ci starts bisection 2025-08-19 12:19:40.891693672 +0000 UTC m=+44872.665868541 bisecting cause commit starting from 931e46dcbc7e6035a90e9c4a27a84b660e083f0a building syzkaller on 1804e95e3ff848c11e87e8efe7560f03c011c081 fetch other tags and check if the commit is present ensuring issue is reproducible on original commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 52dd90570d047fc7267219837e6a4255fe8de55471ba96c49666ac41fd05c1c9 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] check whether we can drop unnecessary instrumentation disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: f3ac67adee917f5181a6cf487853c8c6ff4e05db0b20cd5a8625b79d2d42fdce all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] the bug reproduces without the instrumentation disabling configs for [hang memleak ubsan bug_or_warning locking atomic_sleep], they are not needed kconfig minimization: base=4099 full=8513 leaves diff=2193 split chunks (needed=false): <2193> split chunk #0 of len 2193 into 5 parts testing without sub-chunk 1/5 disabling configs for [hang memleak ubsan bug_or_warning locking atomic_sleep], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 8a1b4b9d788157223f885a5162136a7973c29ce792225bc5e8fd370bde3a5be7 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [hang memleak ubsan bug_or_warning locking atomic_sleep], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 336b8db8ae9a1fed721a29da6b7c4f6772e33d7d019d42927df82da42b375b7d all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 3f3678793ac73b28bf7feb790296c00e1236abb7173eeb90f366294fb4cb21bc all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [hang memleak ubsan bug_or_warning locking atomic_sleep], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: da6debcc9c093ad7eb68854276548d8477d51c922ea40c9fc4da79cddf3ab181 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [hang memleak ubsan bug_or_warning locking atomic_sleep], they are not needed testing commit 931e46dcbc7e6035a90e9c4a27a84b660e083f0a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 763adbaf8f84151e322361e5cdf7eb1e91030518bec34ae17e84ed810f3f03de all runs: OK false negative chance: 0.000 minimized to 437 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC DVB_CORE EXTCON GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD NOP_USB_XCEIV PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AMD5536UDC USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_ATM USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS3_HOST USB_CDNS3_PCI_WRAP USB_CDNSP_GADGET USB_CDNSP_HOST USB_CDNSP_PCI USB_CDNS_HOST USB_CDNS_SUPPORT USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_GENERIC USB_CHIPIDEA_HOST USB_CHIPIDEA_MSM USB_CHIPIDEA_NPCM USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_MIDI2 USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CONN_GPIO USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_HAPS USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_FSL USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_MIDI2 USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LGM_PHY USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3420_UDC USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_NET2280 USB_NET_AQC111 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PCI_RENESAS USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_ASYNC V4L2_FWNODE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_ENABLE_FORK_OWNER_CONTROL VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEO VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CAMERA_LENS VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PROC WIREGUARD WIRELESS WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XILLYBUS_CLASS XILLYUSB XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_BACKEND_FORCE_LZO ZRAM_BACKEND_LZO ZRAM_DEF_COMP_LZO ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_842 ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC] disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning locking], they are not needed picked [v6.16 v6.15 v6.14 v6.12 v6.10 v6.8 v6.6 v6.4 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 39 release tags testing release v6.16 testing commit 038d61fd642278bab63ee8ef722c50d10ab01e8f gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 498f5233808b94da1206a3f92c18eda805060107d627fb8c928156661202c2ab all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] testing release v6.15 testing commit 0ff41df1cb268fc69e703a08a57ee14ae967d0ca gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 899bc408a6c1ce0df09b693a635af9c32d59e07149c28609e1ff25c7271d673b all runs: OK false negative chance: 0.000 # git bisect start 038d61fd642278bab63ee8ef722c50d10ab01e8f 0ff41df1cb268fc69e703a08a57ee14ae967d0ca Bisecting: 7873 revisions left to test after this (roughly 13 steps) [43db1111073049220381944af4a3b8a5400eda71] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 43db1111073049220381944af4a3b8a5400eda71 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: b0c980ce5d7a79df38bd65ed3f48b5a32a181a01b7fd385a720598fb89abc892 all runs: OK false negative chance: 0.000 # git bisect good 43db1111073049220381944af4a3b8a5400eda71 Bisecting: 3942 revisions left to test after this (roughly 12 steps) [11fcf368506d347088e613edf6cd2604d70c454f] uapi: bitops: use UAPI-safe variant of BITS_PER_LONG again testing commit 11fcf368506d347088e613edf6cd2604d70c454f gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 5bb783975a7a1c16bc63d72a25007ed4775ea2843e16ffec59399d8a4654bcf4 all runs: OK false negative chance: 0.000 # git bisect good 11fcf368506d347088e613edf6cd2604d70c454f Bisecting: 1971 revisions left to test after this (roughly 11 steps) [601dddb6c5d6bf63c63b2efba98231db5f861696] Merge tag 'regulator-fix-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator testing commit 601dddb6c5d6bf63c63b2efba98231db5f861696 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: b5c320e570310693c2bd236ff1398ffbcb6d8ee4a84040261ecd951837f59998 all runs: OK false negative chance: 0.000 # git bisect good 601dddb6c5d6bf63c63b2efba98231db5f861696 Bisecting: 992 revisions left to test after this (roughly 10 steps) [923d401238c590f39833a2015f6f9493f146d98f] Merge tag 'iommu-fixes-v6.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux testing commit 923d401238c590f39833a2015f6f9493f146d98f gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 3a4c21ecc2e00d418715688a7b26eb0e0846c578e0f037c3c1f40d598f786ee7 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] # git bisect bad 923d401238c590f39833a2015f6f9493f146d98f Bisecting: 487 revisions left to test after this (roughly 9 steps) [6daaa479ac557bc426a7fd2e913b618523fe41fd] Merge tag 'drm-xe-fixes-2025-06-26' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes testing commit 6daaa479ac557bc426a7fd2e913b618523fe41fd gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 997dbc1b45c32a2cb6dfdbf003c4872f82884f7641cb9d8a7e59427d8c53d743 all runs: OK false negative chance: 0.000 # git bisect good 6daaa479ac557bc426a7fd2e913b618523fe41fd Bisecting: 245 revisions left to test after this (roughly 8 steps) [26fd9f7b7ff3794c5de0e6ae538cead53118b4c3] Merge tag 'cxl-fixes-6.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl testing commit 26fd9f7b7ff3794c5de0e6ae538cead53118b4c3 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: d69bf17b9874a40810308094c28f4894bad3451a8f8c18f3a1a696a173b67d2d all runs: OK false negative chance: 0.000 # git bisect good 26fd9f7b7ff3794c5de0e6ae538cead53118b4c3 Bisecting: 124 revisions left to test after this (roughly 7 steps) [3c894cb29bbf4e36c5f2497cf8ea6fb09e157920] Merge tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd testing commit 3c894cb29bbf4e36c5f2497cf8ea6fb09e157920 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: c1a823aca3658697de90b07ea357518d439605a302dc6822926f29298c45203c all runs: OK false negative chance: 0.000 # git bisect good 3c894cb29bbf4e36c5f2497cf8ea6fb09e157920 Bisecting: 51 revisions left to test after this (roughly 6 steps) [17bbde2e1716e2ee4b997d476b48ae85c5a47671] Merge tag 'net-6.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 17bbde2e1716e2ee4b997d476b48ae85c5a47671 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 4e24bebb38dc60e136647fede1047580e827f8d0338a60c56505ac0214c144b2 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] # git bisect bad 17bbde2e1716e2ee4b997d476b48ae85c5a47671 Bisecting: 35 revisions left to test after this (roughly 5 steps) [b0727b0ccd907aa669ba48027f29019f1c48d42c] Merge branch 'virtio-fixes-for-tx-ring-sizing-and-resize-error-reporting' testing commit b0727b0ccd907aa669ba48027f29019f1c48d42c gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 06645e029303ec0ac2ddc430c14ab1d50ed40f1a83e3533478cc4e273fbb511e all runs: OK false negative chance: 0.000 # git bisect good b0727b0ccd907aa669ba48027f29019f1c48d42c Bisecting: 21 revisions left to test after this (roughly 4 steps) [9e9b46672b1daac814b384286c21fb8332a87392] xfs: add FALLOC_FL_ALLOCATE_RANGE to supported flags mask testing commit 9e9b46672b1daac814b384286c21fb8332a87392 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 5d89e69d3df74a9659a1d4c3ae96b9e3b25437e37c7b0c7c199f169359b655e2 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] # git bisect bad 9e9b46672b1daac814b384286c21fb8332a87392 Bisecting: 6 revisions left to test after this (roughly 3 steps) [09234a632be42573d9743ac5ff6773622d233ad0] xfs: xfs_ifree_cluster vs xfs_iflush_shutdown_abort deadlock testing commit 09234a632be42573d9743ac5ff6773622d233ad0 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 7522cc72132c9cb1a437f3f06aa58df70c7056e69ad6cd41fcea22e4ec161938 all runs: OK false negative chance: 0.000 # git bisect good 09234a632be42573d9743ac5ff6773622d233ad0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [fc48627b9c22f4d18651ca72ba171952d7a26004] xfs: add tracepoints for stale pinned inode state debug testing commit fc48627b9c22f4d18651ca72ba171952d7a26004 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 89f777aedca072c334d3dd1ca9832b33e8628657812dc36c345ed0a2fd1b66ab all runs: OK false negative chance: 0.000 # git bisect good fc48627b9c22f4d18651ca72ba171952d7a26004 Bisecting: 1 revision left to test after this (roughly 1 step) [816c330b605c3f4813c0dc0ab5af5cce17ff06b3] xfs: factor out stale buffer item completion testing commit 816c330b605c3f4813c0dc0ab5af5cce17ff06b3 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 6b983e0ccd84c3cb8e61fedde3362f5acaafb97f278e20de9c0dbd806675223b all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] # git bisect bad 816c330b605c3f4813c0dc0ab5af5cce17ff06b3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d2fe5c4c8d25999862d615f616aea7befdd62799] xfs: rearrange code in xfs_buf_item.c testing commit d2fe5c4c8d25999862d615f616aea7befdd62799 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: df17119ea161a1f7ecc5a9408534e458ff3bd3bf6350d9716544ed95a7af7763 all runs: crashed: KASAN: slab-use-after-free Write in xlog_cil_committed representative crash: KASAN: slab-use-after-free Write in xlog_cil_committed, types: [KASAN-USE-AFTER-FREE-WRITE] # git bisect bad d2fe5c4c8d25999862d615f616aea7befdd62799 d2fe5c4c8d25999862d615f616aea7befdd62799 is the first bad commit commit d2fe5c4c8d25999862d615f616aea7befdd62799 Author: Dave Chinner Date: Thu Jun 26 08:48:58 2025 +1000 xfs: rearrange code in xfs_buf_item.c The code to initialise, release and free items is all the way down the bottom of the file. Upcoming fixes need to these functions earlier in the file, so move them to the top. There is one code change in this move - the parameter to xfs_buf_item_relse() is changed from the xfs_buf to the xfs_buf_log_item - the thing that the function is releasing. Signed-off-by: Dave Chinner Reviewed-by: Carlos Maiolino Signed-off-by: Carlos Maiolino fs/xfs/xfs_buf_item.c | 116 +++++++++++++++++++++++++------------------------- fs/xfs/xfs_buf_item.h | 1 - 2 files changed, 58 insertions(+), 59 deletions(-) accumulated error probability: 0.00 culprit signature: df17119ea161a1f7ecc5a9408534e458ff3bd3bf6350d9716544ed95a7af7763 parent signature: 89f777aedca072c334d3dd1ca9832b33e8628657812dc36c345ed0a2fd1b66ab revisions tested: 23, total time: 9h6m51.470726274s (build: 5h31m18.482164975s, test: 2h58m17.801858459s) first bad commit: d2fe5c4c8d25999862d615f616aea7befdd62799 xfs: rearrange code in xfs_buf_item.c recipients (to): ["cem@kernel.org" "cmaiolino@redhat.com" "dchinner@redhat.com"] recipients (cc): [] crash: KASAN: slab-use-after-free Write in xlog_cil_committed XFS (loop2): Filesystem has been shut down due to log error (0x2). XFS (loop2): Please unmount the filesystem and rectify the problem(s). ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_write include/linux/instrumented.h:82 [inline] BUG: KASAN: slab-use-after-free in set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline] BUG: KASAN: slab-use-after-free in xlog_cil_ail_insert fs/xfs/xfs_log_cil.c:798 [inline] BUG: KASAN: slab-use-after-free in xlog_cil_committed+0x3e3/0xd40 fs/xfs/xfs_log_cil.c:904 Write of size 8 at addr ffff88811912e190 by task kworker/0:1H/41 CPU: 0 UID: 0 PID: 41 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: xfs-log/loop2 xlog_ioend_work Call Trace: dump_stack_lvl+0xf4/0x170 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xd2/0x2b0 mm/kasan/report.c:521 kasan_report+0x118/0x150 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:189 instrument_atomic_write include/linux/instrumented.h:82 [inline] set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline] xlog_cil_ail_insert fs/xfs/xfs_log_cil.c:798 [inline] xlog_cil_committed+0x3e3/0xd40 fs/xfs/xfs_log_cil.c:904 xlog_cil_process_committed+0x145/0x180 fs/xfs/xfs_log_cil.c:934 xlog_state_shutdown_callbacks+0x244/0x340 fs/xfs/xfs_log.c:488 xlog_force_shutdown+0x286/0x320 fs/xfs/xfs_log.c:3520 xlog_ioend_work+0x98/0xe0 fs/xfs/xfs_log.c:1245 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0x995/0x12d0 kernel/workqueue.c:3321 worker_thread+0x850/0xc60 kernel/workqueue.c:3402 kthread+0x598/0x690 kernel/kthread.c:464 ret_from_fork+0x139/0x2d0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Allocated by task 4006: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4148 [inline] slab_alloc_node mm/slub.c:4197 [inline] kmem_cache_alloc_noprof+0x1b1/0x400 mm/slub.c:4204 xfs_buf_item_init+0x5e/0x5f0 fs/xfs/xfs_buf_item.c:815 _xfs_trans_bjoin+0x41/0xf0 fs/xfs/xfs_trans_buf.c:75 xfs_trans_read_buf_map+0x279/0x800 fs/xfs/xfs_trans_buf.c:325 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline] xfs_btree_read_buf_block+0x24e/0x3d0 fs/xfs/libxfs/xfs_btree.c:1402 xfs_btree_lookup_get_block+0x24d/0x460 fs/xfs/libxfs/xfs_btree.c:1907 xfs_btree_lookup+0x3e2/0xf60 fs/xfs/libxfs/xfs_btree.c:2018 xfs_alloc_lookup fs/xfs/libxfs/xfs_alloc.c:166 [inline] xfs_alloc_lookup_eq fs/xfs/libxfs/xfs_alloc.c:184 [inline] xfs_alloc_fixup_trees+0x1fd/0xbb0 fs/xfs/libxfs/xfs_alloc.c:626 xfs_alloc_cur_finish+0xd1/0x3a0 fs/xfs/libxfs/xfs_alloc.c:1117 xfs_alloc_ag_vextent_near+0x966/0xd40 fs/xfs/libxfs/xfs_alloc.c:1776 xfs_alloc_vextent_iterate_ags+0x43e/0x640 fs/xfs/libxfs/xfs_alloc.c:3764 xfs_alloc_vextent_start_ag+0x250/0x5c0 fs/xfs/libxfs/xfs_alloc.c:3839 xfs_bmap_btalloc_best_length fs/xfs/libxfs/xfs_bmap.c:3627 [inline] xfs_bmap_btalloc fs/xfs/libxfs/xfs_bmap.c:3672 [inline] xfs_bmapi_allocate+0x1183/0x22b0 fs/xfs/libxfs/xfs_bmap.c:3947 xfs_bmapi_write+0x637/0xee0 fs/xfs/libxfs/xfs_bmap.c:4276 xfs_da_grow_inode_int+0x25d/0x770 fs/xfs/libxfs/xfs_da_btree.c:2315 xfs_da_grow_inode+0xf3/0x250 fs/xfs/libxfs/xfs_da_btree.c:2380 xfs_attr_shortform_to_leaf+0x1f3/0x710 fs/xfs/libxfs/xfs_attr_leaf.c:965 xfs_attr_sf_addname fs/xfs/libxfs/xfs_attr.c:402 [inline] xfs_attr_set_iter+0xb6d/0x3c10 fs/xfs/libxfs/xfs_attr.c:824 xfs_attr_finish_item+0xc2/0x290 fs/xfs/xfs_attr_item.c:505 xfs_defer_finish_one+0x30a/0xaa0 fs/xfs/libxfs/xfs_defer.c:595 xfs_defer_finish_noroll+0x6ba/0xd40 fs/xfs/libxfs/xfs_defer.c:707 xfs_trans_commit+0xa7/0x120 fs/xfs/xfs_trans.c:949 xfs_attr_set+0xb7c/0xf10 fs/xfs/libxfs/xfs_attr.c:1150 xfs_xattr_set+0x127/0x1f0 fs/xfs/xfs_xattr.c:186 __vfs_setxattr+0x350/0x390 fs/xattr.c:200 __vfs_setxattr_noperm+0x109/0x520 fs/xattr.c:234 vfs_setxattr+0x16e/0x290 fs/xattr.c:321 do_setxattr fs/xattr.c:636 [inline] filename_setxattr+0x24b/0x510 fs/xattr.c:665 path_setxattrat+0x22d/0x2a0 fs/xattr.c:713 __do_sys_setxattr fs/xattr.c:747 [inline] __se_sys_setxattr fs/xattr.c:743 [inline] __x64_sys_setxattr+0xb7/0xd0 fs/xattr.c:743 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 753: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2381 [inline] slab_free mm/slub.c:4643 [inline] kmem_cache_free+0x175/0x460 mm/slub.c:4745 __xfs_buf_ioend+0x2fa/0x550 fs/xfs/xfs_buf.c:1202 xfs_buf_iowait+0x39/0x250 fs/xfs/xfs_buf.c:1384 _xfs_buf_read fs/xfs/xfs_buf.c:646 [inline] xfs_buf_read_map+0x265/0x830 fs/xfs/xfs_buf.c:712 xfs_trans_read_buf_map+0x1f6/0x800 fs/xfs/xfs_trans_buf.c:304 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline] xfs_btree_read_buf_block+0x24e/0x3d0 fs/xfs/libxfs/xfs_btree.c:1402 xfs_btree_lookup_get_block+0x24d/0x460 fs/xfs/libxfs/xfs_btree.c:1907 xfs_btree_lookup+0x3e2/0xf60 fs/xfs/libxfs/xfs_btree.c:2018 xfs_alloc_lookup fs/xfs/libxfs/xfs_alloc.c:166 [inline] xfs_alloc_lookup_le fs/xfs/libxfs/xfs_alloc.c:212 [inline] xfs_free_ag_extent+0x200/0x12a0 fs/xfs/libxfs/xfs_alloc.c:2080 __xfs_free_extent+0x287/0x3e0 fs/xfs/libxfs/xfs_alloc.c:4048 xfs_extent_free_finish_item+0x22e/0x670 fs/xfs/xfs_extfree_item.c:552 xfs_defer_finish_one+0x30a/0xaa0 fs/xfs/libxfs/xfs_defer.c:595 xfs_defer_finish_noroll+0x6ba/0xd40 fs/xfs/libxfs/xfs_defer.c:707 xfs_defer_finish+0x14/0x130 fs/xfs/libxfs/xfs_defer.c:741 xfs_bunmapi_range+0x97/0xe0 fs/xfs/libxfs/xfs_bmap.c:6178 xfs_itruncate_extents_flags+0x21d/0x5f0 fs/xfs/xfs_inode.c:1066 xfs_itruncate_extents fs/xfs/xfs_inode.h:593 [inline] xfs_inactive_truncate+0x10a/0x170 fs/xfs/xfs_inode.c:1168 xfs_inactive+0x608/0x840 fs/xfs/xfs_inode.c:1454 xfs_inodegc_inactivate fs/xfs/xfs_icache.c:1947 [inline] xfs_inodegc_worker+0x25e/0x520 fs/xfs/xfs_icache.c:1993 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0x995/0x12d0 kernel/workqueue.c:3321 worker_thread+0x850/0xc60 kernel/workqueue.c:3402 kthread+0x598/0x690 kernel/kthread.c:464 ret_from_fork+0x139/0x2d0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address belongs to the object at ffff88811912e150 which belongs to the cache xfs_buf_item of size 272 The buggy address is located 64 bytes inside of freed 272-byte region [ffff88811912e150, ffff88811912e260) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11912e flags: 0x200000000000000(node=0|zone=2) page_type: f5(slab) raw: 0200000000000000 ffff88810b69c3c0 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4006, tgid 4005 (syz.2.23), ts 86989613019, free_ts 86987902442 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x168/0x1a0 mm/page_alloc.c:1704 prep_new_page mm/page_alloc.c:1712 [inline] get_page_from_freelist+0x290d/0x29e0 mm/page_alloc.c:3669 __alloc_frozen_pages_noprof+0x26b/0x460 mm/page_alloc.c:4959 alloc_pages_mpol+0xcb/0x270 mm/mempolicy.c:2419 alloc_slab_page mm/slub.c:2451 [inline] allocate_slab+0x8a/0x350 mm/slub.c:2619 new_slab mm/slub.c:2673 [inline] ___slab_alloc+0x9dc/0x10e0 mm/slub.c:3859 __slab_alloc mm/slub.c:3949 [inline] __slab_alloc_node mm/slub.c:4024 [inline] slab_alloc_node mm/slub.c:4185 [inline] kmem_cache_alloc_noprof+0x26e/0x400 mm/slub.c:4204 xfs_buf_item_init+0x5e/0x5f0 fs/xfs/xfs_buf_item.c:815 _xfs_trans_bjoin+0x41/0xf0 fs/xfs/xfs_trans_buf.c:75 xfs_trans_read_buf_map+0x279/0x800 fs/xfs/xfs_trans_buf.c:325 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline] xfs_btree_read_buf_block+0x24e/0x3d0 fs/xfs/libxfs/xfs_btree.c:1402 xfs_btree_lookup_get_block+0x24d/0x460 fs/xfs/libxfs/xfs_btree.c:1907 xfs_btree_lookup+0x3e2/0xf60 fs/xfs/libxfs/xfs_btree.c:2018 xfs_alloc_lookup fs/xfs/libxfs/xfs_alloc.c:166 [inline] xfs_alloc_lookup_ge fs/xfs/libxfs/xfs_alloc.c:198 [inline] xfs_alloc_cur_setup fs/xfs/libxfs/xfs_alloc.c:966 [inline] xfs_alloc_ag_vextent_near+0x40e/0xd40 fs/xfs/libxfs/xfs_alloc.c:1705 xfs_alloc_vextent_iterate_ags+0x43e/0x640 fs/xfs/libxfs/xfs_alloc.c:3764 xfs_alloc_vextent_start_ag+0x250/0x5c0 fs/xfs/libxfs/xfs_alloc.c:3839 page last free pid 4006 tgid 4005 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1248 [inline] __free_frozen_pages+0xa7a/0xc60 mm/page_alloc.c:2706 __folio_put+0x1b9/0x240 mm/swap.c:112 folio_put include/linux/mm.h:1356 [inline] xfs_buf_free+0x20a/0x3b0 fs/xfs/xfs_buf.c:121 xfs_buf_rele_cached fs/xfs/xfs_buf.c:937 [inline] xfs_buf_rele+0xa15/0xe30 fs/xfs/xfs_buf.c:951 xfs_buftarg_drain+0x27e/0x4a0 fs/xfs/xfs_buf.c:1587 xfs_log_mount_finish+0x2ca/0x320 fs/xfs/xfs_log.c:769 xfs_mountfs+0x12df/0x1b90 fs/xfs/xfs_mount.c:1173 xfs_fs_fill_super+0xe5f/0x1260 fs/xfs/xfs_super.c:1965 get_tree_bdev_flags+0x3d1/0x470 fs/super.c:1679 vfs_get_tree+0x84/0x1a0 fs/super.c:1802 do_new_mount+0x1c7/0x850 fs/namespace.c:3885 do_mount fs/namespace.c:4222 [inline] __do_sys_mount fs/namespace.c:4433 [inline] __se_sys_mount+0x218/0x2b0 fs/namespace.c:4410 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff88811912e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811912e100: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb >ffff88811912e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811912e200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff88811912e280: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================