Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[   29.174682] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.185430] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.196357] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.198806] NILFS error (device loop2): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   29.207892] NILFS error (device loop0): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   29.239996] NILFS error (device loop4): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   29.259922] Remounting filesystem read-only
[   29.269644] NILFS error (device loop3): nilfs_check_page: bad entry in directory #12: rec_len is smaller than minimal - offset=56, inode=212147896334, rec_len=0, name_len=0
[   29.287644] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.287885] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.312507] NILFS (loop4): mounting fs with errors
[   29.314872] Remounting filesystem read-only
executing program
[   29.319509] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.335429] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.353956] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.353959] NILFS (loop0): mounting fs with errors
[   29.382488] Remounting filesystem read-only
[   29.398880] Remounting filesystem read-only
[   29.408106] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.409703] NILFS (loop3): mounting fs with errors
[   29.420738] ==================================================================
[   29.430184] BUG: KASAN: use-after-free in __lock_acquire+0x2c57/0x3f20
[   29.436847] Read of size 8 at addr ffff88809a05d3a8 by task syz-executor178/8003
[   29.444071] NILFS (loop2): mounting fs with errors
[   29.444365] 
[   29.449496] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   29.450898] CPU: 1 PID: 8003 Comm: syz-executor178 Not tainted 4.14.297-syzkaller #0
[   29.468509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   29.477928] Call Trace:
[   29.480499]  dump_stack+0x1b2/0x281
[   29.484102]  print_address_description.cold+0x54/0x1d3
[   29.489350]  kasan_report_error.cold+0x8a/0x191
[   29.494025]  ? __lock_acquire+0x2c57/0x3f20
[   29.498319]  __asan_report_load8_noabort+0x68/0x70
[   29.503219]  ? __lock_acquire+0x2c57/0x3f20
[   29.507514]  __lock_acquire+0x2c57/0x3f20
[   29.511643]  ? check_preemption_disabled+0x35/0x240
[   29.516638]  ? __switch_to_xtra+0x93/0x1240
[   29.520959]  ? finish_task_switch+0x178/0x610
[   29.525448]  ? trace_hardirqs_on+0x10/0x10
[   29.529655]  ? mark_held_locks+0xa6/0xf0
[   29.533687]  ? _raw_spin_unlock_irq+0x24/0x80
[   29.538178]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   29.543174]  ? _raw_spin_unlock_irq+0x5a/0x80
[   29.547639]  ? finish_task_switch+0x178/0x610
[   29.552104]  ? finish_task_switch+0x14d/0x610
[   29.556745]  ? __switch_to_asm+0x33/0x60
[   29.560778]  ? __switch_to_asm+0x27/0x60
[   29.564816]  lock_acquire+0x170/0x3f0
[   29.568595]  ? finish_wait+0xb2/0x260
[   29.572367]  _raw_spin_lock_irqsave+0x8c/0xc0
[   29.576919]  ? finish_wait+0xb2/0x260
[   29.580693]  finish_wait+0xb2/0x260
[   29.584294]  nilfs_segctor_sync+0x1e6/0x250
[   29.589023]  ? nilfs_iput_work_func+0x70/0x70
[   29.593494]  ? rwsem_optimistic_spin+0x3f0/0x3f0
[   29.598246]  ? wake_up_q+0xd0/0xd0
[   29.601762]  nilfs_construct_segment+0xab/0x120
[   29.606405]  nilfs_transaction_commit+0x7bb/0xae0
[   29.611306]  nilfs_evict_inode+0x2be/0x3a0
[   29.615514]  ? nilfs_get_block+0x7a0/0x7a0
[   29.619721]  ? nilfs_get_block+0x7a0/0x7a0
[   29.623927]  evict+0x2c8/0x700
[   29.627093]  iput+0x458/0x7e0
[   29.630173]  dentry_unlink_inode+0x25c/0x310
[   29.634555]  d_delete+0x1c5/0x280
[   29.638110]  vfs_rmdir.part.0+0x260/0x390
[   29.642233]  do_rmdir+0x334/0x3c0
[   29.645669]  ? kern_path_create+0x40/0x40
[   29.649790]  ? __close_fd+0x159/0x230
[   29.653562]  ? do_syscall_64+0x4c/0x640
[   29.657508]  ? SyS_mkdir+0x20/0x20
[   29.661023]  do_syscall_64+0x1d5/0x640
[   29.664887]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   29.670046] 
[   29.671646] Allocated by task 8003:
[   29.675249]  kasan_kmalloc+0xeb/0x160
[   29.679025]  kmem_cache_alloc_trace+0x131/0x3d0
[   29.683776]  nilfs_attach_log_writer+0x127/0x970
[   29.688527]  nilfs_mount+0x95b/0xd00
[   29.692219]  mount_fs+0x92/0x2a0
[   29.695559]  vfs_kern_mount.part.0+0x5b/0x470
[   29.700036]  do_mount+0xe65/0x2a30
[   29.703558]  SyS_mount+0xa8/0x120
[   29.706989]  do_syscall_64+0x1d5/0x640
[   29.710978]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   29.716138] 
[   29.717747] Freed by task 8032:
[   29.721026]  kasan_slab_free+0xc3/0x1a0
[   29.724973]  kfree+0xc9/0x250
[   29.728053]  nilfs_detach_log_writer+0x56f/0x980
[   29.732789]  nilfs_attach_log_writer+0xcb/0x970
[   29.737427]  nilfs_remount+0x326/0x470
[   29.741375]  do_remount_sb+0x150/0x530
[   29.745235]  do_mount+0x15f3/0x2a30
[   29.748832]  SyS_mount+0xa8/0x120
[   29.752258]  do_syscall_64+0x1d5/0x640
[   29.756117]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   29.761274] 
[   29.762875] The buggy address belongs to the object at ffff88809a05d200
[   29.762875]  which belongs to the cache kmalloc-1024 of size 1024
[   29.775676] The buggy address is located 424 bytes inside of
[   29.775676]  1024-byte region [ffff88809a05d200, ffff88809a05d600)
[   29.787712] The buggy address belongs to the page:
[   29.792616] page:ffffea0002681700 count:1 mapcount:0 mapping:ffff88809a05c000 index:0x0 compound_mapcount: 0
[   29.802558] flags: 0xfff00000008100(slab|head)
[   29.807199] raw: 00fff00000008100 ffff88809a05c000 0000000000000000 0000000100000007
[   29.815056] raw: ffffea000277b520 ffffea000268f920 ffff88813fe74ac0 0000000000000000
[   29.822908] page dumped because: kasan: bad access detected
[   29.828587] 
[   29.830183] Memory state around the buggy address:
[   29.835081]  ffff88809a05d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.842450]  ffff88809a05d300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.849780] >ffff88809a05d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.857107]                                   ^
[   29.861746]  ffff88809a05d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.869775]  ffff88809a05d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.877103] ==================================================================
[   29.884431] Disabling lock debugging due to kernel taint
[   29.889851] Kernel panic - not syncing: panic_on_warn set ...
[   29.889851] 
[   29.897185] CPU: 1 PID: 8003 Comm: syz-executor178 Tainted: G    B           4.14.297-syzkaller #0
[   29.906249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
[   29.915575] Call Trace:
[   29.918148]  dump_stack+0x1b2/0x281
[   29.921751]  panic+0x1f9/0x42d
[   29.924939]  ? add_taint.cold+0x16/0x16
[   29.928886]  ? lock_downgrade+0x740/0x740
[   29.933007]  kasan_end_report+0x43/0x49
[   29.936952]  kasan_report_error.cold+0xa7/0x191
[   29.941592]  ? __lock_acquire+0x2c57/0x3f20
[   29.945887]  __asan_report_load8_noabort+0x68/0x70
[   29.950789]  ? __lock_acquire+0x2c57/0x3f20
[   29.955085]  __lock_acquire+0x2c57/0x3f20
[   29.959209]  ? check_preemption_disabled+0x35/0x240
[   29.964197]  ? __switch_to_xtra+0x93/0x1240
[   29.969356]  ? finish_task_switch+0x178/0x610
[   29.973823]  ? trace_hardirqs_on+0x10/0x10
[   29.978029]  ? mark_held_locks+0xa6/0xf0
[   29.982062]  ? _raw_spin_unlock_irq+0x24/0x80
[   29.986528]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   29.991514]  ? _raw_spin_unlock_irq+0x5a/0x80
[   29.995980]  ? finish_task_switch+0x178/0x610
[   30.000446]  ? finish_task_switch+0x14d/0x610
[   30.004911]  ? __switch_to_asm+0x33/0x60
[   30.008943]  ? __switch_to_asm+0x27/0x60
[   30.012977]  lock_acquire+0x170/0x3f0
[   30.016754]  ? finish_wait+0xb2/0x260
[   30.020529]  _raw_spin_lock_irqsave+0x8c/0xc0
[   30.024998]  ? finish_wait+0xb2/0x260
[   30.028769]  finish_wait+0xb2/0x260
[   30.032378]  nilfs_segctor_sync+0x1e6/0x250
[   30.036672]  ? nilfs_iput_work_func+0x70/0x70
[   30.041139]  ? rwsem_optimistic_spin+0x3f0/0x3f0
[   30.045865]  ? wake_up_q+0xd0/0xd0
[   30.049376]  nilfs_construct_segment+0xab/0x120
[   30.054016]  nilfs_transaction_commit+0x7bb/0xae0
[   30.058831]  nilfs_evict_inode+0x2be/0x3a0
[   30.063036]  ? nilfs_get_block+0x7a0/0x7a0
[   30.067346]  ? nilfs_get_block+0x7a0/0x7a0
[   30.071629]  evict+0x2c8/0x700
[   30.074791]  iput+0x458/0x7e0
[   30.077868]  dentry_unlink_inode+0x25c/0x310
[   30.082246]  d_delete+0x1c5/0x280
[   30.085670]  vfs_rmdir.part.0+0x260/0x390
[   30.089788]  do_rmdir+0x334/0x3c0
[   30.093222]  ? kern_path_create+0x40/0x40
[   30.097346]  ? __close_fd+0x159/0x230
[   30.101122]  ? do_syscall_64+0x4c/0x640
[   30.105154]  ? SyS_mkdir+0x20/0x20
[   30.109186]  do_syscall_64+0x1d5/0x640
[   30.113046]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   30.118369] Kernel Offset: disabled
[   30.121972] Rebooting in 86400 seconds..