Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts.
2026/03/25 08:16:08 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[  115.088930][ T6184] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  118.414466][ T1335] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.422907][ T1335] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.504638][ T1335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.512688][ T1335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.765129][ T5924] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.774685][ T5924] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.782928][ T5924] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.791495][ T5924] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.799130][ T5924] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.775019][ T6258] chnl_net:caif_netlink_parms(): no params data found
[  120.858411][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.865682][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.873223][ T6258] bridge_slave_0: entered allmulticast mode
[  120.880104][ T6258] bridge_slave_0: entered promiscuous mode
[  120.887886][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.896404][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.904075][ T6258] bridge_slave_1: entered allmulticast mode
[  120.911117][ T6258] bridge_slave_1: entered promiscuous mode
[  120.938041][ T6258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.950347][ T6258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.975093][ T6258] team0: Port device team_slave_0 added
[  120.982922][ T6258] team0: Port device team_slave_1 added
[  121.006331][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.013344][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.039440][ T6258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.052493][ T6258] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.059465][ T6258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.085975][ T6258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.121701][ T6258] hsr_slave_0: entered promiscuous mode
[  121.128185][ T6258] hsr_slave_1: entered promiscuous mode
[  121.566381][ T6258] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  121.577015][ T6258] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  121.594951][ T6258] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  121.606514][ T6258] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  121.647315][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.655105][ T6258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.663145][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.670341][ T6258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.703361][ T1347] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.713232][ T1347] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.763225][ T6258] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.786064][ T6258] 8021q: adding VLAN 0 to HW filter on device team0
[  121.804119][  T152] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.811316][  T152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.830160][ T1347] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.837372][ T1347] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.070208][ T6258] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.127664][ T6258] veth0_vlan: entered promiscuous mode
[  122.142408][ T6258] veth1_vlan: entered promiscuous mode
[  122.180469][ T6258] veth0_macvtap: entered promiscuous mode
[  122.196197][ T6258] veth1_macvtap: entered promiscuous mode
[  122.219184][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_0
[  122.236207][ T6258] batman_adv: batadv0: Interface activated: batadv_slave_1
[  122.252631][   T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  122.277994][   T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  122.304721][   T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.327777][   T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.472583][ T1347] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.563542][ T1347] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.666023][ T1347] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.867364][ T1347] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/03/25 08:16:20 executed programs: 0
[  123.038806][ T5924] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  123.048606][ T5924] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  123.061241][ T5924] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  123.077442][ T5924] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  123.090003][ T5924] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  123.312293][ T6336] chnl_net:caif_netlink_parms(): no params data found
[  123.436570][ T6336] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.444044][ T6336] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.451951][ T6336] bridge_slave_0: entered allmulticast mode
[  123.459598][ T6336] bridge_slave_0: entered promiscuous mode
[  123.468813][ T6336] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.476066][ T6336] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.483609][ T6336] bridge_slave_1: entered allmulticast mode
[  123.491450][ T6336] bridge_slave_1: entered promiscuous mode
[  123.532452][ T6336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.548033][ T6336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.594106][ T6336] team0: Port device team_slave_0 added
[  123.603783][ T6336] team0: Port device team_slave_1 added
[  123.643221][ T6336] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.650248][ T6336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.676812][ T6336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.689981][ T6336] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.697148][ T6336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  123.724860][ T6336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.782652][ T6336] hsr_slave_0: entered promiscuous mode
[  123.789296][ T6336] hsr_slave_1: entered promiscuous mode
[  123.796275][ T6336] debugfs: 'hsr0' already exists in 'hsr'
[  123.802436][ T6336] Cannot create hsr debugfs directory
[  125.141253][ T5161] Bluetooth: hci0: command tx timeout
[  125.309598][ T1347] bridge_slave_1: left allmulticast mode
[  125.319773][ T1347] bridge_slave_1: left promiscuous mode
[  125.326011][ T1347] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.336363][ T1347] bridge_slave_0: left allmulticast mode
[  125.344447][ T1347] bridge_slave_0: left promiscuous mode
[  125.350339][ T1347] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.569160][ T1347] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.581063][ T1347] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.591543][ T1347] bond0 (unregistering): Released all slaves
[  125.703247][ T1347] hsr_slave_0: left promiscuous mode
[  125.710082][ T1347] hsr_slave_1: left promiscuous mode
[  125.716157][ T1347] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.723971][ T1347] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.734421][ T1347] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.742967][ T1347] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.757620][ T1347] veth1_macvtap: left promiscuous mode
[  125.763566][ T1347] veth0_macvtap: left promiscuous mode
[  125.769142][ T1347] veth1_vlan: left promiscuous mode
[  125.775069][ T1347] veth0_vlan: left promiscuous mode
[  126.058914][ T1347] team0 (unregistering): Port device team_slave_1 removed
[  126.076006][ T1347] team0 (unregistering): Port device team_slave_0 removed
[  126.396864][ T6336] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.414541][ T6336] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.433405][ T6336] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.446723][ T6336] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.551923][ T6336] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.626823][ T6336] 8021q: adding VLAN 0 to HW filter on device team0
[  126.645496][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.652687][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.678245][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.685455][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.917646][ T6336] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.973042][ T6336] veth0_vlan: entered promiscuous mode
[  126.986678][ T6336] veth1_vlan: entered promiscuous mode
[  127.021492][ T6336] veth0_macvtap: entered promiscuous mode
[  127.033936][ T6336] veth1_macvtap: entered promiscuous mode
[  127.058564][ T6336] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.076421][ T6336] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.093437][ T1335] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.115826][ T1335] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.135954][ T1335] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.148814][ T1335] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.222606][ T5161] Bluetooth: hci0: command tx timeout
[  127.230085][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.245794][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.268192][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.276735][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.524680][ T6499] loop0: detected capacity change from 0 to 32768
[  127.550526][ T6499] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  127.559707][ T6499] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  127.602301][ T6499] gfs2: fsid=syz:syz.0: error -5 mapping journal 0 at offset 141312 (extent 1)
[  127.611589][ T6499] gfs2: fsid=syz:syz.0: bmap=-5 lblock=138 block=459028, state=0x00000010, size=1024
[  127.626104][ T1222] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  127.634486][ T1222] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  127.642690][ T1222] gfs2: fsid=syz:syz.0: error -5 mapping journal 0 at offset 141312 (extent 1)
[  127.651816][ T1222] gfs2: fsid=syz:syz.0: bmap=-5 lblock=138 block=459028, state=0x00000010, size=1024
[  127.661491][ T1222] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms
[  127.669106][ T1222] gfs2: fsid=syz:syz.0: jid=0: Replaying journal...0x0 to 0x0
[  127.677853][ T1222] gfs2: fsid=syz:syz.0: jid=0: Replayed 0 of 0 blocks
[  127.684859][ T1222] gfs2: fsid=syz:syz.0: jid=0: Found 0 revoke tags
[  127.694490][ T1222] gfs2: fsid=syz:syz.0: jid=0: Journal replayed in 68ms [jlck:8ms, jhead:27ms, tlck:7ms, replay:25ms]
[  127.708019][ T1222] gfs2: fsid=syz:syz.0: jid=0: Done
[  127.713702][ T6499] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  127.920195][ T6499] gfs2: fsid=syz:syz.0: found 1 quota changes
[  127.952187][ T6336] syz-executor: attempt to access beyond end of device
[  127.952187][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  127.967429][ T6336] gfs2: fsid=syz:syz.0: Error -5 writing to journal, jid=0
[  127.974931][ T6336] CPU: 1 UID: 0 PID: 6336 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  127.974949][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  127.974965][ T6336] Call Trace:
[  127.974975][ T6336]  <TASK>
[  127.974983][ T6336]  dump_stack_lvl+0xe8/0x150
[  127.975024][ T6336]  gfs2_withdraw+0xc3/0x1b0
[  127.975043][ T6336]  gfs2_end_log_write+0xcd/0x6f0
2026/03/25 08:16:25 executed programs: 3
[  127.975069][ T6336]  gfs2_log_get_bio+0x193/0x370
[  127.975089][ T6336]  gfs2_log_write+0x4b/0xe0
[  127.975109][ T6336]  gfs2_before_commit+0x1392/0x1940
[  127.975139][ T6336]  ? __pfx_databuf_lo_before_commit+0x10/0x10
[  127.975163][ T6336]  gfs2_log_flush+0xa92/0x2640
[  127.975189][ T6336]  ? __pfx_gfs2_log_flush+0x10/0x10
[  127.975207][ T6336]  ? kfree+0x1c5/0x640
[  127.975224][ T6336]  ? do_sync+0x9f8/0xcb0
[  127.975239][ T6336]  do_sync+0xa48/0xcb0
[  127.975249][ T6336]  ? _raw_spin_unlock+0x28/0x50
[  127.975273][ T6336]  ? __pfx_do_sync+0x10/0x10
[  127.975296][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  127.975314][ T6336]  gfs2_quota_sync+0x370/0x470
[  127.975333][ T6336]  gfs2_sync_fs+0x4c/0xb0
[  127.975351][ T6336]  sync_filesystem+0xee/0x230
[  127.975366][ T6336]  generic_shutdown_super+0x77/0x2d0
[  127.975386][ T6336]  kill_block_super+0x44/0x90
[  127.975400][ T6336]  deactivate_locked_super+0xbc/0x130
[  127.975418][ T6336]  cleanup_mnt+0x437/0x4d0
[  127.975430][ T6336]  ? _raw_spin_unlock_irq+0x23/0x50
[  127.975448][ T6336]  task_work_run+0x1d9/0x270
[  127.975465][ T6336]  ? __pfx_task_work_run+0x10/0x10
[  127.975487][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  127.975502][ T6336]  ? rcu_is_watching+0x15/0xb0
[  127.975517][ T6336]  do_syscall_64+0x32d/0xf80
[  127.975533][ T6336]  ? trace_irq_disable+0x3b/0x140
[  127.975547][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.975560][ T6336]  ? clear_bhb_loop+0x40/0x90
[  127.975574][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.975587][ T6336] RIP: 0033:0x7fe90cf9d9d7
[  127.975606][ T6336] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  127.975616][ T6336] RSP: 002b:00007ffde9a1cea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  127.975632][ T6336] RAX: 0000000000000000 RBX: 00007fe90d032050 RCX: 00007fe90cf9d9d7
[  127.975640][ T6336] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde9a1cf60
[  127.975647][ T6336] RBP: 00007ffde9a1cf60 R08: 00007ffde9a1df60 R09: 00000000ffffffff
[  127.975655][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde9a1dff0
[  127.975662][ T6336] R13: 00007fe90d032050 R14: 000000000001f130 R15: 00007ffde9a1e030
[  127.975683][ T6336]  </TASK>
[  127.975691][ T6336] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  128.248092][ T6336] syz-executor: attempt to access beyond end of device
[  128.248092][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  128.263940][ T6336] syz-executor: attempt to access beyond end of device
[  128.263940][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  128.279797][ T6336] syz-executor: attempt to access beyond end of device
[  128.279797][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  128.295299][ T6336] syz-executor: attempt to access beyond end of device
[  128.295299][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  128.311230][ T6336] syz-executor: attempt to access beyond end of device
[  128.311230][ T6336] loop0: rw=1, sector=18446744073709551614, nr_sectors = 2 limit=32768
[  129.300783][ T5161] Bluetooth: hci0: command tx timeout
[  131.382070][ T5161] Bluetooth: hci0: command tx timeout
[  133.063379][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  133.069905][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  133.382017][ T6336] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 566
[  133.396624][ T6336] CPU: 0 UID: 0 PID: 6336 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  133.396640][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  133.396648][ T6336] Call Trace:
[  133.396654][ T6336]  <TASK>
[  133.396660][ T6336]  dump_stack_lvl+0xe8/0x150
[  133.396683][ T6336]  gfs2_assert_warn_i+0x194/0x2c0
[  133.396702][ T6336]  gfs2_make_fs_ro+0x30d/0x320
[  133.396718][ T6336]  ? __pfx_gfs2_make_fs_ro+0x10/0x10
[  133.396731][ T6336]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.396744][ T6336]  ? __pfx_autoremove_wake_function+0x10/0x10
[  133.396760][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  133.396773][ T6336]  gfs2_put_super+0x220/0x890
[  133.396790][ T6336]  ? __pfx_gfs2_put_super+0x10/0x10
[  133.396803][ T6336]  generic_shutdown_super+0x13d/0x2d0
[  133.396822][ T6336]  kill_block_super+0x44/0x90
[  133.396833][ T6336]  deactivate_locked_super+0xbc/0x130
[  133.396848][ T6336]  cleanup_mnt+0x437/0x4d0
[  133.396859][ T6336]  ? _raw_spin_unlock_irq+0x23/0x50
[  133.396875][ T6336]  task_work_run+0x1d9/0x270
[  133.396890][ T6336]  ? __pfx_task_work_run+0x10/0x10
[  133.396906][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  133.396920][ T6336]  ? rcu_is_watching+0x15/0xb0
[  133.396931][ T6336]  do_syscall_64+0x32d/0xf80
[  133.396946][ T6336]  ? trace_irq_disable+0x3b/0x140
[  133.396958][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.396968][ T6336]  ? clear_bhb_loop+0x40/0x90
[  133.396979][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.396995][ T6336] RIP: 0033:0x7fe90cf9d9d7
[  133.397008][ T6336] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  133.397015][ T6336] RSP: 002b:00007ffde9a1cea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  133.397026][ T6336] RAX: 0000000000000000 RBX: 00007fe90d032050 RCX: 00007fe90cf9d9d7
[  133.397033][ T6336] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde9a1cf60
[  133.397038][ T6336] RBP: 00007ffde9a1cf60 R08: 00007ffde9a1df60 R09: 00000000ffffffff
[  133.397044][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde9a1dff0
[  133.397050][ T6336] R13: 00007fe90d032050 R14: 000000000001f130 R15: 00007ffde9a1e030
[  133.397064][ T6336]  </TASK>
[  133.652580][ T6336] gfs2: fsid=syz:syz.0: gfs2_evict_inode: -5
[  133.659745][ T6336] ==================================================================
[  133.667802][ T6336] BUG: KASAN: slab-use-after-free in gfs2_invalidate_folio+0x40b/0x750
[  133.676131][ T6336] Read of size 8 at addr ffff88807c9098d8 by task syz-executor/6336
[  133.684083][ T6336] 
[  133.686389][ T6336] CPU: 0 UID: 0 PID: 6336 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  133.686401][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  133.686408][ T6336] Call Trace:
[  133.686416][ T6336]  <TASK>
[  133.686421][ T6336]  dump_stack_lvl+0xe8/0x150
[  133.686441][ T6336]  print_address_description+0x55/0x1e0
[  133.686456][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  133.686465][ T6336]  print_report+0x58/0x70
[  133.686477][ T6336]  kasan_report+0x117/0x150
[  133.686488][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  133.686499][ T6336]  gfs2_invalidate_folio+0x40b/0x750
[  133.686510][ T6336]  ? __pfx_gfs2_invalidate_folio+0x10/0x10
[  133.686519][ T6336]  truncate_cleanup_folio+0xcb/0x190
[  133.686532][ T6336]  truncate_inode_pages_range+0x2ce/0xe30
[  133.686544][ T6336]  ? up+0xe4/0x160
[  133.686554][ T6336]  ? __pfx_up+0x10/0x10
[  133.686562][ T6336]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  133.686578][ T6336]  ? __wake_up_klogd+0xe6/0x120
[  133.686590][ T6336]  ? vprintk_emit+0x4eb/0x560
[  133.686606][ T6336]  ? lockdep_hardirqs_on+0x7a/0x110
[  133.686621][ T6336]  gfs2_evict_inode+0x9da/0x12d0
[  133.686638][ T6336]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  133.686651][ T6336]  ? do_raw_spin_lock+0x12b/0x2f0
[  133.686664][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  133.686674][ T6336]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  133.686687][ T6336]  evict+0x61e/0xb10
[  133.686700][ T6336]  ? __pfx_evict+0x10/0x10
[  133.686708][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  133.686719][ T6336]  ? _raw_spin_unlock+0x28/0x50
[  133.686731][ T6336]  ? iput+0xb25/0xe80
[  133.686745][ T6336]  gfs2_put_super+0x355/0x890
[  133.686759][ T6336]  ? __pfx_gfs2_put_super+0x10/0x10
[  133.686772][ T6336]  generic_shutdown_super+0x13d/0x2d0
[  133.686788][ T6336]  kill_block_super+0x44/0x90
[  133.686797][ T6336]  deactivate_locked_super+0xbc/0x130
[  133.686812][ T6336]  cleanup_mnt+0x437/0x4d0
[  133.686821][ T6336]  ? _raw_spin_unlock_irq+0x23/0x50
[  133.686833][ T6336]  task_work_run+0x1d9/0x270
[  133.686846][ T6336]  ? __pfx_task_work_run+0x10/0x10
[  133.686859][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  133.686873][ T6336]  ? rcu_is_watching+0x15/0xb0
[  133.686883][ T6336]  do_syscall_64+0x32d/0xf80
[  133.686897][ T6336]  ? trace_irq_disable+0x3b/0x140
[  133.686909][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.686918][ T6336]  ? clear_bhb_loop+0x40/0x90
[  133.686929][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.686943][ T6336] RIP: 0033:0x7fe90cf9d9d7
[  133.686956][ T6336] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  133.686963][ T6336] RSP: 002b:00007ffde9a1cea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  133.686975][ T6336] RAX: 0000000000000000 RBX: 00007fe90d032050 RCX: 00007fe90cf9d9d7
[  133.686981][ T6336] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde9a1cf60
[  133.686987][ T6336] RBP: 00007ffde9a1cf60 R08: 00007ffde9a1df60 R09: 00000000ffffffff
[  133.686993][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde9a1dff0
[  133.686999][ T6336] R13: 00007fe90d032050 R14: 000000000001f130 R15: 00007ffde9a1e030
[  133.687008][ T6336]  </TASK>
[  133.687011][ T6336] 
[  134.000006][ T6336] Allocated by task 6336:
[  134.004314][ T6336]  kasan_save_track+0x3e/0x80
[  134.008975][ T6336]  __kasan_slab_alloc+0x6c/0x80
[  134.013804][ T6336]  kmem_cache_alloc_noprof+0x2bc/0x650
[  134.019241][ T6336]  gfs2_trans_add_data+0x1e8/0x610
[  134.024336][ T6336]  gfs2_unstuff_dinode+0xace/0x1240
[  134.029521][ T6336]  gfs2_adjust_quota+0x23f/0x850
[  134.034523][ T6336]  do_sync+0x872/0xcb0
[  134.038574][ T6336]  gfs2_quota_sync+0x370/0x470
[  134.043311][ T6336]  gfs2_sync_fs+0x4c/0xb0
[  134.047622][ T6336]  sync_filesystem+0xee/0x230
[  134.052294][ T6336]  generic_shutdown_super+0x77/0x2d0
[  134.057588][ T6336]  kill_block_super+0x44/0x90
[  134.062260][ T6336]  deactivate_locked_super+0xbc/0x130
[  134.067623][ T6336]  cleanup_mnt+0x437/0x4d0
[  134.072035][ T6336]  task_work_run+0x1d9/0x270
[  134.076610][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  134.081879][ T6336]  do_syscall_64+0x32d/0xf80
[  134.086449][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.092405][ T6336] 
[  134.094708][ T6336] Freed by task 6336:
[  134.098660][ T6336]  kasan_save_track+0x3e/0x80
[  134.103310][ T6336]  kasan_save_free_info+0x46/0x50
[  134.108406][ T6336]  __kasan_slab_free+0x5c/0x80
[  134.113142][ T6336]  kmem_cache_free+0x182/0x650
[  134.117880][ T6336]  gfs2_log_flush+0x18c1/0x2640
[  134.122726][ T6336]  do_sync+0xa48/0xcb0
[  134.126800][ T6336]  gfs2_quota_sync+0x370/0x470
[  134.131548][ T6336]  gfs2_sync_fs+0x4c/0xb0
[  134.135879][ T6336]  sync_filesystem+0xee/0x230
[  134.140534][ T6336]  generic_shutdown_super+0x77/0x2d0
[  134.145801][ T6336]  kill_block_super+0x44/0x90
[  134.150455][ T6336]  deactivate_locked_super+0xbc/0x130
[  134.155806][ T6336]  cleanup_mnt+0x437/0x4d0
[  134.160199][ T6336]  task_work_run+0x1d9/0x270
[  134.164775][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  134.170063][ T6336]  do_syscall_64+0x32d/0xf80
[  134.174718][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.180662][ T6336] 
[  134.182993][ T6336] The buggy address belongs to the object at ffff88807c9098c0
[  134.182993][ T6336]  which belongs to the cache gfs2-bufdata/syz:syz of size 80
[  134.197838][ T6336] The buggy address is located 24 bytes inside of
[  134.197838][ T6336]  freed 80-byte region [ffff88807c9098c0, ffff88807c909910)
[  134.211546][ T6336] 
[  134.213862][ T6336] The buggy address belongs to the physical page:
[  134.220266][ T6336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807c909a80 pfn:0x7c909
[  134.230432][ T6336] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff)
[  134.238652][ T6336] page_type: f5(slab)
[  134.242659][ T6336] raw: 00fff00000000200 ffff8881499c0500 ffff888035149d08 ffff888035149d08
[  134.251244][ T6336] raw: ffff88807c909a80 0000000800240018 00000000f5000000 0000000000000000
[  134.259903][ T6336] page dumped because: kasan: bad access detected
[  134.266326][ T6336] page_owner tracks the page as allocated
[  134.272031][ T6336] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6336, tgid 6336 (syz-executor), ts 127950955156, free_ts 125551511102
[  134.292776][ T6336]  post_alloc_hook+0x231/0x280
[  134.297608][ T6336]  get_page_from_freelist+0x2418/0x24b0
[  134.303171][ T6336]  __alloc_frozen_pages_noprof+0x233/0x3d0
[  134.309007][ T6336]  allocate_slab+0x77/0x660
[  134.313520][ T6336]  refill_objects+0x339/0x3d0
[  134.318188][ T6336]  __pcs_replace_empty_main+0x321/0x720
[  134.323743][ T6336]  kmem_cache_alloc_noprof+0x37d/0x650
[  134.329193][ T6336]  gfs2_trans_add_meta+0x214/0x8e0
[  134.334300][ T6336]  gfs2_alloc_blocks+0x7ae/0x2090
[  134.339314][ T6336]  gfs2_unstuff_dinode+0x249/0x1240
[  134.344490][ T6336]  gfs2_adjust_quota+0x23f/0x850
[  134.349401][ T6336]  do_sync+0x872/0xcb0
[  134.353443][ T6336]  gfs2_quota_sync+0x370/0x470
[  134.358183][ T6336]  gfs2_sync_fs+0x4c/0xb0
[  134.362507][ T6336]  sync_filesystem+0xee/0x230
[  134.367169][ T6336]  generic_shutdown_super+0x77/0x2d0
[  134.372436][ T6336] page last free pid 23 tgid 23 stack trace:
[  134.378389][ T6336]  __free_frozen_pages+0xbc7/0xd30
[  134.383562][ T6336]  tlb_remove_table_rcu+0x85/0x100
[  134.388653][ T6336]  rcu_core+0x7cd/0x1070
[  134.392962][ T6336]  handle_softirqs+0x22a/0x840
[  134.397724][ T6336]  run_ksoftirqd+0x36/0x60
[  134.402134][ T6336]  smpboot_thread_fn+0x541/0xa50
[  134.407064][ T6336]  kthread+0x388/0x470
[  134.411145][ T6336]  ret_from_fork+0x51e/0xb90
[  134.415808][ T6336]  ret_from_fork_asm+0x1a/0x30
[  134.420560][ T6336] 
[  134.422883][ T6336] Memory state around the buggy address:
[  134.428497][ T6336]  ffff88807c909780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  134.436547][ T6336]  ffff88807c909800: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[  134.444681][ T6336] >ffff88807c909880: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb
[  134.452717][ T6336]                                                     ^
[  134.459631][ T6336]  ffff88807c909900: fb fb fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[  134.467679][ T6336]  ffff88807c909980: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc
[  134.475715][ T6336] ==================================================================
[  134.484418][ T6336] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  134.491639][ T6336] CPU: 0 UID: 0 PID: 6336 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  134.501187][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  134.511227][ T6336] Call Trace:
[  134.514493][ T6336]  <TASK>
[  134.517408][ T6336]  vpanic+0x56c/0xa60
[  134.521422][ T6336]  ? __pfx_vpanic+0x10/0x10
[  134.525917][ T6336]  panic+0xc5/0xd0
[  134.529626][ T6336]  ? __pfx_panic+0x10/0x10
[  134.534034][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  134.539491][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  134.545018][ T6336]  check_panic_on_warn+0x89/0xb0
[  134.549950][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  134.555392][ T6336]  end_report+0x73/0x170
[  134.559707][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  134.565144][ T6336]  kasan_report+0x128/0x150
[  134.569633][ T6336]  ? gfs2_invalidate_folio+0x40b/0x750
[  134.575168][ T6336]  gfs2_invalidate_folio+0x40b/0x750
[  134.580439][ T6336]  ? __pfx_gfs2_invalidate_folio+0x10/0x10
[  134.586313][ T6336]  truncate_cleanup_folio+0xcb/0x190
[  134.591591][ T6336]  truncate_inode_pages_range+0x2ce/0xe30
[  134.597385][ T6336]  ? up+0xe4/0x160
[  134.601093][ T6336]  ? __pfx_up+0x10/0x10
[  134.605226][ T6336]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  134.611459][ T6336]  ? __wake_up_klogd+0xe6/0x120
[  134.616326][ T6336]  ? vprintk_emit+0x4eb/0x560
[  134.621005][ T6336]  ? lockdep_hardirqs_on+0x7a/0x110
[  134.626224][ T6336]  gfs2_evict_inode+0x9da/0x12d0
[  134.631242][ T6336]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  134.636616][ T6336]  ? do_raw_spin_lock+0x12b/0x2f0
[  134.641716][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  134.646817][ T6336]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  134.652178][ T6336]  evict+0x61e/0xb10
[  134.656162][ T6336]  ? __pfx_evict+0x10/0x10
[  134.660666][ T6336]  ? do_raw_spin_unlock+0xf5/0x210
[  134.665762][ T6336]  ? _raw_spin_unlock+0x28/0x50
[  134.670602][ T6336]  ? iput+0xb25/0xe80
[  134.674596][ T6336]  gfs2_put_super+0x355/0x890
[  134.679263][ T6336]  ? __pfx_gfs2_put_super+0x10/0x10
[  134.684446][ T6336]  generic_shutdown_super+0x13d/0x2d0
[  134.689810][ T6336]  kill_block_super+0x44/0x90
[  134.694469][ T6336]  deactivate_locked_super+0xbc/0x130
[  134.699836][ T6336]  cleanup_mnt+0x437/0x4d0
[  134.704235][ T6336]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.709418][ T6336]  task_work_run+0x1d9/0x270
[  134.713992][ T6336]  ? __pfx_task_work_run+0x10/0x10
[  134.719089][ T6336]  exit_to_user_mode_loop+0xed/0x480
[  134.724364][ T6336]  ? rcu_is_watching+0x15/0xb0
[  134.729110][ T6336]  do_syscall_64+0x32d/0xf80
[  134.733701][ T6336]  ? trace_irq_disable+0x3b/0x140
[  134.738732][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.744806][ T6336]  ? clear_bhb_loop+0x40/0x90
[  134.749472][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.755347][ T6336] RIP: 0033:0x7fe90cf9d9d7
[  134.759850][ T6336] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  134.779482][ T6336] RSP: 002b:00007ffde9a1cea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  134.787909][ T6336] RAX: 0000000000000000 RBX: 00007fe90d032050 RCX: 00007fe90cf9d9d7
[  134.795880][ T6336] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde9a1cf60
[  134.803843][ T6336] RBP: 00007ffde9a1cf60 R08: 00007ffde9a1df60 R09: 00000000ffffffff
[  134.811813][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde9a1dff0
[  134.819894][ T6336] R13: 00007fe90d032050 R14: 000000000001f130 R15: 00007ffde9a1e030
[  134.827998][ T6336]  </TASK>
[  134.831779][ T6336] Kernel Offset: disabled
[  134.836177][ T6336] Rebooting in 86400 seconds..