Warning: Permanently added '10.128.0.243' (ED25519) to the list of known hosts.
2025/11/24 09:19:45 parsed 1 programs
[  116.084128][ T6149] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  119.704897][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.713995][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.723687][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.732428][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.741707][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.939688][ T6207] chnl_net:caif_netlink_parms(): no params data found
[  121.037175][ T6207] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.045553][ T6207] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.053042][ T6207] bridge_slave_0: entered allmulticast mode
[  121.060473][ T6207] bridge_slave_0: entered promiscuous mode
[  121.068628][ T6207] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.076254][ T6207] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.087302][ T6207] bridge_slave_1: entered allmulticast mode
[  121.098525][ T6207] bridge_slave_1: entered promiscuous mode
[  121.127333][ T6207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.143543][ T6207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.173165][ T6207] team0: Port device team_slave_0 added
[  121.181023][ T6207] team0: Port device team_slave_1 added
[  121.211280][ T6207] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.218242][ T6207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.245253][ T6207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.258703][ T6207] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.266595][ T6207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.292646][ T6207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.335449][ T6207] hsr_slave_0: entered promiscuous mode
[  121.341854][ T6207] hsr_slave_1: entered promiscuous mode
[  121.836837][ T6207] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  121.853455][ T6207] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  121.865066][ T6207] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  121.877061][ T6207] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  121.915844][ T6207] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.923264][ T6207] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.931623][ T6207] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.938841][ T6207] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.951807][ T1915] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.960533][ T1915] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.048467][ T6207] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.072649][ T6207] 8021q: adding VLAN 0 to HW filter on device team0
[  122.088299][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.095458][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.115621][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.122899][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.389811][ T6207] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.452306][ T6207] veth0_vlan: entered promiscuous mode
[  122.471823][ T6207] veth1_vlan: entered promiscuous mode
[  122.512884][ T6207] veth0_macvtap: entered promiscuous mode
[  122.525815][ T6207] veth1_macvtap: entered promiscuous mode
[  122.548147][ T6207] batman_adv: batadv0: Interface activated: batadv_slave_0
[  122.568751][ T6207] batman_adv: batadv0: Interface activated: batadv_slave_1
[  122.596466][ T4113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  122.619530][ T4113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  122.628373][ T4113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.667593][ T4113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.822693][ T4113] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.945447][ T4113] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.997707][ T1915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.022157][ T1915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.050414][ T4113] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.083052][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.091147][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.124081][ T4113] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/24 09:19:58 executed programs: 0
[  124.689033][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  124.697627][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  124.710760][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  124.719922][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  124.727524][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  124.855272][ T4113] bridge_slave_1: left allmulticast mode
[  124.867791][ T4113] bridge_slave_1: left promiscuous mode
[  124.874288][ T4113] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.884759][ T4113] bridge_slave_0: left allmulticast mode
[  124.890910][ T4113] bridge_slave_0: left promiscuous mode
[  124.896684][ T4113] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.241388][ T4113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.252451][ T4113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.262468][ T4113] bond0 (unregistering): Released all slaves
[  125.397671][ T4113] hsr_slave_0: left promiscuous mode
[  125.404200][ T4113] hsr_slave_1: left promiscuous mode
[  125.411637][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.419233][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.427989][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.435786][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.458667][ T4113] veth1_macvtap: left promiscuous mode
[  125.464464][ T4113] veth0_macvtap: left promiscuous mode
[  125.471071][ T4113] veth1_vlan: left promiscuous mode
[  125.476457][ T4113] veth0_vlan: left promiscuous mode
[  125.952484][ T4113] team0 (unregistering): Port device team_slave_1 removed
[  125.994103][ T4113] team0 (unregistering): Port device team_slave_0 removed
[  126.557589][ T6332] chnl_net:caif_netlink_parms(): no params data found
[  126.743768][ T6332] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.756690][ T6332] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.764389][ T6332] bridge_slave_0: entered allmulticast mode
[  126.773408][ T6332] bridge_slave_0: entered promiscuous mode
[  126.787960][ T6332] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.795264][ T6332] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.803604][ T6332] bridge_slave_1: entered allmulticast mode
[  126.811705][ T6332] bridge_slave_1: entered promiscuous mode
[  126.831450][ T5151] Bluetooth: hci0: command tx timeout
[  126.855849][ T6332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.868820][ T6332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.916739][ T6332] team0: Port device team_slave_0 added
[  126.926138][ T6332] team0: Port device team_slave_1 added
[  127.222545][ T6332] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.235209][ T6332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  127.262866][ T6332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.278710][ T6332] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.286225][ T6332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  127.332251][ T6332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.514733][ T6332] hsr_slave_0: entered promiscuous mode
[  127.525014][ T6332] hsr_slave_1: entered promiscuous mode
[  128.172878][ T6332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  128.194790][ T6332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  128.207755][ T6332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  128.225324][ T6332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  128.342587][ T6332] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.364910][ T6332] 8021q: adding VLAN 0 to HW filter on device team0
[  128.376665][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.383957][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.397610][ T1915] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.404849][ T1915] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.558572][ T6332] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.598772][ T6332] veth0_vlan: entered promiscuous mode
[  128.610716][ T6332] veth1_vlan: entered promiscuous mode
[  128.639112][ T6332] veth0_macvtap: entered promiscuous mode
[  128.649259][ T6332] veth1_macvtap: entered promiscuous mode
[  128.668335][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.682697][ T6332] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.696224][ T1915] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.706563][ T1915] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.716752][ T1915] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.726975][ T1915] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.783796][ T4113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.792049][ T4113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.822923][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.831941][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.910379][ T5151] Bluetooth: hci0: command tx timeout
[  129.047140][ T6442] loop0: detected capacity change from 0 to 32768
[  129.055077][ T6442] xfs: Deprecated parameter 'noikeep'
[  129.061713][ T6442] XFS: noikeep mount option is deprecated.
[  129.112176][ T6442] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.179430][ T6442] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  129.197714][ T6442] XFS (loop0): Starting recovery (logdev: internal)
[  129.213364][ T6442] XFS (loop0): Ending recovery (logdev: internal)
[  129.270431][ T6442] loop0: detected capacity change from 32768 to 64
[  129.278360][ T6442] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  129.291473][ T6442] XFS (loop0): Unmount and run xfs_repair
[  129.321332][ T6332] syz-executor: attempt to access beyond end of device
[  129.321332][ T6332] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[  129.336230][   T25] XFS (loop0): log I/O error -5
[  129.341759][   T25] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[  129.350208][   T25] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[  129.360193][ T6332] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.675681][ T6452] loop0: detected capacity change from 0 to 32768
[  129.683103][ T6452] xfs: Deprecated parameter 'noikeep'
[  129.688512][ T6452] XFS: noikeep mount option is deprecated.
[  129.735868][ T6452] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.786491][ T6452] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  129.809030][ T6452] XFS (loop0): Starting recovery (logdev: internal)
[  129.825539][ T6452] XFS (loop0): Ending recovery (logdev: internal)
[  129.870226][ T6452] loop0: detected capacity change from 32768 to 64
[  129.878465][ T6452] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  129.890128][ T6452] XFS (loop0): Unmount and run xfs_repair
[  129.906484][ T6332] syz-executor: attempt to access beyond end of device
[  129.906484][ T6332] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
2025/11/24 09:20:03 executed programs: 4
[  129.921766][   T25] XFS (loop0): log I/O error -5
[  129.926678][   T25] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[  129.936124][   T25] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[  129.945860][ T6332] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.241518][ T6462] loop0: detected capacity change from 0 to 32768
[  130.254070][ T6462] xfs: Deprecated parameter 'noikeep'
[  130.260083][ T6462] XFS: noikeep mount option is deprecated.
[  130.304269][ T6462] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.358412][ T6462] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  130.378584][ T6462] XFS (loop0): Starting recovery (logdev: internal)
[  130.394197][ T6462] XFS (loop0): Ending recovery (logdev: internal)
[  130.440080][ T6462] loop0: detected capacity change from 32768 to 64
[  130.447349][ T6462] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  130.459806][ T6462] XFS (loop0): Unmount and run xfs_repair
[  130.485506][ T6332] syz-executor: attempt to access beyond end of device
[  130.485506][ T6332] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[  130.501183][   T11] XFS (loop0): log I/O error -5
[  130.506091][   T11] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[  130.518130][   T11] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[  130.527484][ T6332] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.811985][ T6472] loop0: detected capacity change from 0 to 32768
[  130.819267][ T6472] xfs: Deprecated parameter 'noikeep'
[  130.824976][ T6472] XFS: noikeep mount option is deprecated.
[  130.843658][ T6472] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.884241][ T6472] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  130.917720][ T6472] XFS (loop0): Starting recovery (logdev: internal)
[  130.935869][ T6472] XFS (loop0): Ending recovery (logdev: internal)
[  130.989842][ T5151] Bluetooth: hci0: command tx timeout
[  131.000373][ T6472] loop0: detected capacity change from 32768 to 64
[  131.008130][ T6481] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  131.019991][ T6481] XFS (loop0): Unmount and run xfs_repair
[  131.036593][ T6332] syz-executor: attempt to access beyond end of device
[  131.036593][ T6332] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[  131.051954][  T129] kworker/0:2: attempt to access beyond end of device
[  131.051954][  T129] loop0: rw=432129, sector=112, nr_sectors = 16 limit=64
[  131.052175][   T25] XFS (loop0): log I/O error -5
[  131.067438][   T11] XFS (loop0): log I/O error -5
[  131.073106][   T25] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[  131.084876][   T25] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[  131.094795][   T25] ==================================================================
[  131.102864][   T25] BUG: KASAN: slab-use-after-free in xlog_cil_committed+0x44e/0x1040
[  131.111023][   T25] Write of size 8 at addr ffff88807bb3c970 by task kworker/1:0H/25
[  131.119262][   T25] 
[  131.121609][   T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Not tainted syzkaller #0 PREEMPT(full) 
[  131.121625][   T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  131.121632][   T25] Workqueue: xfs-log/loop0 xlog_ioend_work
[  131.121658][   T25] Call Trace:
[  131.121665][   T25]  <TASK>
[  131.121671][   T25]  dump_stack_lvl+0x189/0x250
[  131.121687][   T25]  ? rcu_is_watching+0x15/0xb0
[  131.121695][   T25]  ? __kasan_check_byte+0x12/0x40
[  131.121709][   T25]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.121721][   T25]  ? rcu_is_watching+0x15/0xb0
[  131.121729][   T25]  ? lock_release+0x4b/0x3d0
[  131.121743][   T25]  ? __virt_addr_valid+0x1c8/0x5c0
[  131.121753][   T25]  ? __virt_addr_valid+0x4a5/0x5c0
[  131.121762][   T25]  print_report+0xca/0x240
[  131.121779][   T25]  ? xlog_cil_committed+0x44e/0x1040
[  131.121790][   T25]  kasan_report+0x118/0x150
[  131.121802][   T25]  ? xlog_cil_committed+0x44e/0x1040
[  131.121814][   T25]  kasan_check_range+0x2b0/0x2c0
[  131.121826][   T25]  xlog_cil_committed+0x44e/0x1040
[  131.121840][   T25]  ? __pfx_xlog_cil_committed+0x10/0x10
[  131.121856][   T25]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.121865][   T25]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  131.121882][   T25]  xlog_cil_process_committed+0x15c/0x1b0
[  131.121894][   T25]  xlog_state_shutdown_callbacks+0x269/0x360
[  131.121906][   T25]  ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10
[  131.121917][   T25]  xlog_force_shutdown+0x332/0x400
[  131.121927][   T25]  xlog_ioend_work+0xaf/0x100
[  131.121937][   T25]  ? process_one_work+0x868/0x15e0
[  131.121949][   T25]  process_one_work+0x93a/0x15e0
[  131.121960][   T25]  ? __lock_acquire+0xab9/0xd20
[  131.121975][   T25]  ? __pfx_process_one_work+0x10/0x10
[  131.121988][   T25]  ? assign_work+0x3a1/0x410
[  131.121999][   T25]  worker_thread+0x9b0/0xee0
[  131.122015][   T25]  kthread+0x711/0x8a0
[  131.122025][   T25]  ? __pfx_worker_thread+0x10/0x10
[  131.122036][   T25]  ? __pfx_kthread+0x10/0x10
[  131.122045][   T25]  ? _raw_spin_unlock_irq+0x23/0x50
[  131.122057][   T25]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.122065][   T25]  ? __pfx_kthread+0x10/0x10
[  131.122073][   T25]  ret_from_fork+0x599/0xb30
[  131.122085][   T25]  ? __pfx_ret_from_fork+0x10/0x10
[  131.122098][   T25]  ? __switch_to_asm+0x39/0x70
[  131.122107][   T25]  ? __switch_to_asm+0x33/0x70
[  131.122115][   T25]  ? __pfx_kthread+0x10/0x10
[  131.122123][   T25]  ret_from_fork_asm+0x1a/0x30
[  131.122136][   T25]  </TASK>
[  131.122139][   T25] 
[  131.358760][   T25] Allocated by task 6472:
[  131.363082][   T25]  kasan_save_track+0x3e/0x80
[  131.367762][   T25]  __kasan_slab_alloc+0x6c/0x80
[  131.372607][   T25]  kmem_cache_alloc_noprof+0x37d/0x700
[  131.378053][   T25]  xfs_buf_item_init+0x66/0x670
[  131.383091][   T25]  _xfs_trans_bjoin+0x46/0x110
[  131.387837][   T25]  xfs_trans_read_buf_map+0x28f/0x8e0
[  131.393196][   T25]  xfs_btree_read_buf_block+0x290/0x470
[  131.398740][   T25]  xfs_btree_lookup_get_block+0x28d/0x500
[  131.404469][   T25]  xfs_btree_lookup+0x4e1/0x1410
[  131.409398][   T25]  xfs_alloc_fixup_trees+0x21b/0xd20
[  131.414683][   T25]  xfs_alloc_cur_finish+0xd3/0x4b0
[  131.419781][   T25]  xfs_alloc_ag_vextent_near+0xd31/0x1240
[  131.425619][   T25]  xfs_alloc_vextent_iterate_ags+0x627/0x930
[  131.431587][   T25]  xfs_alloc_vextent_start_ag+0x378/0x860
[  131.437293][   T25]  xfs_bmapi_allocate+0x188e/0x2e00
[  131.442475][   T25]  xfs_bmapi_write+0x7df/0x1260
[  131.447317][   T25]  xfs_da_grow_inode_int+0x298/0x860
[  131.452595][   T25]  xfs_da_grow_inode+0x15d/0x390
[  131.457515][   T25]  xfs_attr_shortform_to_leaf+0x263/0x860
[  131.463221][   T25]  xfs_attr_set_iter+0xd37/0x4ba0
[  131.468228][   T25]  xfs_attr_finish_item+0xed/0x320
[  131.473321][   T25]  xfs_defer_finish_one+0x5a8/0xd00
[  131.478501][   T25]  xfs_defer_finish_noroll+0x8d8/0x12a0
[  131.484127][   T25]  xfs_trans_commit+0x10b/0x1c0
[  131.488994][   T25]  xfs_attr_set+0xdc6/0x1210
[  131.493567][   T25]  xfs_xattr_set+0x14d/0x250
[  131.498147][   T25]  __vfs_setxattr+0x43c/0x480
[  131.502812][   T25]  __vfs_setxattr_noperm+0x12d/0x660
[  131.508087][   T25]  vfs_setxattr+0x16b/0x2f0
[  131.512576][   T25]  filename_setxattr+0x274/0x600
[  131.517503][   T25]  path_setxattrat+0x364/0x3a0
[  131.522258][   T25]  __x64_sys_setxattr+0xbc/0xe0
[  131.527111][   T25]  do_syscall_64+0xfa/0xfa0
[  131.531599][   T25]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.537750][   T25] 
[  131.540060][   T25] Freed by task 129:
[  131.543931][   T25]  kasan_save_track+0x3e/0x80
[  131.548644][   T25]  kasan_save_free_info+0x46/0x50
[  131.553674][   T25]  __kasan_slab_free+0x5c/0x80
[  131.558599][   T25]  kmem_cache_free+0x197/0x640
[  131.563343][   T25]  __xfs_buf_ioend+0x28c/0x700
[  131.568089][   T25]  xfs_buf_iowait+0x143/0x480
[  131.572750][   T25]  xfs_buf_read_map+0x325/0xa50
[  131.577596][   T25]  xfs_trans_read_buf_map+0x1d7/0x8e0
[  131.582954][   T25]  xfs_btree_read_buf_block+0x290/0x470
[  131.588483][   T25]  xfs_btree_lookup_get_block+0x28d/0x500
[  131.594374][   T25]  xfs_btree_lookup+0x4e1/0x1410
[  131.599470][   T25]  xfs_free_ag_extent+0x25d/0x1760
[  131.604574][   T25]  __xfs_free_extent+0x2f1/0x470
[  131.609507][   T25]  xfs_extent_free_finish_item+0x28b/0x670
[  131.615302][   T25]  xfs_defer_finish_one+0x5a8/0xd00
[  131.620482][   T25]  xfs_defer_finish_noroll+0x8d8/0x12a0
[  131.626020][   T25]  xfs_defer_finish+0x1c/0x180
[  131.630768][   T25]  xfs_bunmapi_range+0xc4/0x140
[  131.635602][   T25]  xfs_itruncate_extents_flags+0x2f6/0x9b0
[  131.641391][   T25]  xfs_inactive_truncate+0x125/0x1b0
[  131.646655][   T25]  xfs_inactive+0x939/0xcd0
[  131.651134][   T25]  xfs_inodegc_worker+0x2fb/0x7c0
[  131.656144][   T25]  process_one_work+0x93a/0x15e0
[  131.661152][   T25]  worker_thread+0x9b0/0xee0
[  131.665723][   T25]  kthread+0x711/0x8a0
[  131.669946][   T25]  ret_from_fork+0x599/0xb30
[  131.674539][   T25]  ret_from_fork_asm+0x1a/0x30
[  131.679285][   T25] 
[  131.681588][   T25] The buggy address belongs to the object at ffff88807bb3c930
[  131.681588][   T25]  which belongs to the cache xfs_buf_item of size 272
[  131.695877][   T25] The buggy address is located 64 bytes inside of
[  131.695877][   T25]  freed 272-byte region [ffff88807bb3c930, ffff88807bb3ca40)
[  131.709572][   T25] 
[  131.711884][   T25] The buggy address belongs to the physical page:
[  131.718375][   T25] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bb3c
[  131.727124][   T25] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  131.734220][   T25] page_type: f5(slab)
[  131.738195][   T25] raw: 00fff00000000000 ffff88801c326c80 dead000000000122 0000000000000000
[  131.746759][   T25] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[  131.755318][   T25] page dumped because: kasan: bad access detected
[  131.761716][   T25] page_owner tracks the page as allocated
[  131.767412][   T25] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6472, tgid 6471 (syz.0.20), ts 130934958469, free_ts 130888658974
[  131.786324][   T25]  post_alloc_hook+0x234/0x290
[  131.791076][   T25]  get_page_from_freelist+0x2365/0x2440
[  131.796607][   T25]  __alloc_frozen_pages_noprof+0x181/0x370
[  131.802408][   T25]  alloc_pages_mpol+0x232/0x4a0
[  131.807350][   T25]  allocate_slab+0x86/0x3b0
[  131.811856][   T25]  ___slab_alloc+0xf56/0x1990
[  131.816524][   T25]  __slab_alloc+0x65/0x100
[  131.820934][   T25]  kmem_cache_alloc_noprof+0x40f/0x700
[  131.826383][   T25]  xfs_buf_item_init+0x66/0x670
[  131.831320][   T25]  _xfs_trans_bjoin+0x46/0x110
[  131.836068][   T25]  xfs_trans_read_buf_map+0x28f/0x8e0
[  131.841444][   T25]  xfs_imap_to_bp+0x127/0x2f0
[  131.846106][   T25]  xfs_iget+0xb79/0x2db0
[  131.850334][   T25]  xfs_trans_metafile_iget+0x77/0x330
[  131.855695][   T25]  xfs_rtginode_load+0x362/0x8b0
[  131.860617][   T25]  xfs_rtmount_inodes+0x151/0x7a0
[  131.865629][   T25] page last free pid 6339 tgid 6339 stack trace:
[  131.872023][   T25]  __free_frozen_pages+0xbc8/0xd30
[  131.877205][   T25]  __put_partials+0x146/0x170
[  131.881887][   T25]  put_cpu_partial+0x1f2/0x2e0
[  131.886671][   T25]  __slab_free+0x288/0x2a0
[  131.891174][   T25]  qlist_free_all+0x97/0x100
[  131.895766][   T25]  kasan_quarantine_reduce+0x148/0x160
[  131.901385][   T25]  __kasan_slab_alloc+0x22/0x80
[  131.906243][   T25]  kmem_cache_alloc_noprof+0x37d/0x700
[  131.911701][   T25]  getname_flags+0xb8/0x540
[  131.916207][   T25]  do_sys_openat2+0xbc/0x1c0
[  131.920787][   T25]  __x64_sys_openat+0x138/0x170
[  131.925633][   T25]  do_syscall_64+0xfa/0xfa0
[  131.930124][   T25]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.936001][   T25] 
[  131.938303][   T25] Memory state around the buggy address:
[  131.944004][   T25]  ffff88807bb3c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  131.952050][   T25]  ffff88807bb3c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  131.960093][   T25] >ffff88807bb3c900: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[  131.968307][   T25]                                                              ^
[  131.976093][   T25]  ffff88807bb3c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  131.984482][   T25]  ffff88807bb3ca00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  131.992610][   T25] ==================================================================
[  132.007326][   T25] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  132.014666][   T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Not tainted syzkaller #0 PREEMPT(full) 
[  132.023964][   T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  132.034205][   T25] Workqueue: xfs-log/loop0 xlog_ioend_work
[  132.040048][   T25] Call Trace:
[  132.043324][   T25]  <TASK>
[  132.046244][   T25]  dump_stack_lvl+0x99/0x250
[  132.050829][   T25]  ? __asan_memcpy+0x40/0x70
[  132.055407][   T25]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.060600][   T25]  ? __pfx__printk+0x10/0x10
[  132.065185][   T25]  vpanic+0x237/0x6d0
[  132.069166][   T25]  ? __pfx_vpanic+0x10/0x10
[  132.073675][   T25]  ? preempt_schedule+0xae/0xc0
[  132.078531][   T25]  ? __pfx_preempt_schedule+0x10/0x10
[  132.083918][   T25]  panic+0xb9/0xc0
[  132.087647][   T25]  ? __pfx_panic+0x10/0x10
[  132.092049][   T25]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  132.098113][   T25]  ? xlog_cil_committed+0x44e/0x1040
[  132.103557][   T25]  check_panic_on_warn+0x89/0xb0
[  132.108487][   T25]  ? xlog_cil_committed+0x44e/0x1040
[  132.113812][   T25]  end_report+0x6f/0x160
[  132.118048][   T25]  kasan_report+0x129/0x150
[  132.122549][   T25]  ? xlog_cil_committed+0x44e/0x1040
[  132.127909][   T25]  kasan_check_range+0x2b0/0x2c0
[  132.132846][   T25]  xlog_cil_committed+0x44e/0x1040
[  132.138036][   T25]  ? __pfx_xlog_cil_committed+0x10/0x10
[  132.143595][   T25]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.148865][   T25]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  132.154755][   T25]  xlog_cil_process_committed+0x15c/0x1b0
[  132.160552][   T25]  xlog_state_shutdown_callbacks+0x269/0x360
[  132.166784][   T25]  ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10
[  132.173447][   T25]  xlog_force_shutdown+0x332/0x400
[  132.178566][   T25]  xlog_ioend_work+0xaf/0x100
[  132.183346][   T25]  ? process_one_work+0x868/0x15e0
[  132.188629][   T25]  process_one_work+0x93a/0x15e0
[  132.193553][   T25]  ? __lock_acquire+0xab9/0xd20
[  132.198484][   T25]  ? __pfx_process_one_work+0x10/0x10
[  132.203844][   T25]  ? assign_work+0x3a1/0x410
[  132.208428][   T25]  worker_thread+0x9b0/0xee0
[  132.213031][   T25]  kthread+0x711/0x8a0
[  132.217089][   T25]  ? __pfx_worker_thread+0x10/0x10
[  132.222190][   T25]  ? __pfx_kthread+0x10/0x10
[  132.226859][   T25]  ? _raw_spin_unlock_irq+0x23/0x50
[  132.232047][   T25]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.237228][   T25]  ? __pfx_kthread+0x10/0x10
[  132.241806][   T25]  ret_from_fork+0x599/0xb30
[  132.246381][   T25]  ? __pfx_ret_from_fork+0x10/0x10
[  132.251501][   T25]  ? __switch_to_asm+0x39/0x70
[  132.256252][   T25]  ? __switch_to_asm+0x33/0x70
[  132.261022][   T25]  ? __pfx_kthread+0x10/0x10
[  132.265602][   T25]  ret_from_fork_asm+0x1a/0x30
[  132.270353][   T25]  </TASK>
[  132.273502][   T25] Kernel Offset: disabled
[  132.277922][   T25] Rebooting in 86400 seconds..