================================================================== BUG: KASAN: use-after-free in __list_splice include/linux/list.h:530 [inline] BUG: KASAN: use-after-free in list_splice_init include/linux/list.h:572 [inline] BUG: KASAN: use-after-free in xlog_cil_push_pcp_aggregate fs/xfs/xfs_log_cil.c:137 [inline] BUG: KASAN: use-after-free in xlog_cil_push_work+0x1d9b/0x21d0 fs/xfs/xfs_log_cil.c:1168 Write of size 8 at addr ffff88804c570007 by task kworker/u32:3/63 CPU: 0 PID: 63 Comm: kworker/u32:3 Not tainted 6.10.0-rc2-syzkaller-00315-gdc772f8237f9 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: xfs-cil/loop3 xlog_cil_push_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 __list_splice include/linux/list.h:530 [inline] list_splice_init include/linux/list.h:572 [inline] xlog_cil_push_pcp_aggregate fs/xfs/xfs_log_cil.c:137 [inline] xlog_cil_push_work+0x1d9b/0x21d0 fs/xfs/xfs_log_cil.c:1168 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c570 flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) page_type: 0xffffff7f(buddy) raw: 04fff00000000000 ffffea0001303008 ffffea0001327c08 0000000000000000 raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88804c56ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88804c56ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88804c570000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88804c570080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88804c570100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================