Warning: Permanently added '10.128.1.48' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs syzkaller login: [ 32.224838][ T4337] cgroup: Unknown subsys name 'net' [ 32.433042][ T4337] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.725836][ T4337] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 37.087318][ T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.088673][ T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.098361][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.107614][ T1594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.108871][ T1594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.110359][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.991279][ T4395] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 37.993177][ T4395] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 37.994478][ T4395] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 37.996147][ T4395] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 37.997439][ T4395] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 37.998691][ T4395] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 38.139681][ T4410] chnl_net:caif_netlink_parms(): no params data found [ 38.157147][ T4410] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.158381][ T4410] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.160060][ T4410] device bridge_slave_0 entered promiscuous mode [ 38.163129][ T4410] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.164341][ T4410] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.165909][ T4410] device bridge_slave_1 entered promiscuous mode [ 38.176621][ T4410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.179621][ T4410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.186262][ T4410] team0: Port device team_slave_0 added [ 38.187832][ T4410] team0: Port device team_slave_1 added [ 38.193407][ T4410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.194558][ T4410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.198827][ T4410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.202138][ T4410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.203262][ T4410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.207358][ T4410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.272467][ T4410] device hsr_slave_0 entered promiscuous mode [ 38.310713][ T4410] device hsr_slave_1 entered promiscuous mode [ 38.374562][ T4410] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.409773][ T4410] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.460195][ T4410] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.511956][ T4410] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.565748][ T4410] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.567108][ T4410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.568650][ T4410] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.569787][ T4410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.587191][ T4410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.591858][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.594077][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.595838][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.601912][ T4410] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.612785][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.614762][ T1594] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.615817][ T1594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.618793][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.620363][ T1594] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.621652][ T1594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.628174][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.629822][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.633151][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.636168][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.638776][ T1594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.642371][ T4410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 38.711634][ T4410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.713272][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 38.714695][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 38.721628][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.727605][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.729399][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.731750][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.734146][ T4410] device veth0_vlan entered promiscuous mode [ 38.737247][ T4410] device veth1_vlan entered promiscuous mode [ 38.749883][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 38.751854][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 38.753328][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.755861][ T4410] device veth0_macvtap entered promiscuous mode [ 38.758872][ T4410] device veth1_macvtap entered promiscuous mode [ 38.765940][ T4410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.767213][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.769330][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 38.772606][ T4410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.773952][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.776663][ T4410] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.778127][ T4410] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.779630][ T4410] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.781913][ T4410] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:39 executed programs: 0 [ 39.792940][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.794612][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.795949][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.797639][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.799041][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.800252][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.193846][ T4442] chnl_net:caif_netlink_parms(): no params data found [ 40.209420][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.215174][ T4442] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.217313][ T4442] device bridge_slave_0 entered promiscuous mode [ 40.230973][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.232247][ T4442] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.234059][ T4442] device bridge_slave_1 entered promiscuous mode [ 40.242664][ T4442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.245220][ T4442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.258354][ T4442] team0: Port device team_slave_0 added [ 40.261274][ T4442] team0: Port device team_slave_1 added [ 40.267420][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.268586][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.274717][ T4442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.281702][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.282864][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.286803][ T4442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.581514][ T4442] device hsr_slave_0 entered promiscuous mode [ 40.620588][ T4442] device hsr_slave_1 entered promiscuous mode [ 40.670483][ T4442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.671826][ T4442] Cannot create hsr debugfs directory [ 40.721821][ T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.850842][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 43.431551][ T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.940497][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 44.372044][ T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.472237][ T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.489710][ T4442] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.633159][ T4442] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.714031][ T4442] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.761672][ T4442] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.883627][ T4442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.887022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.888483][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.891545][ T4442] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.894007][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.895648][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.897054][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.898179][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.899789][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.936935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.938592][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.940103][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.941333][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.945444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.948188][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.950933][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.952971][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.954603][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.957037][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.958636][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.961172][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.962775][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.965480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.966998][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.969315][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.010519][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 46.048219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.049586][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.053295][ T4442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.058606][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.060182][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.098517][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.100162][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.102813][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.104200][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.106910][ T4442] device veth0_vlan entered promiscuous mode [ 46.110032][ T4442] device veth1_vlan entered promiscuous mode [ 46.116458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.117904][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.119362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.121102][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.123638][ T4442] device veth0_macvtap entered promiscuous mode [ 46.125940][ T4442] device veth1_macvtap entered promiscuous mode [ 46.131373][ T4442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.133030][ T4442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.135228][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.136492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.138140][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.139563][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.141609][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.145830][ T39] device hsr_slave_0 left promiscuous mode [ 46.171135][ T39] device hsr_slave_1 left promiscuous mode [ 46.260514][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.261767][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.263548][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.264640][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.266157][ T39] device bridge_slave_1 left promiscuous mode [ 46.267449][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.301235][ T39] device bridge_slave_0 left promiscuous mode [ 46.302310][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.420621][ T39] device veth1_macvtap left promiscuous mode [ 46.421693][ T39] device veth0_macvtap left promiscuous mode [ 46.422756][ T39] device veth1_vlan left promiscuous mode [ 46.423773][ T39] device veth0_vlan left promiscuous mode [ 48.090453][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 48.562431][ T39] team0 (unregistering): Port device team_slave_1 removed [ 48.721698][ T39] team0 (unregistering): Port device team_slave_0 removed [ 48.880829][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 49.101042][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 50.701292][ T39] bond0 (unregistering): Released all slaves [ 51.015402][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.020093][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.022272][ T4451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.024816][ T4442] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.026308][ T4442] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.027895][ T4442] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.029343][ T4442] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.056791][ T4353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.058023][ T4353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.060181][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 51.067955][ T4353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.069222][ T4353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.073326][ T235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:00:51 executed programs: 2 [ 51.224452][ T4533] loop0: detected capacity change from 0 to 32768 [ 51.229036][ T4533] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 51.230873][ T4533] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 51.241700][ T4533] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 51.243855][ T4404] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 51.245024][ T4404] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 51.251229][ T4404] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 6ms [ 51.253968][ T4404] gfs2: fsid=syz:syz.0: jid=0: Done [ 51.255005][ T4533] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 51.287396][ T4533] gfs2: fsid=syz:syz.0: found 1 quota changes [ 51.294721][ T4442] ------------[ cut here ]------------ [ 51.295707][ T4442] WARNING: CPU: 0 PID: 4442 at include/linux/backing-dev.h:247 __folio_mark_dirty+0x8a0/0xcd8 [ 51.297406][ T4442] Modules linked in: [ 51.297996][ T4442] CPU: 0 PID: 4442 Comm: syz-executor Not tainted syzkaller #0 [ 51.299266][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.300892][ T4442] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.302177][ T4442] pc : __folio_mark_dirty+0x8a0/0xcd8 [ 51.303050][ T4442] lr : __folio_mark_dirty+0x8a0/0xcd8 [ 51.303921][ T4442] sp : ffff800020a976e0 [ 51.304605][ T4442] x29: ffff800020a97700 x28: 1fffff80006f6510 x27: dfff800000000000 [ 51.306009][ T4442] x26: 0000000000000000 x25: ffff0000c049c990 x24: 0000000000000001 [ 51.307358][ T4442] x23: 0000000000000000 x22: fffffc00037b2888 x21: 1fffe00018093932 [ 51.308758][ T4442] x20: ffff0000d89902a0 x19: fffffc00037b2880 x18: ffff800011b9bf60 [ 51.310060][ T4442] x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000 [ 51.311365][ T4442] x14: 0000000000000001 x13: 1fffe00018093932 x12: 0000000000ff0100 [ 51.312679][ T4442] x11: ff0080000870a214 x10: 0000000000000000 x9 : ffff80000870a214 [ 51.314048][ T4442] x8 : ffff0000cfb9b780 x7 : 0000000000000000 x6 : 0000000000000000 [ 51.315438][ T4442] x5 : ffff80001851dcc8 x4 : 0000000000000008 x3 : ffff800008a58ba4 [ 51.316833][ T4442] x2 : ffff0000cf2d8060 x1 : 0000000000000000 x0 : 0000000000000000 [ 51.318133][ T4442] Call trace: [ 51.318696][ T4442] __folio_mark_dirty+0x8a0/0xcd8 [ 51.319570][ T4442] mark_buffer_dirty+0x2b8/0x5c0 [ 51.320399][ T4442] gfs2_unpin+0x120/0x8fc [ 51.321174][ T4442] buf_lo_after_commit+0x140/0x188 [ 51.322072][ T4442] gfs2_log_flush+0xc00/0x1b20 [ 51.322866][ T4442] gfs2_kill_sb+0x5c/0xd4 [ 51.323628][ T4442] deactivate_locked_super+0xac/0x120 [ 51.324500][ T4442] deactivate_super+0xe4/0x104 [ 51.325291][ T4442] cleanup_mnt+0x390/0x418 [ 51.326021][ T4442] __cleanup_mnt+0x20/0x30 [ 51.326716][ T4442] task_work_run+0x1ec/0x278 [ 51.327430][ T4442] do_notify_resume+0x1fa0/0x2aa4 [ 51.328258][ T4442] el0_svc+0x98/0x128 [ 51.328917][ T4442] el0t_64_sync_handler+0x84/0xf0 [ 51.329728][ T4442] el0t_64_sync+0x18c/0x190 [ 51.330448][ T4442] irq event stamp: 158518 [ 51.331146][ T4442] hardirqs last enabled at (158517): [] folio_memcg_lock+0xe8/0x1f4 [ 51.332718][ T4442] hardirqs last disabled at (158518): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 51.334359][ T4442] softirqs last enabled at (158384): [] local_bh_enable+0x10/0x34 [ 51.335912][ T4442] softirqs last disabled at (158382): [] local_bh_disable+0x10/0x34 [ 51.337470][ T4442] ---[ end trace 0000000000000000 ]--- [ 51.340864][ T4442] ------------[ cut here ]------------ [ 51.341708][ T4442] WARNING: CPU: 0 PID: 4442 at include/linux/backing-dev.h:247 __folio_start_writeback+0x88c/0xa7c [ 51.343222][ T4442] Modules linked in: [ 51.343783][ T4442] CPU: 0 PID: 4442 Comm: syz-executor Tainted: G W syzkaller #0 [ 51.345152][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.346642][ T4442] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.347817][ T4442] pc : __folio_start_writeback+0x88c/0xa7c [ 51.348723][ T4442] lr : __folio_start_writeback+0x88c/0xa7c [ 51.349655][ T4442] sp : ffff800020a97180 [ 51.350301][ T4442] x29: ffff800020a97260 x28: dfff800000000000 x27: 0000000000000000 [ 51.351577][ T4442] x26: ffff700004152e38 x25: 0000000000000000 x24: ffff0000d89902a0 [ 51.352864][ T4442] x23: ffff800020a971e0 x22: ffff0000c049c7e8 x21: 0000000000000001 [ 51.354160][ T4442] x20: fffffc00037b2888 x19: fffffc00037b2880 x18: ffff800011b9bf60 [ 51.355394][ T4442] x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: 0000000000000000 [ 51.356670][ T4442] x14: 0000000000000001 x13: 1fffff80006f6510 x12: 0000000000ff0100 [ 51.357982][ T4442] x11: ff0080000870c720 x10: 0000000000000000 x9 : ffff80000870c720 [ 51.359265][ T4442] x8 : ffff0000cfb9b780 x7 : ffff80000870c18c x6 : 0000000000000000 [ 51.360641][ T4442] x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000870c1cc [ 51.362014][ T4442] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000 [ 51.363366][ T4442] Call trace: [ 51.363909][ T4442] __folio_start_writeback+0x88c/0xa7c [ 51.364765][ T4442] set_page_writeback+0x5c/0x7c [ 51.365537][ T4442] gfs2_aspace_writepage+0x514/0x6dc [ 51.366388][ T4442] __gfs2_writepage+0x70/0x184 [ 51.367139][ T4442] write_cache_pages+0x74c/0xde8 [ 51.367939][ T4442] gfs2_ail1_flush+0x7c4/0xa14 [ 51.368719][ T4442] empty_ail1_list+0x130/0x214 [ 51.369506][ T4442] gfs2_log_flush+0x12b4/0x1b20 [ 51.370270][ T4442] gfs2_kill_sb+0x5c/0xd4 [ 51.370926][ T4442] deactivate_locked_super+0xac/0x120 [ 51.371733][ T4442] deactivate_super+0xe4/0x104 [ 51.372421][ T4442] cleanup_mnt+0x390/0x418 [ 51.373053][ T4442] __cleanup_mnt+0x20/0x30 [ 51.373710][ T4442] task_work_run+0x1ec/0x278 [ 51.374408][ T4442] do_notify_resume+0x1fa0/0x2aa4 [ 51.375156][ T4442] el0_svc+0x98/0x128 [ 51.375763][ T4442] el0t_64_sync_handler+0x84/0xf0 [ 51.376519][ T4442] el0t_64_sync+0x18c/0x190 [ 51.377198][ T4442] irq event stamp: 158696 [ 51.377847][ T4442] hardirqs last enabled at (158695): [] folio_memcg_lock+0xe8/0x1f4 [ 51.379294][ T4442] hardirqs last disabled at (158696): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 51.380936][ T4442] softirqs last enabled at (158686): [] handle_softirqs+0xaec/0xc60 [ 51.382443][ T4442] softirqs last disabled at (158521): [] __do_softirq+0x14/0x20 [ 51.383856][ T4442] ---[ end trace 0000000000000000 ]--- [ 51.386617][ C0] ------------[ cut here ]------------ [ 51.387558][ C0] WARNING: CPU: 0 PID: 15 at include/linux/backing-dev.h:247 __folio_end_writeback+0x7d0/0x9cc [ 51.389203][ C0] Modules linked in: [ 51.389812][ C0] CPU: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G W syzkaller #0 [ 51.391180][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 51.392854][ C0] pstate: 424000c5 (nZcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.394124][ C0] pc : __folio_end_writeback+0x7d0/0x9cc [ 51.395059][ C0] lr : __folio_end_writeback+0x7d0/0x9cc [ 51.395961][ C0] sp : ffff80001ca27970 [ 51.396625][ C0] x29: ffff80001ca27990 x28: dfff800000000000 x27: ffff0000c049c7e8 [ 51.397872][ C0] x26: 0000000000000000 x25: 05ffd20000002052 x24: 1fffff80006f6510 [ 51.399115][ C0] x23: 0000000000000001 x22: ffff0000d89902a0 x21: ffff0000d89902a8 [ 51.400458][ C0] x20: 0000000000000001 x19: fffffc00037b2880 x18: ffff800011b9bf60 [ 51.401786][ C0] x17: 1fffe00033ea637e x16: ffff8000082d7ed4 x15: 0000000000000000 [ 51.403114][ C0] x14: 0000000000000003 x13: 1ffff00003944f20 x12: 0000000000ff0100 [ 51.404436][ C0] x11: ff0080000870bc98 x10: 0000000000000000 x9 : ffff80000870bc98 [ 51.405741][ C0] x8 : ffff0000c09b3780 x7 : 0000000000000000 x6 : 0000000000000000 [ 51.407095][ C0] x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000010 [ 51.408443][ C0] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 [ 51.409742][ C0] Call trace: [ 51.410271][ C0] __folio_end_writeback+0x7d0/0x9cc [ 51.411135][ C0] folio_end_writeback+0x12c/0x410 [ 51.412015][ C0] end_page_writeback+0x58/0x74 [ 51.412794][ C0] end_buffer_async_write+0x32c/0x4f4 [ 51.413655][ C0] end_bio_bh_io_sync+0xb0/0x1dc [ 51.414428][ C0] bio_endio+0x750/0x794 [ 51.415133][ C0] blk_update_request+0x49c/0xbec [ 51.415941][ C0] blk_mq_end_request+0x54/0x88 [ 51.416729][ C0] lo_complete_rq+0x1ec/0x250 [ 51.417511][ C0] blk_done_softirq+0x11c/0x168 [ 51.418312][ C0] handle_softirqs+0x318/0xc60 [ 51.419085][ C0] run_ksoftirqd+0x7c/0x2ac [ 51.419801][ C0] smpboot_thread_fn+0x4b0/0x964 [ 51.420602][ C0] kthread+0x250/0x2d8 [ 51.421278][ C0] ret_from_fork+0x10/0x20 [ 51.422017][ C0] irq event stamp: 404079 [ 51.422718][ C0] hardirqs last enabled at (404078): [] folio_memcg_lock+0xe8/0x1f4 [ 51.424240][ C0] hardirqs last disabled at (404079): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 51.425873][ C0] softirqs last enabled at (404068): [] handle_softirqs+0xaec/0xc60 [ 51.427436][ C0] softirqs last disabled at (404073): [] run_ksoftirqd+0x7c/0x2ac [ 51.429088][ C0] ---[ end trace 0000000000000000 ]--- [ 51.434310][ T4442] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 51.434310][ T4442] inode = 11 2339 [ 51.434310][ T4442] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464 [ 51.437411][ T4442] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 51.438874][ T4442] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:4442 [syz-executor] gfs2_quota_sync+0x2cc/0x500 [ 51.440622][ T4442] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 51.441970][ T4442] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 56.493727][ T4442] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 56.495086][ T4442] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 56.497571][ T4442] gfs2: fsid=syz:syz.0: File system withdrawn [ 56.498463][ T4442] CPU: 0 PID: 4442 Comm: syz-executor Tainted: G W syzkaller #0 [ 56.499833][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 56.501377][ T4442] Call trace: [ 56.501888][ T4442] dump_backtrace+0x1c0/0x1ec [ 56.502635][ T4442] show_stack+0x2c/0x3c [ 56.503285][ T4442] __dump_stack+0x30/0x40 [ 56.503945][ T4442] dump_stack_lvl+0xf4/0x15c [ 56.504630][ T4442] dump_stack+0x1c/0x5c [ 56.505291][ T4442] gfs2_withdraw+0x9ec/0x127c [ 56.506033][ T4442] gfs2_consist_inode_i+0xf0/0x10c [ 56.506812][ T4442] gfs2_inode_refresh+0x918/0xd64 [ 56.507659][ T4442] inode_go_instantiate+0x4c/0x68 [ 56.508477][ T4442] gfs2_instantiate+0x178/0x2b4 [ 56.509274][ T4442] gfs2_glock_wait+0x1b4/0x298 [ 56.510103][ T4442] gfs2_glock_nq+0x8bc/0x11c4 [ 56.510919][ T4442] do_sync+0x41c/0xaec [ 56.511638][ T4442] gfs2_quota_sync+0x2cc/0x500 [ 56.512407][ T4442] gfs2_sync_fs+0x4c/0xc4 [ 56.513089][ T4442] sync_filesystem+0xe8/0x218 [ 56.513917][ T4442] generic_shutdown_super+0x70/0x324 [ 56.514820][ T4442] kill_block_super+0x70/0xdc [ 56.515620][ T4442] gfs2_kill_sb+0xc0/0xd4 [ 56.516346][ T4442] deactivate_locked_super+0xac/0x120 [ 56.517258][ T4442] deactivate_super+0xe4/0x104 [ 56.518032][ T4442] cleanup_mnt+0x390/0x418 [ 56.518780][ T4442] __cleanup_mnt+0x20/0x30 [ 56.519478][ T4442] task_work_run+0x1ec/0x278 [ 56.520257][ T4442] do_notify_resume+0x1fa0/0x2aa4 [ 56.521130][ T4442] el0_svc+0x98/0x128 [ 56.521831][ T4442] el0t_64_sync_handler+0x84/0xf0 [ 56.522712][ T4442] el0t_64_sync+0x18c/0x190 [ 56.525130][ T4442] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 56.527309][ T4442] CPU: 0 PID: 4442 Comm: syz-executor Tainted: G W syzkaller #0 [ 56.528649][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 56.530345][ T4442] Call trace: [ 56.530889][ T4442] dump_backtrace+0x1c0/0x1ec [ 56.531693][ T4442] show_stack+0x2c/0x3c [ 56.532390][ T4442] __dump_stack+0x30/0x40 [ 56.533104][ T4442] dump_stack_lvl+0xf4/0x15c [ 56.533871][ T4442] dump_stack+0x1c/0x5c [ 56.534567][ T4442] gfs2_assert_warn_i+0x16c/0x26c [ 56.535390][ T4442] gfs2_quota_cleanup+0x464/0x668 [ 56.536236][ T4442] gfs2_put_super+0x1f0/0x760 [ 56.537020][ T4442] generic_shutdown_super+0x130/0x324 [ 56.537924][ T4442] kill_block_super+0x70/0xdc [ 56.538676][ T4442] gfs2_kill_sb+0xc0/0xd4 [ 56.539380][ T4442] deactivate_locked_super+0xac/0x120 [ 56.540284][ T4442] deactivate_super+0xe4/0x104 [ 56.541125][ T4442] cleanup_mnt+0x390/0x418 [ 56.541861][ T4442] __cleanup_mnt+0x20/0x30 [ 56.542614][ T4442] task_work_run+0x1ec/0x278 [ 56.543358][ T4442] do_notify_resume+0x1fa0/0x2aa4 [ 56.544177][ T4442] el0_svc+0x98/0x128 [ 56.544811][ T4442] el0t_64_sync_handler+0x84/0xf0 [ 56.545646][ T4442] el0t_64_sync+0x18c/0x190 [ 56.690667][ T4538] loop0: detected capacity change from 0 to 32768 [ 56.693192][ T4538] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 56.694487][ T4538] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 56.702236][ T4538] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 56.703999][ T4413] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 56.704944][ T4413] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 56.711084][ T4413] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 6ms [ 56.712770][ T4413] gfs2: fsid=syz:syz.0: jid=0: Done [ 56.713559][ T4538] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 56.757795][ T4538] gfs2: fsid=syz:syz.0: found 1 quota changes [ 56.765956][ T4442] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 56.765956][ T4442] inode = 11 2339 [ 56.765956][ T4442] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464 [ 56.768840][ T4442] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 56.770312][ T4442] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:4442 [syz-executor] gfs2_quota_sync+0x2cc/0x500 [ 56.773689][ T4442] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 56.775032][ T4442] gfs2: fsid=syz:syz.0: about to withdraw this file system 1970/01/01 00:00:56 executed programs: 4