forked to background, child pid 3185
no interfaces have a carrier
[   24.288708][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0
[   24.297913][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.64' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   45.557790][ T3615] loop0: detected capacity change from 0 to 2048
[   45.592538][ T3622] loop4: detected capacity change from 0 to 2048
[   45.595239][ T3623] loop3: detected capacity change from 0 to 2048
[   45.599202][ T3621] loop2: detected capacity change from 0 to 2048
[   45.608379][ T3625] loop1: detected capacity change from 0 to 2048
[   45.615036][ T3624] loop5: detected capacity change from 0 to 2048
[   45.642866][ T3627] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.645337][ T3626] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   45.664526][ T3628] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.666945][ T3615] NILFS error (device loop0): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   45.699939][ T3636] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.704252][ T3635] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.735655][ T3632] NILFS error (device loop3): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   45.744677][ T3615] Remounting filesystem read-only
[   45.754539][ T3637] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.780388][ T3639] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   45.791974][ T3615] ==================================================================
[   45.793038][ T3632] Remounting filesystem read-only
[   45.800021][ T3615] BUG: KASAN: use-after-free in __lock_acquire+0x3ee7/0x56d0
[   45.800052][ T3615] Read of size 8 at addr ffff888074e119b8 by task syz-executor345/3615
[   45.800068][ T3615] 
[   45.800073][ T3615] CPU: 1 PID: 3615 Comm: syz-executor345 Not tainted 6.1.0-rc4-syzkaller-00020-gf67dd6ce0723 #0
[   45.800097][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   45.800107][ T3615] Call Trace:
[   45.800113][ T3615]  <TASK>
[   45.800119][ T3615]  dump_stack_lvl+0xcd/0x134
[   45.854254][ T3615]  print_report+0x15e/0x45d
[   45.858768][ T3615]  ? __phys_addr+0xc4/0x140
[   45.863284][ T3615]  ? __lock_acquire+0x3ee7/0x56d0
[   45.868316][ T3615]  kasan_report+0xbb/0x1f0
[   45.872760][ T3615]  ? __lock_acquire+0x3ee7/0x56d0
[   45.877797][ T3615]  __lock_acquire+0x3ee7/0x56d0
[   45.882660][ T3615]  ? finish_task_switch.isra.0+0x2b0/0xc80
[   45.888476][ T3615]  ? mark_held_locks+0x9f/0xe0
[   45.893259][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   45.897728][ T3634] NILFS (loop0): error -4 creating segctord thread
[   45.899240][ T3615]  ? finish_task_switch.isra.0+0x2b5/0xc80
[   45.899266][ T3615]  ? lockdep_hardirqs_on+0x79/0x100
[   45.899289][ T3615]  ? finish_task_switch.isra.0+0x2b5/0xc80
[   45.899311][ T3615]  lock_acquire+0x1df/0x630
[   45.927120][ T3615]  ? finish_wait+0xc0/0x270
[   45.929606][ T3623] NILFS (loop3): error -4 creating segctord thread
[   45.931616][ T3615]  ? lock_release+0x810/0x810
[   45.931640][ T3615]  ? lockdep_hardirqs_on+0x79/0x100
[   45.931662][ T3615]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   45.954040][ T3615]  ? __wake_up_common_lock+0xde/0x130
[   45.959441][ T3615]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   45.964832][ T3615]  _raw_spin_lock_irqsave+0x39/0x50
[   45.970052][ T3615]  ? finish_wait+0xc0/0x270
[   45.974576][ T3615]  finish_wait+0xc0/0x270
[   45.978923][ T3615]  nilfs_segctor_sync+0x22d/0x300
[   45.983972][ T3615]  ? nilfs_construction_timeout+0x40/0x40
[   45.989694][ T3615]  ? wake_up_q+0xf0/0xf0
[   45.993926][ T3615]  ? rcu_read_lock_sched_held+0x3a/0x70
[   45.999454][ T3615]  ? trace_nilfs2_transaction_transition+0x227/0x2e0
[   46.006118][ T3615]  nilfs_transaction_commit+0x54c/0x930
[   46.011661][ T3615]  nilfs_rmdir+0x1f7/0x240
[   46.016072][ T3615]  ? nilfs_do_unlink+0x2e0/0x2e0
[   46.021004][ T3615]  ? down_write_killable_nested+0x250/0x250
[   46.026888][ T3615]  ? nilfs_update_inode+0x210/0x210
[   46.032077][ T3615]  vfs_rmdir.part.0+0x1b0/0x5a0
[   46.036921][ T3615]  do_rmdir+0x3a6/0x430
[   46.041066][ T3615]  ? __ia32_sys_mkdir+0x140/0x140
[   46.046088][ T3615]  ? getname_flags.part.0+0x1dd/0x4f0
[   46.051459][ T3615]  __x64_sys_rmdir+0xc6/0x110
[   46.056129][ T3615]  do_syscall_64+0x35/0xb0
[   46.060542][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.066447][ T3615] RIP: 0033:0x7fc34eb96199
[   46.070882][ T3615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   46.090576][ T3615] RSP: 002b:00007fc34eb412f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   46.098988][ T3615] RAX: ffffffffffffffda RBX: 00007fc34ec1d4a0 RCX: 00007fc34eb96199
[   46.106963][ T3615] RDX: 00007fc34eb96199 RSI: 00000000000f4240 RDI: 0000000020000040
[   46.114938][ T3615] RBP: 00007fc34ebe8730 R08: 0000000000000000 R09: 0000000000000000
[   46.122891][ T3615] R10: 00007fc34eb416b8 R11: 0000000000000246 R12: 00007fc34ebe8308
[   46.130845][ T3615] R13: 00007fc34ebe80c8 R14: 0030656c69662f2e R15: 00007fc34ec1d4a8
[   46.138813][ T3615]  </TASK>
[   46.141831][ T3615] 
[   46.144158][ T3615] Allocated by task 3615:
[   46.148466][ T3615]  kasan_save_stack+0x1e/0x40
[   46.153155][ T3615]  kasan_set_track+0x21/0x30
[   46.157735][ T3615]  __kasan_kmalloc+0xa1/0xb0
[   46.162313][ T3615]  nilfs_attach_log_writer+0x13e/0xa80
[   46.167759][ T3615]  nilfs_mount+0xb7e/0xfb0
[   46.172175][ T3615]  legacy_get_tree+0x105/0x220
[   46.176953][ T3615]  vfs_get_tree+0x89/0x2f0
[   46.181355][ T3615]  path_mount+0x1326/0x1e20
[   46.185848][ T3615]  __x64_sys_mount+0x27f/0x300
[   46.190600][ T3615]  do_syscall_64+0x35/0xb0
[   46.195105][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.201012][ T3615] 
[   46.203321][ T3615] Freed by task 3634:
[   46.207280][ T3615]  kasan_save_stack+0x1e/0x40
[   46.212049][ T3615]  kasan_set_track+0x21/0x30
[   46.216633][ T3615]  kasan_save_free_info+0x2a/0x40
[   46.221648][ T3615]  ____kasan_slab_free+0x160/0x1c0
[   46.226761][ T3615]  slab_free_freelist_hook+0x8b/0x1c0
[   46.232129][ T3615]  __kmem_cache_free+0xab/0x3b0
[   46.236964][ T3615]  nilfs_detach_log_writer+0x597/0x9f0
[   46.242411][ T3615]  nilfs_attach_log_writer+0xe1/0xa80
[   46.247767][ T3615]  nilfs_remount+0x36c/0x4c0
[   46.252340][ T3615]  legacy_reconfigure+0x115/0x180
[   46.257347][ T3615]  reconfigure_super+0x408/0xa30
[   46.262270][ T3615]  path_mount+0x182c/0x1e20
[   46.266758][ T3615]  __x64_sys_mount+0x27f/0x300
[   46.271504][ T3615]  do_syscall_64+0x35/0xb0
[   46.275909][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.281794][ T3615] 
[   46.284108][ T3615] The buggy address belongs to the object at ffff888074e11800
[   46.284108][ T3615]  which belongs to the cache kmalloc-1k of size 1024
[   46.298259][ T3615] The buggy address is located 440 bytes inside of
[   46.298259][ T3615]  1024-byte region [ffff888074e11800, ffff888074e11c00)
[   46.311615][ T3615] 
[   46.313945][ T3615] The buggy address belongs to the physical page:
[   46.320349][ T3615] page:ffffea0001d38400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74e10
[   46.330476][ T3615] head:ffffea0001d38400 order:3 compound_mapcount:0 compound_pincount:0
[   46.338778][ T3615] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   46.346740][ T3615] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011841dc0
[   46.355304][ T3615] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   46.363860][ T3615] page dumped because: kasan: bad access detected
[   46.370247][ T3615] page_owner tracks the page as allocated
[   46.376116][ T3615] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3621, tgid 3616 (syz-executor345), ts 45591231520, free_ts 45350796593
[   46.397714][ T3615]  get_page_from_freelist+0x10b5/0x2d50
[   46.403247][ T3615]  __alloc_pages+0x1c7/0x5a0
[   46.407819][ T3615]  alloc_pages+0x1a6/0x270
[   46.412222][ T3615]  allocate_slab+0x213/0x300
[   46.416798][ T3615]  ___slab_alloc+0xa91/0x1400
[   46.421460][ T3615]  __slab_alloc.constprop.0+0x56/0xa0
[   46.426820][ T3615]  __kmem_cache_alloc_node+0x191/0x3e0
[   46.432262][ T3615]  __kmalloc+0x46/0xc0
[   46.436326][ T3615]  alloc_workqueue+0x963/0x1020
[   46.441172][ T3615]  loop_configure+0x1579/0x19e0
[   46.446009][ T3615]  lo_ioctl+0x278/0x18e0
[   46.450234][ T3615]  blkdev_ioctl+0x36e/0x800
[   46.454721][ T3615]  __x64_sys_ioctl+0x193/0x200
[   46.459484][ T3615]  do_syscall_64+0x35/0xb0
[   46.463899][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.469783][ T3615] page last free stack trace:
[   46.474530][ T3615]  free_pcp_prepare+0x65c/0xd90
[   46.479400][ T3615]  free_unref_page+0x19/0x4d0
[   46.484063][ T3615]  __unfreeze_partials+0x17c/0x1a0
[   46.489192][ T3615]  qlist_free_all+0x6a/0x170
[   46.493783][ T3615]  kasan_quarantine_reduce+0x180/0x200
[   46.499332][ T3615]  __kasan_slab_alloc+0x62/0x80
[   46.504185][ T3615]  kmem_cache_alloc+0x2ac/0x3c0
[   46.509033][ T3615]  getname_flags.part.0+0x50/0x4f0
[   46.514135][ T3615]  getname+0x8e/0xd0
[   46.518014][ T3615]  do_sys_openat2+0xf5/0x4c0
[   46.522599][ T3615]  __x64_sys_openat+0x13f/0x1f0
[   46.527460][ T3615]  do_syscall_64+0x35/0xb0
[   46.531896][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.537816][ T3615] 
[   46.540122][ T3615] Memory state around the buggy address:
[   46.545757][ T3615]  ffff888074e11880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.553803][ T3615]  ffff888074e11900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.561849][ T3615] >ffff888074e11980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.569890][ T3615]                                         ^
[   46.575768][ T3615]  ffff888074e11a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.583914][ T3615]  ffff888074e11a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.592050][ T3615] ==================================================================
[   46.600103][ T3615] Kernel panic - not syncing: panic_on_warn set ...
[   46.606679][ T3615] CPU: 1 PID: 3615 Comm: syz-executor345 Not tainted 6.1.0-rc4-syzkaller-00020-gf67dd6ce0723 #0
[   46.617080][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   46.627301][ T3615] Call Trace:
[   46.630586][ T3615]  <TASK>
[   46.633500][ T3615]  dump_stack_lvl+0xcd/0x134
[   46.638090][ T3615]  panic+0x2c8/0x622
[   46.641982][ T3615]  ? panic_print_sys_info.part.0+0x110/0x110
[   46.647988][ T3615]  end_report.part.0+0x3f/0x7c
[   46.652824][ T3615]  ? __lock_acquire+0x3ee7/0x56d0
[   46.657832][ T3615]  kasan_report.cold+0xa/0xf
[   46.662404][ T3615]  ? __lock_acquire+0x3ee7/0x56d0
[   46.667499][ T3615]  __lock_acquire+0x3ee7/0x56d0
[   46.672426][ T3615]  ? finish_task_switch.isra.0+0x2b0/0xc80
[   46.678218][ T3615]  ? mark_held_locks+0x9f/0xe0
[   46.682966][ T3615]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   46.688935][ T3615]  ? finish_task_switch.isra.0+0x2b5/0xc80
[   46.694739][ T3615]  ? lockdep_hardirqs_on+0x79/0x100
[   46.699972][ T3615]  ? finish_task_switch.isra.0+0x2b5/0xc80
[   46.705781][ T3615]  lock_acquire+0x1df/0x630
[   46.710275][ T3615]  ? finish_wait+0xc0/0x270
[   46.714766][ T3615]  ? lock_release+0x810/0x810
[   46.719439][ T3615]  ? lockdep_hardirqs_on+0x79/0x100
[   46.724637][ T3615]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   46.730432][ T3615]  ? __wake_up_common_lock+0xde/0x130
[   46.735790][ T3615]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   46.741195][ T3615]  _raw_spin_lock_irqsave+0x39/0x50
[   46.746384][ T3615]  ? finish_wait+0xc0/0x270
[   46.751060][ T3615]  finish_wait+0xc0/0x270
[   46.755419][ T3615]  nilfs_segctor_sync+0x22d/0x300
[   46.760461][ T3615]  ? nilfs_construction_timeout+0x40/0x40
[   46.766180][ T3615]  ? wake_up_q+0xf0/0xf0
[   46.770428][ T3615]  ? rcu_read_lock_sched_held+0x3a/0x70
[   46.775966][ T3615]  ? trace_nilfs2_transaction_transition+0x227/0x2e0
[   46.782633][ T3615]  nilfs_transaction_commit+0x54c/0x930
[   46.788193][ T3615]  nilfs_rmdir+0x1f7/0x240
[   46.792598][ T3615]  ? nilfs_do_unlink+0x2e0/0x2e0
[   46.797520][ T3615]  ? down_write_killable_nested+0x250/0x250
[   46.803399][ T3615]  ? nilfs_update_inode+0x210/0x210
[   46.808580][ T3615]  vfs_rmdir.part.0+0x1b0/0x5a0
[   46.813415][ T3615]  do_rmdir+0x3a6/0x430
[   46.817557][ T3615]  ? __ia32_sys_mkdir+0x140/0x140
[   46.822567][ T3615]  ? getname_flags.part.0+0x1dd/0x4f0
[   46.827923][ T3615]  __x64_sys_rmdir+0xc6/0x110
[   46.832585][ T3615]  do_syscall_64+0x35/0xb0
[   46.836993][ T3615]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.843054][ T3615] RIP: 0033:0x7fc34eb96199
[   46.847484][ T3615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   46.867107][ T3615] RSP: 002b:00007fc34eb412f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[   46.875507][ T3615] RAX: ffffffffffffffda RBX: 00007fc34ec1d4a0 RCX: 00007fc34eb96199
[   46.883471][ T3615] RDX: 00007fc34eb96199 RSI: 00000000000f4240 RDI: 0000000020000040
[   46.891443][ T3615] RBP: 00007fc34ebe8730 R08: 0000000000000000 R09: 0000000000000000
[   46.899395][ T3615] R10: 00007fc34eb416b8 R11: 0000000000000246 R12: 00007fc34ebe8308
[   46.907349][ T3615] R13: 00007fc34ebe80c8 R14: 0030656c69662f2e R15: 00007fc34ec1d4a8
[   46.915308][ T3615]  </TASK>
[   46.919305][ T3615] Kernel Offset: disabled
[   46.923614][ T3615] Rebooting in 86400 seconds..