Warning: Permanently added '10.128.1.143' (ECDSA) to the list of known hosts. executing program [ 35.908349][ T4217] loop0: detected capacity change from 0 to 32768 [ 35.916366][ T4217] XFS (loop0): Mounting V5 Filesystem [ 36.000859][ T4217] XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200. [ 36.027041][ T4217] XFS (loop0): Starting recovery (logdev: internal) [ 36.037062][ T4217] ================================================================== [ 36.038663][ T4217] BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x180/0x66c [ 36.040533][ T4217] Read of size 8 at addr ffff0000c3624128 by task syz-executor154/4217 [ 36.042338][ T4217] [ 36.042848][ T4217] CPU: 0 PID: 4217 Comm: syz-executor154 Not tainted 6.1.29-syzkaller #0 [ 36.044743][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 36.046984][ T4217] Call trace: [ 36.047648][ T4217] dump_backtrace+0x1c8/0x1f4 [ 36.048674][ T4217] show_stack+0x2c/0x3c [ 36.049563][ T4217] dump_stack_lvl+0x108/0x170 [ 36.050542][ T4217] print_report+0x174/0x4c0 [ 36.051458][ T4217] kasan_report+0xd4/0x130 [ 36.052432][ T4217] __asan_report_load8_noabort+0x2c/0x38 [ 36.053701][ T4217] xfs_btree_lookup_get_block+0x180/0x66c [ 36.054979][ T4217] xfs_btree_lookup+0x388/0x117c [ 36.055987][ T4217] xfs_btree_simple_query_range+0xd4/0x5c4 [ 36.057276][ T4217] xfs_btree_query_range+0x2b4/0x348 [ 36.058494][ T4217] xfs_refcount_recover_cow_leftovers+0x2c4/0xbdc [ 36.059815][ T4217] xfs_reflink_recover_cow+0x88/0x190 [ 36.061038][ T4217] xlog_recover_finish+0x708/0x7ec [ 36.062100][ T4217] xfs_log_mount_finish+0x1b8/0x3f4 [ 36.063153][ T4217] xfs_mountfs+0x103c/0x18fc [ 36.064159][ T4217] xfs_fs_fill_super+0xd38/0xf50 [ 36.065229][ T4217] get_tree_bdev+0x360/0x54c [ 36.066211][ T4217] xfs_fs_get_tree+0x28/0x38 [ 36.067179][ T4217] vfs_get_tree+0x90/0x274 [ 36.068144][ T4217] do_new_mount+0x25c/0x8c8 [ 36.069274][ T4217] path_mount+0x590/0xe58 [ 36.070291][ T4217] __arm64_sys_mount+0x45c/0x594 [ 36.071460][ T4217] invoke_syscall+0x98/0x2c0 [ 36.072503][ T4217] el0_svc_common+0x138/0x258 [ 36.073564][ T4217] do_el0_svc+0x64/0x218 [ 36.074548][ T4217] el0_svc+0x58/0x168 [ 36.075401][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.076589][ T4217] el0t_64_sync+0x18c/0x190 [ 36.077550][ T4217] [ 36.078039][ T4217] The buggy address belongs to the object at ffff0000c3624108 [ 36.078039][ T4217] which belongs to the cache xfs_refcbt_cur of size 200 [ 36.081055][ T4217] The buggy address is located 32 bytes inside of [ 36.081055][ T4217] 200-byte region [ffff0000c3624108, ffff0000c36241d0) [ 36.083887][ T4217] [ 36.084364][ T4217] The buggy address belongs to the physical page: [ 36.085771][ T4217] page:00000000bb3715e9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103624 [ 36.087977][ T4217] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 36.089636][ T4217] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c4e94300 [ 36.091463][ T4217] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 36.093331][ T4217] page dumped because: kasan: bad access detected [ 36.094623][ T4217] [ 36.095144][ T4217] Memory state around the buggy address: [ 36.096381][ T4217] ffff0000c3624000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.098257][ T4217] ffff0000c3624080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 36.100171][ T4217] >ffff0000c3624100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.101918][ T4217] ^ [ 36.103129][ T4217] ffff0000c3624180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.104839][ T4217] ffff0000c3624200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.106508][ T4217] ================================================================== [ 36.108327][ T4217] Disabling lock debugging due to kernel taint [ 36.109936][ T4217] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x444/0x66c, xfs_refcountbt block 0x18 [ 36.112491][ T4217] XFS (loop0): Unmount and run xfs_repair [ 36.113837][ T4217] Unable to handle kernel paging request at virtual address e0c100530000024d [ 36.115717][ T4217] KASAN: maybe wild-memory-access in range [0x060c029800001268-0x060c02980000126f] [ 36.117577][ T4217] Mem abort info: [ 36.118293][ T4217] ESR = 0x0000000096000004 [ 36.119355][ T4217] EC = 0x25: DABT (current EL), IL = 32 bits [ 36.120662][ T4217] SET = 0, FnV = 0 [ 36.121448][ T4217] EA = 0, S1PTW = 0 [ 36.122290][ T4217] FSC = 0x04: level 0 translation fault [ 36.123417][ T4217] Data abort info: [ 36.124209][ T4217] ISV = 0, ISS = 0x00000004 [ 36.125169][ T4217] CM = 0, WnR = 0 [ 36.125979][ T4217] [e0c100530000024d] address between user and kernel address ranges [ 36.127661][ T4217] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 36.129234][ T4217] Modules linked in: [ 36.130003][ T4217] CPU: 0 PID: 4217 Comm: syz-executor154 Tainted: G B 6.1.29-syzkaller #0 [ 36.132217][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 36.134493][ T4217] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 36.136290][ T4217] pc : xfs_trans_brelse+0x34/0x4e0 [ 36.137438][ T4217] lr : xfs_trans_brelse+0x2c/0x4e0 [ 36.138623][ T4217] sp : ffff80001d7a7340 [ 36.139525][ T4217] x29: ffff80001d7a7340 x28: 00000000ffffff8b x27: 1fffe000186c4800 [ 36.141267][ T4217] x26: 0000000000000007 x25: 00000000000000c8 x24: 1fffe000186c4809 [ 36.143039][ T4217] x23: dfff800000000000 x22: 060c029800001079 x21: 060c029800001269 [ 36.144757][ T4217] x20: ffff0000d3c0a000 x19: 060c029800001079 x18: 1fffe000368b6376 [ 36.146543][ T4217] x17: 0000000000000000 x16: ffff8000120eb394 x15: ffff800008ac7c64 [ 36.148235][ T4217] x14: ffff800008ac4a08 x13: ffff800008061eec x12: 0000000000000001 [ 36.149926][ T4217] x11: ff80800009c8eb44 x10: 0000000000000000 x9 : ffff800009c8eb44 [ 36.151681][ T4217] x8 : 00c180530000024d x7 : ffff800008061eec x6 : ffff8000080620fc [ 36.153496][ T4217] x5 : ffff0000d9d0eab0 x4 : ffff80001d7a6a78 x3 : ffff800009aa3ccc [ 36.155205][ T4217] x2 : 0000000000000000 x1 : 060c029800001079 x0 : ffff0000d3c0a000 [ 36.156987][ T4217] Call trace: [ 36.157679][ T4217] xfs_trans_brelse+0x34/0x4e0 [ 36.158768][ T4217] xfs_btree_del_cursor+0xb8/0x24c [ 36.159928][ T4217] xfs_refcount_recover_cow_leftovers+0x2d4/0xbdc [ 36.161304][ T4217] xfs_reflink_recover_cow+0x88/0x190 [ 36.162504][ T4217] xlog_recover_finish+0x708/0x7ec [ 36.163656][ T4217] xfs_log_mount_finish+0x1b8/0x3f4 [ 36.164792][ T4217] xfs_mountfs+0x103c/0x18fc [ 36.165800][ T4217] xfs_fs_fill_super+0xd38/0xf50 [ 36.166900][ T4217] get_tree_bdev+0x360/0x54c [ 36.167978][ T4217] xfs_fs_get_tree+0x28/0x38 [ 36.169065][ T4217] vfs_get_tree+0x90/0x274 [ 36.170087][ T4217] do_new_mount+0x25c/0x8c8 [ 36.171088][ T4217] path_mount+0x590/0xe58 [ 36.172039][ T4217] __arm64_sys_mount+0x45c/0x594 [ 36.173080][ T4217] invoke_syscall+0x98/0x2c0 [ 36.174057][ T4217] el0_svc_common+0x138/0x258 [ 36.175044][ T4217] do_el0_svc+0x64/0x218 [ 36.175932][ T4217] el0_svc+0x58/0x168 [ 36.176819][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.177831][ T4217] el0t_64_sync+0x18c/0x190 [ 36.178852][ T4217] Code: f2fbfff7 97a1b118 9107c275 d343fea8 (38776908) [ 36.180338][ T4217] ---[ end trace 0000000000000000 ]--- [ 36.504761][ T4217] Kernel panic - not syncing: Oops: Fatal exception [ 36.506185][ T4217] SMP: stopping secondary CPUs [ 36.507203][ T4217] Kernel Offset: disabled [ 36.508100][ T4217] CPU features: 0x00000,02070084,26017203 [ 36.509240][ T4217] Memory Limit: none [ 36.811481][ T4217] Rebooting in 86400 seconds..