./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1321240245
<...>
Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts.
execve("./syz-executor1321240245", ["./syz-executor1321240245"], 0x7fffb7552ff0 /* 10 vars */) = 0
brk(NULL) = 0x555556c6b000
brk(0x555556c6bc40) = 0x555556c6bc40
arch_prctl(ARCH_SET_FS, 0x555556c6b300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1321240245", 4096) = 28
brk(0x555556c8cc40) = 0x555556c8cc40
brk(0x555556c8d000) = 0x555556c8d000
mprotect(0x7f89fa46a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f89f1fa7000
write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
munmap(0x7f89f1fa7000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file2", 0777) = 0
[ 52.820128][ T5074] loop0: detected capacity change from 0 to 32768
[ 52.835091][ T5074] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 52.933306][ T5074] XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200.
[ 52.967972][ T5074] XFS (loop0): Starting recovery (logdev: internal)
[ 52.983384][ T5074] ==================================================================
[ 52.991517][ T5074] BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.000121][ T5074] Read of size 8 at addr ffff88807e89f258 by task syz-executor132/5074
[ 53.008345][ T5074]
[ 53.010657][ T5074] CPU: 0 PID: 5074 Comm: syz-executor132 Not tainted 6.2.0-rc1-syzkaller #0
[ 53.019484][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.029530][ T5074] Call Trace:
[ 53.032808][ T5074]
[ 53.035726][ T5074] dump_stack_lvl+0x1b1/0x290
[ 53.040398][ T5074] ? nf_tcp_handle_invalid+0x630/0x630
[ 53.045854][ T5074] ? __wake_up_klogd+0xcd/0x100
[ 53.050701][ T5074] ? panic+0x710/0x710
[ 53.054754][ T5074] ? _printk+0xc0/0x100
[ 53.058910][ T5074] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 53.064370][ T5074] print_address_description+0x74/0x340
[ 53.069909][ T5074] print_report+0x107/0x1f0
[ 53.074400][ T5074] ? __virt_addr_valid+0x21b/0x2d0
[ 53.079499][ T5074] ? __phys_addr+0xb5/0x160
[ 53.083991][ T5074] ? xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.089873][ T5074] kasan_report+0xcd/0x100
[ 53.094281][ T5074] ? xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.100171][ T5074] xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.106065][ T5074] ? __stack_depot_save+0x41c/0x4a0
[ 53.111253][ T5074] ? xfs_btree_decrement+0xbc0/0xbc0
[ 53.116550][ T5074] ? mark_lock+0x9a/0x350
[ 53.120888][ T5074] xfs_btree_lookup+0x346/0x12c0
[ 53.125839][ T5074] ? lockdep_hardirqs_on+0x8d/0x130
[ 53.131032][ T5074] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 53.136918][ T5074] ? xfs_btree_lookup_get_block+0x6d0/0x6d0
[ 53.142797][ T5074] ? stack_trace_save+0x104/0x1e0
[ 53.147835][ T5074] ? stack_trace_snprint+0xf0/0xf0
[ 53.152935][ T5074] ? __stack_depot_save+0x41c/0x4a0
[ 53.158126][ T5074] xfs_btree_simple_query_range+0xde/0x6a0
[ 53.164185][ T5074] ? xfs_refcount_recover_cow_leftovers+0x213/0xa60
[ 53.170865][ T5074] ? xfs_reflink_recover_cow+0xab/0x1b0
[ 53.176569][ T5074] ? xlog_recover_finish+0x824/0x920
[ 53.181851][ T5074] ? xfs_log_mount_finish+0x1ec/0x3d0
[ 53.187300][ T5074] ? xfs_mountfs+0x146a/0x1ef0
[ 53.194056][ T5074] ? get_tree_bdev+0x400/0x620
[ 53.199173][ T5074] ? vfs_get_tree+0x88/0x270
[ 53.203747][ T5074] ? do_new_mount+0x289/0xad0
[ 53.208428][ T5074] ? xfs_refcount_recover_cow_leftovers+0xa60/0xa60
[ 53.215019][ T5074] ? xfs_btree_query_range+0x380/0x380
[ 53.220573][ T5074] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 53.226577][ T5074] ? xfs_btree_query_range+0x175/0x380
[ 53.232033][ T5074] ? xfs_refcountbt_init_rec_from_cur+0x68/0x1d0
[ 53.238352][ T5074] xfs_btree_query_range+0x2db/0x380
[ 53.243628][ T5074] ? xfs_refcount_recover_cow_leftovers+0xa60/0xa60
[ 53.250208][ T5074] ? xfs_btree_space_to_height+0xd0/0xd0
[ 53.255830][ T5074] ? xfs_refcountbt_init_cursor+0x84/0x330
[ 53.261629][ T5074] ? trace_kmem_cache_alloc+0x30/0xe0
[ 53.266988][ T5074] ? kmem_cache_alloc+0x20a/0x350
[ 53.271994][ T5074] ? xfs_refcountbt_init_cursor+0x84/0x330
[ 53.277783][ T5074] ? xfs_refcountbt_init_cursor+0x15b/0x330
[ 53.283671][ T5074] xfs_refcount_recover_cow_leftovers+0x2d1/0xa60
[ 53.290072][ T5074] ? xfs_refcount_free_cow_extent+0x1b0/0x1b0
[ 53.296148][ T5074] ? rcu_read_lock_sched_held+0x87/0x110
[ 53.301777][ T5074] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 53.307868][ T5074] ? trace_xfs_perag_get+0x106/0x310
[ 53.315960][ T5074] xfs_reflink_recover_cow+0xab/0x1b0
[ 53.321319][ T5074] xlog_recover_finish+0x824/0x920
[ 53.326419][ T5074] ? queue_delayed_work_on+0x147/0x210
[ 53.331865][ T5074] ? lockdep_hardirqs_on+0x8d/0x130
[ 53.337048][ T5074] ? xlog_do_recover+0x2f0/0x2f0
[ 53.341971][ T5074] ? xfs_ag_resv_free+0x560/0x560
[ 53.346984][ T5074] xfs_log_mount_finish+0x1ec/0x3d0
[ 53.352169][ T5074] xfs_mountfs+0x146a/0x1ef0
[ 53.356745][ T5074] ? xfs_default_resblks+0x70/0x70
[ 53.361847][ T5074] ? xfs_filestream_new_ag+0x510/0x510
[ 53.367297][ T5074] ? trace_xfs_inode_timestamp_range+0x104/0x300
[ 53.373612][ T5074] xfs_fs_fill_super+0xf95/0x11f0
[ 53.378635][ T5074] get_tree_bdev+0x400/0x620
[ 53.383426][ T5074] ? xfs_fs_warn_deprecated+0x190/0x190
[ 53.388976][ T5074] vfs_get_tree+0x88/0x270
[ 53.393380][ T5074] do_new_mount+0x289/0xad0
[ 53.397878][ T5074] ? do_move_mount_old+0x150/0x150
[ 53.402981][ T5074] ? user_path_at_empty+0x149/0x1a0
[ 53.408178][ T5074] __se_sys_mount+0x2d3/0x3c0
[ 53.412860][ T5074] ? __x64_sys_mount+0xc0/0xc0
[ 53.417614][ T5074] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 53.423577][ T5074] ? __x64_sys_mount+0x1c/0xc0
[ 53.428507][ T5074] do_syscall_64+0x3d/0xb0
[ 53.432915][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.438797][ T5074] RIP: 0033:0x7f89fa3f4aca
[ 53.443199][ T5074] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.462882][ T5074] RSP: 002b:00007fffd5fb5ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 53.471286][ T5074] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f89fa3f4aca
[ 53.479257][ T5074] RDX: 0000000020000100 RSI: 0000000020009640 RDI: 00007fffd5fb5f10
[ 53.487214][ T5074] RBP: 00007fffd5fb5f10 R08: 00007fffd5fb5f50 R09: 000000000000970d
[ 53.495867][ T5074] R10: 0000000000200800 R11: 0000000000000206 R12: 0000000000000004
[ 53.503822][ T5074] R13: 0000555556c6b2c0 R14: 0000000000200800 R15: 00007fffd5fb5f50
[ 53.511782][ T5074]
[ 53.514786][ T5074]
[ 53.517093][ T5074] The buggy address belongs to the object at ffff88807e89f210
[ 53.517093][ T5074] which belongs to the cache xfs_refcbt_cur of size 200
[ 53.531571][ T5074] The buggy address is located 72 bytes inside of
[ 53.531571][ T5074] 200-byte region [ffff88807e89f210, ffff88807e89f2d8)
[ 53.544739][ T5074]
[ 53.547047][ T5074] The buggy address belongs to the physical page:
[ 53.553449][ T5074] page:ffffea0001fa27c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e89f
[ 53.563580][ T5074] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 53.571122][ T5074] raw: 00fff00000000200 ffff88801aa88dc0 dead000000000122 0000000000000000
[ 53.579687][ T5074] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
[ 53.588295][ T5074] page dumped because: kasan: bad access detected
[ 53.594692][ T5074] page_owner tracks the page as allocated
[ 53.600390][ T5074] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 5074, tgid 5074 (syz-executor132), ts 52983376728, free_ts 44253031630
[ 53.618775][ T5074] get_page_from_freelist+0x742/0x7c0
[ 53.624135][ T5074] __alloc_pages+0x259/0x560
[ 53.628713][ T5074] alloc_slab_page+0xbd/0x190
[ 53.633374][ T5074] allocate_slab+0x5e/0x3c0
[ 53.637862][ T5074] ___slab_alloc+0x782/0xe20
[ 53.642433][ T5074] kmem_cache_alloc+0x268/0x350
[ 53.647266][ T5074] xfs_refcountbt_init_cursor+0x84/0x330
[ 53.652882][ T5074] xfs_refcount_recover_cow_leftovers+0x213/0xa60
[ 53.659282][ T5074] xfs_reflink_recover_cow+0xab/0x1b0
[ 53.664636][ T5074] xlog_recover_finish+0x824/0x920
[ 53.669733][ T5074] xfs_log_mount_finish+0x1ec/0x3d0
[ 53.674919][ T5074] xfs_mountfs+0x146a/0x1ef0
[ 53.679518][ T5074] xfs_fs_fill_super+0xf95/0x11f0
[ 53.685271][ T5074] get_tree_bdev+0x400/0x620
[ 53.689864][ T5074] vfs_get_tree+0x88/0x270
[ 53.694365][ T5074] do_new_mount+0x289/0xad0
[ 53.699634][ T5074] page last free stack trace:
[ 53.704316][ T5074] free_pcp_prepare+0x751/0x780
[ 53.709156][ T5074] free_unref_page+0x19/0x4c0
[ 53.713816][ T5074] pipe_read+0x718/0x1340
[ 53.718133][ T5074] vfs_read+0x7ac/0xbf0
[ 53.722270][ T5074] ksys_read+0x177/0x2a0
[ 53.726496][ T5074] do_syscall_64+0x3d/0xb0
[ 53.730897][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.736872][ T5074]
[ 53.739269][ T5074] Memory state around the buggy address:
[ 53.744878][ T5074] ffff88807e89f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.752922][ T5074] ffff88807e89f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.760965][ T5074] >ffff88807e89f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.769004][ T5074] ^
[ 53.775915][ T5074] ffff88807e89f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.783956][ T5074] ffff88807e89f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.791996][ T5074] ==================================================================
[ 53.800267][ T5074] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 53.807467][ T5074] CPU: 1 PID: 5074 Comm: syz-executor132 Not tainted 6.2.0-rc1-syzkaller #0
[ 53.816155][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.826288][ T5074] Call Trace:
[ 53.829550][ T5074]
[ 53.832467][ T5074] dump_stack_lvl+0x1b1/0x290
[ 53.837139][ T5074] ? nf_tcp_handle_invalid+0x630/0x630
[ 53.842584][ T5074] ? panic+0x710/0x710
[ 53.846653][ T5074] ? lock_release+0x81/0x820
[ 53.851256][ T5074] ? vscnprintf+0x59/0x80
[ 53.856374][ T5074] panic+0x2d6/0x710
[ 53.860261][ T5074] ? check_panic_on_warn+0x1d/0xa0
[ 53.865366][ T5074] ? memcpy_page_flushcache+0x100/0x100
[ 53.870923][ T5074] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 53.876914][ T5074] ? _raw_spin_unlock+0x40/0x40
[ 53.881755][ T5074] ? rcu_read_lock_sched_held+0x5d/0x110
[ 53.887376][ T5074] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 53.893430][ T5074] check_panic_on_warn+0x80/0xa0
[ 53.898360][ T5074] ? xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.904251][ T5074] end_report+0x47/0x90
[ 53.908422][ T5074] kasan_report+0xda/0x100
[ 53.912871][ T5074] ? xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.918771][ T5074] xfs_btree_lookup_get_block+0x15c/0x6d0
[ 53.924482][ T5074] ? __stack_depot_save+0x41c/0x4a0
[ 53.929680][ T5074] ? xfs_btree_decrement+0xbc0/0xbc0
[ 53.934957][ T5074] ? mark_lock+0x9a/0x350
[ 53.939277][ T5074] xfs_btree_lookup+0x346/0x12c0
[ 53.944209][ T5074] ? lockdep_hardirqs_on+0x8d/0x130
[ 53.949391][ T5074] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 53.955273][ T5074] ? xfs_btree_lookup_get_block+0x6d0/0x6d0
[ 53.961158][ T5074] ? stack_trace_save+0x104/0x1e0
[ 53.966169][ T5074] ? stack_trace_snprint+0xf0/0xf0
[ 53.971283][ T5074] ? __stack_depot_save+0x41c/0x4a0
[ 53.976579][ T5074] xfs_btree_simple_query_range+0xde/0x6a0
[ 53.982395][ T5074] ? xfs_refcount_recover_cow_leftovers+0x213/0xa60
[ 53.988971][ T5074] ? xfs_reflink_recover_cow+0xab/0x1b0
[ 53.994592][ T5074] ? xlog_recover_finish+0x824/0x920
[ 53.999871][ T5074] ? xfs_log_mount_finish+0x1ec/0x3d0
[ 54.005232][ T5074] ? xfs_mountfs+0x146a/0x1ef0
[ 54.009982][ T5074] ? get_tree_bdev+0x400/0x620
[ 54.014735][ T5074] ? vfs_get_tree+0x88/0x270
[ 54.019308][ T5074] ? do_new_mount+0x289/0xad0
[ 54.023966][ T5074] ? xfs_refcount_recover_cow_leftovers+0xa60/0xa60
[ 54.030540][ T5074] ? xfs_btree_query_range+0x380/0x380
[ 54.036008][ T5074] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 54.042001][ T5074] ? xfs_btree_query_range+0x175/0x380
[ 54.047473][ T5074] ? xfs_refcountbt_init_rec_from_cur+0x68/0x1d0
[ 54.053876][ T5074] xfs_btree_query_range+0x2db/0x380
[ 54.059336][ T5074] ? xfs_refcount_recover_cow_leftovers+0xa60/0xa60
[ 54.066003][ T5074] ? xfs_btree_space_to_height+0xd0/0xd0
[ 54.071721][ T5074] ? xfs_refcountbt_init_cursor+0x84/0x330
[ 54.077530][ T5074] ? trace_kmem_cache_alloc+0x30/0xe0
[ 54.082890][ T5074] ? kmem_cache_alloc+0x20a/0x350
[ 54.087988][ T5074] ? xfs_refcountbt_init_cursor+0x84/0x330
[ 54.093782][ T5074] ? xfs_refcountbt_init_cursor+0x15b/0x330
[ 54.099746][ T5074] xfs_refcount_recover_cow_leftovers+0x2d1/0xa60
[ 54.106149][ T5074] ? xfs_refcount_free_cow_extent+0x1b0/0x1b0
[ 54.112198][ T5074] ? rcu_read_lock_sched_held+0x87/0x110
[ 54.117817][ T5074] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 54.123790][ T5074] ? trace_xfs_perag_get+0x106/0x310
[ 54.129768][ T5074] xfs_reflink_recover_cow+0xab/0x1b0
[ 54.135154][ T5074] xlog_recover_finish+0x824/0x920
[ 54.140286][ T5074] ? queue_delayed_work_on+0x147/0x210
[ 54.145735][ T5074] ? lockdep_hardirqs_on+0x8d/0x130
[ 54.150919][ T5074] ? xlog_do_recover+0x2f0/0x2f0
[ 54.155839][ T5074] ? xfs_ag_resv_free+0x560/0x560
[ 54.160940][ T5074] xfs_log_mount_finish+0x1ec/0x3d0
[ 54.166134][ T5074] xfs_mountfs+0x146a/0x1ef0
[ 54.170714][ T5074] ? xfs_default_resblks+0x70/0x70
[ 54.175805][ T5074] ? xfs_filestream_new_ag+0x510/0x510
[ 54.181256][ T5074] ? trace_xfs_inode_timestamp_range+0x104/0x300
[ 54.187589][ T5074] xfs_fs_fill_super+0xf95/0x11f0
[ 54.192715][ T5074] get_tree_bdev+0x400/0x620
[ 54.197307][ T5074] ? xfs_fs_warn_deprecated+0x190/0x190
[ 54.202842][ T5074] vfs_get_tree+0x88/0x270
[ 54.207294][ T5074] do_new_mount+0x289/0xad0
[ 54.211785][ T5074] ? do_move_mount_old+0x150/0x150
[ 54.216888][ T5074] ? user_path_at_empty+0x149/0x1a0
[ 54.222075][ T5074] __se_sys_mount+0x2d3/0x3c0
[ 54.226737][ T5074] ? __x64_sys_mount+0xc0/0xc0
[ 54.231489][ T5074] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 54.237464][ T5074] ? __x64_sys_mount+0x1c/0xc0
[ 54.242474][ T5074] do_syscall_64+0x3d/0xb0
[ 54.247238][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.253143][ T5074] RIP: 0033:0x7f89fa3f4aca
[ 54.257562][ T5074] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.277151][ T5074] RSP: 002b:00007fffd5fb5ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 54.285557][ T5074] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f89fa3f4aca
[ 54.293515][ T5074] RDX: 0000000020000100 RSI: 0000000020009640 RDI: 00007fffd5fb5f10
[ 54.301470][ T5074] RBP: 00007fffd5fb5f10 R08: 00007fffd5fb5f50 R09: 000000000000970d
[ 54.309513][ T5074] R10: 0000000000200800 R11: 0000000000000206 R12: 0000000000000004
[ 54.317489][ T5074] R13: 0000555556c6b2c0 R14: 0000000000200800 R15: 00007fffd5fb5f50
[ 54.325454][ T5074]
[ 54.328590][ T5074] Kernel Offset: disabled
[ 54.332900][ T5074] Rebooting in 86400 seconds..