Warning: Permanently added '10.128.10.39' (ED25519) to the list of known hosts.
[   51.151960][ T4168] chnl_net:caif_netlink_parms(): no params data found
[   51.185564][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.193143][ T4168] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.201204][ T4168] device bridge_slave_0 entered promiscuous mode
[   51.210449][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.217718][ T4168] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.225331][ T4168] device bridge_slave_1 entered promiscuous mode
[   51.244093][ T4168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   51.255109][ T4168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.274597][ T4168] team0: Port device team_slave_0 added
[   51.281730][ T4168] team0: Port device team_slave_1 added
[   51.296719][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_0
[   51.303730][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   51.329853][ T4168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   51.341918][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_1
[   51.348884][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   51.374787][ T4168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   51.400220][ T4168] device hsr_slave_0 entered promiscuous mode
[   51.406900][ T4168] device hsr_slave_1 entered promiscuous mode
[   51.473077][ T4168] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   51.482567][ T4168] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   51.491538][ T4168] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   51.500375][ T4168] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   51.519159][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.526401][ T4168] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.534164][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.541236][ T4168] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.573712][ T4168] 8021q: adding VLAN 0 to HW filter on device bond0
[   51.584368][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.593925][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.602671][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.611154][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   51.623207][ T4168] 8021q: adding VLAN 0 to HW filter on device team0
[   51.633675][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.641973][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.649069][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.670177][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.679619][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.686682][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.694941][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.703972][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.713291][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.722872][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.734082][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.744043][ T4168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   51.760071][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   51.767726][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   51.780284][ T4168] 8021q: adding VLAN 0 to HW filter on device batadv0
[   51.795638][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.812838][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.821303][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.829510][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.840000][ T4168] device veth0_vlan entered promiscuous mode
[   51.850307][ T4168] device veth1_vlan entered promiscuous mode
[   51.865611][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   51.874121][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   51.882413][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.893244][ T4168] device veth0_macvtap entered promiscuous mode
[   51.902479][ T4168] device veth1_macvtap entered promiscuous mode
[   51.915364][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0
[   51.923281][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.932910][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   51.943364][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1
[   51.950972][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   51.962182][ T4168] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[   51.971378][ T4168] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   51.980395][ T4168] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   51.989286][ T4168] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.156331][ T4168] loop0: detected capacity change from 0 to 32768
[   52.219018][ T4168] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   52.228535][ T4168] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   52.245956][ T4168] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[   52.256572][ T1108] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   52.264072][ T1108] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   52.291891][ T1108] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms
[   52.302103][ T1108] gfs2: fsid=syz:syz.0: jid=0: Done
[   52.307833][ T4168] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   52.377059][ T4168] gfs2: fsid=syz:syz.0: found 1 quota changes
[   52.402997][ T4168] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   52.402997][ T4168]   inode = 11 2339
[   52.402997][ T4168]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[   52.427376][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.431937][ T4168] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   52.455730][ T4168] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[   52.470166][ T4168] CPU: 1 PID: 4168 Comm: syz-executor245 Not tainted 5.15.185-syzkaller #0
[   52.478888][ T4168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   52.488952][ T4168] Call Trace:
[   52.492300][ T4168]  <TASK>
[   52.495231][ T4168]  dump_stack_lvl+0x168/0x230
[   52.499929][ T4168]  ? show_regs_print_info+0x20/0x20
[   52.505127][ T4168]  ? load_image+0x3b0/0x3b0
[   52.509627][ T4168]  ? __lock_acquire+0x7c60/0x7c60
[   52.514656][ T4168]  ? do_raw_spin_unlock+0x11d/0x230
[   52.519853][ T4168]  gfs2_assert_warn_i+0x18f/0x2c0
[   52.524982][ T4168]  gfs2_quota_cleanup+0x4b4/0x6a0
[   52.530023][ T4168]  gfs2_make_fs_ro+0x237/0x5d0
[   52.534801][ T4168]  ? gfs2_dinode_out+0xb00/0xb00
[   52.539916][ T4168]  ? _raw_spin_unlock+0x24/0x40
[   52.544795][ T4168]  ? gfs2_glock_nq+0xcb0/0x1550
[   52.549743][ T4168]  gfs2_withdraw+0x5f9/0x1460
[   52.554460][ T4168]  ? gfs2_lm+0x220/0x220
[   52.558704][ T4168]  ? __schedule+0x11c0/0x43b0
[   52.563490][ T4168]  ? gfs2_freeze_lock+0x52/0xc0
[   52.568339][ T4168]  ? gfs2_consist_inode_i+0xc0/0xe0
[   52.573648][ T4168]  gfs2_inode_refresh+0xb5e/0xfe0
[   52.578669][ T4168]  ? do_promote+0x71a/0xab0
[   52.583170][ T4168]  ? gfs2_inode_metasync+0xf0/0xf0
[   52.588288][ T4168]  ? __lock_acquire+0x7c60/0x7c60
[   52.593320][ T4168]  inode_go_lock+0x127/0x470
[   52.597905][ T4168]  do_promote+0x741/0xab0
[   52.602240][ T4168]  finish_xmote+0x514/0xb70
[   52.606745][ T4168]  do_xmote+0x7b6/0x1120
[   52.610997][ T4168]  gfs2_glock_nq+0xc7a/0x1550
[   52.615683][ T4168]  do_sync+0x486/0xc00
[   52.619839][ T4168]  ? slot_put+0x1e0/0x1e0
[   52.624162][ T4168]  ? __lock_acquire+0x7c60/0x7c60
[   52.629356][ T4168]  ? do_raw_spin_lock+0x11d/0x280
[   52.634412][ T4168]  ? do_sync+0x47e/0xc00
[   52.638669][ T4168]  ? do_raw_spin_unlock+0x11d/0x230
[   52.643895][ T4168]  gfs2_quota_sync+0x32c/0x6f0
[   52.648689][ T4168]  gfs2_sync_fs+0x48/0xb0
[   52.653112][ T4168]  sync_filesystem+0xe6/0x220
[   52.657791][ T4168]  generic_shutdown_super+0x6b/0x300
[   52.663079][ T4168]  kill_block_super+0x7c/0xe0
[   52.667756][ T4168]  deactivate_locked_super+0x93/0xf0
[   52.673046][ T4168]  cleanup_mnt+0x418/0x4d0
[   52.677470][ T4168]  ? lockdep_hardirqs_on+0x94/0x140
[   52.682677][ T4168]  task_work_run+0x125/0x1a0
[   52.687269][ T4168]  do_exit+0x616/0x20a0
[   52.691427][ T4168]  ? put_task_struct+0x80/0x80
[   52.696200][ T4168]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   52.702389][ T4168]  ? lock_chain_count+0x20/0x20
[   52.707240][ T4168]  do_group_exit+0x12e/0x300
[   52.711830][ T4168]  __x64_sys_exit_group+0x3b/0x40
[   52.716937][ T4168]  do_syscall_64+0x4c/0xa0
[   52.721380][ T4168]  ? clear_bhb_loop+0x30/0x80
[   52.726057][ T4168]  ? clear_bhb_loop+0x30/0x80
[   52.730824][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   52.736718][ T4168] RIP: 0033:0x7fb6987c66d9
[   52.741131][ T4168] Code: Unable to access opcode bytes at RIP 0x7fb6987c66af.
[   52.748487][ T4168] RSP: 002b:00007ffc3d9c8e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.756900][ T4168] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb6987c66d9
[   52.764869][ T4168] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   52.772836][ T4168] RBP: 00007fb698862390 R08: ffffffffffffffb0 R09: 00000000000124ce
[   52.780989][ T4168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb698862390
[   52.788959][ T4168] R13: 0000000000000000 R14: 00007fb6988651c0 R15: 00007fb698790840
[   52.796938][ T4168]  </TASK>
[   52.803766][ T4168] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   52.812717][ T4168] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   52.822315][ T4168] gfs2: fsid=syz:syz.0: File system withdrawn
[   52.828485][ T4168] CPU: 1 PID: 4168 Comm: syz-executor245 Not tainted 5.15.185-syzkaller #0
[   52.837070][ T4168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   52.847462][ T4168] Call Trace:
[   52.850749][ T4168]  <TASK>
[   52.853678][ T4168]  dump_stack_lvl+0x168/0x230
[   52.858356][ T4168]  ? kobject_uevent_env+0x371/0x890
[   52.863562][ T4168]  ? show_regs_print_info+0x20/0x20
[   52.868754][ T4168]  ? load_image+0x3b0/0x3b0
[   52.873254][ T4168]  ? kobject_uevent_env+0x371/0x890
[   52.878454][ T4168]  ? lockref_put_or_lock+0x6e/0xb0
[   52.883654][ T4168]  gfs2_withdraw+0x111b/0x1460
[   52.888426][ T4168]  ? gfs2_lm+0x220/0x220
[   52.892752][ T4168]  ? __schedule+0x11c0/0x43b0
[   52.897607][ T4168]  ? gfs2_consist_inode_i+0xc0/0xe0
[   52.902806][ T4168]  gfs2_inode_refresh+0xb5e/0xfe0
[   52.907836][ T4168]  ? do_promote+0x71a/0xab0
[   52.912333][ T4168]  ? gfs2_inode_metasync+0xf0/0xf0
[   52.917446][ T4168]  ? __lock_acquire+0x7c60/0x7c60
[   52.922475][ T4168]  inode_go_lock+0x127/0x470
[   52.927062][ T4168]  do_promote+0x741/0xab0
[   52.931486][ T4168]  finish_xmote+0x514/0xb70
[   52.935990][ T4168]  do_xmote+0x7b6/0x1120
[   52.940330][ T4168]  gfs2_glock_nq+0xc7a/0x1550
[   52.945020][ T4168]  do_sync+0x486/0xc00
[   52.949087][ T4168]  ? slot_put+0x1e0/0x1e0
[   52.953463][ T4168]  ? __lock_acquire+0x7c60/0x7c60
[   52.958483][ T4168]  ? do_raw_spin_lock+0x11d/0x280
[   52.963507][ T4168]  ? do_sync+0x47e/0xc00
[   52.967832][ T4168]  ? do_raw_spin_unlock+0x11d/0x230
[   52.973034][ T4168]  gfs2_quota_sync+0x32c/0x6f0
[   52.977807][ T4168]  gfs2_sync_fs+0x48/0xb0
[   52.982131][ T4168]  sync_filesystem+0xe6/0x220
[   52.986807][ T4168]  generic_shutdown_super+0x6b/0x300
[   52.992093][ T4168]  kill_block_super+0x7c/0xe0
[   52.996770][ T4168]  deactivate_locked_super+0x93/0xf0
[   53.002146][ T4168]  cleanup_mnt+0x418/0x4d0
[   53.006567][ T4168]  ? lockdep_hardirqs_on+0x94/0x140
[   53.011767][ T4168]  task_work_run+0x125/0x1a0
[   53.016363][ T4168]  do_exit+0x616/0x20a0
[   53.020521][ T4168]  ? put_task_struct+0x80/0x80
[   53.025292][ T4168]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   53.031359][ T4168]  ? lock_chain_count+0x20/0x20
[   53.036217][ T4168]  do_group_exit+0x12e/0x300
[   53.040903][ T4168]  __x64_sys_exit_group+0x3b/0x40
[   53.045929][ T4168]  do_syscall_64+0x4c/0xa0
[   53.050450][ T4168]  ? clear_bhb_loop+0x30/0x80
[   53.055134][ T4168]  ? clear_bhb_loop+0x30/0x80
[   53.059802][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.065716][ T4168] RIP: 0033:0x7fb6987c66d9
[   53.070165][ T4168] Code: Unable to access opcode bytes at RIP 0x7fb6987c66af.
[   53.077536][ T4168] RSP: 002b:00007ffc3d9c8e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.086034][ T4168] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb6987c66d9
[   53.094010][ T4168] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.101993][ T4168] RBP: 00007fb698862390 R08: ffffffffffffffb0 R09: 00000000000124ce
[   53.109963][ T4168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb698862390
[   53.117949][ T4168] R13: 0000000000000000 R14: 00007fb6988651c0 R15: 00007fb698790840
[   53.126018][ T4168]  </TASK>
[   53.131108][ T4168] ==================================================================
[   53.138999][ T4169] Bluetooth: hci0: command 0x0409 tx timeout
[   53.139319][ T4168] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[   53.152109][ T4168] Read of size 8 at addr ffff888071da8090 by task syz-executor245/4168
[   53.160350][ T4168] 
[   53.162657][ T4168] CPU: 0 PID: 4168 Comm: syz-executor245 Not tainted 5.15.185-syzkaller #0
[   53.171215][ T4168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.181264][ T4168] Call Trace:
[   53.184531][ T4168]  <TASK>
[   53.187456][ T4168]  dump_stack_lvl+0x168/0x230
[   53.192157][ T4168]  ? show_regs_print_info+0x20/0x20
[   53.197365][ T4168]  ? _printk+0xcc/0x110
[   53.201617][ T4168]  ? qd_unlock+0x30/0x2d0
[   53.205954][ T4168]  ? load_image+0x3b0/0x3b0
[   53.210539][ T4168]  print_address_description+0x60/0x2d0
[   53.216088][ T4168]  ? qd_unlock+0x30/0x2d0
[   53.220416][ T4168]  kasan_report+0xdf/0x130
[   53.224873][ T4168]  ? qd_unlock+0x30/0x2d0
[   53.229216][ T4168]  kasan_check_range+0x27b/0x290
[   53.234157][ T4168]  qd_unlock+0x30/0x2d0
[   53.238305][ T4168]  gfs2_quota_sync+0x5bf/0x6f0
[   53.243050][ T4168]  gfs2_sync_fs+0x48/0xb0
[   53.247447][ T4168]  sync_filesystem+0xe6/0x220
[   53.252128][ T4168]  generic_shutdown_super+0x6b/0x300
[   53.257424][ T4168]  kill_block_super+0x7c/0xe0
[   53.262112][ T4168]  deactivate_locked_super+0x93/0xf0
[   53.267383][ T4168]  cleanup_mnt+0x418/0x4d0
[   53.271791][ T4168]  ? lockdep_hardirqs_on+0x94/0x140
[   53.276972][ T4168]  task_work_run+0x125/0x1a0
[   53.281553][ T4168]  do_exit+0x616/0x20a0
[   53.285780][ T4168]  ? put_task_struct+0x80/0x80
[   53.290543][ T4168]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   53.296510][ T4168]  ? lock_chain_count+0x20/0x20
[   53.301338][ T4168]  do_group_exit+0x12e/0x300
[   53.305916][ T4168]  __x64_sys_exit_group+0x3b/0x40
[   53.310917][ T4168]  do_syscall_64+0x4c/0xa0
[   53.315310][ T4168]  ? clear_bhb_loop+0x30/0x80
[   53.319969][ T4168]  ? clear_bhb_loop+0x30/0x80
[   53.324622][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.330500][ T4168] RIP: 0033:0x7fb6987c66d9
[   53.334899][ T4168] Code: Unable to access opcode bytes at RIP 0x7fb6987c66af.
[   53.342266][ T4168] RSP: 002b:00007ffc3d9c8e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   53.350750][ T4168] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb6987c66d9
[   53.358771][ T4168] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   53.366851][ T4168] RBP: 00007fb698862390 R08: ffffffffffffffb0 R09: 00000000000124ce
[   53.374813][ T4168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb698862390
[   53.382772][ T4168] R13: 0000000000000000 R14: 00007fb6988651c0 R15: 00007fb698790840
[   53.390737][ T4168]  </TASK>
[   53.393735][ T4168] 
[   53.396033][ T4168] Allocated by task 4168:
[   53.400339][ T4168]  __kasan_slab_alloc+0x9c/0xd0
[   53.405183][ T4168]  slab_post_alloc_hook+0x4c/0x380
[   53.410286][ T4168]  kmem_cache_alloc+0x100/0x290
[   53.415130][ T4168]  qd_alloc+0x50/0x260
[   53.419176][ T4168]  gfs2_quota_init+0x730/0xe80
[   53.423918][ T4168]  gfs2_make_fs_rw+0x3f5/0x560
[   53.428656][ T4168]  gfs2_fill_super+0x188a/0x1f50
[   53.433587][ T4168]  get_tree_bdev+0x3f1/0x610
[   53.438166][ T4168]  gfs2_get_tree+0x4d/0x1e0
[   53.442662][ T4168]  vfs_get_tree+0x88/0x270
[   53.447070][ T4168]  do_new_mount+0x24a/0xa40
[   53.451563][ T4168]  __se_sys_mount+0x2d6/0x3c0
[   53.456215][ T4168]  do_syscall_64+0x4c/0xa0
[   53.460608][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.466484][ T4168] 
[   53.468937][ T4168] Freed by task 14:
[   53.472717][ T4168]  kasan_set_track+0x4b/0x70
[   53.477282][ T4168]  kasan_set_free_info+0x1f/0x40
[   53.482204][ T4168]  ____kasan_slab_free+0xd5/0x110
[   53.487209][ T4168]  slab_free_freelist_hook+0xea/0x170
[   53.492554][ T4168]  kmem_cache_free+0x8f/0x210
[   53.497210][ T4168]  rcu_core+0x962/0x15d0
[   53.501442][ T4168]  handle_softirqs+0x328/0x820
[   53.506272][ T4168]  run_ksoftirqd+0x98/0xf0
[   53.510691][ T4168]  smpboot_thread_fn+0x4f6/0x970
[   53.515631][ T4168]  kthread+0x436/0x520
[   53.519681][ T4168]  ret_from_fork+0x1f/0x30
[   53.524094][ T4168] 
[   53.526487][ T4168] Last potentially related work creation:
[   53.532191][ T4168]  kasan_save_stack+0x35/0x60
[   53.536886][ T4168]  kasan_record_aux_stack+0xb8/0x100
[   53.542261][ T4168]  call_rcu+0x179/0x920
[   53.546405][ T4168]  gfs2_quota_cleanup+0x43c/0x6a0
[   53.551421][ T4168]  gfs2_make_fs_ro+0x237/0x5d0
[   53.556182][ T4168]  gfs2_withdraw+0x5f9/0x1460
[   53.560836][ T4168]  gfs2_inode_refresh+0xb5e/0xfe0
[   53.565854][ T4168]  inode_go_lock+0x127/0x470
[   53.570428][ T4168]  do_promote+0x741/0xab0
[   53.574780][ T4168]  finish_xmote+0x514/0xb70
[   53.579256][ T4168]  do_xmote+0x7b6/0x1120
[   53.583472][ T4168]  gfs2_glock_nq+0xc7a/0x1550
[   53.588132][ T4168]  do_sync+0x486/0xc00
[   53.592201][ T4168]  gfs2_quota_sync+0x32c/0x6f0
[   53.596950][ T4168]  gfs2_sync_fs+0x48/0xb0
[   53.601288][ T4168]  sync_filesystem+0xe6/0x220
[   53.605964][ T4168]  generic_shutdown_super+0x6b/0x300
[   53.611229][ T4168]  kill_block_super+0x7c/0xe0
[   53.615888][ T4168]  deactivate_locked_super+0x93/0xf0
[   53.621150][ T4168]  cleanup_mnt+0x418/0x4d0
[   53.625546][ T4168]  task_work_run+0x125/0x1a0
[   53.630121][ T4168]  do_exit+0x616/0x20a0
[   53.634355][ T4168]  do_group_exit+0x12e/0x300
[   53.638918][ T4168]  __x64_sys_exit_group+0x3b/0x40
[   53.644003][ T4168]  do_syscall_64+0x4c/0xa0
[   53.648494][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.654397][ T4168] 
[   53.656701][ T4168] The buggy address belongs to the object at ffff888071da8000
[   53.656701][ T4168]  which belongs to the cache gfs2_quotad of size 272
[   53.670929][ T4168] The buggy address is located 144 bytes inside of
[   53.670929][ T4168]  272-byte region [ffff888071da8000, ffff888071da8110)
[   53.684288][ T4168] The buggy address belongs to the page:
[   53.690170][ T4168] page:ffffea0001c76a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71da8
[   53.700414][ T4168] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   53.708045][ T4168] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888146730280
[   53.716639][ T4168] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   53.725194][ T4168] page dumped because: kasan: bad access detected
[   53.731583][ T4168] page_owner tracks the page as allocated
[   53.737373][ T4168] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 4168, ts 52369467176, free_ts 12280218397
[   53.755237][ T4168]  get_page_from_freelist+0x1b77/0x1c60
[   53.760779][ T4168]  __alloc_pages+0x1e1/0x470
[   53.765367][ T4168]  new_slab+0xc0/0x4b0
[   53.769411][ T4168]  ___slab_alloc+0x81e/0xdf0
[   53.773974][ T4168]  kmem_cache_alloc+0x195/0x290
[   53.778811][ T4168]  qd_alloc+0x50/0x260
[   53.782860][ T4168]  gfs2_quota_init+0x730/0xe80
[   53.787608][ T4168]  gfs2_make_fs_rw+0x3f5/0x560
[   53.792390][ T4168]  gfs2_fill_super+0x188a/0x1f50
[   53.797308][ T4168]  get_tree_bdev+0x3f1/0x610
[   53.801877][ T4168]  gfs2_get_tree+0x4d/0x1e0
[   53.806382][ T4168]  vfs_get_tree+0x88/0x270
[   53.810772][ T4168]  do_new_mount+0x24a/0xa40
[   53.815264][ T4168]  __se_sys_mount+0x2d6/0x3c0
[   53.819917][ T4168]  do_syscall_64+0x4c/0xa0
[   53.824396][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   53.830272][ T4168] page last free stack trace:
[   53.835004][ T4168]  free_unref_page_prepare+0x637/0x6c0
[   53.840454][ T4168]  free_unref_page+0x94/0x280
[   53.845104][ T4168]  free_contig_range+0x96/0xf0
[   53.849839][ T4168]  destroy_args+0xef/0x8b0
[   53.854367][ T4168]  debug_vm_pgtable+0x318/0x370
[   53.859193][ T4168]  do_one_initcall+0x1ee/0x680
[   53.864033][ T4168]  do_initcall_level+0x137/0x1f0
[   53.868947][ T4168]  do_initcalls+0x4b/0x90
[   53.873252][ T4168]  kernel_init_freeable+0x3ce/0x560
[   53.878436][ T4168]  kernel_init+0x19/0x1b0
[   53.882740][ T4168]  ret_from_fork+0x1f/0x30
[   53.887143][ T4168] 
[   53.889451][ T4168] Memory state around the buggy address:
[   53.895052][ T4168]  ffff888071da7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.903083][ T4168]  ffff888071da8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.911131][ T4168] >ffff888071da8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.919254][ T4168]                          ^
[   53.923830][ T4168]  ffff888071da8100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.931866][ T4168]  ffff888071da8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.939902][ T4168] ==================================================================
[   53.947944][ T4168] Disabling lock debugging due to kernel taint
[   53.955175][ T4168] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   53.962475][ T4168] CPU: 0 PID: 4168 Comm: syz-executor245 Tainted: G    B             5.15.185-syzkaller #0
[   53.972457][ T4168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   53.982592][ T4168] Call Trace:
[   53.985864][ T4168]  <TASK>
[   53.989033][ T4168]  dump_stack_lvl+0x168/0x230
[   53.993703][ T4168]  ? show_regs_print_info+0x20/0x20
[   53.998872][ T4168]  ? load_image+0x3b0/0x3b0
[   54.003363][ T4168]  panic+0x2c9/0x7f0
[   54.007233][ T4168]  ? bpf_jit_dump+0xd0/0xd0
[   54.011802][ T4168]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   54.017672][ T4168]  ? _raw_spin_unlock+0x40/0x40
[   54.022515][ T4168]  ? print_memory_metadata+0x314/0x400
[   54.028038][ T4168]  ? qd_unlock+0x30/0x2d0
[   54.032346][ T4168]  check_panic_on_warn+0x80/0xa0
[   54.037263][ T4168]  ? qd_unlock+0x30/0x2d0
[   54.041575][ T4168]  end_report+0x6d/0xf0
[   54.045705][ T4168]  kasan_report+0x102/0x130
[   54.050183][ T4168]  ? qd_unlock+0x30/0x2d0
[   54.054485][ T4168]  kasan_check_range+0x27b/0x290
[   54.059489][ T4168]  qd_unlock+0x30/0x2d0
[   54.063629][ T4168]  gfs2_quota_sync+0x5bf/0x6f0
[   54.068439][ T4168]  gfs2_sync_fs+0x48/0xb0
[   54.072848][ T4168]  sync_filesystem+0xe6/0x220
[   54.077514][ T4168]  generic_shutdown_super+0x6b/0x300
[   54.082798][ T4168]  kill_block_super+0x7c/0xe0
[   54.087480][ T4168]  deactivate_locked_super+0x93/0xf0
[   54.092790][ T4168]  cleanup_mnt+0x418/0x4d0
[   54.097195][ T4168]  ? lockdep_hardirqs_on+0x94/0x140
[   54.102399][ T4168]  task_work_run+0x125/0x1a0
[   54.107064][ T4168]  do_exit+0x616/0x20a0
[   54.111223][ T4168]  ? put_task_struct+0x80/0x80
[   54.116052][ T4168]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   54.122009][ T4168]  ? lock_chain_count+0x20/0x20
[   54.126832][ T4168]  do_group_exit+0x12e/0x300
[   54.131399][ T4168]  __x64_sys_exit_group+0x3b/0x40
[   54.136412][ T4168]  do_syscall_64+0x4c/0xa0
[   54.140801][ T4168]  ? clear_bhb_loop+0x30/0x80
[   54.145452][ T4168]  ? clear_bhb_loop+0x30/0x80
[   54.150099][ T4168]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   54.155979][ T4168] RIP: 0033:0x7fb6987c66d9
[   54.160384][ T4168] Code: Unable to access opcode bytes at RIP 0x7fb6987c66af.
[   54.167719][ T4168] RSP: 002b:00007ffc3d9c8e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   54.176106][ T4168] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb6987c66d9
[   54.184064][ T4168] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   54.192013][ T4168] RBP: 00007fb698862390 R08: ffffffffffffffb0 R09: 00000000000124ce
[   54.199969][ T4168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb698862390
[   54.207915][ T4168] R13: 0000000000000000 R14: 00007fb6988651c0 R15: 00007fb698790840
[   54.215971][ T4168]  </TASK>
[   54.219292][ T4168] Kernel Offset: disabled
[   54.223605][ T4168] Rebooting in 86400 seconds..