Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts.
2026/03/18 22:26:54 parsed 1 programs
syzkaller login: [ 70.760626][ T4188] cgroup: Unknown subsys name 'net'
[ 70.896154][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.413209][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.419901][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.443444][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 75.652849][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.670547][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.692778][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 75.707515][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.715811][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.724362][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 76.095802][ T4255] chnl_net:caif_netlink_parms(): no params data found
[ 76.199953][ T4255] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.207733][ T4255] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.217997][ T4255] device bridge_slave_0 entered promiscuous mode
[ 76.235259][ T4255] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.242605][ T4255] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.251748][ T4255] device bridge_slave_1 entered promiscuous mode
[ 76.272661][ T4255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.283780][ T4255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.305937][ T4255] team0: Port device team_slave_0 added
[ 76.313257][ T4255] team0: Port device team_slave_1 added
[ 76.331655][ T4255] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.338624][ T4255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.364933][ T4255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.378240][ T4255] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.385366][ T4255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.411373][ T4255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.441606][ T4255] device hsr_slave_0 entered promiscuous mode
[ 76.448733][ T4255] device hsr_slave_1 entered promiscuous mode
[ 76.546768][ T4255] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 76.557623][ T4255] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 76.567701][ T4255] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 76.576865][ T4255] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 76.599760][ T4255] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.606952][ T4255] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.614967][ T4255] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.622107][ T4255] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.695477][ T4255] 8021q: adding VLAN 0 to HW filter on device bond0
[ 76.734127][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 76.743235][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.751631][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.787798][ T4255] 8021q: adding VLAN 0 to HW filter on device team0
[ 76.797792][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 76.806417][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 76.814943][ T144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.822046][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.871149][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 76.881269][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 76.891998][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.899179][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.907659][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 76.916607][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 76.925393][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 76.935327][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 76.944514][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 76.953653][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 76.962859][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 76.971413][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 76.982606][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 76.994728][ T4255] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 77.007429][ T4255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 77.016421][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 77.026268][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 77.147057][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 77.154760][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 77.168659][ T4255] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 77.193712][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 77.203084][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 77.244132][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 77.254430][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 77.263155][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 77.273700][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 77.284105][ T4255] device veth0_vlan entered promiscuous mode
[ 77.315800][ T4255] device veth1_vlan entered promiscuous mode
[ 77.336248][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 77.344641][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 77.353757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 77.362970][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 77.373753][ T4255] device veth0_macvtap entered promiscuous mode
[ 77.384982][ T4255] device veth1_macvtap entered promiscuous mode
[ 77.423367][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 77.431806][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 77.441289][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 77.449658][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 77.458448][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 77.470076][ T4255] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 77.477401][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 77.487570][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 77.500878][ T4255] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.510497][ T4255] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.520241][ T4255] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.529044][ T4255] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.670551][ T4255] syz-executor (4255) used greatest stack depth: 20272 bytes left
2026/03/18 22:27:04 executed programs: 0
[ 78.532248][ T4293] chnl_net:caif_netlink_parms(): no params data found
[ 78.593759][ T4293] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.601699][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.609962][ T4293] device bridge_slave_0 entered promiscuous mode
[ 78.618561][ T4293] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.627303][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.635524][ T4293] device bridge_slave_1 entered promiscuous mode
[ 78.665151][ T4293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.677534][ T4293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.706117][ T4293] team0: Port device team_slave_0 added
[ 78.714911][ T4293] team0: Port device team_slave_1 added
[ 78.739634][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.746627][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.773829][ T4293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.788796][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.797244][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.823788][ T4293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.868093][ T4293] device hsr_slave_0 entered promiscuous mode
[ 78.875094][ T4293] device hsr_slave_1 entered promiscuous mode
[ 78.883045][ T4293] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 78.892057][ T4293] Cannot create hsr debugfs directory
[ 79.002533][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.450250][ T4271] Bluetooth: hci0: command 0x0409 tx timeout
[ 81.930969][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.505554][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.540277][ T4270] Bluetooth: hci0: command 0x041b tx timeout
[ 82.562607][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.678176][ T4293] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.688720][ T4293] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.698277][ T4293] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.708804][ T4293] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.767221][ T4293] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.791423][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 82.799534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 82.810420][ T4293] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.820433][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 82.829788][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 82.838285][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.845442][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.854181][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 82.876526][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 82.885410][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 82.895421][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.902567][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.924790][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 82.939615][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 82.952599][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 82.962774][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 82.972285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 82.994611][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 83.003561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 83.018392][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 83.027143][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 83.040047][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 83.048531][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 83.067292][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 83.095573][ T670] device hsr_slave_0 left promiscuous mode
[ 83.105450][ T670] device hsr_slave_1 left promiscuous mode
[ 83.112364][ T670] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 83.122283][ T670] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 83.130966][ T670] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 83.138394][ T670] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 83.149478][ T670] device bridge_slave_1 left promiscuous mode
[ 83.156585][ T670] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.172206][ T670] device bridge_slave_0 left promiscuous mode
[ 83.178458][ T670] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.197794][ T670] device veth1_macvtap left promiscuous mode
[ 83.204304][ T670] device veth0_macvtap left promiscuous mode
[ 83.212119][ T670] device veth1_vlan left promiscuous mode
[ 83.218213][ T670] device veth0_vlan left promiscuous mode
[ 83.383129][ T670] team0 (unregistering): Port device team_slave_1 removed
[ 83.398766][ T670] team0 (unregistering): Port device team_slave_0 removed
[ 83.414363][ T670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 83.432261][ T670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 83.489257][ T670] bond0 (unregistering): Released all slaves
[ 83.590868][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 83.598403][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 83.615930][ T4293] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.644927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 83.654063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 83.673738][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 83.682917][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 83.692228][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 83.700916][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 83.722021][ T4293] device veth0_vlan entered promiscuous mode
[ 83.739223][ T4293] device veth1_vlan entered promiscuous mode
[ 83.758133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.766925][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.775433][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 83.784333][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.795655][ T4293] device veth0_macvtap entered promiscuous mode
[ 83.817394][ T4293] device veth1_macvtap entered promiscuous mode
[ 83.826120][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 83.834652][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 83.851365][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.858710][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 83.868843][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 83.883050][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.893627][ T4293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.903835][ T4293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.913088][ T4293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.922107][ T4293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.932209][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 83.941607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 83.998110][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.008858][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.018283][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/03/18 22:27:10 executed programs: 2
[ 84.047879][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.057490][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.068315][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 84.435666][ T4305] loop0: detected capacity change from 0 to 32768
[ 84.535432][ T4305] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 84.559137][ T4305] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 84.592664][ T4305] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 84.618108][ T4261] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 84.636138][ T4261] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 84.674119][ T4262] Bluetooth: hci0: command 0x040f tx timeout
[ 84.696492][ T4261] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 60ms
[ 84.705534][ T4261] gfs2: fsid=syz:syz.0: jid=0: Done
[ 84.711673][ T4305] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 84.836216][ T4305] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 84.879042][ T4293] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 84.879042][ T4293] inode = 11 2339
[ 84.879042][ T4293] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 84.900267][ T4293] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 84.940489][ T4293] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 84.956760][ T4293] CPU: 1 PID: 4293 Comm: syz-executor Not tainted syzkaller #0
[ 84.964650][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 84.974751][ T4293] Call Trace:
[ 84.978058][ T4293]
[ 84.981013][ T4293] dump_stack_lvl+0x188/0x250
[ 84.985738][ T4293] ? show_regs_print_info+0x20/0x20
[ 84.990974][ T4293] ? load_image+0x400/0x400
[ 84.995514][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 85.000742][ T4293] gfs2_assert_warn_i+0x18f/0x2c0
[ 85.005918][ T4293] gfs2_quota_cleanup+0x4b4/0x6a0
[ 85.010981][ T4293] gfs2_make_fs_ro+0x440/0x620
[ 85.015831][ T4293] ? __might_sleep+0xf0/0xf0
[ 85.020471][ T4293] ? gfs2_dinode_out+0xb00/0xb00
[ 85.025441][ T4293] ? _raw_spin_unlock+0x24/0x40
[ 85.030327][ T4293] ? gfs2_glock_nq+0xcb0/0x1550
[ 85.035236][ T4293] gfs2_withdraw+0x610/0x1490
[ 85.039949][ T4293] ? gfs2_lm+0x240/0x240
[ 85.044214][ T4293] ? __schedule+0x11f7/0x43c0
[ 85.048920][ T4293] ? gfs2_freeze_lock+0x52/0xc0
[ 85.053803][ T4293] ? gfs2_consist_inode_i+0xc0/0xe0
[ 85.059028][ T4293] gfs2_inode_refresh+0xb64/0xff0
[ 85.064087][ T4293] ? do_promote+0x71a/0xab0
[ 85.068630][ T4293] ? gfs2_inode_metasync+0xf0/0xf0
[ 85.073780][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 85.078853][ T4293] inode_go_lock+0x127/0x470
[ 85.083487][ T4293] do_promote+0x741/0xab0
[ 85.087862][ T4293] finish_xmote+0x4df/0xb00
[ 85.092410][ T4293] do_xmote+0x7b6/0x1120
[ 85.096693][ T4293] gfs2_glock_nq+0xc7a/0x1550
[ 85.101413][ T4293] do_sync+0x4ab/0xc40
[ 85.105514][ T4293] ? slot_put+0x1e0/0x1e0
[ 85.109879][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 85.114934][ T4293] ? do_raw_spin_lock+0x128/0x2f0
[ 85.120023][ T4293] ? do_sync+0x4a3/0xc40
[ 85.124307][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 85.129537][ T4293] gfs2_quota_sync+0x32c/0x700
[ 85.134349][ T4293] gfs2_sync_fs+0x48/0xb0
[ 85.138708][ T4293] sync_filesystem+0xe6/0x220
[ 85.143439][ T4293] generic_shutdown_super+0x6b/0x300
[ 85.148747][ T4293] kill_block_super+0x7c/0xe0
[ 85.153450][ T4293] deactivate_locked_super+0x93/0xf0
[ 85.158758][ T4293] cleanup_mnt+0x42d/0x4e0
[ 85.163204][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 85.168440][ T4293] task_work_run+0x125/0x1a0
[ 85.173073][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 85.178472][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 85.184048][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 85.189537][ T4293] do_syscall_64+0x58/0xa0
[ 85.193974][ T4293] ? clear_bhb_loop+0x30/0x80
[ 85.198669][ T4293] ? clear_bhb_loop+0x30/0x80
[ 85.203369][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.209318][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 85.213755][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 85.233407][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.241859][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 85.249857][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 85.257944][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 85.265937][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 85.273941][ T4293] R13: 00007f6414060050 R14: 0000000000014b57 R15: 00007ffe17c16320
[ 85.281959][ T4293]
[ 85.291225][ T4293] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 85.301510][ T4293] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 85.311562][ T4293] gfs2: fsid=syz:syz.0: File system withdrawn
[ 85.317672][ T4293] CPU: 1 PID: 4293 Comm: syz-executor Not tainted syzkaller #0
[ 85.325243][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 85.335318][ T4293] Call Trace:
[ 85.338621][ T4293]
[ 85.341568][ T4293] dump_stack_lvl+0x188/0x250
[ 85.346276][ T4293] ? kobject_uevent_env+0x371/0x890
[ 85.351505][ T4293] ? show_regs_print_info+0x20/0x20
[ 85.356730][ T4293] ? load_image+0x400/0x400
[ 85.361263][ T4293] ? kobject_uevent_env+0x371/0x890
[ 85.366484][ T4293] ? lockref_put_or_lock+0x6e/0xb0
[ 85.371637][ T4293] gfs2_withdraw+0x1149/0x1490
[ 85.376458][ T4293] ? gfs2_lm+0x240/0x240
[ 85.380726][ T4293] ? __schedule+0x11f7/0x43c0
[ 85.385446][ T4293] ? gfs2_consist_inode_i+0xc0/0xe0
[ 85.390678][ T4293] gfs2_inode_refresh+0xb64/0xff0
[ 85.395730][ T4293] ? do_promote+0x71a/0xab0
[ 85.400255][ T4293] ? gfs2_inode_metasync+0xf0/0xf0
[ 85.405402][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 85.410461][ T4293] inode_go_lock+0x127/0x470
[ 85.415085][ T4293] do_promote+0x741/0xab0
[ 85.419449][ T4293] finish_xmote+0x4df/0xb00
[ 85.424022][ T4293] do_xmote+0x7b6/0x1120
[ 85.428311][ T4293] gfs2_glock_nq+0xc7a/0x1550
[ 85.433037][ T4293] do_sync+0x4ab/0xc40
[ 85.437147][ T4293] ? slot_put+0x1e0/0x1e0
[ 85.441505][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 85.446556][ T4293] ? do_raw_spin_lock+0x128/0x2f0
[ 85.451606][ T4293] ? do_sync+0x4a3/0xc40
[ 85.455885][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 85.461124][ T4293] gfs2_quota_sync+0x32c/0x700
[ 85.465932][ T4293] gfs2_sync_fs+0x48/0xb0
[ 85.470289][ T4293] sync_filesystem+0xe6/0x220
[ 85.475010][ T4293] generic_shutdown_super+0x6b/0x300
[ 85.480333][ T4293] kill_block_super+0x7c/0xe0
[ 85.485042][ T4293] deactivate_locked_super+0x93/0xf0
[ 85.490352][ T4293] cleanup_mnt+0x42d/0x4e0
[ 85.494792][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 85.500022][ T4293] task_work_run+0x125/0x1a0
[ 85.504648][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 85.510054][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 85.515663][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 85.521149][ T4293] do_syscall_64+0x58/0xa0
[ 85.525592][ T4293] ? clear_bhb_loop+0x30/0x80
[ 85.530309][ T4293] ? clear_bhb_loop+0x30/0x80
[ 85.535015][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.540934][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 85.545375][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 85.565032][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.573512][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 85.581511][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 85.589510][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 85.597508][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 85.605493][ T4293] R13: 00007f6414060050 R14: 0000000000014b57 R15: 00007ffe17c16320
[ 85.613494][ T4293]
[ 86.046281][ T4309] loop0: detected capacity change from 0 to 32768
[ 86.152012][ T4309] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 86.162138][ T4309] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 86.174408][ T4309] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 86.183581][ T4190] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 86.191082][ T4190] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 86.221734][ T4190] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 30ms
[ 86.231381][ T4190] gfs2: fsid=syz:syz.0: jid=0: Done
[ 86.236758][ T4309] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 86.321113][ T4309] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 86.335780][ T4293] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 86.335780][ T4293] inode = 11 2339
[ 86.335780][ T4293] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 86.354819][ T4293] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 86.384632][ T4293] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 86.402499][ T4293] CPU: 0 PID: 4293 Comm: syz-executor Not tainted syzkaller #0
[ 86.410106][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.420195][ T4293] Call Trace:
[ 86.423504][ T4293]
[ 86.426441][ T4293] dump_stack_lvl+0x188/0x250
[ 86.431123][ T4293] ? show_regs_print_info+0x20/0x20
[ 86.436333][ T4293] ? load_image+0x400/0x400
[ 86.440897][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 86.446116][ T4293] gfs2_assert_warn_i+0x18f/0x2c0
[ 86.451149][ T4293] gfs2_quota_cleanup+0x4b4/0x6a0
[ 86.456190][ T4293] gfs2_make_fs_ro+0x440/0x620
[ 86.460956][ T4293] ? __might_sleep+0xf0/0xf0
[ 86.465739][ T4293] ? gfs2_dinode_out+0xb00/0xb00
[ 86.470692][ T4293] ? _raw_spin_unlock+0x24/0x40
[ 86.475565][ T4293] ? gfs2_glock_nq+0xcb0/0x1550
[ 86.480444][ T4293] gfs2_withdraw+0x610/0x1490
[ 86.485134][ T4293] ? gfs2_lm+0x240/0x240
[ 86.489374][ T4293] ? __schedule+0x11f7/0x43c0
[ 86.494058][ T4293] ? gfs2_freeze_lock+0x52/0xc0
[ 86.498911][ T4293] ? gfs2_consist_inode_i+0xc0/0xe0
[ 86.504143][ T4293] gfs2_inode_refresh+0xb64/0xff0
[ 86.509175][ T4293] ? do_promote+0x71a/0xab0
[ 86.513811][ T4293] ? gfs2_inode_metasync+0xf0/0xf0
[ 86.518943][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 86.524039][ T4293] inode_go_lock+0x127/0x470
[ 86.528637][ T4293] do_promote+0x741/0xab0
[ 86.532980][ T4293] finish_xmote+0x4df/0xb00
[ 86.537493][ T4293] do_xmote+0x7b6/0x1120
[ 86.541745][ T4293] gfs2_glock_nq+0xc7a/0x1550
[ 86.546437][ T4293] do_sync+0x4ab/0xc40
[ 86.550529][ T4293] ? slot_put+0x1e0/0x1e0
[ 86.554890][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 86.559924][ T4293] ? do_raw_spin_lock+0x128/0x2f0
[ 86.564971][ T4293] ? do_sync+0x4a3/0xc40
[ 86.569212][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 86.574409][ T4293] gfs2_quota_sync+0x32c/0x700
[ 86.579182][ T4293] gfs2_sync_fs+0x48/0xb0
[ 86.583508][ T4293] sync_filesystem+0xe6/0x220
[ 86.588181][ T4293] generic_shutdown_super+0x6b/0x300
[ 86.593466][ T4293] kill_block_super+0x7c/0xe0
[ 86.598147][ T4293] deactivate_locked_super+0x93/0xf0
[ 86.603434][ T4293] cleanup_mnt+0x42d/0x4e0
[ 86.607856][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 86.613056][ T4293] task_work_run+0x125/0x1a0
[ 86.617650][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 86.623019][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 86.628562][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 86.634023][ T4293] do_syscall_64+0x58/0xa0
[ 86.638436][ T4293] ? clear_bhb_loop+0x30/0x80
[ 86.643111][ T4293] ? clear_bhb_loop+0x30/0x80
[ 86.647786][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.653680][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 86.658100][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 86.677704][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 86.686135][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 86.694108][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 86.702090][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 86.710102][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 86.718097][ T4293] R13: 00007f6414060050 R14: 0000000000014f2a R15: 00007ffe17c16320
[ 86.726095][ T4293]
[ 86.732490][ T4293] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 86.741414][ T4293] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 86.748085][ T4293] gfs2: fsid=syz:syz.0: File system withdrawn
[ 86.754535][ T4293] CPU: 1 PID: 4293 Comm: syz-executor Not tainted syzkaller #0
[ 86.762117][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.769662][ T4261] Bluetooth: hci0: command 0x0419 tx timeout
[ 86.772175][ T4293] Call Trace:
[ 86.781464][ T4293]
[ 86.784415][ T4293] dump_stack_lvl+0x188/0x250
[ 86.789101][ T4293] ? kobject_uevent_env+0x371/0x890
[ 86.794320][ T4293] ? show_regs_print_info+0x20/0x20
[ 86.799525][ T4293] ? load_image+0x400/0x400
[ 86.804056][ T4293] ? kobject_uevent_env+0x371/0x890
[ 86.809285][ T4293] ? lockref_put_or_lock+0x6e/0xb0
[ 86.814457][ T4293] gfs2_withdraw+0x1149/0x1490
[ 86.819243][ T4293] ? gfs2_lm+0x240/0x240
[ 86.823502][ T4293] ? __schedule+0x11f7/0x43c0
[ 86.828190][ T4293] ? gfs2_consist_inode_i+0xc0/0xe0
[ 86.833392][ T4293] gfs2_inode_refresh+0xb64/0xff0
[ 86.838423][ T4293] ? do_promote+0x71a/0xab0
[ 86.842937][ T4293] ? gfs2_inode_metasync+0xf0/0xf0
[ 86.848075][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 86.853110][ T4293] inode_go_lock+0x127/0x470
[ 86.857702][ T4293] do_promote+0x741/0xab0
[ 86.862054][ T4293] finish_xmote+0x4df/0xb00
[ 86.866599][ T4293] do_xmote+0x7b6/0x1120
[ 86.870867][ T4293] gfs2_glock_nq+0xc7a/0x1550
[ 86.875554][ T4293] do_sync+0x4ab/0xc40
[ 86.879636][ T4293] ? slot_put+0x1e0/0x1e0
[ 86.884112][ T4293] ? __lock_acquire+0x7d10/0x7d10
[ 86.889392][ T4293] ? do_raw_spin_lock+0x128/0x2f0
[ 86.894465][ T4293] ? do_sync+0x4a3/0xc40
[ 86.898715][ T4293] ? do_raw_spin_unlock+0x11d/0x230
[ 86.903917][ T4293] gfs2_quota_sync+0x32c/0x700
[ 86.908701][ T4293] gfs2_sync_fs+0x48/0xb0
[ 86.913036][ T4293] sync_filesystem+0xe6/0x220
[ 86.917716][ T4293] generic_shutdown_super+0x6b/0x300
[ 86.923006][ T4293] kill_block_super+0x7c/0xe0
[ 86.927686][ T4293] deactivate_locked_super+0x93/0xf0
[ 86.932976][ T4293] cleanup_mnt+0x42d/0x4e0
[ 86.937406][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 86.942614][ T4293] task_work_run+0x125/0x1a0
[ 86.947237][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 86.952624][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 86.958193][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 86.963657][ T4293] do_syscall_64+0x58/0xa0
[ 86.968090][ T4293] ? clear_bhb_loop+0x30/0x80
[ 86.972767][ T4293] ? clear_bhb_loop+0x30/0x80
[ 86.977452][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.983341][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 86.987753][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 87.007354][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 87.015779][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 87.023767][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 87.031742][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 87.039729][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 87.047723][ T4293] R13: 00007f6414060050 R14: 0000000000014f2a R15: 00007ffe17c16320
[ 87.055716][ T4293]
[ 87.062649][ T23] cfg80211: failed to load regulatory.db
[ 87.070173][ T4293] ==================================================================
[ 87.078459][ T4293] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 87.085179][ T4293] Read of size 8 at addr ffff88805cb0d1e0 by task syz-executor/4293
[ 87.093155][ T4293]
[ 87.095492][ T4293] CPU: 0 PID: 4293 Comm: syz-executor Not tainted syzkaller #0
[ 87.103210][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 87.113262][ T4293] Call Trace:
[ 87.116569][ T4293]
[ 87.119516][ T4293] dump_stack_lvl+0x188/0x250
[ 87.124241][ T4293] ? show_regs_print_info+0x20/0x20
[ 87.129448][ T4293] ? _printk+0xda/0x130
[ 87.133600][ T4293] ? qd_unlock+0x30/0x2d0
[ 87.137936][ T4293] ? load_image+0x400/0x400
[ 87.142433][ T4293] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 87.147899][ T4293] print_address_description+0x60/0x2d0
[ 87.153451][ T4293] ? qd_unlock+0x30/0x2d0
[ 87.157780][ T4293] kasan_report+0xdf/0x130
[ 87.162213][ T4293] ? qd_unlock+0x30/0x2d0
[ 87.166543][ T4293] kasan_check_range+0x235/0x290
[ 87.171501][ T4293] qd_unlock+0x30/0x2d0
[ 87.175658][ T4293] gfs2_quota_sync+0x5cf/0x700
[ 87.180431][ T4293] gfs2_sync_fs+0x48/0xb0
[ 87.184760][ T4293] sync_filesystem+0xe6/0x220
[ 87.189436][ T4293] generic_shutdown_super+0x6b/0x300
[ 87.194722][ T4293] kill_block_super+0x7c/0xe0
[ 87.199399][ T4293] deactivate_locked_super+0x93/0xf0
[ 87.204687][ T4293] cleanup_mnt+0x42d/0x4e0
[ 87.209104][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 87.214305][ T4293] task_work_run+0x125/0x1a0
[ 87.218928][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 87.224331][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 87.229887][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 87.235371][ T4293] do_syscall_64+0x58/0xa0
[ 87.239814][ T4293] ? clear_bhb_loop+0x30/0x80
[ 87.244517][ T4293] ? clear_bhb_loop+0x30/0x80
[ 87.249197][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.255092][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 87.259508][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 87.279120][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 87.287540][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 87.295518][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 87.303497][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 87.311468][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 87.319461][ T4293] R13: 00007f6414060050 R14: 0000000000014f2a R15: 00007ffe17c16320
[ 87.327448][ T4293]
[ 87.330467][ T4293]
[ 87.332786][ T4293] Allocated by task 4309:
[ 87.337119][ T4293] __kasan_slab_alloc+0x9c/0xd0
[ 87.341973][ T4293] slab_post_alloc_hook+0x4c/0x380
[ 87.347088][ T4293] kmem_cache_alloc+0x100/0x290
[ 87.351962][ T4293] qd_alloc+0x50/0x260
[ 87.356057][ T4293] gfs2_quota_init+0x74e/0xea0
[ 87.360819][ T4293] gfs2_make_fs_rw+0x414/0x580
[ 87.365583][ T4293] gfs2_fill_super+0x1837/0x1f00
[ 87.370677][ T4293] get_tree_bdev+0x3f1/0x610
[ 87.375280][ T4293] gfs2_get_tree+0x4d/0x1e0
[ 87.379783][ T4293] vfs_get_tree+0x88/0x270
[ 87.384211][ T4293] do_new_mount+0x24a/0xa40
[ 87.388731][ T4293] __se_sys_mount+0x2e3/0x3d0
[ 87.393409][ T4293] do_syscall_64+0x4c/0xa0
[ 87.397821][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.403720][ T4293]
[ 87.406045][ T4293] Freed by task 0:
[ 87.409754][ T4293] kasan_set_track+0x4b/0x70
[ 87.414341][ T4293] kasan_set_free_info+0x1f/0x40
[ 87.419286][ T4293] ____kasan_slab_free+0xd5/0x110
[ 87.424313][ T4293] slab_free_freelist_hook+0xea/0x170
[ 87.429681][ T4293] kmem_cache_free+0x8f/0x210
[ 87.434358][ T4293] rcu_core+0x9d2/0x1670
[ 87.438598][ T4293] handle_softirqs+0x339/0x830
[ 87.443365][ T4293] __irq_exit_rcu+0x13b/0x230
[ 87.448039][ T4293] irq_exit_rcu+0x5/0x20
[ 87.452279][ T4293] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 87.457913][ T4293] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 87.463910][ T4293]
[ 87.466233][ T4293] Last potentially related work creation:
[ 87.471946][ T4293] kasan_save_stack+0x35/0x60
[ 87.476671][ T4293] kasan_record_aux_stack+0xb8/0x100
[ 87.481988][ T4293] call_rcu+0x189/0x950
[ 87.486152][ T4293] gfs2_quota_cleanup+0x43c/0x6a0
[ 87.491181][ T4293] gfs2_make_fs_ro+0x440/0x620
[ 87.495943][ T4293] gfs2_withdraw+0x610/0x1490
[ 87.500616][ T4293] gfs2_inode_refresh+0xb64/0xff0
[ 87.505636][ T4293] inode_go_lock+0x127/0x470
[ 87.510222][ T4293] do_promote+0x741/0xab0
[ 87.514550][ T4293] finish_xmote+0x4df/0xb00
[ 87.519057][ T4293] do_xmote+0x7b6/0x1120
[ 87.523321][ T4293] gfs2_glock_nq+0xc7a/0x1550
[ 87.527999][ T4293] do_sync+0x4ab/0xc40
[ 87.532095][ T4293] gfs2_quota_sync+0x32c/0x700
[ 87.536856][ T4293] gfs2_sync_fs+0x48/0xb0
[ 87.541186][ T4293] sync_filesystem+0xe6/0x220
[ 87.545866][ T4293] generic_shutdown_super+0x6b/0x300
[ 87.551158][ T4293] kill_block_super+0x7c/0xe0
[ 87.555842][ T4293] deactivate_locked_super+0x93/0xf0
[ 87.561134][ T4293] cleanup_mnt+0x42d/0x4e0
[ 87.565556][ T4293] task_work_run+0x125/0x1a0
[ 87.570148][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 87.575526][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 87.581073][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 87.586533][ T4293] do_syscall_64+0x58/0xa0
[ 87.590967][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.596880][ T4293]
[ 87.599226][ T4293] The buggy address belongs to the object at ffff88805cb0d150
[ 87.599226][ T4293] which belongs to the cache gfs2_quotad of size 272
[ 87.613305][ T4293] The buggy address is located 144 bytes inside of
[ 87.613305][ T4293] 272-byte region [ffff88805cb0d150, ffff88805cb0d260)
[ 87.626582][ T4293] The buggy address belongs to the page:
[ 87.632226][ T4293] page:ffffea000172c340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cb0d
[ 87.642376][ T4293] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 87.649940][ T4293] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801e0d43c0
[ 87.658527][ T4293] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 87.667104][ T4293] page dumped because: kasan: bad access detected
[ 87.673525][ T4293] page_owner tracks the page as allocated
[ 87.679246][ T4293] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4305, ts 84821635166, free_ts 22151587386
[ 87.698255][ T4293] get_page_from_freelist+0x1bbd/0x1ca0
[ 87.703819][ T4293] __alloc_pages+0x1ee/0x480
[ 87.708436][ T4293] new_slab+0xc0/0x4b0
[ 87.712505][ T4293] ___slab_alloc+0x80a/0xdd0
[ 87.717094][ T4293] kmem_cache_alloc+0x195/0x290
[ 87.721952][ T4293] qd_alloc+0x50/0x260
[ 87.726036][ T4293] gfs2_quota_init+0x74e/0xea0
[ 87.730806][ T4293] gfs2_make_fs_rw+0x414/0x580
[ 87.735577][ T4293] gfs2_fill_super+0x1837/0x1f00
[ 87.740521][ T4293] get_tree_bdev+0x3f1/0x610
[ 87.745135][ T4293] gfs2_get_tree+0x4d/0x1e0
[ 87.749642][ T4293] vfs_get_tree+0x88/0x270
[ 87.754065][ T4293] do_new_mount+0x24a/0xa40
[ 87.758569][ T4293] __se_sys_mount+0x2e3/0x3d0
[ 87.763242][ T4293] do_syscall_64+0x4c/0xa0
[ 87.767658][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.773562][ T4293] page last free stack trace:
[ 87.778262][ T4293] free_unref_page_prepare+0x637/0x6c0
[ 87.783757][ T4293] free_unref_page+0x8f/0x2a0
[ 87.788465][ T4293] free_contig_range+0x96/0xf0
[ 87.793247][ T4293] destroy_args+0xf0/0xa00
[ 87.797689][ T4293] debug_vm_pgtable+0x321/0x380
[ 87.802542][ T4293] do_one_initcall+0x272/0x730
[ 87.807306][ T4293] do_initcall_level+0x137/0x1f0
[ 87.812240][ T4293] do_initcalls+0x4b/0x90
[ 87.816564][ T4293] kernel_init_freeable+0x3e9/0x570
[ 87.821761][ T4293] kernel_init+0x19/0x1b0
[ 87.826096][ T4293] ret_from_fork+0x1f/0x30
[ 87.830515][ T4293]
[ 87.832857][ T4293] Memory state around the buggy address:
[ 87.838485][ T4293] ffff88805cb0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.846549][ T4293] ffff88805cb0d100: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 87.854623][ T4293] >ffff88805cb0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.862684][ T4293] ^
[ 87.870008][ T4293] ffff88805cb0d200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 87.878088][ T4293] ffff88805cb0d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.886148][ T4293] ==================================================================
[ 87.894205][ T4293] Disabling lock debugging due to kernel taint
[ 87.912770][ T4293] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.920024][ T4293] CPU: 0 PID: 4293 Comm: syz-executor Tainted: G B syzkaller #0
[ 87.928981][ T4293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 87.939054][ T4293] Call Trace:
[ 87.942357][ T4293]
[ 87.945312][ T4293] dump_stack_lvl+0x188/0x250
[ 87.950050][ T4293] ? show_regs_print_info+0x20/0x20
[ 87.955294][ T4293] ? load_image+0x400/0x400
[ 87.959798][ T4293] panic+0x2e5/0x810
[ 87.963732][ T4293] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 87.969924][ T4293] ? bpf_jit_dump+0xd0/0xd0
[ 87.974456][ T4293] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 87.980441][ T4293] ? _raw_spin_unlock+0x40/0x40
[ 87.985292][ T4293] ? qd_unlock+0x30/0x2d0
[ 87.989619][ T4293] check_panic_on_warn+0x80/0xa0
[ 87.994604][ T4293] ? qd_unlock+0x30/0x2d0
[ 87.998945][ T4293] end_report+0x6d/0xf0
[ 88.003151][ T4293] kasan_report+0x102/0x130
[ 88.007686][ T4293] ? qd_unlock+0x30/0x2d0
[ 88.012065][ T4293] kasan_check_range+0x235/0x290
[ 88.017026][ T4293] qd_unlock+0x30/0x2d0
[ 88.021206][ T4293] gfs2_quota_sync+0x5cf/0x700
[ 88.026003][ T4293] gfs2_sync_fs+0x48/0xb0
[ 88.030361][ T4293] sync_filesystem+0xe6/0x220
[ 88.035064][ T4293] generic_shutdown_super+0x6b/0x300
[ 88.040377][ T4293] kill_block_super+0x7c/0xe0
[ 88.045077][ T4293] deactivate_locked_super+0x93/0xf0
[ 88.050399][ T4293] cleanup_mnt+0x42d/0x4e0
[ 88.054846][ T4293] ? lockdep_hardirqs_on+0x94/0x140
[ 88.060077][ T4293] task_work_run+0x125/0x1a0
[ 88.064693][ T4293] exit_to_user_mode_loop+0x10f/0x130
[ 88.070074][ T4293] exit_to_user_mode_prepare+0xee/0x180
[ 88.075672][ T4293] syscall_exit_to_user_mode+0x16/0x40
[ 88.081178][ T4293] do_syscall_64+0x58/0xa0
[ 88.085609][ T4293] ? clear_bhb_loop+0x30/0x80
[ 88.090327][ T4293] ? clear_bhb_loop+0x30/0x80
[ 88.095038][ T4293] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.100966][ T4293] RIP: 0033:0x7f6413fcb9d7
[ 88.105405][ T4293] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 88.125038][ T4293] RSP: 002b:00007ffe17c15198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 88.133507][ T4293] RAX: 0000000000000000 RBX: 00007f6414060050 RCX: 00007f6413fcb9d7
[ 88.141533][ T4293] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe17c15250
[ 88.149533][ T4293] RBP: 00007ffe17c15250 R08: 00007ffe17c16250 R09: 00000000ffffffff
[ 88.157523][ T4293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe17c162e0
[ 88.165541][ T4293] R13: 00007f6414060050 R14: 0000000000014f2a R15: 00007ffe17c16320
[ 88.173554][ T4293]
[ 88.176921][ T4293] Kernel Offset: disabled
[ 88.181274][ T4293] Rebooting in 86400 seconds..