./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor779951117 <...> Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. execve("./syz-executor779951117", ["./syz-executor779951117"], 0x7ffc24b29bf0 /* 10 vars */) = 0 brk(NULL) = 0x55557e400000 brk(0x55557e400e00) = 0x55557e400e00 arch_prctl(ARCH_SET_FS, 0x55557e400480) = 0 set_tid_address(0x55557e400750) = 5864 set_robust_list(0x55557e400760, 24) = 0 rseq(0x55557e400da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor779951117", 4096) = 27 getrandom("\x3c\x2a\x04\x41\x52\x72\x69\x6a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557e400e00 brk(0x55557e421e00) = 0x55557e421e00 brk(0x55557e422000) = 0x55557e422000 mprotect(0x7f351215a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e400750) = 5865 ./strace-static-x86_64: Process 5865 attached [pid 5864] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC [pid 5865] set_robust_list(0x55557e400760, 24 [pid 5864] <... openat resumed>) = 3 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] write(3, "10000000000", 11) = 11 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "20", 2) = 2 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "0", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "0", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "100", 3) = 3 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "0", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "0", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "7 4 1 3", 7) = 7 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "0", 1) = 1 [pid 5864] close(3) = 0 [pid 5864] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "5865", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] kill(5865, SIGKILL) = 0 [pid 5865] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5865, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f35120a7db0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f35120b0930}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f35120a7db0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f35120b0930}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5867 attached [pid 5867] set_robust_list(0x55557e400760, 24) = 0 [pid 5864] <... clone resumed>, child_tidptr=0x55557e400750) = 5867 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 executing program [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3509c00000 [pid 5867] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5867] munmap(0x7f3509c00000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file1", 0777) = 0 [ 70.048337][ T5867] loop0: detected capacity change from 0 to 32768 [ 70.073279][ T5867] XFS: noikeep mount option is deprecated. [ 70.087995][ T5867] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [pid 5867] mount("/dev/loop0", "./file1", "xfs", MS_NOSUID|MS_NODIRATIME|MS_I_VERSION|MS_SUBMOUNT, "noikeep,sunit=0x0000000000000000,,nouuid") = 0 [pid 5867] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file1") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] setxattr("./file1", "trusted.overlay.upper", "\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x9c\xec\xdd\x09\xbc\xad\x63\xc1\xb8\xff\x75\x9c\x83\x63\x1e\x4a\x34\x21\x53\x1a\x8d\x19\x52\x32\x0f\x25\x99\x23\x73\xe6\x8c\x21\xa1\xcc\x43"..., 2101, XATTR_CREATE) = 0 [pid 5867] pipe(NULL) = -1 EFAULT (Bad address) [pid 5867] mount("/dev/loop0", "./file1", NULL, MS_BIND|MS_REC, NULL) = 0 [pid 5867] open("./file1", O_RDONLY|O_NOCTTY) = 4 [ 70.109265][ T5867] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 70.125057][ T5867] XFS (loop0): Starting recovery (logdev: internal) [ 70.136833][ T5867] XFS (loop0): Ending recovery (logdev: internal) [pid 5867] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0, lo_number=0, lo_flags=0, lo_file_name="\xef\x35\x9f\x41\x3b\xb9\x38\x52\xf7\xd6\xa4\xae\x6d\xdd\xfb\xd1\xce\x5d\x29\xc2\xee\x5e\x5c\xa9", ...}) = 0 [pid 5867] openat(AT_FDCWD, "cpuacct.usage_percpu_user", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EUCLEAN (Structure needs cleaning) [pid 5867] exit_group(0) = ? [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached , child_tidptr=0x55557e400750) = 5876 [ 70.229618][ T5867] loop0: detected capacity change from 32768 to 64 [ 70.247007][ T5867] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8 [ 70.258598][ T5867] XFS (loop0): Unmount and run xfs_repair [pid 5876] set_robust_list(0x55557e400760, 24) = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 executing program [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3509c00000 [pid 5876] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216 [pid 5876] munmap(0x7f3509c00000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] close(3) = 0 [pid 5876] setxattr("./file1", "trusted.overlay.upper", "\x2e\x2f\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x9c\xec\xdd\x09\xbc\xad\x63\xc1\xb8\xff\x75\x9c\x83\x63\x1e\x4a\x34\x21\x53\x1a\x8d\x19\x52\x32\x0f\x25\x99\x23\x73\xe6\x8c\x21\xa1\xcc\x43"..., 2101, XATTR_CREATE) = -1 EIO (Input/output error) [pid 5876] pipe(NULL) = -1 EFAULT (Bad address) [pid 5876] mount("/dev/loop0", "./file1", NULL, MS_BIND|MS_REC, NULL) = -1 ENOTDIR (Not a directory) [pid 5876] open("./file1", O_RDONLY|O_NOCTTY) = -1 EIO (Input/output error) [ 70.490395][ T5876] syz-executor779: attempt to access beyond end of device [ 70.490395][ T5876] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64 [ 70.504379][ T25] XFS (loop0): log I/O error -5 [ 70.509219][ T25] XFS (loop0): Filesystem has been shut down due to log error (0x2). [ 70.517336][ T25] XFS (loop0): Please unmount the filesystem and rectify the problem(s). [ 70.526218][ T25] ================================================================== [pid 5876] ioctl(-1, LOOP_SET_STATUS64, {lo_offset=0, lo_number=0, lo_flags=0, lo_file_name="\xef\x35\x9f\x41\x3b\xb9\x38\x52\xf7\xd6\xa4\xae\x6d\xdd\xfb\xd1\xce\x5d\x29\xc2\xee\x5e\x5c\xa9", ...}) = -1 EBADF (Bad file descriptor) [pid 5876] openat(AT_FDCWD, "cpuacct.usage_percpu_user", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5876] exit_group(0) = ? [ 70.534290][ T25] BUG: KASAN: slab-use-after-free in xlog_cil_committed+0x45e/0x1040 [ 70.542413][ T25] Write of size 8 at addr ffff8880750cbc10 by task kworker/1:0H/25 [ 70.550340][ T25] [ 70.552675][ T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 70.552692][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 70.552701][ T25] Workqueue: xfs-log/loop0 xlog_ioend_work [ 70.552718][ T25] Call Trace: [ 70.552724][ T25] [ 70.552729][ T25] dump_stack_lvl+0x189/0x250 [ 70.552747][ T25] ? rcu_is_watching+0x15/0xb0 [ 70.552760][ T25] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.552775][ T25] ? rcu_is_watching+0x15/0xb0 [ 70.552787][ T25] ? lock_release+0x4b/0x3e0 [ 70.552808][ T25] ? __virt_addr_valid+0x1c8/0x5c0 [ 70.552825][ T25] ? __virt_addr_valid+0x4a5/0x5c0 [ 70.552841][ T25] print_report+0xca/0x240 [ 70.552854][ T25] ? xlog_cil_committed+0x45e/0x1040 [ 70.552868][ T25] kasan_report+0x118/0x150 [ 70.552888][ T25] ? xlog_cil_committed+0x45e/0x1040 [ 70.552904][ T25] kasan_check_range+0x2b0/0x2c0 [ 70.552924][ T25] xlog_cil_committed+0x45e/0x1040 [ 70.552943][ T25] ? __pfx_xlog_cil_committed+0x10/0x10 [ 70.552957][ T25] ? __pfx_vprintk_emit+0x10/0x10 [ 70.552979][ T25] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 70.553002][ T25] ? rcu_is_watching+0x15/0xb0 [ 70.553015][ T25] xlog_cil_process_committed+0x15c/0x1b0 [ 70.553031][ T25] xlog_state_shutdown_callbacks+0x269/0x360 [ 70.553054][ T25] ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10 [ 70.553078][ T25] xlog_force_shutdown+0x332/0x400 [ 70.553092][ T25] xlog_ioend_work+0xaf/0x100 [ 70.553105][ T25] ? process_scheduled_works+0x9ef/0x17b0 [ 70.553118][ T25] process_scheduled_works+0xae1/0x17b0 [ 70.553139][ T25] ? __pfx_process_scheduled_works+0x10/0x10 [ 70.553156][ T25] worker_thread+0x8a0/0xda0 [ 70.553176][ T25] kthread+0x711/0x8a0 [ 70.553193][ T25] ? __pfx_worker_thread+0x10/0x10 [ 70.553205][ T25] ? __pfx_kthread+0x10/0x10 [ 70.553221][ T25] ? _raw_spin_unlock_irq+0x23/0x50 [ 70.553239][ T25] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.553251][ T25] ? __pfx_kthread+0x10/0x10 [ 70.553266][ T25] ret_from_fork+0x3f9/0x770 [ 70.553280][ T25] ? __pfx_ret_from_fork+0x10/0x10 [ 70.553294][ T25] ? __switch_to_asm+0x39/0x70 [ 70.553310][ T25] ? __switch_to_asm+0x33/0x70 [ 70.553326][ T25] ? __pfx_kthread+0x10/0x10 [ 70.553342][ T25] ret_from_fork_asm+0x1a/0x30 [ 70.553364][ T25] [ 70.553369][ T25] [ 70.783634][ T25] Allocated by task 5867: [ 70.787953][ T25] kasan_save_track+0x3e/0x80 [ 70.792638][ T25] __kasan_slab_alloc+0x6c/0x80 [ 70.797496][ T25] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 70.802963][ T25] xfs_buf_item_init+0x66/0x670 [ 70.807816][ T25] _xfs_trans_bjoin+0x46/0x110 [ 70.812582][ T25] xfs_trans_read_buf_map+0x28f/0x8e0 [ 70.817946][ T25] xfs_btree_read_buf_block+0x290/0x470 [ 70.823491][ T25] xfs_btree_lookup_get_block+0x28d/0x500 [ 70.829205][ T25] xfs_btree_lookup+0x4e1/0x1410 [ 70.834137][ T25] xfs_alloc_fixup_trees+0x21b/0xd20 [ 70.839429][ T25] xfs_alloc_cur_finish+0xd3/0x4b0 [ 70.844535][ T25] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 70.850271][ T25] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 70.856249][ T25] xfs_alloc_vextent_start_ag+0x388/0x850 [ 70.861998][ T25] xfs_bmapi_allocate+0x188e/0x2e00 [ 70.867195][ T25] xfs_bmapi_write+0x7df/0x1260 [ 70.872041][ T25] xfs_da_grow_inode_int+0x298/0x860 [ 70.877316][ T25] xfs_da_grow_inode+0x16d/0x390 [ 70.882252][ T25] xfs_attr_shortform_to_leaf+0x273/0x860 [ 70.887968][ T25] xfs_attr_set_iter+0xd30/0x4b70 [ 70.892992][ T25] xfs_attr_finish_item+0xed/0x320 [ 70.898099][ T25] xfs_defer_finish_one+0x5c8/0xcf0 [ 70.903296][ T25] xfs_defer_finish_noroll+0x910/0x12d0 [ 70.908836][ T25] xfs_trans_commit+0x10b/0x1c0 [ 70.913682][ T25] xfs_attr_set+0xdc6/0x1210 [ 70.918272][ T25] xfs_xattr_set+0x14d/0x250 [ 70.922862][ T25] __vfs_setxattr+0x43c/0x480 [ 70.927536][ T25] __vfs_setxattr_noperm+0x12d/0x660 [ 70.932828][ T25] vfs_setxattr+0x16b/0x2f0 [ 70.937330][ T25] filename_setxattr+0x274/0x600 [ 70.942261][ T25] path_setxattrat+0x364/0x3a0 [ 70.947070][ T25] __x64_sys_setxattr+0xbc/0xe0 [ 70.951937][ T25] do_syscall_64+0xfa/0x3b0 [ 70.956435][ T25] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.962321][ T25] [ 70.964636][ T25] Freed by task 5876: [ 70.968601][ T25] kasan_save_track+0x3e/0x80 [ 70.973278][ T25] __kasan_save_free_info+0x46/0x50 [ 70.978479][ T25] __kasan_slab_free+0x5b/0x80 [ 70.983253][ T25] kmem_cache_free+0x18f/0x400 [ 70.988014][ T25] __xfs_buf_ioend+0x29c/0x6f0 [ 70.992865][ T25] xfs_buf_iowait+0x167/0x480 [ 70.997543][ T25] xfs_buf_read_map+0x335/0xa50 [ 71.002402][ T25] xfs_trans_read_buf_map+0x1d7/0x8e0 [ 71.007771][ T25] xfs_btree_read_buf_block+0x290/0x470 [ 71.013317][ T25] xfs_btree_lookup_get_block+0x28d/0x500 [ 71.019036][ T25] xfs_btree_lookup+0x4e1/0x1410 [ 71.023967][ T25] xfs_alloc_fixup_trees+0x21b/0xd20 [ 71.029249][ T25] xfs_alloc_cur_finish+0xd3/0x4b0 [ 71.034363][ T25] xfs_alloc_ag_vextent_near+0xd1a/0x1230 [ 71.040197][ T25] xfs_alloc_vextent_iterate_ags+0x640/0x940 [ 71.046175][ T25] xfs_alloc_vextent_start_ag+0x388/0x850 [ 71.051891][ T25] xfs_bmapi_allocate+0x188e/0x2e00 [ 71.057098][ T25] xfs_bmapi_write+0x7df/0x1260 [ 71.061945][ T25] xfs_da_grow_inode_int+0x298/0x860 [ 71.067259][ T25] xfs_da_grow_inode+0x16d/0x390 [ 71.072195][ T25] xfs_attr_shortform_to_leaf+0x273/0x860 [ 71.077915][ T25] xfs_attr_set_iter+0xd30/0x4b70 [ 71.082936][ T25] xfs_attr_finish_item+0xed/0x320 [ 71.088044][ T25] xfs_defer_finish_one+0x5c8/0xcf0 [ 71.093241][ T25] xfs_defer_finish_noroll+0x910/0x12d0 [ 71.098783][ T25] xfs_trans_commit+0x10b/0x1c0 [ 71.103628][ T25] xfs_attr_set+0xdc6/0x1210 [ 71.108237][ T25] xfs_xattr_set+0x14d/0x250 [ 71.112856][ T25] __vfs_setxattr+0x43c/0x480 [ 71.117535][ T25] __vfs_setxattr_noperm+0x12d/0x660 [ 71.122831][ T25] vfs_setxattr+0x16b/0x2f0 [ 71.127347][ T25] filename_setxattr+0x274/0x600 [ 71.132299][ T25] path_setxattrat+0x364/0x3a0 [ 71.137093][ T25] __x64_sys_setxattr+0xbc/0xe0 [ 71.141960][ T25] do_syscall_64+0xfa/0x3b0 [ 71.146470][ T25] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.152364][ T25] [ 71.154690][ T25] The buggy address belongs to the object at ffff8880750cbbd0 [ 71.154690][ T25] which belongs to the cache xfs_buf_item of size 272 [ 71.168833][ T25] The buggy address is located 64 bytes inside of [ 71.168833][ T25] freed 272-byte region [ffff8880750cbbd0, ffff8880750cbce0) [ 71.182548][ T25] [ 71.184877][ T25] The buggy address belongs to the physical page: [ 71.191316][ T25] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x750cb [ 71.200085][ T25] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.207196][ T25] page_type: f5(slab) [ 71.211194][ T25] raw: 00fff00000000000 ffff888146690280 dead000000000122 0000000000000000 [ 71.219779][ T25] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 71.228355][ T25] page dumped because: kasan: bad access detected [ 71.234762][ T25] page_owner tracks the page as allocated [ 71.240473][ T25] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5867, tgid 5867 (syz-executor779), ts 70134831759, free_ts 22799021473 [ 71.260014][ T25] post_alloc_hook+0x240/0x2a0 [ 71.264782][ T25] get_page_from_freelist+0x21e4/0x22c0 [ 71.270320][ T25] __alloc_frozen_pages_noprof+0x181/0x370 [ 71.276117][ T25] alloc_pages_mpol+0x232/0x4a0 [ 71.280965][ T25] allocate_slab+0x8a/0x370 [ 71.285465][ T25] ___slab_alloc+0xbeb/0x1410 [ 71.290129][ T25] kmem_cache_alloc_noprof+0x283/0x3c0 [ 71.295587][ T25] xfs_buf_item_init+0x66/0x670 [ 71.300445][ T25] xlog_recover_validate_buf_type+0xa2e/0xdb0 [ 71.306512][ T25] xlog_recover_buf_commit_pass2+0xe2b/0x1a10 [ 71.312590][ T25] xlog_recover_items_pass2+0xe6/0x130 [ 71.318051][ T25] xlog_recover_commit_trans+0x658/0x8a0 [ 71.323690][ T25] xlog_recovery_process_trans+0xab/0x1c0 [ 71.329410][ T25] xlog_recover_process_ophdr+0x2f5/0x380 [ 71.335124][ T25] xlog_recover_process_data+0x1a5/0x430 [ 71.340753][ T25] xlog_do_recovery_pass+0x9cd/0xc30 [ 71.346044][ T25] page last free pid 1 tgid 1 stack trace: [ 71.351836][ T25] __free_frozen_pages+0xbc4/0xd30 [ 71.357089][ T25] free_contig_range+0x1bd/0x4a0 [ 71.362025][ T25] destroy_args+0x69/0x660 [ 71.366434][ T25] debug_vm_pgtable+0x39f/0x3b0 [ 71.371277][ T25] do_one_initcall+0x233/0x820 [ 71.376047][ T25] do_initcall_level+0x104/0x190 [ 71.381004][ T25] do_initcalls+0x59/0xa0 [ 71.385338][ T25] kernel_init_freeable+0x334/0x4b0 [ 71.390555][ T25] kernel_init+0x1d/0x1d0 [ 71.394882][ T25] ret_from_fork+0x3f9/0x770 [ 71.399554][ T25] ret_from_fork_asm+0x1a/0x30 [ 71.404323][ T25] [ 71.406645][ T25] Memory state around the buggy address: [ 71.412277][ T25] ffff8880750cbb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.420339][ T25] ffff8880750cbb80: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 71.428394][ T25] >ffff8880750cbc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.436446][ T25] ^ [ 71.441032][ T25] ffff8880750cbc80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 71.449089][ T25] ffff8880750cbd00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 71.457144][ T25] ================================================================== [ 71.466511][ T25] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.473727][ T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 71.485196][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 71.495248][ T25] Workqueue: xfs-log/loop0 xlog_ioend_work [ 71.501067][ T25] Call Trace: [ 71.504342][ T25] [ 71.507288][ T25] dump_stack_lvl+0x99/0x250 [ 71.511901][ T25] ? __asan_memcpy+0x40/0x70 [ 71.516499][ T25] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.521710][ T25] ? __pfx__printk+0x10/0x10 [ 71.526311][ T25] vpanic+0x281/0x750 [ 71.530298][ T25] ? preempt_schedule+0xae/0xc0 [ 71.535167][ T25] ? __pfx_vpanic+0x10/0x10 [ 71.539681][ T25] ? preempt_schedule_common+0x83/0xd0 [ 71.545144][ T25] ? preempt_schedule+0xae/0xc0 [ 71.549995][ T25] ? __pfx_preempt_schedule+0x10/0x10 [ 71.555383][ T25] panic+0xb9/0xc0 [ 71.559115][ T25] ? __pfx_panic+0x10/0x10 [ 71.563567][ T25] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 71.569488][ T25] ? xlog_cil_committed+0x45e/0x1040 [ 71.574787][ T25] check_panic_on_warn+0x89/0xb0 [ 71.579731][ T25] ? xlog_cil_committed+0x45e/0x1040 [ 71.585011][ T25] end_report+0x78/0x160 [ 71.589253][ T25] kasan_report+0x129/0x150 [ 71.593779][ T25] ? xlog_cil_committed+0x45e/0x1040 [ 71.599080][ T25] kasan_check_range+0x2b0/0x2c0 [ 71.604035][ T25] xlog_cil_committed+0x45e/0x1040 [ 71.609155][ T25] ? __pfx_xlog_cil_committed+0x10/0x10 [ 71.614698][ T25] ? __pfx_vprintk_emit+0x10/0x10 [ 71.619728][ T25] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 71.625624][ T25] ? rcu_is_watching+0x15/0xb0 [ 71.630383][ T25] xlog_cil_process_committed+0x15c/0x1b0 [ 71.636109][ T25] xlog_state_shutdown_callbacks+0x269/0x360 [ 71.642100][ T25] ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10 [ 71.648606][ T25] xlog_force_shutdown+0x332/0x400 [ 71.653716][ T25] xlog_ioend_work+0xaf/0x100 [ 71.658397][ T25] ? process_scheduled_works+0x9ef/0x17b0 [ 71.664112][ T25] process_scheduled_works+0xae1/0x17b0 [ 71.669660][ T25] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.675646][ T25] worker_thread+0x8a0/0xda0 [ 71.680268][ T25] kthread+0x711/0x8a0 [ 71.684348][ T25] ? __pfx_worker_thread+0x10/0x10 [ 71.689448][ T25] ? __pfx_kthread+0x10/0x10 [ 71.694044][ T25] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.699246][ T25] ? lockdep_hardirqs_on+0x9c/0x150 [ 71.704436][ T25] ? __pfx_kthread+0x10/0x10 [ 71.709028][ T25] ret_from_fork+0x3f9/0x770 [ 71.713613][ T25] ? __pfx_ret_from_fork+0x10/0x10 [ 71.718724][ T25] ? __switch_to_asm+0x39/0x70 [ 71.723483][ T25] ? __switch_to_asm+0x33/0x70 [ 71.728249][ T25] ? __pfx_kthread+0x10/0x10 [ 71.732844][ T25] ret_from_fork_asm+0x1a/0x30 [ 71.737626][ T25] [ 71.740958][ T25] Kernel Offset: disabled [ 71.745278][ T25] Rebooting in 86400 seconds..