Warning: Permanently added '10.128.1.129' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:58 parsed 1 programs 1970/01/01 00:00:58 executed programs: 0 [ 58.781641][ T6019] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.784233][ T6019] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.787147][ T6019] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.789726][ T6019] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.792008][ T6019] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.794090][ T6019] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.860289][ T6371] chnl_net:caif_netlink_parms(): no params data found [ 58.887286][ T6371] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.889256][ T6371] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.891193][ T6371] bridge_slave_0: entered allmulticast mode [ 58.893149][ T6371] bridge_slave_0: entered promiscuous mode [ 58.896406][ T6371] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.898347][ T6371] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.900177][ T6371] bridge_slave_1: entered allmulticast mode [ 58.902110][ T6371] bridge_slave_1: entered promiscuous mode [ 58.914513][ T6371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.918967][ T6371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.931087][ T6371] team0: Port device team_slave_0 added [ 58.933885][ T6371] team0: Port device team_slave_1 added [ 58.944931][ T6371] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.946878][ T6371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.953342][ T6371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.957718][ T6371] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.959572][ T6371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.966707][ T6371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.018279][ T6371] hsr_slave_0: entered promiscuous mode [ 59.056325][ T6371] hsr_slave_1: entered promiscuous mode [ 59.800342][ T6371] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.839079][ T6371] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.890114][ T6371] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.921370][ T6371] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.008166][ T6371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.017303][ T6371] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.021596][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.023547][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.031068][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.032974][ T1341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.044626][ T6371] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.048894][ T6371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.124776][ T6371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.149011][ T6371] veth0_vlan: entered promiscuous mode [ 60.155358][ T6371] veth1_vlan: entered promiscuous mode [ 60.171785][ T6371] veth0_macvtap: entered promiscuous mode [ 60.175459][ T6371] veth1_macvtap: entered promiscuous mode [ 60.186299][ T6371] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.191891][ T6371] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.195284][ T6371] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.200415][ T6371] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.202749][ T6371] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.205034][ T6371] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.245327][ T2100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.252326][ T2100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.265066][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.268596][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.582476][ T6465] loop0: detected capacity change from 0 to 32768 [ 60.590802][ T6465] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 60.593025][ T6465] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 60.603538][ T6465] gfs2: fsid=syz:syz.0: journal 0 mapped with 4 extents in 0ms [ 60.608510][ T1623] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 60.610380][ T1623] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 60.670094][ T1623] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 59ms [ 60.672843][ T1623] gfs2: fsid=syz:syz.0: jid=0: Done [ 60.674554][ T6465] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 60.819988][ T6465] gfs2: fsid=syz:syz.0: found 1 quota changes [ 60.856736][ T6019] Bluetooth: hci0: command 0x0409 tx timeout [ 60.868960][ T6371] syz-executor.0: attempt to access beyond end of device [ 60.868960][ T6371] loop0: rw=1, sector=131324, nr_sectors = 4 limit=32768 [ 60.872837][ T6371] gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0 [ 60.875468][ T6371] gfs2: fsid=syz:syz.0: fatal: I/O error(s) [ 60.877289][ T6371] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 60.879537][ T6371] BUG: sleeping function called from invalid context at fs/gfs2/util.c:159 [ 60.882027][ T6371] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6371, name: syz-executor.0 [ 60.884508][ T6371] preempt_count: 1, expected: 0 [ 60.885725][ T6371] RCU nest depth: 0, expected: 0 [ 60.887193][ T6371] 5 locks held by syz-executor.0/6371: [ 60.888643][ T6371] #0: ffff0000c57e00e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 60.891404][ T6371] #1: ffff0000d68a4b78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 60.894115][ T6371] #2: ffff0000d68a5060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 60.896922][ T6371] #3: ffff0000d68a4e88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 60.899752][ T6371] #4: ffff0000d68a5248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x3b8/0x12c4 [ 60.902290][ T6371] Preemption disabled at: [ 60.902301][ T6371] [] gfs2_flush_revokes+0x50/0x94 [ 60.905085][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Not tainted 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 60.907792][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 60.910501][ T6371] Call trace: [ 60.911424][ T6371] dump_backtrace+0x1b8/0x1e4 [ 60.912641][ T6371] show_stack+0x2c/0x44 [ 60.913744][ T6371] dump_stack_lvl+0xd0/0x124 [ 60.914991][ T6371] dump_stack+0x1c/0x28 [ 60.916130][ T6371] __might_resched+0x374/0x4d0 [ 60.917433][ T6371] __might_sleep+0x90/0xe4 [ 60.918614][ T6371] gfs2_withdraw+0x400/0x12c4 [ 60.919854][ T6371] gfs2_ail1_empty+0x734/0x7c4 [ 60.921097][ T6371] gfs2_flush_revokes+0x5c/0x94 [ 60.922433][ T6371] revoke_lo_before_commit+0x3c/0x640 [ 60.923825][ T6371] gfs2_log_flush+0x90c/0x2054 [ 60.925118][ T6371] do_sync+0x8f8/0xacc [ 60.926194][ T6371] gfs2_quota_sync+0x338/0x584 [ 60.927491][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 60.928626][ T6371] sync_filesystem+0xe8/0x218 [ 60.929908][ T6371] generic_shutdown_super+0x70/0x2b8 [ 60.931308][ T6371] kill_block_super+0x40/0x74 [ 60.932543][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 60.933745][ T6371] deactivate_locked_super+0xac/0x12c [ 60.935222][ T6371] deactivate_super+0xe0/0x100 [ 60.936469][ T6371] cleanup_mnt+0x34c/0x3dc [ 60.937639][ T6371] __cleanup_mnt+0x20/0x30 [ 60.938820][ T6371] task_work_run+0x230/0x2e0 [ 60.940053][ T6371] do_notify_resume+0x2184/0x3c94 [ 60.941416][ T6371] el0_svc+0xa0/0x16c [ 60.942509][ T6371] el0t_64_sync_handler+0x84/0xfc [ 60.943856][ T6371] el0t_64_sync+0x190/0x194 [ 60.945821][ T6371] BUG: scheduling while atomic: syz-executor.0/6371/0x00000002 [ 60.947964][ T6371] 5 locks held by syz-executor.0/6371: [ 60.949430][ T6371] #0: ffff0000c57e00e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 60.952228][ T6371] #1: ffff0000d68a4b78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 60.955002][ T6371] #2: ffff0000d68a5060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 60.957842][ T6371] #3: ffff0000d68a4e88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 60.960465][ T6371] #4: ffff0000d68a5248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x3b8/0x12c4 [ 60.963112][ T6371] Modules linked in: [ 60.964168][ T6371] Preemption disabled at: [ 60.964190][ T6371] [] gfs2_flush_revokes+0x50/0x94 [ 60.967141][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Tainted: G W 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 60.970242][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 60.972867][ T6371] Call trace: [ 60.973744][ T6371] dump_backtrace+0x1b8/0x1e4 [ 60.974988][ T6371] show_stack+0x2c/0x44 [ 60.976076][ T6371] dump_stack_lvl+0xd0/0x124 [ 60.977267][ T6371] dump_stack+0x1c/0x28 [ 60.978341][ T6371] __schedule_bug+0x128/0x1dc [ 60.979590][ T6371] __schedule+0x1408/0x23b4 [ 60.980791][ T6371] schedule+0xc4/0x170 [ 60.981838][ T6371] schedule_timeout+0x1d8/0x348 [ 60.983147][ T6371] gfs2_withdraw+0x490/0x12c4 [ 60.984435][ T6371] gfs2_ail1_empty+0x734/0x7c4 [ 60.985689][ T6371] gfs2_flush_revokes+0x5c/0x94 [ 60.986967][ T6371] revoke_lo_before_commit+0x3c/0x640 [ 60.988457][ T6371] gfs2_log_flush+0x90c/0x2054 [ 60.989778][ T6371] do_sync+0x8f8/0xacc [ 60.990870][ T6371] gfs2_quota_sync+0x338/0x584 [ 60.992123][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 60.993287][ T6371] sync_filesystem+0xe8/0x218 [ 60.994531][ T6371] generic_shutdown_super+0x70/0x2b8 [ 60.995922][ T6371] kill_block_super+0x40/0x74 [ 60.997124][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 60.998331][ T6371] deactivate_locked_super+0xac/0x12c [ 60.999770][ T6371] deactivate_super+0xe0/0x100 [ 61.001034][ T6371] cleanup_mnt+0x34c/0x3dc [ 61.002206][ T6371] __cleanup_mnt+0x20/0x30 [ 61.003413][ T6371] task_work_run+0x230/0x2e0 [ 61.004639][ T6371] do_notify_resume+0x2184/0x3c94 [ 61.005972][ T6371] el0_svc+0xa0/0x16c [ 61.007032][ T6371] el0t_64_sync_handler+0x84/0xfc [ 61.008379][ T6371] el0t_64_sync+0x190/0x194 [ 62.926356][ T6019] Bluetooth: hci0: command 0x041b tx timeout [ 64.537907][ T2176] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.539633][ T2176] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.006257][ T6019] Bluetooth: hci0: command 0x040f tx timeout [ 65.973100][ T6371] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 65.975496][ T6371] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 65.978601][ T6371] [ 65.979239][ T6371] ============================= [ 65.980508][ T6371] [ BUG: Invalid wait context ] [ 65.981767][ T6371] 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 Tainted: G W [ 65.984023][ T6371] ----------------------------- [ 65.985324][ T6371] syz-executor.0/6371 is trying to lock: [ 65.986809][ T6371] ffff800090e497a8 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 [ 65.989458][ T6371] other info that might help us debug this: [ 65.991065][ T6371] context-{4:4} [ 65.992014][ T6371] 4 locks held by syz-executor.0/6371: [ 65.993494][ T6371] #0: ffff0000c57e00e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 65.996285][ T6371] #1: ffff0000d68a4b78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 65.999169][ T6371] #2: ffff0000d68a5060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 66.001977][ T6371] #3: ffff0000d68a4e88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 66.004717][ T6371] stack backtrace: [ 66.005743][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Tainted: G W 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 66.008973][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.011723][ T6371] Call trace: [ 66.012595][ T6371] dump_backtrace+0x1b8/0x1e4 [ 66.013870][ T6371] show_stack+0x2c/0x44 [ 66.014962][ T6371] dump_stack_lvl+0xd0/0x124 [ 66.016234][ T6371] dump_stack+0x1c/0x28 [ 66.017352][ T6371] __lock_acquire+0x1bec/0x75e8 [ 66.018633][ T6371] lock_acquire+0x23c/0x71c [ 66.019894][ T6371] __mutex_lock_common+0x190/0x21a0 [ 66.021256][ T6371] mutex_lock_nested+0x2c/0x38 [ 66.022515][ T6371] kobject_uevent_env+0x4d0/0x874 [ 66.023875][ T6371] kobject_uevent+0x2c/0x3c [ 66.025089][ T6371] gfs2_withdraw+0xcb4/0x12c4 [ 66.026327][ T6371] gfs2_ail1_empty+0x734/0x7c4 [ 66.027563][ T6371] gfs2_flush_revokes+0x5c/0x94 [ 66.028839][ T6371] revoke_lo_before_commit+0x3c/0x640 [ 66.030256][ T6371] gfs2_log_flush+0x90c/0x2054 [ 66.031525][ T6371] do_sync+0x8f8/0xacc [ 66.032603][ T6371] gfs2_quota_sync+0x338/0x584 [ 66.033862][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 66.035044][ T6371] sync_filesystem+0xe8/0x218 [ 66.036338][ T6371] generic_shutdown_super+0x70/0x2b8 [ 66.037791][ T6371] kill_block_super+0x40/0x74 [ 66.039053][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.040268][ T6371] deactivate_locked_super+0xac/0x12c [ 66.041711][ T6371] deactivate_super+0xe0/0x100 [ 66.043034][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.044198][ T6371] __cleanup_mnt+0x20/0x30 [ 66.045384][ T6371] task_work_run+0x230/0x2e0 [ 66.046610][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.047968][ T6371] el0_svc+0xa0/0x16c [ 66.049053][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.050409][ T6371] el0t_64_sync+0x190/0x194 [ 66.054318][ T6371] gfs2: fsid=syz:syz.0: File system withdrawn [ 66.055882][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Tainted: G W 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 66.059026][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.061734][ T6371] Call trace: [ 66.062582][ T6371] dump_backtrace+0x1b8/0x1e4 [ 66.063810][ T6371] show_stack+0x2c/0x44 [ 66.064933][ T6371] dump_stack_lvl+0xd0/0x124 [ 66.066156][ T6371] dump_stack+0x1c/0x28 [ 66.067284][ T6371] gfs2_withdraw+0xda4/0x12c4 [ 66.068542][ T6371] gfs2_ail1_empty+0x734/0x7c4 [ 66.069788][ T6371] gfs2_flush_revokes+0x5c/0x94 [ 66.071089][ T6371] revoke_lo_before_commit+0x3c/0x640 [ 66.072502][ T6371] gfs2_log_flush+0x90c/0x2054 [ 66.073771][ T6371] do_sync+0x8f8/0xacc [ 66.074856][ T6371] gfs2_quota_sync+0x338/0x584 [ 66.076085][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 66.077260][ T6371] sync_filesystem+0xe8/0x218 [ 66.078530][ T6371] generic_shutdown_super+0x70/0x2b8 [ 66.079949][ T6371] kill_block_super+0x40/0x74 [ 66.081208][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.082418][ T6371] deactivate_locked_super+0xac/0x12c [ 66.083819][ T6371] deactivate_super+0xe0/0x100 [ 66.085058][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.086236][ T6371] __cleanup_mnt+0x20/0x30 [ 66.087412][ T6371] task_work_run+0x230/0x2e0 [ 66.088602][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.089937][ T6371] el0_svc+0xa0/0x16c [ 66.090978][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.092351][ T6371] el0t_64_sync+0x190/0x194 [ 66.136433][ T6371] ================================================================== [ 66.138556][ T6371] BUG: KASAN: slab-use-after-free in gfs2_invalidate_folio+0x3c0/0x788 [ 66.140631][ T6371] Read of size 8 at addr ffff0000d519b168 by task syz-executor.0/6371 [ 66.142715][ T6371] [ 66.143274][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Tainted: G W 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 66.146178][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.148856][ T6371] Call trace: [ 66.149740][ T6371] dump_backtrace+0x1b8/0x1e4 [ 66.151002][ T6371] show_stack+0x2c/0x44 [ 66.152140][ T6371] dump_stack_lvl+0xd0/0x124 [ 66.153396][ T6371] print_report+0x174/0x514 [ 66.154568][ T6371] kasan_report+0xd8/0x138 [ 66.155778][ T6371] __asan_report_load8_noabort+0x20/0x2c [ 66.157265][ T6371] gfs2_invalidate_folio+0x3c0/0x788 [ 66.158641][ T6371] truncate_cleanup_folio+0x1fc/0x3ac [ 66.160058][ T6371] truncate_inode_pages_range+0x230/0xd58 [ 66.161566][ T6371] truncate_inode_pages_final+0x90/0xc0 [ 66.162993][ T6371] gfs2_evict_inode+0x2ec/0xf80 [ 66.164284][ T6371] evict+0x260/0x68c [ 66.165368][ T6371] iput+0x734/0x818 [ 66.166357][ T6371] gfs2_put_super+0x33c/0x754 [ 66.167638][ T6371] generic_shutdown_super+0x130/0x2b8 [ 66.169052][ T6371] kill_block_super+0x40/0x74 [ 66.170257][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.171461][ T6371] deactivate_locked_super+0xac/0x12c [ 66.172864][ T6371] deactivate_super+0xe0/0x100 [ 66.174205][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.175355][ T6371] __cleanup_mnt+0x20/0x30 [ 66.176478][ T6371] task_work_run+0x230/0x2e0 [ 66.177663][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.178940][ T6371] el0_svc+0xa0/0x16c [ 66.179999][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.181275][ T6371] el0t_64_sync+0x190/0x194 [ 66.182455][ T6371] [ 66.183024][ T6371] Allocated by task 6371: [ 66.184145][ T6371] kasan_set_track+0x4c/0x7c [ 66.185357][ T6371] kasan_save_alloc_info+0x24/0x30 [ 66.186655][ T6371] __kasan_slab_alloc+0x74/0x8c [ 66.187902][ T6371] slab_post_alloc_hook+0x90/0x4a0 [ 66.189227][ T6371] kmem_cache_alloc+0x29c/0x424 [ 66.190504][ T6371] gfs2_trans_add_data+0x1e8/0x634 [ 66.191852][ T6371] gfs2_unstuff_dinode+0xd08/0x1160 [ 66.193219][ T6371] gfs2_adjust_quota+0x23c/0x8f8 [ 66.194570][ T6371] do_sync+0x744/0xacc [ 66.195661][ T6371] gfs2_quota_sync+0x338/0x584 [ 66.196941][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 66.198085][ T6371] sync_filesystem+0xe8/0x218 [ 66.199331][ T6371] generic_shutdown_super+0x70/0x2b8 [ 66.200772][ T6371] kill_block_super+0x40/0x74 [ 66.202042][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.203227][ T6371] deactivate_locked_super+0xac/0x12c [ 66.204716][ T6371] deactivate_super+0xe0/0x100 [ 66.205973][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.207124][ T6371] __cleanup_mnt+0x20/0x30 [ 66.208346][ T6371] task_work_run+0x230/0x2e0 [ 66.209566][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.210883][ T6371] el0_svc+0xa0/0x16c [ 66.211921][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.213257][ T6371] el0t_64_sync+0x190/0x194 [ 66.214467][ T6371] [ 66.215108][ T6371] Freed by task 6371: [ 66.216200][ T6371] kasan_set_track+0x4c/0x7c [ 66.217424][ T6371] kasan_save_free_info+0x38/0x5c [ 66.218758][ T6371] ____kasan_slab_free+0x144/0x1c0 [ 66.220117][ T6371] __kasan_slab_free+0x18/0x28 [ 66.221416][ T6371] kmem_cache_free+0x2e4/0x56c [ 66.222717][ T6371] gfs2_log_flush+0x1018/0x2054 [ 66.224031][ T6371] do_sync+0x8f8/0xacc [ 66.225138][ T6371] gfs2_quota_sync+0x338/0x584 [ 66.226400][ T6371] gfs2_sync_fs+0x4c/0xc4 [ 66.227560][ T6371] sync_filesystem+0xe8/0x218 [ 66.228794][ T6371] generic_shutdown_super+0x70/0x2b8 [ 66.230223][ T6371] kill_block_super+0x40/0x74 [ 66.231510][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.232716][ T6371] deactivate_locked_super+0xac/0x12c [ 66.234198][ T6371] deactivate_super+0xe0/0x100 [ 66.235488][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.236614][ T6371] __cleanup_mnt+0x20/0x30 [ 66.237770][ T6371] task_work_run+0x230/0x2e0 [ 66.238938][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.240290][ T6371] el0_svc+0xa0/0x16c [ 66.241303][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.242556][ T6371] el0t_64_sync+0x190/0x194 [ 66.243753][ T6371] [ 66.244369][ T6371] The buggy address belongs to the object at ffff0000d519b150 [ 66.244369][ T6371] which belongs to the cache gfs2_bufdata of size 80 [ 66.248000][ T6371] The buggy address is located 24 bytes inside of [ 66.248000][ T6371] freed 80-byte region [ffff0000d519b150, ffff0000d519b1a0) [ 66.251574][ T6371] [ 66.252156][ T6371] The buggy address belongs to the physical page: [ 66.253830][ T6371] page:00000000dee88d4b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11519b [ 66.256472][ T6371] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 66.258435][ T6371] page_type: 0xffffffff() [ 66.259582][ T6371] raw: 05ffc00000000800 ffff0000c4f6ab40 dead000000000122 0000000000000000 [ 66.261782][ T6371] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 66.264011][ T6371] page dumped because: kasan: bad access detected [ 66.265692][ T6371] [ 66.266296][ T6371] Memory state around the buggy address: [ 66.267741][ T6371] ffff0000d519b000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 66.269824][ T6371] ffff0000d519b080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 66.271900][ T6371] >ffff0000d519b100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb [ 66.273920][ T6371] ^ [ 66.275881][ T6371] ffff0000d519b180: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb [ 66.278057][ T6371] ffff0000d519b200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.280267][ T6371] ================================================================== [ 66.282666][ T6371] Unable to handle kernel paging request at virtual address dfff800000000005 [ 66.284872][ T6371] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 66.287424][ T6371] Mem abort info: [ 66.288365][ T6371] ESR = 0x0000000096000005 [ 66.289518][ T6371] EC = 0x25: DABT (current EL), IL = 32 bits [ 66.291047][ T6371] SET = 0, FnV = 0 [ 66.291998][ T6371] EA = 0, S1PTW = 0 [ 66.293027][ T6371] FSC = 0x05: level 1 translation fault [ 66.294456][ T6371] Data abort info: [ 66.295400][ T6371] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 66.297050][ T6371] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 66.298520][ T6371] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 66.300048][ T6371] [dfff800000000005] address between user and kernel address ranges [ 66.301987][ T6371] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 66.303778][ T6371] Modules linked in: [ 66.304747][ T6371] CPU: 0 PID: 6371 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc4-syzkaller-00020-g19af4a4ed414 #0 [ 66.307690][ T6371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.310300][ T6371] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 66.312328][ T6371] pc : gfs2_remove_from_journal+0x390/0x7e8 [ 66.313906][ T6371] lr : gfs2_remove_from_journal+0x384/0x7e8 [ 66.315488][ T6371] sp : ffff800096c670f0 [ 66.316525][ T6371] x29: ffff800096c67110 x28: dfff800000000000 x27: ffff0000d519b170 [ 66.318615][ T6371] x26: ffff0000d519b170 x25: 1fffe0001ba09bd8 x24: 0000000000010000 [ 66.320746][ T6371] x23: 000000000000002c x22: 0000000000000000 x21: ffff0000dd04dec0 [ 66.322933][ T6371] x20: ffff0000d519b150 x19: ffff0000dd04de80 x18: 1fffe000368379ce [ 66.325073][ T6371] x17: 3d3d3d3d3d3d3d3d x16: ffff80008a62bec8 x15: 0000000000000001 [ 66.327236][ T6371] x14: 1fffe0001ad149d7 x13: 0000000000000000 x12: 0000000000000000 [ 66.329391][ T6371] x11: 0000000000000002 x10: 0000000000000000 x9 : 0000000000000000 [ 66.331497][ T6371] x8 : 0000000000000005 x7 : 0000000000000001 x6 : ffff800082454e00 [ 66.333563][ T6371] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008245111c [ 66.335652][ T6371] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000001 [ 66.337750][ T6371] Call trace: [ 66.338601][ T6371] gfs2_remove_from_journal+0x390/0x7e8 [ 66.340038][ T6371] gfs2_invalidate_folio+0x4c4/0x788 [ 66.341379][ T6371] truncate_cleanup_folio+0x1fc/0x3ac [ 66.342784][ T6371] truncate_inode_pages_range+0x230/0xd58 [ 66.344272][ T6371] truncate_inode_pages_final+0x90/0xc0 [ 66.345739][ T6371] gfs2_evict_inode+0x2ec/0xf80 [ 66.347004][ T6371] evict+0x260/0x68c [ 66.348049][ T6371] iput+0x734/0x818 [ 66.349048][ T6371] gfs2_put_super+0x33c/0x754 [ 66.350245][ T6371] generic_shutdown_super+0x130/0x2b8 [ 66.351634][ T6371] kill_block_super+0x40/0x74 [ 66.352825][ T6371] gfs2_kill_sb+0x2cc/0x330 [ 66.353958][ T6371] deactivate_locked_super+0xac/0x12c [ 66.355364][ T6371] deactivate_super+0xe0/0x100 [ 66.356562][ T6371] cleanup_mnt+0x34c/0x3dc [ 66.357707][ T6371] __cleanup_mnt+0x20/0x30 [ 66.358851][ T6371] task_work_run+0x230/0x2e0 [ 66.360070][ T6371] do_notify_resume+0x2184/0x3c94 [ 66.361357][ T6371] el0_svc+0xa0/0x16c [ 66.362389][ T6371] el0t_64_sync_handler+0x84/0xfc [ 66.363698][ T6371] el0t_64_sync+0x190/0x194 [ 66.364882][ T6371] Code: 97833a16 a94067f6 9100b2d7 d343fee8 (38fc6908) [ 66.366623][ T6371] ---[ end trace 0000000000000000 ]--- [ 66.716085][ T6371] Kernel panic - not syncing: Oops: Fatal exception [ 66.717907][ T6371] SMP: stopping secondary CPUs [ 66.719155][ T6371] Kernel Offset: disabled [ 66.720277][ T6371] CPU features: 0x0,00000020,70020043,10017203 [ 66.721874][ T6371] Memory Limit: none [ 67.061940][ T6371] Rebooting in 86400 seconds..