Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs syzkaller login: [ 32.866027][ T4336] cgroup: Unknown subsys name 'net' [ 33.094913][ T4336] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 33.366096][ T4336] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 40.455572][ T4388] chnl_net:caif_netlink_parms(): no params data found [ 40.474256][ T4388] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.475531][ T4388] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.477066][ T4388] device bridge_slave_0 entered promiscuous mode [ 40.484335][ T4388] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.485443][ T4388] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.487027][ T4388] device bridge_slave_1 entered promiscuous mode [ 40.494887][ T4388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.497867][ T4388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.503980][ T4388] team0: Port device team_slave_0 added [ 40.505697][ T4388] team0: Port device team_slave_1 added [ 40.510836][ T4388] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.511963][ T4388] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.516897][ T4388] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.519418][ T4388] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.520498][ T4388] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.524640][ T4388] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.553401][ T4388] device hsr_slave_0 entered promiscuous mode [ 40.582428][ T4388] device hsr_slave_1 entered promiscuous mode [ 40.659520][ T4388] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.704110][ T4388] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.763628][ T4388] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.811965][ T4388] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.892517][ T4388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.896072][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.898021][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.900712][ T4388] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.905639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.907210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.908736][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.910102][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.911799][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.915224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.917009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.918644][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.919763][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.931536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.939428][ T4388] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 40.941252][ T4388] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.945542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.947338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.949023][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.950611][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.952708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.954261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.955711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.957469][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.958888][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.960357][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.961799][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.021071][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.022605][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.026412][ T4388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.032039][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.039093][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.041403][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.043533][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.055630][ T4388] device veth0_vlan entered promiscuous mode [ 41.058782][ T4388] device veth1_vlan entered promiscuous mode [ 41.066335][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.067894][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.069360][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.072146][ T4388] device veth0_macvtap entered promiscuous mode [ 41.075838][ T4388] device veth1_macvtap entered promiscuous mode [ 41.087217][ T4388] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.088430][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.090044][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.091536][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.094750][ T4388] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.095945][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.097533][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.100099][ T4388] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.101493][ T4388] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.103174][ T4388] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.104602][ T4388] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.244557][ T4433] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.246084][ T4433] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.247361][ T4433] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.248854][ T4433] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.250255][ T4433] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.251522][ T4433] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.757431][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.758716][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.760943][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.769016][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.770369][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.772012][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 42.053321][ T429] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:42 executed programs: 0 [ 42.177040][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.178628][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.180015][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.181788][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.183712][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 42.185004][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 42.225474][ T4449] chnl_net:caif_netlink_parms(): no params data found [ 42.241184][ T4449] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.242512][ T4449] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.244025][ T4449] device bridge_slave_0 entered promiscuous mode [ 42.245956][ T4449] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.247155][ T4449] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.248550][ T4449] device bridge_slave_1 entered promiscuous mode [ 42.256291][ T4449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.259087][ T4449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.265939][ T4449] team0: Port device team_slave_0 added [ 42.267611][ T4449] team0: Port device team_slave_1 added [ 42.273254][ T4449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.274363][ T4449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.278740][ T4449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.281122][ T4449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.282523][ T4449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.286738][ T4449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.343270][ T4449] device hsr_slave_0 entered promiscuous mode [ 42.382378][ T4449] device hsr_slave_1 entered promiscuous mode [ 42.422286][ T4449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 42.423674][ T4449] Cannot create hsr debugfs directory [ 44.252533][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 44.402978][ T429] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.332282][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 46.713745][ T429] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.804559][ T429] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.077911][ T4449] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.154246][ T4449] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 48.234153][ T4449] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 48.313741][ T4449] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.356046][ T429] device hsr_slave_0 left promiscuous mode [ 48.402773][ T429] device hsr_slave_1 left promiscuous mode [ 48.412210][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 48.482297][ T429] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.483451][ T429] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.485170][ T429] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.486358][ T429] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.487722][ T429] device bridge_slave_1 left promiscuous mode [ 48.489037][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.522868][ T429] device bridge_slave_0 left promiscuous mode [ 48.523966][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.662409][ T429] device veth1_macvtap left promiscuous mode [ 48.663409][ T429] device veth0_macvtap left promiscuous mode [ 48.664387][ T429] device veth1_vlan left promiscuous mode [ 48.665388][ T429] device veth0_vlan left promiscuous mode [ 50.492230][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 50.823251][ T429] team0 (unregistering): Port device team_slave_1 removed [ 51.003251][ T429] team0 (unregistering): Port device team_slave_0 removed [ 51.134192][ T429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 51.342639][ T429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.923036][ T429] bond0 (unregistering): Released all slaves [ 53.234012][ T4449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.237440][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.238991][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.241233][ T4449] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.244133][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.245756][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.247307][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.248510][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.249970][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.255754][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.257569][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.259170][ T4516] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.260381][ T4516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.262006][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.265956][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.268481][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.270133][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.271682][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.274814][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.276571][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.278774][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.280173][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.283028][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.284513][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.286803][ T4449] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.338616][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.339967][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.343056][ T4449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.348493][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 53.350120][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.357606][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 53.359171][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.360970][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.362887][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.365039][ T4449] device veth0_vlan entered promiscuous mode [ 53.368313][ T4449] device veth1_vlan entered promiscuous mode [ 53.375756][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 53.377341][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 53.378819][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 53.380311][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.382795][ T4449] device veth0_macvtap entered promiscuous mode [ 53.385166][ T4449] device veth1_macvtap entered promiscuous mode [ 53.390179][ T4449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.391511][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 53.394383][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 53.395854][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 53.397355][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.400085][ T4449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.401343][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 53.403069][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.405547][ T4449] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.406975][ T4449] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.408417][ T4449] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.409809][ T4449] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.432710][ T4516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.433973][ T4516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.435381][ T4516] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 53.443077][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.444438][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.445832][ T1612] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 53.618328][ T4523] loop0: detected capacity change from 0 to 32768 [ 53.622751][ T4523] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 53.624150][ T4523] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 53.629286][ T4523] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms [ 53.631749][ T4430] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 53.632888][ T4430] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 53.639933][ T4430] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 7ms [ 53.642124][ T4430] gfs2: fsid=syz:syz.0: jid=0: Done [ 53.643551][ T4523] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 53.698675][ T4523] gfs2: fsid=syz:syz.0: found 1 quota changes [ 53.742856][ T4449] ------------[ cut here ]------------ [ 53.743942][ T4449] WARNING: CPU: 1 PID: 4449 at include/linux/backing-dev.h:247 __folio_mark_dirty+0x8a0/0xcd8 [ 53.745719][ T4449] Modules linked in: [ 53.746292][ T4449] CPU: 1 PID: 4449 Comm: syz-executor Not tainted syzkaller #0 [ 53.747425][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 53.749038][ T4449] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 53.750259][ T4449] pc : __folio_mark_dirty+0x8a0/0xcd8 [ 53.751117][ T4449] lr : __folio_mark_dirty+0x8a0/0xcd8 [ 53.752043][ T4449] sp : ffff800021407480 [ 53.752744][ T4449] x29: ffff8000214074a0 x28: 1fffff8000617560 x27: dfff800000000000 [ 53.754154][ T4449] x26: 0000000000000000 x25: ffff0000c049c990 x24: 0000000000000001 [ 53.755525][ T4449] x23: 0000000000000000 x22: fffffc00030bab08 x21: 1fffe00018093932 [ 53.756963][ T4449] x20: ffff0000e0130c40 x19: fffffc00030bab00 x18: ffff800011b9bf60 [ 53.758268][ T4449] x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000 [ 53.759628][ T4449] x14: 0000000000000001 x13: 1fffe00018093932 x12: 0000000000ff0100 [ 53.761057][ T4449] x11: ff0080000870a214 x10: 0000000000000000 x9 : ffff80000870a214 [ 53.762579][ T4449] x8 : ffff0000dec61bc0 x7 : 0000000000000000 x6 : 0000000000000000 [ 53.763988][ T4449] x5 : 0000000000000020 x4 : 0000000000000000 x3 : ffff800008a58ba4 [ 53.765429][ T4449] x2 : ffff0000cf098060 x1 : 0000000000000000 x0 : 0000000000000000 [ 53.766858][ T4449] Call trace: [ 53.767461][ T4449] __folio_mark_dirty+0x8a0/0xcd8 [ 53.768339][ T4449] mark_buffer_dirty+0x2b8/0x5c0 [ 53.769178][ T4449] gfs2_unpin+0x120/0x8fc [ 53.769956][ T4449] buf_lo_after_commit+0x140/0x188 [ 53.770898][ T4449] gfs2_log_flush+0xc00/0x1b20 [ 53.771707][ T4449] gfs2_kill_sb+0x5c/0xd4 [ 53.772466][ T4449] deactivate_locked_super+0xac/0x120 [ 53.773401][ T4449] deactivate_super+0xe4/0x104 [ 53.774207][ T4449] cleanup_mnt+0x390/0x418 [ 53.774961][ T4449] __cleanup_mnt+0x20/0x30 [ 53.775711][ T4449] task_work_run+0x1ec/0x278 [ 53.776497][ T4449] do_exit+0x550/0x19b0 [ 53.777223][ T4449] do_group_exit+0x194/0x22c [ 53.778017][ T4449] get_signal+0x11cc/0x1304 [ 53.778749][ T4449] do_notify_resume+0x33c/0x2aa4 [ 53.779619][ T4449] el0_svc+0x98/0x128 [ 53.780280][ T4449] el0t_64_sync_handler+0x84/0xf0 [ 53.781106][ T4449] el0t_64_sync+0x18c/0x190 [ 53.781909][ T4449] irq event stamp: 162604 [ 53.782603][ T4449] hardirqs last enabled at (162603): [] folio_memcg_lock+0xe8/0x1f4 [ 53.784257][ T4449] hardirqs last disabled at (162604): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 53.785917][ T4449] softirqs last enabled at (160070): [] local_bh_enable+0x10/0x34 [ 53.787419][ T4449] softirqs last disabled at (160068): [] local_bh_disable+0x10/0x34 [ 53.788952][ T4449] ---[ end trace 0000000000000000 ]--- [ 53.793788][ T4449] ------------[ cut here ]------------ [ 53.794708][ T4449] WARNING: CPU: 0 PID: 4449 at include/linux/backing-dev.h:247 __folio_start_writeback+0x88c/0xa7c [ 53.796481][ T4449] Modules linked in: [ 53.797158][ T4449] CPU: 0 PID: 4449 Comm: syz-executor Tainted: G W syzkaller #0 [ 53.798639][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 53.800428][ T4449] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 53.801734][ T4449] pc : __folio_start_writeback+0x88c/0xa7c [ 53.802736][ T4449] lr : __folio_start_writeback+0x88c/0xa7c [ 53.803764][ T4449] sp : ffff800021406f20 [ 53.804452][ T4449] x29: ffff800021407000 x28: dfff800000000000 x27: 0000000000000000 [ 53.805832][ T4449] x26: ffff700004280dec x25: 0000000000000000 x24: ffff0000e0130c40 [ 53.807153][ T4449] x23: ffff800021406f80 x22: ffff0000c049c7e8 x21: 0000000000000001 [ 53.808487][ T4449] x20: fffffc00030bab08 x19: fffffc00030bab00 x18: ffff800011b9bf60 [ 53.809907][ T4449] x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: 0000000000000000 [ 53.811222][ T4449] x14: 0000000000000001 x13: 1fffff8000617560 x12: 0000000000ff0100 [ 53.812614][ T4449] x11: ff0080000870c720 x10: 0000000000000000 x9 : ffff80000870c720 [ 53.813907][ T4449] x8 : ffff0000dec61bc0 x7 : ffff80000870c18c x6 : 0000000000000000 [ 53.815216][ T4449] x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000870c1cc [ 53.816676][ T4449] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000 [ 53.818109][ T4449] Call trace: [ 53.818681][ T4449] __folio_start_writeback+0x88c/0xa7c [ 53.819594][ T4449] set_page_writeback+0x5c/0x7c [ 53.820468][ T4449] gfs2_aspace_writepage+0x514/0x6dc [ 53.821353][ T4449] __gfs2_writepage+0x70/0x184 [ 53.822144][ T4449] write_cache_pages+0x74c/0xde8 [ 53.822988][ T4449] gfs2_ail1_flush+0x7c4/0xa14 [ 53.823772][ T4449] empty_ail1_list+0x130/0x214 [ 53.824578][ T4449] gfs2_log_flush+0x12b4/0x1b20 [ 53.825427][ T4449] gfs2_kill_sb+0x5c/0xd4 [ 53.826222][ T4449] deactivate_locked_super+0xac/0x120 [ 53.827147][ T4449] deactivate_super+0xe4/0x104 [ 53.827997][ T4449] cleanup_mnt+0x390/0x418 [ 53.828754][ T4449] __cleanup_mnt+0x20/0x30 [ 53.829457][ T4449] task_work_run+0x1ec/0x278 [ 53.830217][ T4449] do_exit+0x550/0x19b0 [ 53.830912][ T4449] do_group_exit+0x194/0x22c [ 53.831656][ T4449] get_signal+0x11cc/0x1304 [ 53.832363][ T4449] do_notify_resume+0x33c/0x2aa4 [ 53.833183][ T4449] el0_svc+0x98/0x128 [ 53.833857][ T4449] el0t_64_sync_handler+0x84/0xf0 [ 53.834681][ T4449] el0t_64_sync+0x18c/0x190 [ 53.835478][ T4449] irq event stamp: 162654 [ 53.836207][ T4449] hardirqs last enabled at (162653): [] folio_memcg_lock+0xe8/0x1f4 [ 53.837810][ T4449] hardirqs last disabled at (162654): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 53.839512][ T4449] softirqs last enabled at (162632): [] handle_softirqs+0xaec/0xc60 [ 53.841121][ T4449] softirqs last disabled at (162607): [] __do_softirq+0x14/0x20 [ 53.842700][ T4449] ---[ end trace 0000000000000000 ]--- [ 53.846595][ T4449] syz-executor: attempt to access beyond end of device [ 53.846595][ T4449] loop0: rw=12289, sector=68719479080, nr_sectors = 8 limit=32768 [ 53.849140][ T4449] Buffer I/O error on dev loop0, logical block 8589934885, lost async page write [ 53.850697][ T4449] ------------[ cut here ]------------ [ 53.851567][ T4449] WARNING: CPU: 0 PID: 4449 at include/linux/backing-dev.h:247 __folio_end_writeback+0x7d0/0x9cc [ 53.853346][ T4449] Modules linked in: [ 53.854052][ T4449] CPU: 0 PID: 4449 Comm: syz-executor Tainted: G W syzkaller #0 [ 53.855657][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 53.857363][ T4449] pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 53.858650][ T4449] pc : __folio_end_writeback+0x7d0/0x9cc [ 53.859651][ T4449] lr : __folio_end_writeback+0x7d0/0x9cc [ 53.860660][ T4449] sp : ffff800021406d20 [ 53.861429][ T4449] x29: ffff800021406d40 x28: dfff800000000000 x27: ffff0000c049c7e8 [ 53.862804][ T4449] x26: 0000000000000000 x25: 05ffd00000002153 x24: 1fffff80006eece8 [ 53.864237][ T4449] x23: 0000000000000001 x22: ffff0000df7d82a0 x21: ffff0000df7d82a8 [ 53.865703][ T4449] x20: 0000000000000001 x19: fffffc0003776740 x18: ffff800011b9bf60 [ 53.867054][ T4449] x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000 [ 53.868468][ T4449] x14: 0000000000000003 x13: 1ffff00004280d96 x12: 0000000000ff0100 [ 53.869812][ T4449] x11: ff0080000870bc98 x10: 0000000000000000 x9 : ffff80000870bc98 [ 53.871131][ T4449] x8 : ffff0000dec61bc0 x7 : 0000000000000000 x6 : 0000000000000000 [ 53.872485][ T4449] x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000010 [ 53.873871][ T4449] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 [ 53.875159][ T4449] Call trace: [ 53.875690][ T4449] __folio_end_writeback+0x7d0/0x9cc [ 53.876572][ T4449] folio_end_writeback+0x12c/0x410 [ 53.877326][ T4449] end_page_writeback+0x58/0x74 [ 53.878066][ T4449] end_buffer_async_write+0x32c/0x4f4 [ 53.878990][ T4449] end_bio_bh_io_sync+0xb0/0x1dc [ 53.879741][ T4449] bio_endio+0x750/0x794 [ 53.880434][ T4449] submit_bio_noacct+0x258/0x16bc [ 53.881272][ T4449] submit_bio+0x29c/0x3d0 [ 53.882003][ T4449] submit_bh_wbc+0x384/0x44c [ 53.882749][ T4449] submit_bh+0x2c/0x3c [ 53.883439][ T4449] gfs2_aspace_writepage+0x57c/0x6dc [ 53.884311][ T4449] __gfs2_writepage+0x70/0x184 [ 53.885121][ T4449] write_cache_pages+0x74c/0xde8 [ 53.885973][ T4449] gfs2_ail1_flush+0x7c4/0xa14 [ 53.886721][ T4449] empty_ail1_list+0x130/0x214 [ 53.887500][ T4449] gfs2_log_flush+0x12b4/0x1b20 [ 53.888351][ T4449] gfs2_kill_sb+0x5c/0xd4 [ 53.889086][ T4449] deactivate_locked_super+0xac/0x120 [ 53.889975][ T4449] deactivate_super+0xe4/0x104 [ 53.890766][ T4449] cleanup_mnt+0x390/0x418 [ 53.891512][ T4449] __cleanup_mnt+0x20/0x30 [ 53.892271][ T4449] task_work_run+0x1ec/0x278 [ 53.892993][ T4449] do_exit+0x550/0x19b0 [ 53.893643][ T4449] do_group_exit+0x194/0x22c [ 53.894420][ T4449] get_signal+0x11cc/0x1304 [ 53.895160][ T4449] do_notify_resume+0x33c/0x2aa4 [ 53.895986][ T4449] el0_svc+0x98/0x128 [ 53.896627][ T4449] el0t_64_sync_handler+0x84/0xf0 [ 53.897440][ T4449] el0t_64_sync+0x18c/0x190 [ 53.898147][ T4449] irq event stamp: 162762 [ 53.898852][ T4449] hardirqs last enabled at (162761): [] folio_memcg_lock+0xe8/0x1f4 [ 53.900364][ T4449] hardirqs last disabled at (162762): [] _raw_spin_lock_irqsave+0xa4/0xb0 [ 53.901916][ T4449] softirqs last enabled at (162674): [] handle_softirqs+0xaec/0xc60 [ 53.903488][ T4449] softirqs last disabled at (162657): [] __do_softirq+0x14/0x20 [ 53.904904][ T4449] ---[ end trace 0000000000000000 ]--- [ 53.910484][ T4449] gfs2: fsid=syz:syz.0: fatal: I/O error [ 53.910484][ T4449] block = 8589934885 [ 53.910484][ T4449] function = gfs2_ail1_start_one, file = fs/gfs2/log.c, line = 124 [ 53.913857][ T4449] gfs2: fsid=syz:syz.0: fatal: I/O error(s) [ 53.914827][ T4449] gfs2: fsid=syz:syz.0: about to withdraw this file system