Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts. 1970/01/01 00:00:56 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:56 parsed 1 programs 1970/01/01 00:00:56 executed programs: 0 [ 56.357789][ T5674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.360046][ T5674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.362187][ T5674] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.364314][ T5674] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.366410][ T5674] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.368851][ T5674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.430540][ T6458] chnl_net:caif_netlink_parms(): no params data found [ 56.455691][ T6458] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.457612][ T6458] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.459346][ T6458] bridge_slave_0: entered allmulticast mode [ 56.461229][ T6458] bridge_slave_0: entered promiscuous mode [ 56.464225][ T6458] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.466044][ T6458] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.467904][ T6458] bridge_slave_1: entered allmulticast mode [ 56.469772][ T6458] bridge_slave_1: entered promiscuous mode [ 56.481130][ T6458] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.484606][ T6458] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.496370][ T6458] team0: Port device team_slave_0 added [ 56.499802][ T6458] team0: Port device team_slave_1 added [ 56.509505][ T6458] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.511184][ T6458] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.517242][ T6458] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.520954][ T6458] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.522653][ T6458] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.528871][ T6458] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.598748][ T6458] hsr_slave_0: entered promiscuous mode [ 56.657380][ T6458] hsr_slave_1: entered promiscuous mode [ 57.580608][ T6458] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.628964][ T6458] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.659153][ T6458] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.721006][ T6458] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.810023][ T6458] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.817562][ T6458] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.821997][ T6106] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.823587][ T6106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.829880][ T6106] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.831693][ T6106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.843657][ T6458] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 57.845980][ T6458] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.917069][ T6458] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.935954][ T6458] veth0_vlan: entered promiscuous mode [ 57.941110][ T6458] veth1_vlan: entered promiscuous mode [ 57.953753][ T6458] veth0_macvtap: entered promiscuous mode [ 57.956764][ T6458] veth1_macvtap: entered promiscuous mode [ 57.965852][ T6458] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.971721][ T6458] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.975705][ T6458] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.979348][ T6458] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.981522][ T6458] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.983532][ T6458] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.020667][ T219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.022540][ T219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.034973][ T219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.036836][ T219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.309058][ T6578] loop0: detected capacity change from 0 to 32768 [ 58.316643][ T6578] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 58.318811][ T6578] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 58.331258][ T6578] gfs2: fsid=syz:syz.0: journal 0 mapped with 4 extents in 0ms [ 58.334870][ T23] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 58.336533][ T23] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 58.398050][ T23] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 61ms [ 58.400626][ T23] gfs2: fsid=syz:syz.0: jid=0: Done [ 58.402186][ T6578] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 58.428649][ T5674] Bluetooth: hci0: command 0x0409 tx timeout [ 58.544618][ T6578] gfs2: fsid=syz:syz.0: found 1 quota changes [ 58.578979][ T6458] syz-executor.0: attempt to access beyond end of device [ 58.578979][ T6458] loop0: rw=1, sector=131324, nr_sectors = 4 limit=32768 [ 58.582628][ T6458] gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0 [ 58.584995][ T6458] gfs2: fsid=syz:syz.0: fatal: I/O error(s) [ 58.586516][ T6458] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 58.589064][ T6458] BUG: sleeping function called from invalid context at fs/gfs2/util.c:159 [ 58.591165][ T6458] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6458, name: syz-executor.0 [ 58.593347][ T6458] preempt_count: 1, expected: 0 [ 58.594470][ T6458] RCU nest depth: 0, expected: 0 [ 58.595619][ T6458] 5 locks held by syz-executor.0/6458: [ 58.596890][ T6458] #0: ffff0000c1cee0e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 58.599552][ T6458] #1: ffff0000d61dcb78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 58.601957][ T6458] #2: ffff0000d61dd060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 58.604325][ T6458] #3: ffff0000d61dce88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 58.606707][ T6458] #4: ffff0000d61dd248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x3b8/0x12c4 [ 58.609204][ T6458] Preemption disabled at: [ 58.609213][ T6458] [] gfs2_flush_revokes+0x50/0x94 [ 58.611777][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Not tainted 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 58.614181][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 58.616435][ T6458] Call trace: [ 58.617171][ T6458] dump_backtrace+0x1b8/0x1e4 [ 58.618205][ T6458] show_stack+0x2c/0x3c [ 58.619243][ T6458] dump_stack_lvl+0xd0/0x124 [ 58.620299][ T6458] dump_stack+0x1c/0x28 [ 58.621444][ T6458] __might_resched+0x374/0x4d0 [ 58.622684][ T6458] __might_sleep+0x90/0xe4 [ 58.623809][ T6458] gfs2_withdraw+0x400/0x12c4 [ 58.624889][ T6458] gfs2_ail1_empty+0x734/0x7c4 [ 58.626081][ T6458] gfs2_flush_revokes+0x5c/0x94 [ 58.627216][ T6458] revoke_lo_before_commit+0x3c/0x640 [ 58.628486][ T6458] gfs2_log_flush+0x90c/0x2054 [ 58.629640][ T6458] do_sync+0x8f8/0xacc [ 58.630660][ T6458] gfs2_quota_sync+0x338/0x584 [ 58.631797][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 58.632864][ T6458] sync_filesystem+0xe8/0x218 [ 58.633999][ T6458] generic_shutdown_super+0x70/0x2b8 [ 58.635253][ T6458] kill_block_super+0x44/0x90 [ 58.636416][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 58.637486][ T6458] deactivate_locked_super+0xc4/0x144 [ 58.638761][ T6458] deactivate_super+0xe0/0x100 [ 58.639893][ T6458] cleanup_mnt+0x34c/0x3dc [ 58.641006][ T6458] __cleanup_mnt+0x20/0x30 [ 58.642120][ T6458] task_work_run+0x230/0x2e0 [ 58.643138][ T6458] do_notify_resume+0x214c/0x393c [ 58.644280][ T6458] el0_svc+0x9c/0x158 [ 58.645267][ T6458] el0t_64_sync_handler+0x84/0xfc [ 58.646441][ T6458] el0t_64_sync+0x190/0x194 [ 58.648434][ T6458] BUG: scheduling while atomic: syz-executor.0/6458/0x00000002 [ 58.650215][ T6458] 5 locks held by syz-executor.0/6458: [ 58.651532][ T6458] #0: ffff0000c1cee0e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 58.653950][ T6458] #1: ffff0000d61dcb78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 58.656450][ T6458] #2: ffff0000d61dd060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 58.659117][ T6458] #3: ffff0000d61dce88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 58.661394][ T6458] #4: ffff0000d61dd248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0x3b8/0x12c4 [ 58.663850][ T6458] Modules linked in: [ 58.664753][ T6458] Preemption disabled at: [ 58.664762][ T6458] [] gfs2_flush_revokes+0x50/0x94 [ 58.667493][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Tainted: G W 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 58.670225][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 58.672590][ T6458] Call trace: [ 58.673383][ T6458] dump_backtrace+0x1b8/0x1e4 [ 58.674483][ T6458] show_stack+0x2c/0x3c [ 58.675367][ T6458] dump_stack_lvl+0xd0/0x124 [ 58.676469][ T6458] dump_stack+0x1c/0x28 [ 58.677434][ T6458] __schedule_bug+0x10c/0x19c [ 58.678537][ T6458] __schedule+0x13fc/0x2360 [ 58.679639][ T6458] schedule+0xb8/0x19c [ 58.680641][ T6458] schedule_timeout+0x1d8/0x348 [ 58.681782][ T6458] gfs2_withdraw+0x490/0x12c4 [ 58.683010][ T6458] gfs2_ail1_empty+0x734/0x7c4 [ 58.684094][ T6458] gfs2_flush_revokes+0x5c/0x94 [ 58.685247][ T6458] revoke_lo_before_commit+0x3c/0x640 [ 58.686572][ T6458] gfs2_log_flush+0x90c/0x2054 [ 58.687761][ T6458] do_sync+0x8f8/0xacc [ 58.688806][ T6458] gfs2_quota_sync+0x338/0x584 [ 58.689938][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 58.690981][ T6458] sync_filesystem+0xe8/0x218 [ 58.692035][ T6458] generic_shutdown_super+0x70/0x2b8 [ 58.693295][ T6458] kill_block_super+0x44/0x90 [ 58.694362][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 58.695511][ T6458] deactivate_locked_super+0xc4/0x144 [ 58.696768][ T6458] deactivate_super+0xe0/0x100 [ 58.697915][ T6458] cleanup_mnt+0x34c/0x3dc [ 58.698936][ T6458] __cleanup_mnt+0x20/0x30 [ 58.699998][ T6458] task_work_run+0x230/0x2e0 [ 58.701062][ T6458] do_notify_resume+0x214c/0x393c [ 58.702249][ T6458] el0_svc+0x9c/0x158 [ 58.703205][ T6458] el0t_64_sync_handler+0x84/0xfc [ 58.704382][ T6458] el0t_64_sync+0x190/0x194 [ 60.507290][ T5674] Bluetooth: hci0: command 0x041b tx timeout [ 62.587657][ T5674] Bluetooth: hci0: command 0x040f tx timeout [ 63.714759][ T6458] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 63.717366][ T6458] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 63.720192][ T6458] [ 63.720777][ T6458] ============================= [ 63.721999][ T6458] [ BUG: Invalid wait context ] [ 63.723146][ T6458] 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 Tainted: G W [ 63.725171][ T6458] ----------------------------- [ 63.726358][ T6458] syz-executor.0/6458 is trying to lock: [ 63.727690][ T6458] ffff8000912b15a8 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x4d0/0x874 [ 63.730158][ T6458] other info that might help us debug this: [ 63.731624][ T6458] context-{4:4} [ 63.732443][ T6458] 4 locks held by syz-executor.0/6458: [ 63.733787][ T6458] #0: ffff0000c1cee0e0 (&type->s_umount_key#52){+.+.}-{3:3}, at: deactivate_super+0xd8/0x100 [ 63.736295][ T6458] #1: ffff0000d61dcb78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x1b0/0x584 [ 63.738844][ T6458] #2: ffff0000d61dd060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xc0/0x2054 [ 63.741408][ T6458] #3: ffff0000d61dce88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x50/0x94 [ 63.743913][ T6458] stack backtrace: [ 63.744829][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Tainted: G W 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 63.747780][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 63.750190][ T6458] Call trace: [ 63.750948][ T6458] dump_backtrace+0x1b8/0x1e4 [ 63.752136][ T6458] show_stack+0x2c/0x3c [ 63.753172][ T6458] dump_stack_lvl+0xd0/0x124 [ 63.754306][ T6458] dump_stack+0x1c/0x28 [ 63.755334][ T6458] __lock_acquire+0x1be4/0x763c [ 63.756543][ T6458] lock_acquire+0x23c/0x71c [ 63.757652][ T6458] __mutex_lock_common+0x190/0x21a0 [ 63.758974][ T6458] mutex_lock_nested+0x2c/0x38 [ 63.760144][ T6458] kobject_uevent_env+0x4d0/0x874 [ 63.761404][ T6458] kobject_uevent+0x2c/0x3c [ 63.762499][ T6458] gfs2_withdraw+0xcb4/0x12c4 [ 63.763743][ T6458] gfs2_ail1_empty+0x734/0x7c4 [ 63.764942][ T6458] gfs2_flush_revokes+0x5c/0x94 [ 63.766163][ T6458] revoke_lo_before_commit+0x3c/0x640 [ 63.767540][ T6458] gfs2_log_flush+0x90c/0x2054 [ 63.768768][ T6458] do_sync+0x8f8/0xacc [ 63.769791][ T6458] gfs2_quota_sync+0x338/0x584 [ 63.770954][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 63.771988][ T6458] sync_filesystem+0xe8/0x218 [ 63.773163][ T6458] generic_shutdown_super+0x70/0x2b8 [ 63.774475][ T6458] kill_block_super+0x44/0x90 [ 63.775599][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 63.776643][ T6458] deactivate_locked_super+0xc4/0x144 [ 63.777982][ T6458] deactivate_super+0xe0/0x100 [ 63.779143][ T6458] cleanup_mnt+0x34c/0x3dc [ 63.780211][ T6458] __cleanup_mnt+0x20/0x30 [ 63.781297][ T6458] task_work_run+0x230/0x2e0 [ 63.782455][ T6458] do_notify_resume+0x214c/0x393c [ 63.783660][ T6458] el0_svc+0x9c/0x158 [ 63.784662][ T6458] el0t_64_sync_handler+0x84/0xfc [ 63.785920][ T6458] el0t_64_sync+0x190/0x194 [ 63.787228][ T6458] gfs2: fsid=syz:syz.0: File system withdrawn [ 63.788762][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Tainted: G W 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 63.791674][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 63.794294][ T6458] Call trace: [ 63.795141][ T6458] dump_backtrace+0x1b8/0x1e4 [ 63.796313][ T6458] show_stack+0x2c/0x3c [ 63.797327][ T6458] dump_stack_lvl+0xd0/0x124 [ 63.798485][ T6458] dump_stack+0x1c/0x28 [ 63.799490][ T6458] gfs2_withdraw+0xda4/0x12c4 [ 63.800658][ T6458] gfs2_ail1_empty+0x734/0x7c4 [ 63.801859][ T6458] gfs2_flush_revokes+0x5c/0x94 [ 63.803091][ T6458] revoke_lo_before_commit+0x3c/0x640 [ 63.804399][ T6458] gfs2_log_flush+0x90c/0x2054 [ 63.805564][ T6458] do_sync+0x8f8/0xacc [ 63.806611][ T6458] gfs2_quota_sync+0x338/0x584 [ 63.807810][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 63.808870][ T6458] sync_filesystem+0xe8/0x218 [ 63.810100][ T6458] generic_shutdown_super+0x70/0x2b8 [ 63.811412][ T6458] kill_block_super+0x44/0x90 [ 63.812608][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 63.813715][ T6458] deactivate_locked_super+0xc4/0x144 [ 63.815056][ T6458] deactivate_super+0xe0/0x100 [ 63.816232][ T6458] cleanup_mnt+0x34c/0x3dc [ 63.817368][ T6458] __cleanup_mnt+0x20/0x30 [ 63.818521][ T6458] task_work_run+0x230/0x2e0 [ 63.819679][ T6458] do_notify_resume+0x214c/0x393c [ 63.820979][ T6458] el0_svc+0x9c/0x158 [ 63.821954][ T6458] el0t_64_sync_handler+0x84/0xfc [ 63.823167][ T6458] el0t_64_sync+0x190/0x194 [ 63.867545][ T6458] ================================================================== [ 63.869458][ T6458] BUG: KASAN: slab-use-after-free in gfs2_invalidate_folio+0x3c0/0x788 [ 63.871492][ T6458] Read of size 8 at addr ffff0000c209e168 by task syz-executor.0/6458 [ 63.873509][ T6458] [ 63.874099][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Tainted: G W 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 63.876930][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 63.879470][ T6458] Call trace: [ 63.880299][ T6458] dump_backtrace+0x1b8/0x1e4 [ 63.881447][ T6458] show_stack+0x2c/0x3c [ 63.882506][ T6458] dump_stack_lvl+0xd0/0x124 [ 63.883645][ T6458] print_report+0x174/0x514 [ 63.884794][ T6458] kasan_report+0xd8/0x138 [ 63.885929][ T6458] __asan_report_load8_noabort+0x20/0x2c [ 63.887339][ T6458] gfs2_invalidate_folio+0x3c0/0x788 [ 63.888758][ T6458] truncate_cleanup_folio+0x1fc/0x3ac [ 63.890146][ T6458] truncate_inode_pages_range+0x240/0xf34 [ 63.891624][ T6458] truncate_inode_pages_final+0x90/0xc0 [ 63.893004][ T6458] gfs2_evict_inode+0x2ec/0xf80 [ 63.894158][ T6458] evict+0x260/0x68c [ 63.895076][ T6458] iput+0x734/0x818 [ 63.896031][ T6458] gfs2_put_super+0x338/0x750 [ 63.897212][ T6458] generic_shutdown_super+0x130/0x2b8 [ 63.898573][ T6458] kill_block_super+0x44/0x90 [ 63.899723][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 63.900857][ T6458] deactivate_locked_super+0xc4/0x144 [ 63.902187][ T6458] deactivate_super+0xe0/0x100 [ 63.903383][ T6458] cleanup_mnt+0x34c/0x3dc [ 63.904460][ T6458] __cleanup_mnt+0x20/0x30 [ 63.905590][ T6458] task_work_run+0x230/0x2e0 [ 63.906775][ T6458] do_notify_resume+0x214c/0x393c [ 63.908042][ T6458] el0_svc+0x9c/0x158 [ 63.909056][ T6458] el0t_64_sync_handler+0x84/0xfc [ 63.910384][ T6458] el0t_64_sync+0x190/0x194 [ 63.911500][ T6458] [ 63.912101][ T6458] Allocated by task 6458: [ 63.913219][ T6458] kasan_set_track+0x4c/0x7c [ 63.914388][ T6458] kasan_save_alloc_info+0x24/0x30 [ 63.915701][ T6458] __kasan_slab_alloc+0x74/0x8c [ 63.916953][ T6458] slab_post_alloc_hook+0x90/0x498 [ 63.918171][ T6458] kmem_cache_alloc+0x288/0x410 [ 63.919359][ T6458] gfs2_trans_add_data+0x1e8/0x634 [ 63.920498][ T6458] gfs2_unstuff_dinode+0xc80/0x1060 [ 63.921750][ T6458] gfs2_adjust_quota+0x23c/0x8f4 [ 63.922893][ T6458] do_sync+0x744/0xacc [ 63.923910][ T6458] gfs2_quota_sync+0x338/0x584 [ 63.925061][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 63.926145][ T6458] sync_filesystem+0xe8/0x218 [ 63.927263][ T6458] generic_shutdown_super+0x70/0x2b8 [ 63.928503][ T6458] kill_block_super+0x44/0x90 [ 63.929641][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 63.930718][ T6458] deactivate_locked_super+0xc4/0x144 [ 63.932003][ T6458] deactivate_super+0xe0/0x100 [ 63.933150][ T6458] cleanup_mnt+0x34c/0x3dc [ 63.934274][ T6458] __cleanup_mnt+0x20/0x30 [ 63.935321][ T6458] task_work_run+0x230/0x2e0 [ 63.936441][ T6458] do_notify_resume+0x214c/0x393c [ 63.937663][ T6458] el0_svc+0x9c/0x158 [ 63.938554][ T6458] el0t_64_sync_handler+0x84/0xfc [ 63.939761][ T6458] el0t_64_sync+0x190/0x194 [ 63.940858][ T6458] [ 63.941392][ T6458] Freed by task 6458: [ 63.942357][ T6458] kasan_set_track+0x4c/0x7c [ 63.943397][ T6458] kasan_save_free_info+0x38/0x5c [ 63.944604][ T6458] ____kasan_slab_free+0x144/0x1c0 [ 63.945903][ T6458] __kasan_slab_free+0x18/0x28 [ 63.947040][ T6458] kmem_cache_free+0x2e4/0x56c [ 63.948277][ T6458] gfs2_log_flush+0x1018/0x2054 [ 63.949403][ T6458] do_sync+0x8f8/0xacc [ 63.950331][ T6458] gfs2_quota_sync+0x338/0x584 [ 63.951492][ T6458] gfs2_sync_fs+0x4c/0xc4 [ 63.952540][ T6458] sync_filesystem+0xe8/0x218 [ 63.953656][ T6458] generic_shutdown_super+0x70/0x2b8 [ 63.954852][ T6458] kill_block_super+0x44/0x90 [ 63.955974][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 63.957063][ T6458] deactivate_locked_super+0xc4/0x144 [ 63.958415][ T6458] deactivate_super+0xe0/0x100 [ 63.959574][ T6458] cleanup_mnt+0x34c/0x3dc [ 63.960657][ T6458] __cleanup_mnt+0x20/0x30 [ 63.961692][ T6458] task_work_run+0x230/0x2e0 [ 63.962778][ T6458] do_notify_resume+0x214c/0x393c [ 63.964006][ T6458] el0_svc+0x9c/0x158 [ 63.964922][ T6458] el0t_64_sync_handler+0x84/0xfc [ 63.966132][ T6458] el0t_64_sync+0x190/0x194 [ 63.967213][ T6458] [ 63.967742][ T6458] The buggy address belongs to the object at ffff0000c209e150 [ 63.967742][ T6458] which belongs to the cache gfs2_bufdata of size 80 [ 63.970937][ T6458] The buggy address is located 24 bytes inside of [ 63.970937][ T6458] freed 80-byte region [ffff0000c209e150, ffff0000c209e1a0) [ 63.974212][ T6458] [ 63.974775][ T6458] The buggy address belongs to the physical page: [ 63.976278][ T6458] page:00000000777dca45 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10209e [ 63.978804][ T6458] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 63.980668][ T6458] page_type: 0xffffffff() [ 63.981688][ T6458] raw: 05ffc00000000800 ffff0000c509d500 dead000000000122 0000000000000000 [ 63.983781][ T6458] raw: 0000000000000000 0000000080240024 00000001ffffffff 0000000000000000 [ 63.985825][ T6458] page dumped because: kasan: bad access detected [ 63.987404][ T6458] [ 63.987879][ T6458] Memory state around the buggy address: [ 63.989222][ T6458] ffff0000c209e000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 63.991148][ T6458] ffff0000c209e080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 63.993189][ T6458] >ffff0000c209e100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb [ 63.995096][ T6458] ^ [ 63.996787][ T6458] ffff0000c209e180: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb [ 63.998671][ T6458] ffff0000c209e200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.000642][ T6458] ================================================================== [ 64.002960][ T6458] Unable to handle kernel paging request at virtual address dfff800000000005 [ 64.004947][ T6458] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 64.006909][ T6458] Mem abort info: [ 64.007978][ T6458] ESR = 0x0000000096000005 [ 64.009070][ T6458] EC = 0x25: DABT (current EL), IL = 32 bits [ 64.010451][ T6458] SET = 0, FnV = 0 [ 64.011350][ T6458] EA = 0, S1PTW = 0 [ 64.012269][ T6458] FSC = 0x05: level 1 translation fault [ 64.013522][ T6458] Data abort info: [ 64.014378][ T6458] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 64.015828][ T6458] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 64.017224][ T6458] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 64.018624][ T6458] [dfff800000000005] address between user and kernel address ranges [ 64.020489][ T6458] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 64.022161][ T6458] Modules linked in: [ 64.023096][ T6458] CPU: 0 PID: 6458 Comm: syz-executor.0 Tainted: G B W 6.7.0-rc5-syzkaller-00083-gd5b235ec8eab #0 [ 64.025844][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 64.028186][ T6458] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.029991][ T6458] pc : gfs2_remove_from_journal+0x390/0x7e8 [ 64.031471][ T6458] lr : gfs2_remove_from_journal+0x384/0x7e8 [ 64.032856][ T6458] sp : ffff8000970170f0 [ 64.033791][ T6458] x29: ffff800097017110 x28: dfff800000000000 x27: ffff0000c209e170 [ 64.035622][ T6458] x26: ffff0000c209e170 x25: 1fffe0001bd72d81 x24: 0000000000010000 [ 64.037580][ T6458] x23: 000000000000002c x22: 0000000000000000 x21: ffff0000deb96c08 [ 64.039421][ T6458] x20: ffff0000c209e150 x19: ffff0000deb96bc8 x18: 1fffe000368261ce [ 64.041290][ T6458] x17: 3d3d3d3d3d3d3d3d x16: ffff80008a82e2a0 x15: 0000000000000001 [ 64.043292][ T6458] x14: 1fffe0001ac3b9d7 x13: 0000000000000000 x12: 0000000000000000 [ 64.045200][ T6458] x11: ffff60001ac3b9d8 x10: 0000000000ff0100 x9 : 0000000000000000 [ 64.047164][ T6458] x8 : 0000000000000005 x7 : 0000000000000001 x6 : ffff80008249122c [ 64.049094][ T6458] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008248d10c [ 64.050896][ T6458] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000001 [ 64.052841][ T6458] Call trace: [ 64.053541][ T6458] gfs2_remove_from_journal+0x390/0x7e8 [ 64.054988][ T6458] gfs2_invalidate_folio+0x4c4/0x788 [ 64.056166][ T6458] truncate_cleanup_folio+0x1fc/0x3ac [ 64.057397][ T6458] truncate_inode_pages_range+0x240/0xf34 [ 64.058789][ T6458] truncate_inode_pages_final+0x90/0xc0 [ 64.060072][ T6458] gfs2_evict_inode+0x2ec/0xf80 [ 64.061250][ T6458] evict+0x260/0x68c [ 64.062190][ T6458] iput+0x734/0x818 [ 64.063063][ T6458] gfs2_put_super+0x338/0x750 [ 64.064150][ T6458] generic_shutdown_super+0x130/0x2b8 [ 64.065412][ T6458] kill_block_super+0x44/0x90 [ 64.066641][ T6458] gfs2_kill_sb+0x2cc/0x330 [ 64.067773][ T6458] deactivate_locked_super+0xc4/0x144 [ 64.069127][ T6458] deactivate_super+0xe0/0x100 [ 64.070244][ T6458] cleanup_mnt+0x34c/0x3dc [ 64.071333][ T6458] __cleanup_mnt+0x20/0x30 [ 64.072370][ T6458] task_work_run+0x230/0x2e0 [ 64.073374][ T6458] do_notify_resume+0x214c/0x393c [ 64.074496][ T6458] el0_svc+0x9c/0x158 [ 64.075453][ T6458] el0t_64_sync_handler+0x84/0xfc [ 64.076686][ T6458] el0t_64_sync+0x190/0x194 [ 64.077787][ T6458] Code: 978246a4 a94067f6 9100b2d7 d343fee8 (38fc6908) [ 64.079406][ T6458] ---[ end trace 0000000000000000 ]--- [ 64.478315][ T6458] Kernel panic - not syncing: Oops: Fatal exception [ 64.479877][ T6458] SMP: stopping secondary CPUs [ 64.481003][ T6458] Kernel Offset: disabled [ 64.481993][ T6458] CPU features: 0x0,00000020,7002004a,21017203 [ 64.483451][ T6458] Memory Limit: none [ 64.852951][ T6458] Rebooting in 86400 seconds..