Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts.
2025/11/10 03:58:43 parsed 1 programs
[ 120.847140][ T6176] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 123.810169][ T6187] chnl_net:caif_netlink_parms(): no params data found
[ 123.888209][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state
[ 123.895630][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state
[ 123.903509][ T6187] bridge_slave_0: entered allmulticast mode
[ 123.910902][ T6187] bridge_slave_0: entered promiscuous mode
[ 123.918631][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state
[ 123.925999][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state
[ 123.933250][ T6187] bridge_slave_1: entered allmulticast mode
[ 123.940323][ T6187] bridge_slave_1: entered promiscuous mode
[ 123.969277][ T6187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 123.982318][ T6187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 124.013985][ T6187] team0: Port device team_slave_0 added
[ 124.021782][ T6187] team0: Port device team_slave_1 added
[ 124.048590][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 124.056365][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 124.082734][ T6187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 124.094740][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 124.102456][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 124.128435][ T6187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 124.169139][ T6187] hsr_slave_0: entered promiscuous mode
[ 124.175685][ T6187] hsr_slave_1: entered promiscuous mode
[ 124.672253][ T6187] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 124.686318][ T6187] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 124.698380][ T6187] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 124.711769][ T6187] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 124.754163][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state
[ 124.761520][ T6187] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 124.769642][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.776888][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 124.802226][ T44] bridge0: port 1(bridge_slave_0) entered disabled state
[ 124.812789][ T44] bridge0: port 2(bridge_slave_1) entered disabled state
[ 124.898054][ T6187] 8021q: adding VLAN 0 to HW filter on device bond0
[ 124.926031][ T6187] 8021q: adding VLAN 0 to HW filter on device team0
[ 124.941845][ T152] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.949046][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 124.977080][ T152] bridge0: port 2(bridge_slave_1) entered blocking state
[ 124.984341][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 125.247022][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 125.304563][ T6187] veth0_vlan: entered promiscuous mode
[ 125.321680][ T6187] veth1_vlan: entered promiscuous mode
[ 125.366785][ T6187] veth0_macvtap: entered promiscuous mode
[ 125.379948][ T6187] veth1_macvtap: entered promiscuous mode
[ 125.407257][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 125.427790][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 125.449534][ T74] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.472928][ T74] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.490195][ T74] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.515744][ T74] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 125.678162][ T44] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 125.741549][ T44] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 125.817609][ T44] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 125.904005][ T44] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.006885][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 126.015975][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 126.024287][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 126.035628][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 126.045176][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 127.603504][ T4125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.612587][ T4125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.659369][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 127.671900][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 127.938347][ T44] bridge_slave_1: left allmulticast mode
[ 127.945030][ T44] bridge_slave_1: left promiscuous mode
[ 127.951345][ T44] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.962039][ T44] bridge_slave_0: left allmulticast mode
[ 127.967685][ T44] bridge_slave_0: left promiscuous mode
[ 127.973817][ T44] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.213870][ T44] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 128.225296][ T44] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 128.235723][ T44] bond0 (unregistering): Released all slaves
[ 128.338711][ T44] hsr_slave_0: left promiscuous mode
[ 128.351945][ T44] hsr_slave_1: left promiscuous mode
[ 128.366792][ T44] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 128.376936][ T44] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 128.390723][ T44] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 128.400276][ T44] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 128.451263][ T44] veth1_macvtap: left promiscuous mode
[ 128.456904][ T44] veth0_macvtap: left promiscuous mode
[ 128.469925][ T44] veth1_vlan: left promiscuous mode
[ 128.475379][ T44] veth0_vlan: left promiscuous mode
[ 128.969456][ T44] team0 (unregistering): Port device team_slave_1 removed
[ 129.015225][ T44] team0 (unregistering): Port device team_slave_0 removed
2025/11/10 03:58:59 executed programs: 0
[ 132.747924][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 132.762204][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 132.773279][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 132.782227][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 132.790054][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 132.958134][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.969873][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.088710][ T6461] chnl_net:caif_netlink_parms(): no params data found
[ 133.215236][ T6461] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.222581][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state
[ 133.229833][ T6461] bridge_slave_0: entered allmulticast mode
[ 133.237769][ T6461] bridge_slave_0: entered promiscuous mode
[ 133.246644][ T6461] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.254031][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state
[ 133.262237][ T6461] bridge_slave_1: entered allmulticast mode
[ 133.269545][ T6461] bridge_slave_1: entered promiscuous mode
[ 133.303706][ T6461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 133.315904][ T6461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 133.354541][ T6461] team0: Port device team_slave_0 added
[ 133.363517][ T6461] team0: Port device team_slave_1 added
[ 133.394441][ T6461] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 133.401533][ T6461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 133.429147][ T6461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 133.443038][ T6461] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 133.450101][ T6461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 133.476791][ T6461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 133.541343][ T6461] hsr_slave_0: entered promiscuous mode
[ 133.548316][ T6461] hsr_slave_1: entered promiscuous mode
[ 134.081318][ T6461] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 134.093550][ T6461] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 134.105772][ T6461] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 134.118152][ T6461] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 134.249144][ T6461] 8021q: adding VLAN 0 to HW filter on device bond0
[ 134.277264][ T6461] 8021q: adding VLAN 0 to HW filter on device team0
[ 134.295118][ T44] bridge0: port 1(bridge_slave_0) entered blocking state
[ 134.302560][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 134.333931][ T44] bridge0: port 2(bridge_slave_1) entered blocking state
[ 134.341582][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 134.610157][ T6461] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 134.675690][ T6461] veth0_vlan: entered promiscuous mode
[ 134.692774][ T6461] veth1_vlan: entered promiscuous mode
[ 134.736115][ T6461] veth0_macvtap: entered promiscuous mode
[ 134.747758][ T6461] veth1_macvtap: entered promiscuous mode
[ 134.777788][ T6461] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 134.797282][ T6461] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 134.814164][ T44] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.824712][ T44] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.846911][ T44] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.857133][ T44] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.871530][ T5847] Bluetooth: hci0: command tx timeout
[ 134.933780][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.948433][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.989382][ T4125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.999671][ T4125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 135.349612][ T6541] loop0: detected capacity change from 0 to 32768
[ 135.358579][ T6541] xfs: Deprecated parameter 'noikeep'
[ 135.365082][ T6541] XFS: noikeep mount option is deprecated.
[ 135.386616][ T6541] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 135.416640][ T6541] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[ 135.440635][ T6541] XFS (loop0): Starting recovery (logdev: internal)
[ 135.464039][ T6541] XFS (loop0): Ending recovery (logdev: internal)
[ 135.512782][ T6541] loop0: detected capacity change from 32768 to 64
[ 135.524551][ T6541] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[ 135.536555][ T6541] XFS (loop0): Unmount and run xfs_repair
[ 135.556157][ T6461] syz-executor: attempt to access beyond end of device
[ 135.556157][ T6461] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[ 135.574402][ T95] XFS (loop0): log I/O error -5
[ 135.579356][ T95] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[ 135.587798][ T95] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[ 135.602768][ T6461] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 135.906634][ T6555] loop0: detected capacity change from 0 to 32768
[ 135.915028][ T6555] xfs: Deprecated parameter 'noikeep'
[ 135.920844][ T6555] XFS: noikeep mount option is deprecated.
[ 135.936731][ T6555] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 135.978043][ T6555] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[ 136.004726][ T6555] XFS (loop0): Starting recovery (logdev: internal)
[ 136.023710][ T6555] XFS (loop0): Ending recovery (logdev: internal)
[ 136.062098][ T6555] loop0: detected capacity change from 32768 to 64
[ 136.070072][ T6555] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[ 136.082794][ T6555] XFS (loop0): Unmount and run xfs_repair
[ 136.107044][ T6461] syz-executor: attempt to access beyond end of device
[ 136.107044][ T6461] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[ 136.121782][ T95] XFS (loop0): log I/O error -5
[ 136.126734][ T95] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[ 136.136038][ T95] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[ 136.147443][ T6461] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 136.443894][ T6565] loop0: detected capacity change from 0 to 32768
[ 136.451989][ T6565] xfs: Deprecated parameter 'noikeep'
[ 136.457485][ T6565] XFS: noikeep mount option is deprecated.
[ 136.468588][ T6565] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 136.504498][ T6565] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[ 136.524226][ T6565] XFS (loop0): Starting recovery (logdev: internal)
[ 136.545574][ T6565] XFS (loop0): Ending recovery (logdev: internal)
[ 136.602894][ T6565] loop0: detected capacity change from 32768 to 64
[ 136.610193][ T6565] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[ 136.623183][ T6565] XFS (loop0): Unmount and run xfs_repair
[ 136.638699][ T6461] syz-executor: attempt to access beyond end of device
[ 136.638699][ T6461] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[ 136.655238][ T56] XFS (loop0): log I/O error -5
[ 136.660180][ T56] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[ 136.668438][ T56] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[ 136.677910][ T6461] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 136.950475][ T5847] Bluetooth: hci0: command tx timeout
[ 136.968109][ T6575] loop0: detected capacity change from 0 to 32768
[ 136.975670][ T6575] xfs: Deprecated parameter 'noikeep'
[ 136.981997][ T6575] XFS: noikeep mount option is deprecated.
[ 137.017218][ T6575] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 137.058753][ T6575] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[ 137.077606][ T6575] XFS (loop0): Starting recovery (logdev: internal)
[ 137.093499][ T6575] XFS (loop0): Ending recovery (logdev: internal)
[ 137.159209][ T6584] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[ 137.171527][ T6584] XFS (loop0): Unmount and run xfs_repair
[ 137.171539][ T6575] loop0: detected capacity change from 32768 to 64
[ 137.198882][ T6461] syz-executor: attempt to access beyond end of device
[ 137.198882][ T6461] loop0: rw=432129, sector=96, nr_sectors = 16 limit=64
[ 137.213342][ T56] XFS (loop0): log I/O error -5
[ 137.215008][ T794] kworker/1:2: attempt to access beyond end of device
[ 137.215008][ T794] loop0: rw=432129, sector=112, nr_sectors = 16 limit=64
[ 137.218411][ T56] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[ 137.235646][ T95] XFS (loop0): log I/O error -5
[ 137.242281][ T56] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[ 137.254567][ T56] ==================================================================
[ 137.262708][ T56] BUG: KASAN: slab-use-after-free in xlog_cil_committed+0x45e/0x1040
[ 137.270760][ T56] Write of size 8 at addr ffff88806aff0ac0 by task kworker/0:1H/56
[ 137.278821][ T56]
[ 137.281154][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(full)
[ 137.281168][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 137.281176][ T56] Workqueue: xfs-log/loop0 xlog_ioend_work
[ 137.281199][ T56] Call Trace:
[ 137.281205][ T56]
[ 137.281211][ T56] dump_stack_lvl+0x189/0x250
[ 137.281226][ T56] ? rcu_is_watching+0x15/0xb0
[ 137.281239][ T56] ? __kasan_check_byte+0x12/0x40
[ 137.281250][ T56] ? __pfx_dump_stack_lvl+0x10/0x10
[ 137.281262][ T56] ? rcu_is_watching+0x15/0xb0
[ 137.281274][ T56] ? lock_release+0x4b/0x3e0
[ 137.281286][ T56] ? __virt_addr_valid+0x1c8/0x5c0
[ 137.281295][ T56] ? __virt_addr_valid+0x4a5/0x5c0
[ 137.281304][ T56] print_report+0xca/0x240
[ 137.281316][ T56] ? xlog_cil_committed+0x45e/0x1040
[ 137.281325][ T56] kasan_report+0x118/0x150
[ 137.281335][ T56] ? xlog_cil_committed+0x45e/0x1040
[ 137.281346][ T56] kasan_check_range+0x2b0/0x2c0
[ 137.281357][ T56] xlog_cil_committed+0x45e/0x1040
[ 137.281376][ T56] ? __pfx_xlog_cil_committed+0x10/0x10
[ 137.281391][ T56] ? lockdep_hardirqs_on+0x9c/0x150
[ 137.281404][ T56] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 137.281418][ T56] xlog_cil_process_committed+0x15c/0x1b0
[ 137.281429][ T56] xlog_state_shutdown_callbacks+0x269/0x360
[ 137.281445][ T56] ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10
[ 137.281460][ T56] xlog_force_shutdown+0x332/0x400
[ 137.281474][ T56] xlog_ioend_work+0xaf/0x100
[ 137.281483][ T56] ? process_one_work+0x868/0x15d0
[ 137.281494][ T56] process_one_work+0x94a/0x15d0
[ 137.281504][ T56] ? __lock_acquire+0xab9/0xd20
[ 137.281518][ T56] ? __pfx_process_one_work+0x10/0x10
[ 137.281530][ T56] ? assign_work+0x3a1/0x410
[ 137.281556][ T56] worker_thread+0x9b0/0xee0
[ 137.281575][ T56] kthread+0x711/0x8a0
[ 137.281584][ T56] ? __pfx_worker_thread+0x10/0x10
[ 137.281595][ T56] ? __pfx_kthread+0x10/0x10
[ 137.281607][ T56] ? _raw_spin_unlock_irq+0x23/0x50
[ 137.281617][ T56] ? lockdep_hardirqs_on+0x9c/0x150
[ 137.281628][ T56] ? __pfx_kthread+0x10/0x10
[ 137.281636][ T56] ret_from_fork+0x599/0xb30
[ 137.281648][ T56] ? __pfx_ret_from_fork+0x10/0x10
[ 137.281661][ T56] ? __switch_to_asm+0x39/0x70
[ 137.281669][ T56] ? __switch_to_asm+0x33/0x70
[ 137.281677][ T56] ? __pfx_kthread+0x10/0x10
[ 137.281685][ T56] ret_from_fork_asm+0x1a/0x30
[ 137.281698][ T56]
[ 137.281701][ T56]
[ 137.520853][ T56] Allocated by task 6575:
[ 137.525158][ T56] kasan_save_track+0x3e/0x80
[ 137.529816][ T56] __kasan_slab_alloc+0x6c/0x80
[ 137.534648][ T56] kmem_cache_alloc_noprof+0x37d/0x700
[ 137.540118][ T56] xfs_buf_item_init+0x66/0x670
[ 137.544948][ T56] _xfs_trans_bjoin+0x46/0x110
[ 137.549708][ T56] xfs_trans_read_buf_map+0x28f/0x8e0
[ 137.555094][ T56] xfs_btree_read_buf_block+0x290/0x470
[ 137.560807][ T56] xfs_btree_lookup_get_block+0x28d/0x500
[ 137.566578][ T56] xfs_btree_lookup+0x4e1/0x1410
[ 137.571515][ T56] xfs_alloc_fixup_trees+0x21b/0xd20
[ 137.576792][ T56] xfs_alloc_cur_finish+0xd3/0x4b0
[ 137.581886][ T56] xfs_alloc_ag_vextent_near+0xd1a/0x1230
[ 137.587978][ T56] xfs_alloc_vextent_iterate_ags+0x640/0x940
[ 137.594310][ T56] xfs_alloc_vextent_start_ag+0x388/0x850
[ 137.600049][ T56] xfs_bmapi_allocate+0x188e/0x2e00
[ 137.605273][ T56] xfs_bmapi_write+0x7df/0x1260
[ 137.610119][ T56] xfs_da_grow_inode_int+0x298/0x860
[ 137.615521][ T56] xfs_da_grow_inode+0x16d/0x390
[ 137.620460][ T56] xfs_attr_shortform_to_leaf+0x273/0x860
[ 137.626172][ T56] xfs_attr_set_iter+0xd30/0x4b70
[ 137.631214][ T56] xfs_attr_finish_item+0xed/0x320
[ 137.636311][ T56] xfs_defer_finish_one+0x5c8/0xcf0
[ 137.641595][ T56] xfs_defer_finish_noroll+0x910/0x12d0
[ 137.647119][ T56] xfs_trans_commit+0x10b/0x1c0
[ 137.652045][ T56] xfs_attr_set+0xdc6/0x1210
[ 137.657331][ T56] xfs_xattr_set+0x14d/0x250
[ 137.663493][ T56] __vfs_setxattr+0x43c/0x480
[ 137.668468][ T56] __vfs_setxattr_noperm+0x12d/0x660
[ 137.673928][ T56] vfs_setxattr+0x16b/0x2f0
[ 137.678516][ T56] filename_setxattr+0x274/0x600
[ 137.683653][ T56] path_setxattrat+0x364/0x3a0
[ 137.688414][ T56] __x64_sys_setxattr+0xbc/0xe0
[ 137.693255][ T56] do_syscall_64+0xfa/0xfa0
[ 137.697939][ T56] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.703910][ T56]
[ 137.706229][ T56] Freed by task 794:
[ 137.710197][ T56] kasan_save_track+0x3e/0x80
[ 137.715056][ T56] kasan_save_free_info+0x46/0x50
[ 137.720088][ T56] __kasan_slab_free+0x5c/0x80
[ 137.724870][ T56] kmem_cache_free+0x19b/0x690
[ 137.729628][ T56] __xfs_buf_ioend+0x29c/0x6f0
[ 137.734382][ T56] xfs_buf_iowait+0x167/0x480
[ 137.739130][ T56] xfs_buf_read_map+0x335/0xa50
[ 137.744069][ T56] xfs_trans_read_buf_map+0x1d7/0x8e0
[ 137.749430][ T56] xfs_btree_read_buf_block+0x290/0x470
[ 137.754977][ T56] xfs_btree_lookup_get_block+0x28d/0x500
[ 137.760703][ T56] xfs_btree_lookup+0x4e1/0x1410
[ 137.765635][ T56] xfs_free_ag_extent+0x25d/0x1760
[ 137.770748][ T56] __xfs_free_extent+0x2f1/0x470
[ 137.775779][ T56] xfs_extent_free_finish_item+0x28b/0x670
[ 137.781681][ T56] xfs_defer_finish_one+0x5c8/0xcf0
[ 137.787008][ T56] xfs_defer_finish_noroll+0x910/0x12d0
[ 137.792562][ T56] xfs_defer_finish+0x1c/0x180
[ 137.797402][ T56] xfs_bunmapi_range+0xc4/0x140
[ 137.802328][ T56] xfs_itruncate_extents_flags+0x306/0x990
[ 137.808224][ T56] xfs_inactive_truncate+0x125/0x1b0
[ 137.813627][ T56] xfs_inactive+0x949/0xcd0
[ 137.818119][ T56] xfs_inodegc_worker+0x31b/0x7c0
[ 137.823132][ T56] process_one_work+0x94a/0x15d0
[ 137.828082][ T56] worker_thread+0x9b0/0xee0
[ 137.832769][ T56] kthread+0x711/0x8a0
[ 137.836904][ T56] ret_from_fork+0x599/0xb30
[ 137.841471][ T56] ret_from_fork_asm+0x1a/0x30
[ 137.846326][ T56]
[ 137.848631][ T56] The buggy address belongs to the object at ffff88806aff0a80
[ 137.848631][ T56] which belongs to the cache xfs_buf_item of size 272
[ 137.863184][ T56] The buggy address is located 64 bytes inside of
[ 137.863184][ T56] freed 272-byte region [ffff88806aff0a80, ffff88806aff0b90)
[ 137.877040][ T56]
[ 137.879396][ T56] The buggy address belongs to the physical page:
[ 137.885896][ T56] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6aff0
[ 137.894739][ T56] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 137.902007][ T56] page_type: f5(slab)
[ 137.906002][ T56] raw: 00fff00000000000 ffff888144eea3c0 dead000000000122 0000000000000000
[ 137.914744][ T56] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[ 137.923326][ T56] page dumped because: kasan: bad access detected
[ 137.929818][ T56] page_owner tracks the page as allocated
[ 137.935601][ T56] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6565, tgid 6564 (syz.0.19), ts 136557572930, free_ts 136554432569
[ 137.954760][ T56] post_alloc_hook+0x240/0x2a0
[ 137.959515][ T56] get_page_from_freelist+0x2365/0x2440
[ 137.965044][ T56] __alloc_frozen_pages_noprof+0x181/0x370
[ 137.970835][ T56] alloc_pages_mpol+0x232/0x4a0
[ 137.975670][ T56] allocate_slab+0x96/0x350
[ 137.980171][ T56] ___slab_alloc+0xf56/0x1990
[ 137.984913][ T56] __slab_alloc+0x65/0x100
[ 137.989404][ T56] kmem_cache_alloc_noprof+0x40f/0x700
[ 137.994853][ T56] xfs_buf_item_init+0x66/0x670
[ 137.999727][ T56] _xfs_trans_bjoin+0x46/0x110
[ 138.004473][ T56] xfs_trans_read_buf_map+0x28f/0x8e0
[ 138.009918][ T56] xfs_btree_read_buf_block+0x290/0x470
[ 138.015451][ T56] xfs_btree_lookup_get_block+0x28d/0x500
[ 138.021213][ T56] xfs_btree_lookup+0x4e1/0x1410
[ 138.026160][ T56] xfs_alloc_ag_vextent_near+0x447/0x1230
[ 138.031964][ T56] xfs_alloc_vextent_iterate_ags+0x640/0x940
[ 138.038027][ T56] page last free pid 6565 tgid 6564 stack trace:
[ 138.044330][ T56] __free_frozen_pages+0xbc8/0xd30
[ 138.049435][ T56] __folio_put+0x21b/0x2c0
[ 138.053940][ T56] xfs_buf_free+0x2f3/0x5c0
[ 138.058519][ T56] xfs_buf_rele+0xe1b/0xfe0
[ 138.063017][ T56] xfs_buftarg_drain+0x47b/0x5f0
[ 138.068046][ T56] xfs_log_mount_finish+0x353/0x3b0
[ 138.073333][ T56] xfs_mountfs+0x18b6/0x22c0
[ 138.079941][ T56] xfs_fs_fill_super+0x11f1/0x1640
[ 138.085397][ T56] get_tree_bdev_flags+0x40e/0x4d0
[ 138.090495][ T56] vfs_get_tree+0x92/0x2b0
[ 138.094900][ T56] do_new_mount+0x302/0xa10
[ 138.099470][ T56] __se_sys_mount+0x313/0x410
[ 138.104224][ T56] do_syscall_64+0xfa/0xfa0
[ 138.108711][ T56] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 138.114784][ T56]
[ 138.117096][ T56] Memory state around the buggy address:
[ 138.122751][ T56] ffff88806aff0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.130805][ T56] ffff88806aff0a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 138.138865][ T56] >ffff88806aff0a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.146920][ T56] ^
[ 138.153162][ T56] ffff88806aff0b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.161321][ T56] ffff88806aff0b80: fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00
[ 138.169640][ T56] ==================================================================
[ 138.185295][ T56] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 138.192619][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(full)
[ 138.201912][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 138.212062][ T56] Workqueue: xfs-log/loop0 xlog_ioend_work
[ 138.217884][ T56] Call Trace:
[ 138.221159][ T56]
[ 138.224111][ T56] dump_stack_lvl+0x99/0x250
[ 138.228865][ T56] ? __asan_memcpy+0x40/0x70
[ 138.233475][ T56] ? __pfx_dump_stack_lvl+0x10/0x10
[ 138.238839][ T56] ? __pfx__printk+0x10/0x10
[ 138.243510][ T56] vpanic+0x237/0x6d0
[ 138.247505][ T56] ? __pfx_vpanic+0x10/0x10
[ 138.252077][ T56] ? preempt_schedule+0xae/0xc0
[ 138.256978][ T56] ? __pfx_preempt_schedule+0x10/0x10
[ 138.262361][ T56] panic+0xb9/0xc0
[ 138.266425][ T56] ? __pfx_panic+0x10/0x10
[ 138.270935][ T56] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 138.276815][ T56] ? xlog_cil_committed+0x45e/0x1040
[ 138.282170][ T56] check_panic_on_warn+0x89/0xb0
[ 138.287101][ T56] ? xlog_cil_committed+0x45e/0x1040
[ 138.292370][ T56] end_report+0x78/0x160
[ 138.296600][ T56] kasan_report+0x129/0x150
[ 138.301186][ T56] ? xlog_cil_committed+0x45e/0x1040
[ 138.306460][ T56] kasan_check_range+0x2b0/0x2c0
[ 138.311396][ T56] xlog_cil_committed+0x45e/0x1040
[ 138.316501][ T56] ? __pfx_xlog_cil_committed+0x10/0x10
[ 138.322057][ T56] ? lockdep_hardirqs_on+0x9c/0x150
[ 138.327247][ T56] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 138.333136][ T56] xlog_cil_process_committed+0x15c/0x1b0
[ 138.338840][ T56] xlog_state_shutdown_callbacks+0x269/0x360
[ 138.344814][ T56] ? __pfx_xlog_state_shutdown_callbacks+0x10/0x10
[ 138.351308][ T56] xlog_force_shutdown+0x332/0x400
[ 138.356425][ T56] xlog_ioend_work+0xaf/0x100
[ 138.361123][ T56] ? process_one_work+0x868/0x15d0
[ 138.366264][ T56] process_one_work+0x94a/0x15d0
[ 138.371214][ T56] ? __lock_acquire+0xab9/0xd20
[ 138.376065][ T56] ? __pfx_process_one_work+0x10/0x10
[ 138.381440][ T56] ? assign_work+0x3a1/0x410
[ 138.386022][ T56] worker_thread+0x9b0/0xee0
[ 138.390615][ T56] kthread+0x711/0x8a0
[ 138.394682][ T56] ? __pfx_worker_thread+0x10/0x10
[ 138.399799][ T56] ? __pfx_kthread+0x10/0x10
[ 138.404372][ T56] ? _raw_spin_unlock_irq+0x23/0x50
[ 138.409562][ T56] ? lockdep_hardirqs_on+0x9c/0x150
[ 138.414760][ T56] ? __pfx_kthread+0x10/0x10
[ 138.419339][ T56] ret_from_fork+0x599/0xb30
[ 138.423932][ T56] ? __pfx_ret_from_fork+0x10/0x10
[ 138.429144][ T56] ? __switch_to_asm+0x39/0x70
[ 138.433898][ T56] ? __switch_to_asm+0x33/0x70
[ 138.438678][ T56] ? __pfx_kthread+0x10/0x10
[ 138.443277][ T56] ret_from_fork_asm+0x1a/0x30
[ 138.448123][ T56]
[ 138.451442][ T56] Kernel Offset: disabled
[ 138.455936][ T56] Rebooting in 86400 seconds..