][ T4131] XFS (loop0): Ending clean mount [ 610.899646][ T4131] XFS (loop0): Quotacheck needed: Please wait. [ 610.905640][ T4131] attempt to access beyond end of device [ 610.905640][ T4131] loop0: rw=432129, want=65600, limit=65536 [ 610.908071][ T226] XFS (loop0): log I/O error -5 [ 610.909570][ T4131] XFS (loop0): Quotacheck: Done. [ 610.909572][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 610.910712][ T4131] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 610.913364][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 610.920712][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 611.556751][ T4140] loop0: detected capacity change from 0 to 65536 [ 611.562016][ T4140] XFS (loop0): correcting sb_features alignment problem [ 611.564309][ T4140] XFS (loop0): Mounting V4 Filesystem [ 611.574634][ T4140] XFS (loop0): totally zeroed log [ 611.576787][ T4140] XFS (loop0): Ending clean mount [ 611.578978][ T4140] XFS (loop0): Quotacheck needed: Please wait. [ 611.582739][ T4140] attempt to access beyond end of device [ 611.582739][ T4140] loop0: rw=432129, want=65600, limit=65536 [ 611.585406][ T149] XFS (loop0): log I/O error -5 [ 611.586891][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 611.588090][ T4140] XFS (loop0): Quotacheck: Done. [ 611.589693][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 611.592503][ T4140] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 611.599253][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 612.265884][ T4150] loop0: detected capacity change from 0 to 65536 [ 612.272391][ T4150] XFS (loop0): correcting sb_features alignment problem [ 612.274493][ T4150] XFS (loop0): Mounting V4 Filesystem [ 612.277565][ T4150] XFS (loop0): totally zeroed log [ 612.279893][ T4150] XFS (loop0): Ending clean mount [ 612.282190][ T4150] XFS (loop0): Quotacheck needed: Please wait. [ 612.288219][ T4150] attempt to access beyond end of device [ 612.288219][ T4150] loop0: rw=432129, want=65600, limit=65536 [ 612.290758][ T226] XFS (loop0): log I/O error -5 [ 612.292940][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 612.295556][ T4150] XFS (loop0): Quotacheck: Done. [ 612.295749][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 612.296757][ T4150] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 612.308085][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 612.937584][ T4159] loop0: detected capacity change from 0 to 65536 [ 612.942391][ T4159] XFS (loop0): correcting sb_features alignment problem [ 612.944448][ T4159] XFS (loop0): Mounting V4 Filesystem [ 612.947165][ T4159] XFS (loop0): totally zeroed log [ 612.949106][ T4159] XFS (loop0): Ending clean mount [ 612.951568][ T4159] XFS (loop0): Quotacheck needed: Please wait. [ 612.956328][ T4159] attempt to access beyond end of device [ 612.956328][ T4159] loop0: rw=432129, want=65600, limit=65536 [ 612.958911][ T149] XFS (loop0): log I/O error -5 [ 612.960340][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 612.963172][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 612.964077][ T4159] XFS (loop0): Quotacheck: Done. [ 612.966452][ T4159] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 612.972705][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 613.655158][ T4168] loop0: detected capacity change from 0 to 65536 [ 613.660417][ T4168] XFS (loop0): correcting sb_features alignment problem [ 613.662435][ T4168] XFS (loop0): Mounting V4 Filesystem [ 613.664889][ T4168] XFS (loop0): totally zeroed log [ 613.667567][ T4168] XFS (loop0): Ending clean mount [ 613.669956][ T4168] XFS (loop0): Quotacheck needed: Please wait. [ 613.673953][ T4168] attempt to access beyond end of device [ 613.673953][ T4168] loop0: rw=432129, want=65600, limit=65536 [ 613.676916][ T149] XFS (loop0): log I/O error -5 [ 613.678417][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 613.679293][ T4168] XFS (loop0): Quotacheck: Done. [ 613.681171][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 613.682184][ T4168] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 613.691165][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 614.325790][ T4177] loop0: detected capacity change from 0 to 65536 [ 614.331415][ T4177] XFS (loop0): correcting sb_features alignment problem [ 614.333387][ T4177] XFS (loop0): Mounting V4 Filesystem [ 614.338632][ T4177] XFS (loop0): totally zeroed log [ 614.340572][ T4177] XFS (loop0): Ending clean mount [ 614.342965][ T4177] XFS (loop0): Quotacheck needed: Please wait. [ 614.347959][ T4177] attempt to access beyond end of device [ 614.347959][ T4177] loop0: rw=432129, want=65600, limit=65536 [ 614.350506][ T226] XFS (loop0): log I/O error -5 [ 614.351983][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 614.354761][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 614.355336][ T4177] XFS (loop0): Quotacheck: Done. [ 614.357636][ T4177] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 614.363636][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 615.027538][ T4187] loop0: detected capacity change from 0 to 65536 [ 615.032280][ T4187] XFS (loop0): correcting sb_features alignment problem [ 615.034258][ T4187] XFS (loop0): Mounting V4 Filesystem [ 615.036665][ T4187] XFS (loop0): totally zeroed log [ 615.040566][ T4187] XFS (loop0): Ending clean mount [ 615.042862][ T4187] XFS (loop0): Quotacheck needed: Please wait. [ 615.048243][ T4187] attempt to access beyond end of device [ 615.048243][ T4187] loop0: rw=432129, want=65600, limit=65536 [ 615.050734][ T226] XFS (loop0): log I/O error -5 [ 615.052260][ T4187] XFS (loop0): Quotacheck: Done. [ 615.052350][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 615.053364][ T4187] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 615.056419][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 615.064244][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 615.744375][ T4196] loop0: detected capacity change from 0 to 65536 [ 615.749173][ T4196] XFS (loop0): correcting sb_features alignment problem [ 615.751090][ T4196] XFS (loop0): Mounting V4 Filesystem [ 615.753528][ T4196] XFS (loop0): totally zeroed log [ 615.756075][ T4196] XFS (loop0): Ending clean mount [ 615.758822][ T4196] XFS (loop0): Quotacheck needed: Please wait. [ 615.765633][ T4196] attempt to access beyond end of device [ 615.765633][ T4196] loop0: rw=432129, want=65600, limit=65536 [ 615.768352][ T226] XFS (loop0): log I/O error -5 [ 615.769871][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 615.772751][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 615.774618][ T4196] XFS (loop0): Quotacheck: Done. [ 615.775814][ T4196] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 615.780658][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 616.405097][ T4205] loop0: detected capacity change from 0 to 65536 [ 616.410089][ T4205] XFS (loop0): correcting sb_features alignment problem [ 616.412170][ T4205] XFS (loop0): Mounting V4 Filesystem [ 616.414752][ T4205] XFS (loop0): totally zeroed log [ 616.417567][ T4205] XFS (loop0): Ending clean mount [ 616.420041][ T4205] XFS (loop0): Quotacheck needed: Please wait. [ 616.431240][ T4205] attempt to access beyond end of device [ 616.431240][ T4205] loop0: rw=432129, want=65600, limit=65536 [ 616.433923][ T226] XFS (loop0): log I/O error -5 [ 616.435570][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 616.438363][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 616.440247][ T4205] XFS (loop0): Quotacheck: Done. [ 616.442101][ T4205] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 616.451694][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 617.106083][ T4214] loop0: detected capacity change from 0 to 65536 [ 617.111618][ T4214] XFS (loop0): correcting sb_features alignment problem [ 617.113708][ T4214] XFS (loop0): Mounting V4 Filesystem [ 617.117845][ T4214] XFS (loop0): totally zeroed log [ 617.121769][ T4214] XFS (loop0): Ending clean mount [ 617.124211][ T4214] XFS (loop0): Quotacheck needed: Please wait. [ 617.131996][ T4214] attempt to access beyond end of device [ 617.131996][ T4214] loop0: rw=432129, want=65600, limit=65536 [ 617.134444][ T226] XFS (loop0): log I/O error -5 [ 617.136140][ T4214] XFS (loop0): Quotacheck: Done. [ 617.136365][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 617.137387][ T4214] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 617.140035][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 617.147839][ T4098] XFS (loop0): Unmounting Filesystem executing program [ 617.773980][ T4224] loop0: detected capacity change from 0 to 65536 [ 617.779818][ T4224] XFS (loop0): correcting sb_features alignment problem [ 617.781810][ T4224] XFS (loop0): Mounting V4 Filesystem [ 617.784125][ T4224] XFS (loop0): totally zeroed log [ 617.786457][ T4224] XFS (loop0): Ending clean mount [ 617.788966][ T4224] XFS (loop0): Quotacheck needed: Please wait. [ 617.792756][ T4224] attempt to access beyond end of device [ 617.792756][ T4224] loop0: rw=432129, want=65600, limit=65536 [ 617.795553][ T226] XFS (loop0): log I/O error -5 [ 617.796691][ T4224] XFS (loop0): Quotacheck: Unsuccessful (Error -5): Disabling quotas. [ 617.796845][ T226] ================================================================== [ 617.800384][ T226] BUG: KASAN: double-free or invalid-free in kfree+0x1b0/0x480 [ 617.802035][ T226] [ 617.802494][ T226] CPU: 0 PID: 226 Comm: kworker/0:1H Tainted: G B 5.15.102-syzkaller #0 [ 617.804604][ T226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 617.806946][ T226] Workqueue: xfs-log/loop0 xlog_ioend_work [ 617.808237][ T226] Call trace: [ 617.808951][ T226] dump_backtrace+0x0/0x530 [ 617.809995][ T226] show_stack+0x2c/0x3c [ 617.810855][ T226] dump_stack_lvl+0x108/0x170 [ 617.811852][ T226] print_address_description+0x7c/0x3f0 [ 617.813139][ T226] kasan_report_invalid_free+0x64/0x94 [ 617.814297][ T226] ____kasan_slab_free+0x134/0x164 [ 617.815442][ T226] __kasan_slab_free+0x18/0x28 [ 617.816435][ T226] slab_free_freelist_hook+0x128/0x1ec [ 617.817592][ T226] kfree+0x1b0/0x480 [ 617.818445][ T226] kvfree+0x40/0x50 [ 617.819288][ T226] xfs_buf_free+0x2b0/0x638 [ 617.820267][ T226] xfs_buf_rele+0x103c/0x171c [ 617.821356][ T226] xfs_buf_ioend+0x548/0x940 [ 617.822392][ T226] xfs_buf_ioend_fail+0x78/0x90 [ 617.823435][ T226] xfs_buf_item_unpin+0x2f4/0xb48 [ 617.824514][ T226] xfs_trans_committed_bulk+0x2b0/0x70c [ 617.825666][ T226] xlog_cil_committed+0x228/0xdd0 [ 617.826842][ T226] xlog_cil_process_committed+0x11c/0x174 [ 617.828126][ T226] xlog_state_shutdown_callbacks+0x23c/0x324 [ 617.829435][ T226] xlog_force_shutdown+0x1a8/0x208 [ 617.830623][ T226] xfs_do_force_shutdown+0x118/0x7b0 [ 617.831727][ T226] xlog_ioend_work+0xc0/0x114 [ 617.832744][ T226] process_one_work+0x84c/0x14b8 [ 617.833862][ T226] worker_thread+0x910/0x1034 [ 617.834939][ T226] kthread+0x37c/0x45c [ 617.835824][ T226] ret_from_fork+0x10/0x20 [ 617.836758][ T226] [ 617.837280][ T226] Allocated by task 4074: [ 617.838257][ T226] ____kasan_kmalloc+0xbc/0xfc [ 617.839233][ T226] __kasan_kmalloc+0x10/0x1c [ 617.840284][ T226] __kmalloc+0x26c/0x404 [ 617.841162][ T226] kmem_alloc+0x2ec/0x6c8 [ 617.842150][ T226] xfs_buf_get_map+0x670/0xd50 [ 617.843198][ T226] xfs_trans_get_buf_map+0x184/0xbc4 [ 617.844329][ T226] xfs_dquot_disk_alloc+0x74c/0xc6c [ 617.845449][ T226] xfs_qm_dqread+0x554/0xb64 [ 617.846413][ T226] xfs_qm_dqget+0x23c/0x510 [ 617.847417][ T226] xfs_qm_quotacheck_dqadjust+0xe0/0x810 [ 617.848589][ T226] xfs_qm_dqusage_adjust+0x36c/0x518 [ 617.849699][ T226] xfs_iwalk_ag_recs+0x514/0x9cc [ 617.850822][ T226] xfs_iwalk_run_callbacks+0x1bc/0x3b4 [ 617.852000][ T226] xfs_iwalk_ag+0x8d4/0x9b0 [ 617.852900][ T226] xfs_iwalk_ag_work+0x10c/0x1a8 [ 617.853938][ T226] xfs_pwork_work+0x80/0x1b8 [ 617.854910][ T226] process_one_work+0x84c/0x14b8 [ 617.855964][ T226] worker_thread+0x910/0x1034 [ 617.856996][ T226] kthread+0x37c/0x45c [ 617.857846][ T226] ret_from_fork+0x10/0x20 [ 617.858733][ T226] [ 617.859253][ T226] Freed by task 4224: [ 617.860149][ T226] kasan_set_track+0x4c/0x84 [ 617.861179][ T226] kasan_set_free_info+0x28/0x4c [ 617.862281][ T226] ____kasan_slab_free+0x118/0x164 [ 617.863442][ T226] __kasan_slab_free+0x18/0x28 [ 617.864458][ T226] slab_free_freelist_hook+0x128/0x1ec [ 617.865596][ T226] kfree+0x1b0/0x480 [ 617.866456][ T226] kvfree+0x40/0x50 [ 617.867316][ T226] xfs_buf_free+0x2b0/0x638 [ 617.868294][ T226] xfs_buf_rele+0x103c/0x171c [ 617.869307][ T226] xfs_buf_delwri_submit+0x1ac/0x244 [ 617.870509][ T226] xfs_qm_quotacheck+0x34c/0x56c [ 617.871575][ T226] xfs_qm_mount_quotas+0x2ac/0x578 [ 617.872707][ T226] xfs_mountfs+0x11e4/0x1778 [ 617.873795][ T226] xfs_fs_fill_super+0xd64/0xf60 [ 617.874864][ T226] get_tree_bdev+0x360/0x54c [ 617.875823][ T226] xfs_fs_get_tree+0x28/0x38 [ 617.876850][ T226] vfs_get_tree+0x90/0x274 [ 617.877787][ T226] do_new_mount+0x25c/0x8c8 [ 617.878733][ T226] path_mount+0x590/0x104c [ 617.879659][ T226] __arm64_sys_mount+0x510/0x5e0 [ 617.880711][ T226] invoke_syscall+0x98/0x2b8 [ 617.881685][ T226] el0_svc_common+0x138/0x258 [ 617.882775][ T226] do_el0_svc+0x58/0x14c [ 617.883663][ T226] el0_svc+0x7c/0x1f0 [ 617.884577][ T226] el0t_64_sync_handler+0x84/0xe4 [ 617.885671][ T226] el0t_64_sync+0x1a0/0x1a4 [ 617.886628][ T226] [ 617.887093][ T226] The buggy address belongs to the object at ffff0000da326400 [ 617.887093][ T226] which belongs to the cache kmalloc-512 of size 512 [ 617.890179][ T226] The buggy address is located 0 bytes inside of [ 617.890179][ T226] 512-byte region [ffff0000da326400, ffff0000da326600) [ 617.892942][ T226] The buggy address belongs to the page: [ 617.894198][ T226] page:000000009b48b335 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a324 [ 617.896428][ T226] head:000000009b48b335 order:2 compound_mapcount:0 compound_pincount:0 [ 617.898168][ T226] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 617.899898][ T226] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 617.901748][ T226] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 617.903663][ T226] page dumped because: kasan: bad access detected [ 617.905114][ T226] [ 617.905660][ T226] Memory state around the buggy address: [ 617.906936][ T226] ffff0000da326300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 617.908821][ T226] ffff0000da326380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 617.910617][ T226] >ffff0000da326400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 617.912403][ T226] ^ [ 617.913255][ T226] ffff0000da326480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 617.915057][ T226] ffff0000da326500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 617.916953][ T226] ================================================================== [ 617.918938][ T226] ================================================================== [ 617.919737][ T4098] XFS (loop0): Unmounting Filesystem [ 617.920691][ T226] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0xdc/0x434 [ 617.923730][ T226] [ 617.924222][ T226] CPU: 0 PID: 226 Comm: kworker/0:1H Tainted: G B 5.15.102-syzkaller #0 [ 617.926372][ T226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 617.928601][ T226] Workqueue: xfs-log/loop0 xlog_ioend_work [ 617.929839][ T226] Call trace: [ 617.930521][ T226] dump_backtrace+0x0/0x530 [ 617.931468][ T226] show_stack+0x2c/0x3c [ 617.932377][ T226] dump_stack_lvl+0x108/0x170 [ 617.933391][ T226] print_address_description+0x7c/0x3f0 [ 617.934617][ T226] kasan_report_invalid_free+0x64/0x94 [ 617.935845][ T226] ____kasan_slab_free+0x134/0x164 [ 617.936979][ T226] __kasan_slab_free+0x18/0x28 [ 617.938018][ T226] slab_free_freelist_hook+0x128/0x1ec [ 617.939283][ T226] kmem_cache_free+0xdc/0x434 [ 617.940334][ T226] xfs_buf_free+0x310/0x638 [ 617.941352][ T226] xfs_buf_rele+0x103c/0x171c [ 617.942379][ T226] xfs_buf_ioend+0x548/0x940 [ 617.943393][ T226] xfs_buf_ioend_fail+0x78/0x90 [ 617.944473][ T226] xfs_buf_item_unpin+0x2f4/0xb48 [ 617.945617][ T226] xfs_trans_committed_bulk+0x2b0/0x70c [ 617.946810][ T226] xlog_cil_committed+0x228/0xdd0 [ 617.947993][ T226] xlog_cil_process_committed+0x11c/0x174 [ 617.949321][ T226] xlog_state_shutdown_callbacks+0x23c/0x324 [ 617.950667][ T226] xlog_force_shutdown+0x1a8/0x208 [ 617.951838][ T226] xfs_do_force_shutdown+0x118/0x7b0 [ 617.952927][ T226] xlog_ioend_work+0xc0/0x114 [ 617.953923][ T226] process_one_work+0x84c/0x14b8 [ 617.954990][ T226] worker_thread+0x910/0x1034 [ 617.955955][ T226] kthread+0x37c/0x45c [ 617.956941][ T226] ret_from_fork+0x10/0x20 [ 617.957910][ T226] [ 617.958389][ T226] Allocated by task 4074: [ 617.959327][ T226] __kasan_slab_alloc+0x8c/0xcc [ 617.960370][ T226] slab_post_alloc_hook+0x74/0x3f4 [ 617.961463][ T226] kmem_cache_alloc+0x1dc/0x4cc [ 617.962552][ T226] _xfs_buf_alloc+0x78/0xec8 [ 617.963535][ T226] xfs_buf_get_map+0x194/0xd50 [ 617.964584][ T226] xfs_trans_get_buf_map+0x184/0xbc4 [ 617.965665][ T226] xfs_dquot_disk_alloc+0x74c/0xc6c [ 617.966804][ T226] xfs_qm_dqread+0x554/0xb64 [ 617.967811][ T226] xfs_qm_dqget+0x23c/0x510 [ 617.968766][ T226] xfs_qm_quotacheck_dqadjust+0xe0/0x810 [ 617.969939][ T226] xfs_qm_dqusage_adjust+0x36c/0x518 [ 617.971111][ T226] xfs_iwalk_ag_recs+0x514/0x9cc [ 617.972148][ T226] xfs_iwalk_run_callbacks+0x1bc/0x3b4 [ 617.973348][ T226] xfs_iwalk_ag+0x8d4/0x9b0 [ 617.974348][ T226] xfs_iwalk_ag_work+0x10c/0x1a8 [ 617.975432][ T226] xfs_pwork_work+0x80/0x1b8 [ 617.976472][ T226] process_one_work+0x84c/0x14b8 [ 617.977475][ T226] worker_thread+0x910/0x1034 [ 617.978616][ T226] kthread+0x37c/0x45c [ 617.979550][ T226] ret_from_fork+0x10/0x20 [ 617.980467][ T226] [ 617.980944][ T226] Freed by task 4224: [ 617.981832][ T226] kasan_set_track+0x4c/0x84 [ 617.982825][ T226] kasan_set_free_info+0x28/0x4c [ 617.983847][ T226] ____kasan_slab_free+0x118/0x164 [ 617.985031][ T226] __kasan_slab_free+0x18/0x28 [ 617.986116][ T226] slab_free_freelist_hook+0x128/0x1ec [ 617.987327][ T226] kmem_cache_free+0xdc/0x434 [ 617.988332][ T226] xfs_buf_free+0x310/0x638 [ 617.989306][ T226] xfs_buf_rele+0x103c/0x171c [ 617.990384][ T226] xfs_buf_delwri_submit+0x1ac/0x244 [ 617.991578][ T226] xfs_qm_quotacheck+0x34c/0x56c [ 617.992593][ T226] xfs_qm_mount_quotas+0x2ac/0x578 [ 617.993723][ T226] xfs_mountfs+0x11e4/0x1778 [ 617.994742][ T226] xfs_fs_fill_super+0xd64/0xf60 [ 617.995792][ T226] get_tree_bdev+0x360/0x54c [ 617.996820][ T226] xfs_fs_get_tree+0x28/0x38 [ 617.997775][ T226] vfs_get_tree+0x90/0x274 [ 617.998771][ T226] do_new_mount+0x25c/0x8c8 [ 617.999817][ T226] path_mount+0x590/0x104c [ 618.000825][ T226] __arm64_sys_mount+0x510/0x5e0 [ 618.001932][ T226] invoke_syscall+0x98/0x2b8 [ 618.002935][ T226] el0_svc_common+0x138/0x258 [ 618.003993][ T226] do_el0_svc+0x58/0x14c [ 618.004925][ T226] el0_svc+0x7c/0x1f0 [ 618.005823][ T226] el0t_64_sync_handler+0x84/0xe4 [ 618.006918][ T226] el0t_64_sync+0x1a0/0x1a4 [ 618.007889][ T226] [ 618.008368][ T226] The buggy address belongs to the object at ffff0000d3e8a700 [ 618.008368][ T226] which belongs to the cache xfs_buf of size 632 [ 618.011363][ T226] The buggy address is located 0 bytes inside of [ 618.011363][ T226] 632-byte region [ffff0000d3e8a700, ffff0000d3e8a978) [ 618.014249][ T226] The buggy address belongs to the page: [ 618.015532][ T226] page:00000000272f3043 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113e88 [ 618.017693][ T226] head:00000000272f3043 order:2 compound_mapcount:0 compound_pincount:0 [ 618.019497][ T226] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 618.021305][ T226] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c61d0300 [ 618.023081][ T226] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000 [ 618.025007][ T226] page dumped because: kasan: bad access detected [ 618.026406][ T226] [ 618.026885][ T226] Memory state around the buggy address: [ 618.028147][ T226] ffff0000d3e8a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 618.029891][ T226] ffff0000d3e8a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 618.031596][ T226] >ffff0000d3e8a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 618.033386][ T226] ^ [ 618.034329][ T226] ffff0000d3e8a780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 618.036061][ T226] ffff0000d3e8a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 618.037864][ T226] ================================================================== [ 618.039832][ T226] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 618.042653][ T226] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 618.085463][ T4098] XFS (loop0): Internal error atomic_read(&pag->pag_ref) != 0 at line 194 of file fs/xfs/libxfs/xfs_ag.c. Caller xfs_free_perag+0x11c/0x1d8 [ 618.088604][ T4098] CPU: 1 PID: 4098 Comm: syz-executor276 Tainted: G B 5.15.102-syzkaller #0 [ 618.090783][ T4098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 618.092938][ T4098] Call trace: [ 618.093638][ T4098] dump_backtrace+0x0/0x530 [ 618.094587][ T4098] show_stack+0x2c/0x3c [ 618.095495][ T4098] dump_stack_lvl+0x108/0x170 [ 618.096563][ T4098] dump_stack+0x1c/0x58 [ 618.097470][ T4098] xfs_corruption_error+0x134/0x190 [ 618.098607][ T4098] xfs_free_perag+0x164/0x1d8 [ 618.099598][ T4098] xfs_unmountfs+0x148/0x1c8 [ 618.100616][ T4098] xfs_fs_put_super+0x70/0x250 [ 618.101714][ T4098] generic_shutdown_super+0x130/0x29c [ 618.102957][ T4098] kill_block_super+0x70/0xdc [ 618.103984][ T4098] deactivate_locked_super+0xb8/0x13c [ 618.105170][ T4098] deactivate_super+0x108/0x128 [ 618.106251][ T4098] cleanup_mnt+0x3c0/0x474 [ 618.107277][ T4098] __cleanup_mnt+0x20/0x30 [ 618.108235][ T4098] task_work_run+0x130/0x1e4 [ 618.109286][ T4098] do_notify_resume+0x262c/0x32b8 [ 618.110441][ T4098] el0_svc+0xfc/0x1f0 [ 618.111354][ T4098] el0t_64_sync_handler+0x84/0xe4 [ 618.112671][ T4098] el0t_64_sync+0x1a0/0x1a4 [ 618.113885][ T4098] XFS (loop0): Corruption detected. Unmount and run xfs_repair executing program [ 618.715360][ T4233] loop0: detected capacity change from 0 to 65536 [ 618.720200][ T4233] XFS (loop0): correcting sb_features alignment problem [ 618.722277][ T4233] XFS (loop0): Mounting V4 Filesystem [ 618.724794][ T4233] XFS (loop0): totally zeroed log [ 618.726956][ T4233] XFS (loop0): Ending clean mount [ 618.729788][ T4233] XFS (loop0): Quotacheck needed: Please wait. [ 618.740974][ T4233] attempt to access beyond end of device [ 618.740974][ T4233] loop0: rw=432129, want=65600, limit=65536 [ 618.743314][ T149] XFS (loop0): log I/O error -5 [ 618.744970][ T149] XFS (loop0): Log I/O Error (0x2) detected at xlog_ioend_work+0xc0/0x114 (fs/xfs/xfs_log.c:1364). Shutting down filesystem. [ 618.746085][ T4233] XFS (loop0): Quotacheck: Done. [ 618.747860][ T149] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 618.749139][ T4233] XFS (loop0): xfs_qm_mount_quotas: Superblock update failed! [ 618.755651][ T4098] XFS (loop0): Unmounting Filesystem executing program