Warning: Permanently added '[localhost]:15215' (ED25519) to the list of known hosts.
2026/01/27 13:16:36 parsed 1 programs
syzkaller login: [   91.841148][   T10] cfg80211: failed to load regulatory.db
[   93.723555][ T5315] cgroup: Unknown subsys name 'net'
[   93.787083][ T5315] cgroup: Unknown subsys name 'cpuset'
[   93.795413][ T5315] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   95.633822][ T5315] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.067092][ T5328] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  104.047097][ T5353] chnl_net:caif_netlink_parms(): no params data found
[  104.255478][ T5353] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.273351][ T5353] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.276723][ T5353] bridge_slave_0: entered allmulticast mode
[  104.293426][ T5353] bridge_slave_0: entered promiscuous mode
[  104.304965][ T5353] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.307841][ T5353] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.310958][ T5353] bridge_slave_1: entered allmulticast mode
[  104.343369][ T5353] bridge_slave_1: entered promiscuous mode
[  104.426218][ T5353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.432765][ T5353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.509919][ T5353] team0: Port device team_slave_0 added
[  104.534351][ T5353] team0: Port device team_slave_1 added
[  104.591831][ T5353] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.613315][ T5353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.643208][ T5353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.655181][ T5353] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.658901][ T5353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.713657][ T5353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.805383][ T5353] hsr_slave_0: entered promiscuous mode
[  104.808644][ T5353] hsr_slave_1: entered promiscuous mode
[  105.223955][ T5353] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.246794][ T5353] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.265040][ T5353] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.271957][ T5353] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.414772][ T5353] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.465855][ T5353] 8021q: adding VLAN 0 to HW filter on device team0
[  105.477829][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.481146][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.518626][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.521690][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.560227][ T5353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  105.961251][ T5353] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.056254][ T5353] veth0_vlan: entered promiscuous mode
[  106.062662][ T5353] veth1_vlan: entered promiscuous mode
[  106.112065][ T5353] veth0_macvtap: entered promiscuous mode
[  106.128561][ T5353] veth1_macvtap: entered promiscuous mode
[  106.150627][ T5353] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.170213][ T5353] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.192539][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.198279][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.201942][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.215770][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.397763][ T1043] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.476857][ T1043] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.536119][ T1043] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.612878][ T1043] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.778441][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.781577][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.816203][ T1042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.819805][ T1042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.312535][ T1043] bridge_slave_1: left allmulticast mode
[  108.321096][ T1043] bridge_slave_1: left promiscuous mode
[  108.354082][ T1043] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.445117][ T1043] bridge_slave_0: left allmulticast mode
[  108.447539][ T1043] bridge_slave_0: left promiscuous mode
[  108.449947][ T1043] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.844892][ T1043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.851479][ T1043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.866631][ T1043] bond0 (unregistering): Released all slaves
[  108.993606][ T1043] hsr_slave_0: left promiscuous mode
[  108.997077][ T1043] hsr_slave_1: left promiscuous mode
[  109.004347][ T1043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.007547][ T1043] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.023937][ T1043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.027467][ T1043] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.088434][ T1043] veth1_macvtap: left promiscuous mode
[  109.091405][ T1043] veth0_macvtap: left promiscuous mode
[  109.122495][ T1043] veth1_vlan: left promiscuous mode
[  109.125536][ T1043] veth0_vlan: left promiscuous mode
[  109.846973][ T1043] team0 (unregistering): Port device team_slave_1 removed
[  109.874335][ T1043] team0 (unregistering): Port device team_slave_0 removed
[  110.728683][ T5421] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  110.732890][ T5421] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  110.736846][ T5421] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  110.740610][ T5421] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  110.744984][ T5421] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/01/27 13:16:59 executed programs: 0
[  113.438110][ T4669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  113.443756][ T4669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  113.447599][ T4669] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  113.450974][ T4669] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  113.461196][ T4669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.619890][ T5454] chnl_net:caif_netlink_parms(): no params data found
[  113.686821][ T5454] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.689891][ T5454] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.693011][ T5454] bridge_slave_0: entered allmulticast mode
[  113.697229][ T5454] bridge_slave_0: entered promiscuous mode
[  113.702317][ T5454] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.705790][ T5454] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.708798][ T5454] bridge_slave_1: entered allmulticast mode
[  113.712595][ T5454] bridge_slave_1: entered promiscuous mode
[  113.735253][ T5454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.740783][ T5454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.760355][ T5454] team0: Port device team_slave_0 added
[  113.764534][ T5454] team0: Port device team_slave_1 added
[  113.780748][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.784103][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.795551][ T5454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.802159][ T5454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.805588][ T5454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.817462][ T5454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.851627][ T5454] hsr_slave_0: entered promiscuous mode
[  113.856319][ T5454] hsr_slave_1: entered promiscuous mode
[  114.292813][ T5454] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.316687][ T5454] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.326391][ T5454] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.338778][ T5454] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.391514][ T5454] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.395115][ T5454] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.399162][ T5454] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.402129][ T5454] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.528030][ T5454] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.547129][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.553991][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.564473][ T5454] 8021q: adding VLAN 0 to HW filter on device team0
[  114.578951][ T1043] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.581993][ T1043] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.601298][ T1043] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.604522][ T1043] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.666587][ T5454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  114.956174][ T5454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.020782][ T5454] veth0_vlan: entered promiscuous mode
[  115.046566][ T5454] veth1_vlan: entered promiscuous mode
[  115.087383][ T5454] veth0_macvtap: entered promiscuous mode
[  115.092579][ T5454] veth1_macvtap: entered promiscuous mode
[  115.129307][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.147236][ T5454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.171464][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.175866][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.202182][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.214526][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.281491][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.290015][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.348042][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.351209][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.523091][ T5421] Bluetooth: hci0: command tx timeout
[  116.108538][ T5496] loop0: detected capacity change from 0 to 32768
[  116.174499][ T5496] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  116.178294][ T5496] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  116.266142][ T5496] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  116.297220][  T788] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  116.303986][  T788] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  116.439253][  T788] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 135ms
[  116.460393][  T788] gfs2: fsid=syz:syz.0: jid=0: Done
[  116.463725][ T5496] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  116.609917][ T5496] gfs2: fsid=syz:syz.0: found 1 quota changes
[  116.672633][ T5454] gfs2: fsid=syz:syz.0: fatal: assertion "ip->i_qadata && ip->i_qadata->qa_ref > 0" failed - function = gfs2_quota_change, file = fs/gfs2/quota.c, line = 1297
[  116.695227][ T5454] CPU: 0 UID: 0 PID: 5454 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  116.695247][ T5454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.695254][ T5454] Call Trace:
[  116.695260][ T5454]  <TASK>
[  116.695280][ T5454]  dump_stack_lvl+0xe8/0x150
[  116.695357][ T5454]  gfs2_withdraw+0xc3/0x1b0
[  116.695369][ T5454]  gfs2_assert_withdraw_i+0xae/0xc0
[  116.695386][ T5454]  gfs2_alloc_blocks+0x18ca/0x2090
[  116.695418][ T5454]  ? __pfx_gfs2_alloc_blocks+0x10/0x10
[  116.695439][ T5454]  gfs2_unstuff_dinode+0x249/0x1240
[  116.695459][ T5454]  ? __pfx_gfs2_unstuff_dinode+0x10/0x10
[  116.695473][ T5454]  ? gfs2_log_try_reserve+0x38e/0x510
[  116.695492][ T5454]  ? __pfx_gfs2_log_try_reserve+0x10/0x10
[  116.695511][ T5454]  gfs2_adjust_quota+0x23f/0x850
[  116.695523][ T5454]  ? gfs2_log_release_revokes+0x43/0x50
[  116.695542][ T5454]  ? __pfx_gfs2_adjust_quota+0x10/0x10
[  116.695564][ T5454]  ? gfs2_trans_begin+0x52/0xe0
[  116.695584][ T5454]  do_sync+0x872/0xcb0
[  116.695596][ T5454]  ? _raw_spin_unlock+0x28/0x50
[  116.695638][ T5454]  ? __pfx_do_sync+0x10/0x10
[  116.695650][ T5454]  ? gfs2_quota_sync+0x370/0x470
[  116.695659][ T5454]  ? do_raw_spin_unlock+0x4d/0x210
[  116.695670][ T5454]  gfs2_quota_sync+0x370/0x470
[  116.695682][ T5454]  gfs2_sync_fs+0x4c/0xb0
[  116.695691][ T5454]  sync_filesystem+0xee/0x230
[  116.695701][ T5454]  generic_shutdown_super+0x6f/0x2c0
[  116.695710][ T5454]  kill_block_super+0x44/0x90
[  116.695720][ T5454]  deactivate_locked_super+0xbc/0x130
[  116.695733][ T5454]  cleanup_mnt+0x437/0x4d0
[  116.695744][ T5454]  ? _raw_spin_unlock_irq+0x23/0x50
[  116.695761][ T5454]  task_work_run+0x1d9/0x270
[  116.695777][ T5454]  ? __pfx_task_work_run+0x10/0x10
[  116.695797][ T5454]  exit_to_user_mode_loop+0xed/0x480
[  116.695812][ T5454]  ? rcu_is_watching+0x15/0xb0
[  116.695824][ T5454]  do_syscall_64+0x2b7/0xf80
[  116.695834][ T5454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.695843][ T5454]  ? trace_irq_disable+0x37/0x100
[  116.695853][ T5454]  ? clear_bhb_loop+0x60/0xb0
[  116.695866][ T5454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.695876][ T5454] RIP: 0033:0x7f9bb639c117
[  116.695905][ T5454] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  116.695931][ T5454] RSP: 002b:00007ffdcb6948a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  116.695944][ T5454] RAX: 0000000000000000 RBX: 00007f9bb640471f RCX: 00007f9bb639c117
[  116.695952][ T5454] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcb694960
[  116.695958][ T5454] RBP: 00007ffdcb694960 R08: 00007ffdcb695960 R09: 00000000ffffffff
[  116.695966][ T5454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcb6959f0
[  116.695972][ T5454] R13: 00007f9bb640471f R14: 000000000001c700 R15: 00007ffdcb695a30
[  116.695984][ T5454]  </TASK>
[  116.695987][ T5454] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  116.955759][ T5454] CPU: 0 UID: 0 PID: 5454 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  116.955780][ T5454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.955788][ T5454] Call Trace:
[  116.955793][ T5454]  <TASK>
[  116.955799][ T5454]  dump_stack_lvl+0xe8/0x150
[  116.955820][ T5454]  gfs2_alloc_blocks+0x18ca/0x2090
[  116.955863][ T5454]  ? __pfx_gfs2_alloc_blocks+0x10/0x10
[  116.955889][ T5454]  gfs2_unstuff_dinode+0x249/0x1240
[  116.955912][ T5454]  ? __pfx_gfs2_unstuff_dinode+0x10/0x10
[  116.955929][ T5454]  ? gfs2_log_try_reserve+0x38e/0x510
[  116.955951][ T5454]  ? __pfx_gfs2_log_try_reserve+0x10/0x10
[  116.955975][ T5454]  gfs2_adjust_quota+0x23f/0x850
[  116.955996][ T5454]  ? gfs2_log_release_revokes+0x43/0x50
[  116.956017][ T5454]  ? __pfx_gfs2_adjust_quota+0x10/0x10
[  116.956042][ T5454]  ? gfs2_trans_begin+0x52/0xe0
[  116.956065][ T5454]  do_sync+0x872/0xcb0
[  116.956078][ T5454]  ? _raw_spin_unlock+0x28/0x50
[  116.956103][ T5454]  ? __pfx_do_sync+0x10/0x10
[  116.956124][ T5454]  ? gfs2_quota_sync+0x370/0x470
[  116.956141][ T5454]  ? do_raw_spin_unlock+0x4d/0x210
[  116.956159][ T5454]  gfs2_quota_sync+0x370/0x470
[  116.956182][ T5454]  gfs2_sync_fs+0x4c/0xb0
[  116.956195][ T5454]  sync_filesystem+0xee/0x230
[  116.956211][ T5454]  generic_shutdown_super+0x6f/0x2c0
[  116.956227][ T5454]  kill_block_super+0x44/0x90
[  116.956243][ T5454]  deactivate_locked_super+0xbc/0x130
[  116.956258][ T5454]  cleanup_mnt+0x437/0x4d0
[  116.956277][ T5454]  ? _raw_spin_unlock_irq+0x23/0x50
[  116.956301][ T5454]  task_work_run+0x1d9/0x270
[  116.956319][ T5454]  ? __pfx_task_work_run+0x10/0x10
[  116.956342][ T5454]  exit_to_user_mode_loop+0xed/0x480
[  116.956359][ T5454]  ? rcu_is_watching+0x15/0xb0
[  116.956373][ T5454]  do_syscall_64+0x2b7/0xf80
[  116.956385][ T5454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.956396][ T5454]  ? trace_irq_disable+0x37/0x100
[  116.956408][ T5454]  ? clear_bhb_loop+0x60/0xb0
[  116.956423][ T5454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.956434][ T5454] RIP: 0033:0x7f9bb639c117
[  116.956447][ T5454] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  116.956456][ T5454] RSP: 002b:00007ffdcb6948a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  116.956471][ T5454] RAX: 0000000000000000 RBX: 00007f9bb640471f RCX: 00007f9bb639c117
[  116.956479][ T5454] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcb694960
[  116.956486][ T5454] RBP: 00007ffdcb694960 R08: 00007ffdcb695960 R09: 00000000ffffffff
[  116.956493][ T5454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcb6959f0
[  116.956501][ T5454] R13: 00007f9bb640471f R14: 000000000001c700 R15: 00007ffdcb695a30
[  116.956523][ T5454]  </TASK>
[  116.957323][ T5454] gfs2: fsid=syz:syz.0: GFS2:adding buf while withdrawn! 0x22ce
[  117.593292][ T5421] Bluetooth: hci0: command tx timeout
[  119.674029][ T5421] Bluetooth: hci0: command tx timeout
[  121.753775][ T5421] Bluetooth: hci0: command tx timeout
[  122.154338][ T5454] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564
[  122.160381][ T5454] CPU: 0 UID: 0 PID: 5454 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  122.160394][ T5454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  122.160399][ T5454] Call Trace:
[  122.160405][ T5454]  <TASK>
[  122.160409][ T5454]  dump_stack_lvl+0xe8/0x150
[  122.160424][ T5454]  gfs2_assert_warn_i+0x194/0x2c0
[  122.160438][ T5454]  gfs2_make_fs_ro+0x30d/0x320
[  122.160446][ T5454]  ? __pfx_gfs2_make_fs_ro+0x10/0x10
[  122.160453][ T5454]  ? do_raw_spin_lock+0x12b/0x2f0
[  122.160462][ T5454]  ? __pfx_autoremove_wake_function+0x10/0x10
[  122.160479][ T5454]  ? do_raw_spin_unlock+0x4d/0x210
[  122.160492][ T5454]  gfs2_put_super+0x220/0x860
[  122.160507][ T5454]  ? __pfx_gfs2_put_super+0x10/0x10
[  122.160517][ T5454]  generic_shutdown_super+0x135/0x2c0
[  122.160528][ T5454]  kill_block_super+0x44/0x90
[  122.160538][ T5454]  deactivate_locked_super+0xbc/0x130
[  122.160546][ T5454]  cleanup_mnt+0x437/0x4d0
[  122.160554][ T5454]  ? _raw_spin_unlock_irq+0x23/0x50
[  122.160567][ T5454]  task_work_run+0x1d9/0x270
[  122.160579][ T5454]  ? __pfx_task_work_run+0x10/0x10
[  122.160597][ T5454]  exit_to_user_mode_loop+0xed/0x480
[  122.160612][ T5454]  ? rcu_is_watching+0x15/0xb0
[  122.160624][ T5454]  do_syscall_64+0x2b7/0xf80
[  122.160634][ T5454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.160640][ T5454]  ? trace_irq_disable+0x37/0x100
[  122.160648][ T5454]  ? clear_bhb_loop+0x60/0xb0
[  122.160657][ T5454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.160664][ T5454] RIP: 0033:0x7f9bb639c117
[  122.160677][ T5454] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  122.160685][ T5454] RSP: 002b:00007ffdcb6948a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  122.160698][ T5454] RAX: 0000000000000000 RBX: 00007f9bb640471f RCX: 00007f9bb639c117
[  122.160705][ T5454] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcb694960
[  122.160711][ T5454] RBP: 00007ffdcb694960 R08: 00007ffdcb695960 R09: 00000000ffffffff
[  122.160718][ T5454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcb6959f0
[  122.160724][ T5454] R13: 00007f9bb640471f R14: 000000000001c700 R15: 00007ffdcb695a30
[  122.160741][ T5454]  </TASK>
[  122.274698][ T5454] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI
[  122.279715][ T5454] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  122.283351][ T5454] CPU: 0 UID: 0 PID: 5454 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  122.287292][ T5454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  122.292179][ T5454] RIP: 0010:gfs2_remove_from_journal+0x3bb/0x6b0
[  122.295066][ T5454] Code: 3a 4c 89 e7 e8 06 aa 1a fe eb 30 e8 2f d0 b0 fd 48 8b 6c 24 10 4c 8d 65 2c 4c 89 e0 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 0f b6 04 30 84 c0 4c 8b 3c 24 0f 85 9d 01 00 00 41 ff 04 24 48
[  122.303551][ T5454] RSP: 0018:ffffc900029f7510 EFLAGS: 00010207
[  122.306272][ T5454] RAX: 0000000000000005 RBX: ffff8880476e93a0 RCX: ffff88800094a4c0
[  122.309757][ T5454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  122.313120][ T5454] RBP: 0000000000000000 R08: ffff8880121fccff R09: 1ffff1100243f99f
[  122.316535][ T5454] R10: dffffc0000000000 R11: ffffed100243f9a0 R12: 000000000000002c
[  122.320097][ T5454] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff888041d9a170
[  122.323614][ T5454] FS:  000055558f4ef500(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
[  122.327564][ T5454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.330523][ T5454] CR2: 00007f6bd52346c8 CR3: 00000000455fc000 CR4: 0000000000352ef0
[  122.333802][ T5454] Call Trace:
[  122.335249][ T5454]  <TASK>
[  122.336468][ T5454]  gfs2_invalidate_folio+0x579/0x750
[  122.338652][ T5454]  ? __pfx_gfs2_invalidate_folio+0x10/0x10
[  122.340992][ T5454]  truncate_cleanup_folio+0xcb/0x190
[  122.343133][ T5454]  truncate_inode_pages_range+0x2ce/0xe30
[  122.345476][ T5454]  ? is_bpf_text_address+0x26/0x2b0
[  122.347598][ T5454]  ? is_bpf_text_address+0x292/0x2b0
[  122.349814][ T5454]  ? is_bpf_text_address+0x26/0x2b0
[  122.352051][ T5454]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  122.354595][ T5454]  ? stack_depot_save_flags+0x3f3/0x810
[  122.356915][ T5454]  ? lockdep_hardirqs_on+0x7a/0x110
[  122.359077][ T5454]  gfs2_evict_inode+0x324/0x1050
[  122.361087][ T5454]  ? inode_wait_for_writeback+0x16d/0x3b0
[  122.363389][ T5454]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  122.365524][ T5454]  ? do_raw_spin_lock+0x12b/0x2f0
[  122.367622][ T5454]  ? do_raw_spin_unlock+0x4d/0x210
[  122.369709][ T5454]  ? __pfx_gfs2_evict_inode+0x10/0x10
[  122.371884][ T5454]  evict+0x61e/0xb10
[  122.373463][ T5454]  ? __pfx_evict+0x10/0x10
[  122.375441][ T5454]  ? do_raw_spin_unlock+0x4d/0x210
[  122.377720][ T5454]  ? _raw_spin_unlock+0x28/0x50
[  122.379889][ T5454]  ? iput+0xcc2/0x1020
[  122.381675][ T5454]  gfs2_put_super+0x355/0x860
[  122.383751][ T5454]  ? __pfx_gfs2_put_super+0x10/0x10
[  122.386041][ T5454]  generic_shutdown_super+0x135/0x2c0
[  122.388466][ T5454]  kill_block_super+0x44/0x90
[  122.390556][ T5454]  deactivate_locked_super+0xbc/0x130
[  122.392867][ T5454]  cleanup_mnt+0x437/0x4d0
[  122.394878][ T5454]  ? _raw_spin_unlock_irq+0x23/0x50
[  122.397202][ T5454]  task_work_run+0x1d9/0x270
[  122.399323][ T5454]  ? __pfx_task_work_run+0x10/0x10
[  122.401549][ T5454]  exit_to_user_mode_loop+0xed/0x480
[  122.403923][ T5454]  ? rcu_is_watching+0x15/0xb0
[  122.406044][ T5454]  do_syscall_64+0x2b7/0xf80
[  122.408071][ T5454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.410664][ T5454]  ? trace_irq_disable+0x37/0x100
[  122.412804][ T5454]  ? clear_bhb_loop+0x60/0xb0
[  122.414859][ T5454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.417322][ T5454] RIP: 0033:0x7f9bb639c117
[  122.419215][ T5454] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  122.427650][ T5454] RSP: 002b:00007ffdcb6948a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  122.431169][ T5454] RAX: 0000000000000000 RBX: 00007f9bb640471f RCX: 00007f9bb639c117
[  122.434531][ T5454] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdcb694960
[  122.437855][ T5454] RBP: 00007ffdcb694960 R08: 00007ffdcb695960 R09: 00000000ffffffff
[  122.441327][ T5454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcb6959f0
[  122.444780][ T5454] R13: 00007f9bb640471f R14: 000000000001c700 R15: 00007ffdcb695a30
[  122.448041][ T5454]  </TASK>
[  122.449281][ T5454] Modules linked in:
[  122.451209][ T5454] ---[ end trace 0000000000000000 ]---
[  122.453755][ T5454] RIP: 0010:gfs2_remove_from_journal+0x3bb/0x6b0
[  122.456464][ T5454] Code: 3a 4c 89 e7 e8 06 aa 1a fe eb 30 e8 2f d0 b0 fd 48 8b 6c 24 10 4c 8d 65 2c 4c 89 e0 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df <42> 0f b6 04 30 84 c0 4c 8b 3c 24 0f 85 9d 01 00 00 41 ff 04 24 48
[  122.464647][ T5454] RSP: 0018:ffffc900029f7510 EFLAGS: 00010207
[  122.467001][ T5454] RAX: 0000000000000005 RBX: ffff8880476e93a0 RCX: ffff88800094a4c0
[  122.470430][ T5454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  122.473644][ T5454] RBP: 0000000000000000 R08: ffff8880121fccff R09: 1ffff1100243f99f
[  122.476904][ T5454] R10: dffffc0000000000 R11: ffffed100243f9a0 R12: 000000000000002c
[  122.480475][ T5454] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff888041d9a170
[  122.484165][ T5454] FS:  000055558f4ef500(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
[  122.488719][ T5454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.492171][ T5454] CR2: 00007f6bd52346c8 CR3: 00000000455fc000 CR4: 0000000000352ef0
[  122.495936][ T5454] Kernel panic - not syncing: Fatal exception
[  122.498835][ T5454] Kernel Offset: disabled
[  122.500607][ T5454] Rebooting in 86400 seconds..