Warning: Permanently added '10.128.1.149' (ED25519) to the list of known hosts.
2026/03/09 11:56:56 parsed 1 programs
[   61.811878][ T4188] cgroup: Unknown subsys name 'net'
[   61.949181][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   63.399584][ T4188] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   65.139899][ T4214] chnl_net:caif_netlink_parms(): no params data found
[   65.187250][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.194702][ T4214] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.202502][ T4214] device bridge_slave_0 entered promiscuous mode
[   65.211537][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.218694][ T4214] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.226922][ T4214] device bridge_slave_1 entered promiscuous mode
[   65.247767][ T4214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.258612][ T4214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.286532][ T4214] team0: Port device team_slave_0 added
[   65.294101][ T4214] team0: Port device team_slave_1 added
[   65.309893][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.317086][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.343343][ T4214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.356208][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.363161][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.389144][ T4214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.420103][ T4214] device hsr_slave_0 entered promiscuous mode
[   65.426907][ T4214] device hsr_slave_1 entered promiscuous mode
[   65.536938][ T4214] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.547750][ T4214] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.557436][ T4214] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.568346][ T4214] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.593667][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.600876][ T4214] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.609088][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.616202][ T4214] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.674810][ T4214] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.690328][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.701689][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.712191][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.720597][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   65.736576][ T4214] 8021q: adding VLAN 0 to HW filter on device team0
[   65.749012][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.757660][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.764764][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.775488][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.785616][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.792711][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.817131][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.825862][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.846332][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.856090][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.868750][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.880877][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.996745][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.005174][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.019918][ T4214] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.040709][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.066319][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.076254][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.085325][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.096110][ T4214] device veth0_vlan entered promiscuous mode
[   66.108914][ T4214] device veth1_vlan entered promiscuous mode
[   66.132811][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.143375][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.156458][ T4214] device veth0_macvtap entered promiscuous mode
[   66.167787][ T4214] device veth1_macvtap entered promiscuous mode
[   66.187457][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.195773][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.205535][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.213657][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.222284][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.235250][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.252553][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.262730][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.273289][ T4214] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.282896][ T4214] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.292935][ T4214] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.301968][ T4214] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.426460][ T4214] syz-executor (4214) used greatest stack depth: 20272 bytes left
[   66.911409][  T511] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.857127][ T1561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.866431][ T1561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.878384][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   67.896473][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.904357][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.912312][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/03/09 11:57:05 executed programs: 0
[   68.582601][ T4279] chnl_net:caif_netlink_parms(): no params data found
[   68.622185][ T4279] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.629537][ T4279] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.637485][ T4279] device bridge_slave_0 entered promiscuous mode
[   68.645639][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.652704][ T4279] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.660749][ T4279] device bridge_slave_1 entered promiscuous mode
[   68.680134][ T4279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.691090][ T4279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.712225][ T4279] team0: Port device team_slave_0 added
[   68.719320][ T4279] team0: Port device team_slave_1 added
[   68.736795][ T4279] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.743764][ T4279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.769811][ T4279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.781737][ T4279] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.788733][ T4279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.814630][ T4279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.842673][ T4279] device hsr_slave_0 entered promiscuous mode
[   68.849904][ T4279] device hsr_slave_1 entered promiscuous mode
[   68.856808][ T4279] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   68.864685][ T4279] Cannot create hsr debugfs directory
[   69.119860][  T511] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.564514][ T4204] Bluetooth: hci0: command 0x0409 tx timeout
[   71.205845][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[   71.212338][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[   71.389247][  T511] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.459443][  T511] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.277658][ T4279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.286457][ T4279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.295076][ T4279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.317835][ T4279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.379250][ T4279] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.390718][ T1561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   72.398964][ T1561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   72.409681][ T4279] 8021q: adding VLAN 0 to HW filter on device team0
[   72.430400][ T1561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.439150][ T1561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   72.447780][ T1561] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.454869][ T1561] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.463732][ T1561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   72.474723][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.483270][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   72.492795][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.499905][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.525608][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   72.536676][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   72.547856][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   72.556780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   72.566563][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   72.577859][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   72.586490][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   72.604427][  T511] device hsr_slave_0 left promiscuous mode
[   72.610825][  T511] device hsr_slave_1 left promiscuous mode
[   72.617963][  T511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.625658][  T511] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.634642][  T511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.642030][  T511] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.649396][ T4203] Bluetooth: hci0: command 0x041b tx timeout
[   72.656391][  T511] device bridge_slave_1 left promiscuous mode
[   72.662909][  T511] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.677794][  T511] device bridge_slave_0 left promiscuous mode
[   72.684337][  T511] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.701681][  T511] device veth1_macvtap left promiscuous mode
[   72.708625][  T511] device veth0_macvtap left promiscuous mode
[   72.715689][  T511] device veth1_vlan left promiscuous mode
[   72.721555][  T511] device veth0_vlan left promiscuous mode
[   72.866930][  T511] team0 (unregistering): Port device team_slave_1 removed
[   72.880116][  T511] team0 (unregistering): Port device team_slave_0 removed
[   72.896277][  T511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   72.910491][  T511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   72.962229][  T511] bond0 (unregistering): Released all slaves
[   73.026732][ T4279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   73.038644][ T4279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.051768][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   73.060345][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.069192][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   73.079056][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.087762][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   73.191541][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   73.199628][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   73.211475][ T4279] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.236747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   73.246167][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.261968][ T4279] device veth0_vlan entered promiscuous mode
[   73.269601][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   73.278059][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.288284][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   73.296178][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   73.315208][ T4279] device veth1_vlan entered promiscuous mode
[   73.332126][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   73.340348][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   73.348404][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   73.356871][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.368657][ T4279] device veth0_macvtap entered promiscuous mode
[   73.385020][ T4279] device veth1_macvtap entered promiscuous mode
[   73.394928][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.403075][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   73.417360][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.426017][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   73.435886][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.446565][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.455319][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   73.464333][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.475170][ T4279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.487251][ T4279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.496361][ T4279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.506446][ T4279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.565274][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.573318][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.586393][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.608065][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.620847][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.629796][ T4331] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.970147][ T4332] loop0: detected capacity change from 0 to 32768
[   73.995552][ T4332] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   74.023771][ T4332] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   74.055471][ T4332] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   74.074775][ T4221] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   74.081711][ T4221] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   74.146588][ T4221] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 64ms
[   74.157470][ T4221] gfs2: fsid=syz:syz.0: jid=0: Done
[   74.163296][ T4332] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   74.272681][ T4332] gfs2: fsid=syz:syz.0: found 1 quota changes
[   74.336904][ T4279] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   74.336904][ T4279]   inode = 11 2339
[   74.336904][ T4279]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[   74.373616][ T4279] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   74.405456][ T4279] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[   74.433489][ T4279] CPU: 0 PID: 4279 Comm: syz-executor Not tainted syzkaller #0
[   74.441070][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   74.451156][ T4279] Call Trace:
[   74.454459][ T4279]  <TASK>
[   74.457414][ T4279]  dump_stack_lvl+0x188/0x250
[   74.462129][ T4279]  ? show_regs_print_info+0x20/0x20
[   74.467350][ T4279]  ? load_image+0x400/0x400
[   74.471880][ T4279]  ? do_raw_spin_unlock+0x11d/0x230
[   74.477107][ T4279]  gfs2_assert_warn_i+0x18f/0x2c0
[   74.482159][ T4279]  gfs2_quota_cleanup+0x4b4/0x6a0
[   74.487208][ T4279]  gfs2_make_fs_ro+0x440/0x620
[   74.491993][ T4279]  ? __might_sleep+0xf0/0xf0
[   74.496631][ T4279]  ? gfs2_dinode_out+0xb00/0xb00
[   74.501590][ T4279]  ? _raw_spin_unlock+0x24/0x40
[   74.506456][ T4279]  ? gfs2_glock_nq+0xcb0/0x1550
[   74.511362][ T4279]  gfs2_withdraw+0x610/0x1490
[   74.516104][ T4279]  ? gfs2_lm+0x240/0x240
[   74.520373][ T4279]  ? __schedule+0x11f7/0x43c0
[   74.525067][ T4279]  ? gfs2_freeze_lock+0x52/0xc0
[   74.529957][ T4279]  ? gfs2_consist_inode_i+0xc0/0xe0
[   74.535185][ T4279]  gfs2_inode_refresh+0xb64/0xff0
[   74.540232][ T4279]  ? do_promote+0x71a/0xab0
[   74.544767][ T4279]  ? gfs2_inode_metasync+0xf0/0xf0
[   74.549907][ T4279]  ? __lock_acquire+0x7d10/0x7d10
[   74.554980][ T4279]  inode_go_lock+0x127/0x470
[   74.559594][ T4279]  do_promote+0x741/0xab0
[   74.563952][ T4279]  finish_xmote+0x4df/0xb00
[   74.568476][ T4279]  do_xmote+0x7b6/0x1120
[   74.572761][ T4279]  gfs2_glock_nq+0xc7a/0x1550
[   74.577465][ T4279]  do_sync+0x4ab/0xc40
[   74.581557][ T4279]  ? slot_put+0x1e0/0x1e0
[   74.585906][ T4279]  ? __lock_acquire+0x7d10/0x7d10
[   74.590956][ T4279]  ? do_raw_spin_lock+0x128/0x2f0
[   74.596001][ T4279]  ? do_sync+0x4a3/0xc40
[   74.600450][ T4279]  ? do_raw_spin_unlock+0x11d/0x230
[   74.605667][ T4279]  gfs2_quota_sync+0x32c/0x700
[   74.610466][ T4279]  gfs2_sync_fs+0x48/0xb0
[   74.614818][ T4279]  sync_filesystem+0xe6/0x220
[   74.619520][ T4279]  generic_shutdown_super+0x6b/0x300
[   74.624832][ T4279]  kill_block_super+0x7c/0xe0
[   74.629525][ T4279]  deactivate_locked_super+0x93/0xf0
[   74.634829][ T4279]  cleanup_mnt+0x42d/0x4e0
[   74.639270][ T4279]  ? lockdep_hardirqs_on+0x94/0x140
[   74.644493][ T4279]  task_work_run+0x125/0x1a0
[   74.649109][ T4279]  get_signal+0x1222/0x12c0
[   74.653641][ T4279]  ? kick_process+0xd4/0x140
[   74.658252][ T4279]  ? task_work_add+0x1a7/0x1d0
[   74.663072][ T4279]  arch_do_signal_or_restart+0xe7/0x12c0
[   74.668723][ T4279]  ? vfs_submount+0xb0/0xb0
[   74.673270][ T4279]  ? path_umount+0x34c/0xfd0
[   74.677876][ T4279]  ? get_sigframe_size+0x10/0x10
[   74.682852][ T4279]  ? exit_to_user_mode_loop+0x3b/0x130
[   74.688335][ T4279]  exit_to_user_mode_loop+0x9e/0x130
[   74.693644][ T4279]  exit_to_user_mode_prepare+0xee/0x180
[   74.699205][ T4279]  syscall_exit_to_user_mode+0x16/0x40
[   74.704690][ T4279]  do_syscall_64+0x58/0xa0
[   74.709126][ T4279]  ? clear_bhb_loop+0x30/0x80
[   74.713916][ T4279]  ? clear_bhb_loop+0x30/0x80
[   74.718611][ T4279]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   74.724531][ T4279] RIP: 0033:0x7f76393739d7
[   74.728957][ T4279] Code: a2 c7 05 1c ed 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   74.748574][ T4279] RSP: 002b:00007ffff4809e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   74.757013][ T4279] RAX: 0000000000000000 RBX: 00007f7639407f90 RCX: 00007f76393739d7
[   74.765004][ T4279] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff4809f10
[   74.772996][ T4279] RBP: 00007ffff4809f10 R08: 00007ffff480af10 R09: 00000000ffffffff
[   74.780993][ T4279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff480afa0
[   74.788983][ T4279] R13: 00007f7639407f90 R14: 0000000000011fa9 R15: 00007ffff480afe0
[   74.797013][ T4279]  </TASK>
[   74.803090][ T4203] Bluetooth: hci0: command 0x040f tx timeout
[   74.826451][ T4279] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   74.836302][ T4279] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   74.844506][ T4279] gfs2: fsid=syz:syz.0: File system withdrawn
[   74.850596][ T4279] CPU: 0 PID: 4279 Comm: syz-executor Not tainted syzkaller #0
[   74.858159][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   74.868227][ T4279] Call Trace:
[   74.871517][ T4279]  <TASK>
[   74.874484][ T4279]  dump_stack_lvl+0x188/0x250
[   74.879175][ T4279]  ? kobject_uevent_env+0x371/0x890
[   74.884411][ T4279]  ? show_regs_print_info+0x20/0x20
[   74.889631][ T4279]  ? load_image+0x400/0x400
[   74.894162][ T4279]  ? kobject_uevent_env+0x371/0x890
[   74.899489][ T4279]  ? lockref_put_or_lock+0x6e/0xb0
[   74.904619][ T4279]  gfs2_withdraw+0x1149/0x1490
[   74.909400][ T4279]  ? gfs2_lm+0x240/0x240
[   74.913645][ T4279]  ? __schedule+0x11f7/0x43c0
[   74.918367][ T4279]  ? gfs2_consist_inode_i+0xc0/0xe0
[   74.923594][ T4279]  gfs2_inode_refresh+0xb64/0xff0
[   74.928636][ T4279]  ? do_promote+0x71a/0xab0
[   74.933164][ T4279]  ? gfs2_inode_metasync+0xf0/0xf0
[   74.938283][ T4279]  ? __lock_acquire+0x7d10/0x7d10
[   74.943316][ T4279]  inode_go_lock+0x127/0x470
[   74.947915][ T4279]  do_promote+0x741/0xab0
[   74.952260][ T4279]  finish_xmote+0x4df/0xb00
[   74.956789][ T4279]  do_xmote+0x7b6/0x1120
[   74.961051][ T4279]  gfs2_glock_nq+0xc7a/0x1550
[   74.965754][ T4279]  do_sync+0x4ab/0xc40
[   74.969834][ T4279]  ? slot_put+0x1e0/0x1e0
[   74.974260][ T4279]  ? __lock_acquire+0x7d10/0x7d10
[   74.979291][ T4279]  ? do_raw_spin_lock+0x128/0x2f0
[   74.984321][ T4279]  ? do_sync+0x4a3/0xc40
[   74.988568][ T4279]  ? do_raw_spin_unlock+0x11d/0x230
[   74.993778][ T4279]  gfs2_quota_sync+0x32c/0x700
[   74.998557][ T4279]  gfs2_sync_fs+0x48/0xb0
[   75.002905][ T4279]  sync_filesystem+0xe6/0x220
[   75.007599][ T4279]  generic_shutdown_super+0x6b/0x300
[   75.012892][ T4279]  kill_block_super+0x7c/0xe0
[   75.017578][ T4279]  deactivate_locked_super+0x93/0xf0
[   75.022874][ T4279]  cleanup_mnt+0x42d/0x4e0
[   75.027325][ T4279]  ? lockdep_hardirqs_on+0x94/0x140
[   75.032547][ T4279]  task_work_run+0x125/0x1a0
[   75.037147][ T4279]  get_signal+0x1222/0x12c0
[   75.041661][ T4279]  ? kick_process+0xd4/0x140
[   75.046263][ T4279]  ? task_work_add+0x1a7/0x1d0
[   75.051044][ T4279]  arch_do_signal_or_restart+0xe7/0x12c0
[   75.056694][ T4279]  ? vfs_submount+0xb0/0xb0
[   75.061213][ T4279]  ? path_umount+0x34c/0xfd0
[   75.065812][ T4279]  ? get_sigframe_size+0x10/0x10
[   75.070774][ T4279]  ? exit_to_user_mode_loop+0x3b/0x130
[   75.076237][ T4279]  exit_to_user_mode_loop+0x9e/0x130
[   75.081527][ T4279]  exit_to_user_mode_prepare+0xee/0x180
[   75.087081][ T4279]  syscall_exit_to_user_mode+0x16/0x40
[   75.092552][ T4279]  do_syscall_64+0x58/0xa0
[   75.096973][ T4279]  ? clear_bhb_loop+0x30/0x80
[   75.101658][ T4279]  ? clear_bhb_loop+0x30/0x80
[   75.106363][ T4279]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   75.112262][ T4279] RIP: 0033:0x7f76393739d7
[   75.116681][ T4279] Code: a2 c7 05 1c ed 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   75.136286][ T4279] RSP: 002b:00007ffff4809e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   75.144706][ T4279] RAX: 0000000000000000 RBX: 00007f7639407f90 RCX: 00007f76393739d7
[   75.152826][ T4279] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff4809f10
[   75.160802][ T4279] RBP: 00007ffff4809f10 R08: 00007ffff480af10 R09: 00000000ffffffff
[   75.168782][ T4279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff480afa0
[   75.176847][ T4279] R13: 00007f7639407f90 R14: 0000000000011fa9 R15: 00007ffff480afe0
[   75.184844][ T4279]  </TASK>
[   75.338154][ T4279] ==================================================================
[   75.346432][ T4279] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[   75.353219][ T4279] Read of size 8 at addr ffff8880692da090 by task syz-executor/4279
[   75.361207][ T4279] 
[   75.363631][ T4279] CPU: 1 PID: 4279 Comm: syz-executor Not tainted syzkaller #0
[   75.371186][ T4279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   75.381261][ T4279] Call Trace:
[   75.384555][ T4279]  <TASK>
[   75.387518][ T4279]  dump_stack_lvl+0x188/0x250
[   75.392219][ T4279]  ? show_regs_print_info+0x20/0x20
[   75.397456][ T4279]  ? _printk+0xda/0x130
[   75.401638][ T4279]  ? qd_unlock+0x30/0x2d0
[   75.405996][ T4279]  ? load_image+0x400/0x400
[   75.410535][ T4279]  ? _raw_spin_lock_irqsave+0xbc/0x100
[   75.416021][ T4279]  print_address_description+0x60/0x2d0
[   75.421592][ T4279]  ? qd_unlock+0x30/0x2d0
[   75.425941][ T4279]  kasan_report+0xdf/0x130
[   75.430388][ T4279]  ? qd_unlock+0x30/0x2d0
[   75.434740][ T4279]  kasan_check_range+0x235/0x290
[   75.439701][ T4279]  qd_unlock+0x30/0x2d0
[   75.443876][ T4279]  gfs2_quota_sync+0x5cf/0x700
[   75.448665][ T4279]  gfs2_sync_fs+0x48/0xb0
[   75.453019][ T4279]  sync_filesystem+0xe6/0x220
[   75.457729][ T4279]  generic_shutdown_super+0x6b/0x300
[   75.463049][ T4279]  kill_block_super+0x7c/0xe0
[   75.467749][ T4279]  deactivate_locked_super+0x93/0xf0
[   75.473057][ T4279]  cleanup_mnt+0x42d/0x4e0
[   75.477492][ T4279]  ? lockdep_hardirqs_on+0x94/0x140
[   75.482714][ T4279]  task_work_run+0x125/0x1a0
[   75.487335][ T4279]  get_signal+0x1222/0x12c0
[   75.491860][ T4279]  ? kick_process+0xd4/0x140
[   75.496472][ T4279]  ? task_work_add+0x1a7/0x1d0
[   75.501263][ T4279]  arch_do_signal_or_restart+0xe7/0x12c0
[   75.506916][ T4279]  ? vfs_submount+0xb0/0xb0
[   75.511451][ T4279]  ? path_umount+0x34c/0xfd0
[   75.516063][ T4279]  ? get_sigframe_size+0x10/0x10
[   75.521039][ T4279]  ? exit_to_user_mode_loop+0x3b/0x130
[   75.526522][ T4279]  exit_to_user_mode_loop+0x9e/0x130
[   75.531831][ T4279]  exit_to_user_mode_prepare+0xee/0x180
[   75.537393][ T4279]  syscall_exit_to_user_mode+0x16/0x40
[   75.542868][ T4279]  do_syscall_64+0x58/0xa0
[   75.547304][ T4279]  ? clear_bhb_loop+0x30/0x80
[   75.551997][ T4279]  ? clear_bhb_loop+0x30/0x80
[   75.556715][ T4279]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   75.562623][ T4279] RIP: 0033:0x7f76393739d7
[   75.567060][ T4279] Code: a2 c7 05 1c ed 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   75.586684][ T4279] RSP: 002b:00007ffff4809e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   75.595116][ T4279] RAX: 0000000000000000 RBX: 00007f7639407f90 RCX: 00007f76393739d7
[   75.603189][ T4279] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff4809f10
[   75.611175][ T4279] RBP: 00007ffff4809f10 R08: 00007ffff480af10 R09: 00000000ffffffff
[   75.619170][ T4279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff480afa0
[   75.627200][ T4279] R13: 00007f7639407f90 R14: 0000000000011fa9 R15: 00007ffff480afe0
[   75.635207][ T4279]  </TASK>
[   75.638238][ T4279] 
[   75.640571][ T4279] Allocated by task 4332:
[   75.644905][ T4279]  __kasan_slab_alloc+0x9c/0xd0
[   75.649781][ T4279]  slab_post_alloc_hook+0x4c/0x380
[   75.654903][ T4279]  kmem_cache_alloc+0x100/0x290
[   75.659762][ T4279]  qd_alloc+0x50/0x260
[   75.663842][ T4279]  gfs2_quota_init+0x74e/0xea0
[   75.668619][ T4279]  gfs2_make_fs_rw+0x414/0x580
[   75.673394][ T4279]  gfs2_fill_super+0x1837/0x1f00
[   75.678344][ T4279]  get_tree_bdev+0x3f1/0x610
[   75.682945][ T4279]  gfs2_get_tree+0x4d/0x1e0
[   75.687458][ T4279]  vfs_get_tree+0x88/0x270
[   75.691893][ T4279]  do_new_mount+0x24a/0xa40
[   75.696416][ T4279]  __se_sys_mount+0x2e3/0x3d0
[   75.701110][ T4279]  do_syscall_64+0x4c/0xa0
[   75.705551][ T4279]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   75.711458][ T4279] 
[   75.713981][ T4279] Freed by task 14:
[   75.717797][ T4279]  kasan_set_track+0x4b/0x70
[   75.722406][ T4279]  kasan_set_free_info+0x1f/0x40
[   75.727361][ T4279]  ____kasan_slab_free+0xd5/0x110
[   75.732403][ T4279]  slab_free_freelist_hook+0xea/0x170
[   75.737818][ T4279]  kmem_cache_free+0x8f/0x210
[   75.742516][ T4279]  rcu_core+0x9d2/0x1670
[   75.746780][ T4279]  handle_softirqs+0x339/0x830
[   75.751563][ T4279]  run_ksoftirqd+0xa4/0x100
[   75.756084][ T4279]  smpboot_thread_fn+0x4f6/0x970
[   75.761040][ T4279]  kthread+0x436/0x520
[   75.765129][ T4279]  ret_from_fork+0x1f/0x30
[   75.769561][ T4279] 
[   75.771905][ T4279] Last potentially related work creation:
[   75.777633][ T4279]  kasan_save_stack+0x35/0x60
[   75.782336][ T4279]  kasan_record_aux_stack+0xb8/0x100
[   75.787634][ T4279]  call_rcu+0x189/0x950
[   75.791807][ T4279]  gfs2_quota_cleanup+0x43c/0x6a0
[   75.796852][ T4279]  gfs2_make_fs_ro+0x440/0x620
[   75.801631][ T4279]  gfs2_withdraw+0x610/0x1490
[   75.806325][ T4279]  gfs2_inode_refresh+0xb64/0xff0
[   75.811371][ T4279]  inode_go_lock+0x127/0x470
[   75.815996][ T4279]  do_promote+0x741/0xab0
[   75.820339][ T4279]  finish_xmote+0x4df/0xb00
[   75.824854][ T4279]  do_xmote+0x7b6/0x1120
[   75.829126][ T4279]  gfs2_glock_nq+0xc7a/0x1550
[   75.833826][ T4279]  do_sync+0x4ab/0xc40
[   75.837915][ T4279]  gfs2_quota_sync+0x32c/0x700
[   75.842692][ T4279]  gfs2_sync_fs+0x48/0xb0
[   75.847043][ T4279]  sync_filesystem+0xe6/0x220
[   75.851739][ T4279]  generic_shutdown_super+0x6b/0x300
[   75.857038][ T4279]  kill_block_super+0x7c/0xe0
[   75.861741][ T4279]  deactivate_locked_super+0x93/0xf0
[   75.867054][ T4279]  cleanup_mnt+0x42d/0x4e0
[   75.871493][ T4279]  task_work_run+0x125/0x1a0
[   75.876110][ T4279]  get_signal+0x1222/0x12c0
[   75.880630][ T4279]  arch_do_signal_or_restart+0xe7/0x12c0
[   75.886366][ T4279]  exit_to_user_mode_loop+0x9e/0x130
[   75.891660][ T4279]  exit_to_user_mode_prepare+0xee/0x180
[   75.897228][ T4279]  syscall_exit_to_user_mode+0x16/0x40
[   75.902732][ T4279]  do_syscall_64+0x58/0xa0
[   75.907162][ T4279]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   75.913073][ T4279] 
[   75.915405][ T4279] The buggy address belongs to the object at ffff8880692da000
[   75.915405][ T4279]  which belongs to the cache gfs2_quotad of size 272
[   75.929847][ T4279] The buggy address is located 144 bytes inside of
[   75.929847][ T4279]  272-byte region [ffff8880692da0