Warning: Permanently added '10.128.0.157' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.372680][ T4217] loop0: detected capacity change from 0 to 65536
[   38.375863][ T4217] XFS: noattr2 mount option is deprecated.
[   38.377070][ T4217] XFS: noikeep mount option is deprecated.
[   38.383089][ T4217] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[   38.386549][ T4217] XFS (loop0): Mounting V4 filesystem in no-recovery mode. Filesystem will be inconsistent.
[   38.392275][ T4217] XFS (loop0): Quotacheck needed: Please wait.
[   38.403942][ T4217] syz-executor294: attempt to access beyond end of device
[   38.403942][ T4217] loop0: rw=432129, sector=65535, nr_sectors = 64 limit=65536
[   38.407544][   T78] XFS (loop0): log I/O error -5
[   38.408608][   T78] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[   38.410374][   T78] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[   38.413543][ T4217] XFS (loop0): Quotacheck: Unsuccessful (Error -5): Disabling quotas.
[   38.413631][   T78] ==================================================================
[   38.416989][   T78] BUG: KASAN: use-after-free in xfs_trans_committed_bulk+0x16c/0x73c
[   38.418681][   T78] Write of size 8 at addr ffff0000dadcfc10 by task kworker/0:1H/78
[   38.420475][   T78] 
[   38.420961][   T78] CPU: 0 PID: 78 Comm: kworker/0:1H Not tainted 6.1.34-syzkaller #0
[   38.422697][   T78] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   38.424784][   T78] Workqueue: xfs-log/loop0 xlog_ioend_work
[   38.425993][   T78] Call trace:
[   38.426671][   T78]  dump_backtrace+0x1c8/0x1f4
[   38.427655][   T78]  show_stack+0x2c/0x3c
[   38.428558][   T78]  dump_stack_lvl+0x108/0x170
executing program
[   38.429492][   T78]  print_report+0x174/0x4c0
[   38.430525][   T78]  kasan_report+0xd4/0x130
[   38.431565][   T78]  kasan_check_range+0x264/0x2a4
[   38.432696][   T78]  __kasan_check_write+0x2c/0x3c
[   38.433702][   T78]  xfs_trans_committed_bulk+0x16c/0x73c
[   38.435012][   T78]  xlog_cil_committed+0x21c/0xd64
[   38.436100][   T78]  xlog_cil_process_committed+0x11c/0x174
[   38.437392][   T78]  xlog_state_shutdown_callbacks+0x23c/0x324
[   38.438658][   T78]  xlog_force_shutdown+0x29c/0x350
[   38.439733][   T78]  xlog_ioend_work+0xa8/0xf8
[   38.440741][   T78]  process_one_work+0x7ac/0x1404
[   38.441795][   T78]  worker_thread+0x8e4/0xfec
[   38.442824][   T78]  kthread+0x250/0x2d8
[   38.443662][   T78]  ret_from_fork+0x10/0x20
[   38.444593][   T78] 
[   38.445074][   T78] Allocated by task 209:
[   38.446057][   T78]  kasan_set_track+0x4c/0x80
[   38.447129][   T78]  kasan_save_alloc_info+0x24/0x30
[   38.448300][   T78]  __kasan_slab_alloc+0x74/0x8c
[   38.449420][   T78]  slab_post_alloc_hook+0x74/0x458
[   38.450534][   T78]  kmem_cache_alloc+0x230/0x37c
[   38.451660][   T78]  xfs_buf_item_init+0x70/0x43c
[   38.452689][   T78]  _xfs_trans_bjoin+0x54/0x13c
[   38.453759][   T78]  xfs_trans_get_buf_map+0x38c/0x9b4
[   38.454924][   T78]  xfs_dquot_disk_alloc+0x6c0/0xc70
[   38.456105][   T78]  xfs_qm_dqread+0x1b8/0x824
[   38.457155][   T78]  xfs_qm_dqget+0x23c/0x510
[   38.458146][   T78]  xfs_qm_quotacheck_dqadjust+0xe0/0x724
[   38.459377][   T78]  xfs_qm_dqusage_adjust+0x478/0x518
[   38.460562][   T78]  xfs_iwalk_ag_recs+0x458/0x8e8
[   38.461635][   T78]  xfs_iwalk_run_callbacks+0x1bc/0x3b4
[   38.462762][   T78]  xfs_iwalk_ag+0x8d4/0x9b0
[   38.463772][   T78]  xfs_iwalk_ag_work+0x10c/0x1a8
[   38.464795][   T78]  xfs_pwork_work+0x80/0x1a4
[   38.465793][   T78]  process_one_work+0x7ac/0x1404
[   38.466976][   T78]  worker_thread+0x8e4/0xfec
[   38.467992][   T78]  kthread+0x250/0x2d8
[   38.468919][   T78]  ret_from_fork+0x10/0x20
[   38.469866][   T78] 
[   38.470334][   T78] Freed by task 4217:
[   38.471220][   T78]  kasan_set_track+0x4c/0x80
[   38.472234][   T78]  kasan_save_free_info+0x38/0x5c
[   38.473418][   T78]  ____kasan_slab_free+0x144/0x1c0
[   38.474555][   T78]  __kasan_slab_free+0x18/0x28
[   38.475675][   T78]  kmem_cache_free+0x2f0/0x588
[   38.476655][   T78]  xfs_buf_item_free+0x54/0x64
[   38.477692][   T78]  xfs_buf_item_relse+0x150/0x414
[   38.478795][   T78]  xfs_buf_item_done+0x60/0x94
[   38.479867][   T78]  xfs_buf_ioend+0x2d4/0x78c
[   38.480881][   T78]  xfs_buf_ioend_fail+0x78/0x90
[   38.481921][   T78]  __xfs_buf_submit+0x2f4/0x898
[   38.482958][   T78]  xfs_buf_delwri_submit_buffers+0x57c/0x924
[   38.484225][   T78]  xfs_buf_delwri_submit+0xbc/0x244
[   38.485413][   T78]  xfs_qm_quotacheck+0x354/0x58c
[   38.486571][   T78]  xfs_qm_mount_quotas+0x2c4/0x590
[   38.487752][   T78]  xfs_mountfs+0x1368/0x18fc
[   38.488774][   T78]  xfs_fs_fill_super+0xd38/0xf50
[   38.489900][   T78]  get_tree_bdev+0x360/0x54c
[   38.490900][   T78]  xfs_fs_get_tree+0x28/0x38
[   38.492009][   T78]  vfs_get_tree+0x90/0x274
[   38.493088][   T78]  do_new_mount+0x25c/0x8c4
[   38.494105][   T78]  path_mount+0x590/0xe58
[   38.495056][   T78]  __arm64_sys_mount+0x45c/0x594
[   38.496127][   T78]  invoke_syscall+0x98/0x2c0
[   38.497139][   T78]  el0_svc_common+0x138/0x258
[   38.498119][   T78]  do_el0_svc+0x64/0x218
[   38.499090][   T78]  el0_svc+0x58/0x168
[   38.499988][   T78]  el0t_64_sync_handler+0x84/0xf0
[   38.501049][   T78]  el0t_64_sync+0x18c/0x190
[   38.502024][   T78] 
[   38.502527][   T78] The buggy address belongs to the object at ffff0000dadcfbd0
[   38.502527][   T78]  which belongs to the cache xfs_buf_item of size 272
[   38.505613][   T78] The buggy address is located 64 bytes inside of
[   38.505613][   T78]  272-byte region [ffff0000dadcfbd0, ffff0000dadcfce0)
[   38.508633][   T78] 
[   38.509139][   T78] The buggy address belongs to the physical page:
[   38.510584][   T78] page:00000000575cdad8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11adcf
[   38.512979][   T78] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   38.514696][   T78] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c41f1800
[   38.516612][   T78] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   38.518496][   T78] page dumped because: kasan: bad access detected
[   38.519899][   T78] 
[   38.520419][   T78] Memory state around the buggy address:
[   38.521631][   T78]  ffff0000dadcfb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.523355][   T78]  ffff0000dadcfb80: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[   38.525088][   T78] >ffff0000dadcfc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.526865][   T78]                          ^
[   38.527886][   T78]  ffff0000dadcfc80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   38.529664][   T78]  ffff0000dadcfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.531495][   T78] ==================================================================
[   38.533526][   T78] Disabling lock debugging due to kernel taint
[   38.534927][   T78] ------------[ cut here ]------------
[   38.536221][   T78] ODEBUG: activate active (active state 1) object type: rcu_head hint: 0x0
[   38.538420][   T78] WARNING: CPU: 0 PID: 78 at lib/debugobjects.c:508 debug_object_activate+0x590/0x790
[   38.540500][   T78] Modules linked in:
[   38.541281][   T78] CPU: 0 PID: 78 Comm: kworker/0:1H Tainted: G    B              6.1.34-syzkaller #0
[   38.543427][   T78] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   38.545450][   T78] Workqueue: xfs-log/loop0 xlog_ioend_work
[   38.546684][   T78] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   38.548313][   T78] pc : debug_object_activate+0x590/0x790
[   38.549547][   T78] lr : debug_object_activate+0x590/0x790
[   38.550650][   T78] sp : ffff80001bf071a0
[   38.551469][   T78] x29: ffff80001bf07260 x28: dfff800000000000 x27: ffff7000037e0e38
[   38.553140][   T78] x26: ffff800019958000 x25: ffff800012730cf8 x24: 0000000000000000
[   38.554885][   T78] x23: ffff80001226d1e0 x22: 0000000000000001 x21: ffff800012730de0
[   38.556538][   T78] x20: ffff80001226d1e0 x19: ffff0000df3bd938 x18: 1fffe000368b5f76
[   38.558297][   T78] x17: 6820646165685f75 x16: ffff800012054440 x15: 0000000000000000
[   38.560033][   T78] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
[   38.561849][   T78] x11: ff808000081af018 x10: 0000000000000000 x9 : c10cc8745579fe00
[   38.563593][   T78] x8 : c10cc8745579fe00 x7 : 0000000000000001 x6 : 0000000000000001
[   38.565230][   T78] x5 : ffff80001bf06a98 x4 : ffff8000156a2a40 x3 : ffff80000834e4d4
[   38.566939][   T78] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
[   38.568599][   T78] Call trace:
[   38.569297][   T78]  debug_object_activate+0x590/0x790
[   38.570444][   T78]  call_rcu+0x50/0xa40
[   38.571266][   T78]  xfs_buf_free+0x18c/0x45c
[   38.572148][   T78]  xfs_buf_rele+0xe9c/0x153c
[   38.573150][   T78]  xfs_buf_ioend+0x3e4/0x78c
[   38.574150][   T78]  xfs_buf_ioend_fail+0x78/0x90
[   38.575220][   T78]  xfs_buf_item_unpin+0x224/0x918
[   38.576295][   T78]  xfs_trans_committed_bulk+0x2d8/0x73c
[   38.577483][   T78]  xlog_cil_committed+0x21c/0xd64
[   38.578575][   T78]  xlog_cil_process_committed+0x11c/0x174
[   38.579766][   T78]  xlog_state_shutdown_callbacks+0x23c/0x324
[   38.581084][   T78]  xlog_force_shutdown+0x29c/0x350
[   38.582234][   T78]  xlog_ioend_work+0xa8/0xf8
[   38.583163][   T78]  process_one_work+0x7ac/0x1404
[   38.584237][   T78]  worker_thread+0x8e4/0xfec
[   38.585255][   T78]  kthread+0x250/0x2d8
[   38.586130][   T78]  ret_from_fork+0x10/0x20
[   38.587054][   T78] irq event stamp: 501
[   38.587963][   T78] hardirqs last  enabled at (501): [<ffff80000827ce6c>] finish_lock_switch+0xbc/0x1e8
[   38.589994][   T78] hardirqs last disabled at (500): [<ffff8000121d15ec>] __schedule+0x2a4/0x1c98
[   38.591945][   T78] softirqs last  enabled at (464): [<ffff800009ba41c8>] local_bh_enable+0x10/0x34
[   38.593961][   T78] softirqs last disabled at (462): [<ffff800009ba4194>] local_bh_disable+0x10/0x34
[   38.595935][   T78] ---[ end trace 0000000000000000 ]---
[   38.597446][   T78] ------------[ cut here ]------------
[   38.598569][   T78] ODEBUG: active_state active (active state 1) object type: rcu_head hint: 0x0
[   38.600789][   T78] WARNING: CPU: 0 PID: 78 at lib/debugobjects.c:508 debug_object_active_state+0x314/0x3e8
[   38.602831][   T78] Modules linked in:
[   38.603607][   T78] CPU: 0 PID: 78 Comm: kworker/0:1H Tainted: G    B   W          6.1.34-syzkaller #0
[   38.605541][   T78] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   38.607725][   T78] Workqueue: xfs-log/loop0 xlog_ioend_work
[   38.608932][   T78] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   38.610606][   T78] pc : debug_object_active_state+0x314/0x3e8
[   38.612214][   T78] lr : debug_object_active_state+0x314/0x3e8
[   38.613549][   T78] sp : ffff80001bf07260
[   38.614476][   T78] x29: ffff80001bf07260 x28: 1fffe0001986ce1e x27: dfff800000000000
[   38.616282][   T78] x26: 1fffe0001986ce1e x25: ffff0000cc3670f4 x24: 0000000000000000
[   38.618021][   T78] x23: ffff800012730cf8 x22: 0000000000000000 x21: ffff80001226d1e0
[   38.619788][   T78] x20: 0000000000000001 x19: ffff800012730de0 x18: 1fffe000368b5f76
[   38.621614][   T78] x17: 65685f756372203a x16: ffff800012054440 x15: 0000000000000000
[   38.623396][   T78] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
[   38.625158][   T78] x11: ff808000081af018 x10: 0000000000000000 x9 : c10cc8745579fe00
[   38.626819][   T78] x8 : c10cc8745579fe00 x7 : 0000000000000001 x6 : 0000000000000001
[   38.628604][   T78] x5 : ffff80001bf06b58 x4 : ffff8000156a2a40 x3 : ffff80000834e4d4
[   38.630456][   T78] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
[   38.632300][   T78] Call trace:
[   38.633003][   T78]  debug_object_active_state+0x314/0x3e8
[   38.634211][   T78]  call_rcu+0x68/0xa40
[   38.635115][   T78]  xfs_buf_free+0x18c/0x45c
[   38.636075][   T78]  xfs_buf_rele+0xe9c/0x153c
[   38.637049][   T78]  xfs_buf_ioend+0x3e4/0x78c
[   38.638070][   T78]  xfs_buf_ioend_fail+0x78/0x90
[   38.639102][   T78]  xfs_buf_item_unpin+0x224/0x918
[   38.640215][   T78]  xfs_trans_committed_bulk+0x2d8/0x73c
[   38.641447][   T78]  xlog_cil_committed+0x21c/0xd64
[   38.642602][   T78]  xlog_cil_process_committed+0x11c/0x174
[   38.643798][   T78]  xlog_state_shutdown_callbacks+0x23c/0x324
[   38.645109][   T78]  xlog_force_shutdown+0x29c/0x350
[   38.646290][   T78]  xlog_ioend_work+0xa8/0xf8
[   38.647306][   T78]  process_one_work+0x7ac/0x1404
[   38.648388][   T78]  worker_thread+0x8e4/0xfec
[   38.649387][   T78]  kthread+0x250/0x2d8
[   38.650263][   T78]  ret_from_fork+0x10/0x20
[   38.651197][   T78] irq event stamp: 501
[   38.652079][   T78] hardirqs last  enabled at (501): [<ffff80000827ce6c>] finish_lock_switch+0xbc/0x1e8
[   38.654213][   T78] hardirqs last disabled at (500): [<ffff8000121d15ec>] __schedule+0x2a4/0x1c98
[   38.656065][   T78] softirqs last  enabled at (464): [<ffff800009ba41c8>] local_bh_enable+0x10/0x34
[   38.658110][   T78] softirqs last disabled at (462): [<ffff800009ba4194>] local_bh_disable+0x10/0x34
[   38.660159][   T78] ---[ end trace 0000000000000000 ]---
[   38.661576][   T78] rcu: call_rcu(): Double-freed CB 0000000010edaca7->0x0()!!!   slab xfs_buf start ffff0000df3bd6c0 pointer offset 632
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program