Warning: Permanently added '10.128.0.219' (ED25519) to the list of known hosts.
2026/06/04 22:21:44 parsed 1 programs
[ 50.759424][ T4200] cgroup: Unknown subsys name 'net'
[ 50.868052][ T4200] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 52.130339][ T4200] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 53.531796][ T4210] syz-executor (4210) used greatest stack depth: 21072 bytes left
[ 54.064935][ T4227] chnl_net:caif_netlink_parms(): no params data found
[ 54.126594][ T4227] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.135550][ T4227] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.143905][ T4227] device bridge_slave_0 entered promiscuous mode
[ 54.153497][ T4227] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.160621][ T4227] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.168765][ T4227] device bridge_slave_1 entered promiscuous mode
[ 54.192113][ T4227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.203524][ T4227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.230141][ T4227] team0: Port device team_slave_0 added
[ 54.237738][ T4227] team0: Port device team_slave_1 added
[ 54.258796][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 54.265979][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.291896][ T4227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 54.304875][ T4227] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 54.311834][ T4227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 54.337777][ T4227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 54.373837][ T4227] device hsr_slave_0 entered promiscuous mode
[ 54.380827][ T4227] device hsr_slave_1 entered promiscuous mode
[ 54.509766][ T4227] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 54.521284][ T4227] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 54.531489][ T4227] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 54.541191][ T4227] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 54.615560][ T4227] 8021q: adding VLAN 0 to HW filter on device bond0
[ 54.629303][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 54.640191][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 54.651219][ T4227] 8021q: adding VLAN 0 to HW filter on device team0
[ 54.662947][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 54.672036][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 54.683600][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.690885][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.702795][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 54.716446][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 54.725817][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 54.736363][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.743466][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.764356][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 54.775560][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 54.784448][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 54.796458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 54.816245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 54.824799][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 54.834351][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 54.842881][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 54.853946][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 54.862723][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 54.871580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 54.883235][ T4227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 54.996859][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 55.004873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 55.019295][ T4227] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 55.038884][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 55.048779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 55.069835][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 55.078819][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 55.088291][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 55.096363][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 55.115767][ T4227] device veth0_vlan entered promiscuous mode
[ 55.130152][ T4227] device veth1_vlan entered promiscuous mode
[ 55.154855][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 55.165400][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 55.174567][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 55.185115][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 55.195924][ T4227] device veth0_macvtap entered promiscuous mode
[ 55.207289][ T4227] device veth1_macvtap entered promiscuous mode
[ 55.221266][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 55.229026][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 55.237269][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 55.246091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 55.254851][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 55.267924][ T4227] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 55.275602][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 55.286172][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 55.297759][ T4227] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.309431][ T4227] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.318784][ T4227] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.330944][ T4227] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.426664][ T4227] syz-executor (4227) used greatest stack depth: 20624 bytes left
[ 56.849211][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 56.861310][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 56.884499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 56.895069][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 56.902913][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 56.915643][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/06/04 22:21:53 executed programs: 0
[ 57.370019][ T431] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 57.496200][ T4294] chnl_net:caif_netlink_parms(): no params data found
[ 57.531986][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.539356][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.548432][ T4294] device bridge_slave_0 entered promiscuous mode
[ 57.557024][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.564251][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 57.571989][ T4294] device bridge_slave_1 entered promiscuous mode
[ 57.589370][ T4294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 57.600099][ T4294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 57.620145][ T4294] team0: Port device team_slave_0 added
[ 57.628134][ T4294] team0: Port device team_slave_1 added
[ 57.642244][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 57.649293][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.676202][ T4294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 57.689083][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 57.696083][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 57.722079][ T4294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 57.748312][ T4294] device hsr_slave_0 entered promiscuous mode
[ 57.755828][ T4294] device hsr_slave_1 entered promiscuous mode
[ 57.762364][ T4294] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 57.770189][ T4294] Cannot create hsr debugfs directory
[ 59.503999][ T4214] Bluetooth: hci0: command 0x0409 tx timeout
[ 60.699273][ T431] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.757531][ T431] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.829823][ T431] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 61.583252][ T4326] Bluetooth: hci0: command 0x041b tx timeout
[ 61.661626][ T4294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 61.670483][ T4294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 61.682602][ T4294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 61.691817][ T4294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 61.753422][ T4294] 8021q: adding VLAN 0 to HW filter on device bond0
[ 61.769016][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 61.777086][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 61.787603][ T4294] 8021q: adding VLAN 0 to HW filter on device team0
[ 61.824238][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 61.832839][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 61.841875][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.849038][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.857501][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 61.877995][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 61.886652][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 61.895904][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.902961][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.915706][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 61.939983][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 61.950902][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 61.960250][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 61.969318][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 61.981720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 61.991234][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 62.028306][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 62.036841][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 62.047500][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 62.057178][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 62.069753][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 62.161413][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 62.169756][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 62.186501][ T4294] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 62.219290][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 62.228060][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 62.244571][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 62.252774][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 62.262840][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 62.271306][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 62.282700][ T4294] device veth0_vlan entered promiscuous mode
[ 62.309764][ T4294] device veth1_vlan entered promiscuous mode
[ 62.327274][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 62.335595][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 62.344782][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 62.354995][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 62.365834][ T4294] device veth0_macvtap entered promiscuous mode
[ 62.378010][ T4294] device veth1_macvtap entered promiscuous mode
[ 62.411182][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 62.422619][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 62.434650][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 62.442516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 62.451387][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 62.459612][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 62.468190][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 62.479241][ T4294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 62.490903][ T4294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 62.502561][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 62.516427][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 62.525877][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 62.546934][ T4294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.556329][ T4294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.565402][ T4294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.574380][ T4294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.625841][ T431] device hsr_slave_0 left promiscuous mode
[ 62.632261][ T431] device hsr_slave_1 left promiscuous mode
[ 62.639367][ T431] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 62.647112][ T431] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 62.656364][ T431] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 62.663820][ T431] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 62.671380][ T431] device bridge_slave_1 left promiscuous mode
[ 62.678385][ T431] bridge0: port 2(bridge_slave_1) entered disabled state
[ 62.690614][ T431] device bridge_slave_0 left promiscuous mode
[ 62.697977][ T431] bridge0: port 1(bridge_slave_0) entered disabled state
[ 62.715766][ T431] device veth1_macvtap left promiscuous mode
[ 62.721966][ T431] device veth0_macvtap left promiscuous mode
[ 62.728876][ T431] device veth1_vlan left promiscuous mode
[ 62.735407][ T431] device veth0_vlan left promiscuous mode
[ 62.879786][ T431] team0 (unregistering): Port device team_slave_1 removed
[ 62.891836][ T431] team0 (unregistering): Port device team_slave_0 removed
[ 62.904795][ T431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 62.917706][ T431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 62.972054][ T431] bond0 (unregistering): Released all slaves
[ 63.055369][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.064641][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.075369][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/06/04 22:21:58 executed programs: 2
[ 63.108985][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 63.117417][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 63.125552][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 63.384715][ T4352] loop0: detected capacity change from 0 to 32768
[ 63.418211][ T4352] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 63.446940][ T4352] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 63.494161][ T4352] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 63.507688][ T4347] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 63.515127][ T4347] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 63.554373][ T4347] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[ 63.562962][ T4347] gfs2: fsid=syz:syz.0: jid=0: Done
[ 63.569257][ T4352] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 63.663812][ T4328] Bluetooth: hci0: command 0x040f tx timeout
[ 63.670762][ T4352] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 63.700278][ T4294] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 63.700278][ T4294] inode = 11 2339
[ 63.700278][ T4294] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 414
[ 63.724892][ T4294] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 63.740623][ T4294] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 63.756078][ T4294] CPU: 0 PID: 4294 Comm: syz-executor Not tainted syzkaller #0
[ 63.763645][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 63.773725][ T4294] Call Trace:
[ 63.777012][ T4294]
[ 63.779939][ T4294] dump_stack_lvl+0x188/0x250
[ 63.784637][ T4294] ? show_regs_print_info+0x20/0x20
[ 63.789843][ T4294] ? load_image+0x400/0x400
[ 63.794358][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 63.799569][ T4294] gfs2_assert_warn_i+0x18f/0x2c0
[ 63.804612][ T4294] gfs2_quota_cleanup+0x4b4/0x6a0
[ 63.809652][ T4294] gfs2_make_fs_ro+0x440/0x620
[ 63.814418][ T4294] ? __might_sleep+0xf0/0xf0
[ 63.819013][ T4294] ? gfs2_dinode_out+0xb00/0xb00
[ 63.823960][ T4294] ? _raw_spin_unlock+0x24/0x40
[ 63.828807][ T4294] ? gfs2_glock_nq+0xcb0/0x1550
[ 63.833679][ T4294] gfs2_withdraw+0x610/0x13d0
[ 63.838365][ T4294] ? gfs2_freeze_unlock+0x50/0x50
[ 63.843390][ T4294] ? gfs2_lm+0x240/0x240
[ 63.847630][ T4294] ? gfs2_freeze_lock+0x52/0xc0
[ 63.852479][ T4294] ? gfs2_consist_inode_i+0xc0/0xe0
[ 63.857681][ T4294] gfs2_inode_refresh+0xc2d/0x1160
[ 63.862794][ T4294] ? do_promote+0x71a/0xab0
[ 63.867300][ T4294] ? gfs2_inode_metasync+0xf0/0xf0
[ 63.872414][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 63.877444][ T4294] inode_go_lock+0x127/0x470
[ 63.882039][ T4294] do_promote+0x741/0xab0
[ 63.886377][ T4294] finish_xmote+0x4df/0xb00
[ 63.890886][ T4294] do_xmote+0x7b6/0x1120
[ 63.895135][ T4294] gfs2_glock_nq+0xc7a/0x1550
[ 63.899824][ T4294] do_sync+0x4ab/0xc40
[ 63.903897][ T4294] ? slot_put+0x1e0/0x1e0
[ 63.908225][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 63.913252][ T4294] ? do_raw_spin_lock+0x128/0x2f0
[ 63.918282][ T4294] ? do_sync+0x4a3/0xc40
[ 63.922536][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 63.927754][ T4294] gfs2_quota_sync+0x32c/0x700
[ 63.932560][ T4294] gfs2_sync_fs+0x48/0xb0
[ 63.936911][ T4294] sync_filesystem+0xe6/0x220
[ 63.941593][ T4294] generic_shutdown_super+0x6b/0x300
[ 63.946878][ T4294] kill_block_super+0x7c/0xe0
[ 63.951556][ T4294] deactivate_locked_super+0x93/0xf0
[ 63.956841][ T4294] cleanup_mnt+0x42d/0x4e0
[ 63.961258][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 63.966464][ T4294] task_work_run+0x125/0x1a0
[ 63.971067][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 63.976438][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 63.981982][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 63.987439][ T4294] do_syscall_64+0x58/0xa0
[ 63.991851][ T4294] ? clear_bhb_loop+0x30/0x80
[ 63.996526][ T4294] ? clear_bhb_loop+0x30/0x80
[ 64.001203][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.007105][ T4294] RIP: 0033:0x7f20ab060097
[ 64.011520][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 64.031131][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 64.039571][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 64.047555][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 64.055525][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 64.063498][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 64.071475][ T4294] R13: 00007f20ab0f41ca R14: 000000000000f68e R15: 00007ffcfb9d3250
[ 64.079476][ T4294]
[ 64.093928][ T4294] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 64.102724][ T4294] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 64.111368][ T4294] gfs2: fsid=syz:syz.0: File system withdrawn
[ 64.118041][ T4294] CPU: 0 PID: 4294 Comm: syz-executor Not tainted syzkaller #0
[ 64.125600][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 64.135659][ T4294] Call Trace:
[ 64.138937][ T4294]
[ 64.141863][ T4294] dump_stack_lvl+0x188/0x250
[ 64.146541][ T4294] ? kobject_uevent_env+0x371/0x890
[ 64.151739][ T4294] ? show_regs_print_info+0x20/0x20
[ 64.156931][ T4294] ? load_image+0x400/0x400
[ 64.161429][ T4294] ? kobject_uevent_env+0x371/0x890
[ 64.166624][ T4294] ? lockref_put_or_lock+0x6e/0xb0
[ 64.171738][ T4294] gfs2_withdraw+0xba3/0x13d0
[ 64.176423][ T4294] ? gfs2_freeze_unlock+0x50/0x50
[ 64.181456][ T4294] ? gfs2_lm+0x240/0x240
[ 64.185701][ T4294] ? gfs2_consist_inode_i+0xc0/0xe0
[ 64.190903][ T4294] gfs2_inode_refresh+0xc2d/0x1160
[ 64.196017][ T4294] ? do_promote+0x71a/0xab0
[ 64.200520][ T4294] ? gfs2_inode_metasync+0xf0/0xf0
[ 64.205629][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 64.210664][ T4294] inode_go_lock+0x127/0x470
[ 64.215256][ T4294] do_promote+0x741/0xab0
[ 64.219594][ T4294] finish_xmote+0x4df/0xb00
[ 64.224103][ T4294] do_xmote+0x7b6/0x1120
[ 64.228361][ T4294] gfs2_glock_nq+0xc7a/0x1550
[ 64.233072][ T4294] do_sync+0x4ab/0xc40
[ 64.237151][ T4294] ? slot_put+0x1e0/0x1e0
[ 64.241480][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 64.246505][ T4294] ? do_raw_spin_lock+0x128/0x2f0
[ 64.251528][ T4294] ? do_sync+0x4a3/0xc40
[ 64.255772][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 64.260973][ T4294] gfs2_quota_sync+0x32c/0x700
[ 64.265749][ T4294] gfs2_sync_fs+0x48/0xb0
[ 64.270079][ T4294] sync_filesystem+0xe6/0x220
[ 64.274760][ T4294] generic_shutdown_super+0x6b/0x300
[ 64.280068][ T4294] kill_block_super+0x7c/0xe0
[ 64.284736][ T4294] deactivate_locked_super+0x93/0xf0
[ 64.290005][ T4294] cleanup_mnt+0x42d/0x4e0
[ 64.294406][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 64.299592][ T4294] task_work_run+0x125/0x1a0
[ 64.304172][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 64.309527][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 64.315053][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 64.320495][ T4294] do_syscall_64+0x58/0xa0
[ 64.324892][ T4294] ? clear_bhb_loop+0x30/0x80
[ 64.329554][ T4294] ? clear_bhb_loop+0x30/0x80
[ 64.334216][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 64.340093][ T4294] RIP: 0033:0x7f20ab060097
[ 64.344495][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 64.364082][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 64.372481][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 64.380436][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 64.388394][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 64.396349][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 64.404309][ T4294] R13: 00007f20ab0f41ca R14: 000000000000f68e R15: 00007ffcfb9d3250
[ 64.412274][ T4294]
[ 64.823916][ T4355] loop0: detected capacity change from 0 to 32768
[ 64.892847][ T4355] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 64.908468][ T4355] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 64.921323][ T4355] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 64.930614][ T4202] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 64.938961][ T4202] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 64.964702][ T4202] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[ 64.975499][ T4202] gfs2: fsid=syz:syz.0: jid=0: Done
[ 64.980791][ T4355] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 65.052759][ T4355] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 65.069597][ T4294] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 65.069597][ T4294] inode = 11 2339
[ 65.069597][ T4294] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 414
[ 65.088605][ T4294] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 65.109927][ T4294] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 65.124462][ T4294] CPU: 1 PID: 4294 Comm: syz-executor Not tainted syzkaller #0
[ 65.132022][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 65.142066][ T4294] Call Trace:
[ 65.145336][ T4294]
[ 65.148258][ T4294] dump_stack_lvl+0x188/0x250
[ 65.152935][ T4294] ? show_regs_print_info+0x20/0x20
[ 65.158112][ T4294] ? load_image+0x400/0x400
[ 65.162596][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 65.167776][ T4294] gfs2_assert_warn_i+0x18f/0x2c0
[ 65.172784][ T4294] gfs2_quota_cleanup+0x4b4/0x6a0
[ 65.177792][ T4294] gfs2_make_fs_ro+0x440/0x620
[ 65.182532][ T4294] ? __might_sleep+0xf0/0xf0
[ 65.187100][ T4294] ? gfs2_dinode_out+0xb00/0xb00
[ 65.192017][ T4294] ? _raw_spin_unlock+0x24/0x40
[ 65.196843][ T4294] ? gfs2_glock_nq+0xcb0/0x1550
[ 65.201687][ T4294] gfs2_withdraw+0x610/0x13d0
[ 65.206343][ T4294] ? gfs2_freeze_unlock+0x50/0x50
[ 65.211348][ T4294] ? gfs2_lm+0x240/0x240
[ 65.215569][ T4294] ? gfs2_freeze_lock+0x52/0xc0
[ 65.220396][ T4294] ? gfs2_consist_inode_i+0xc0/0xe0
[ 65.225576][ T4294] gfs2_inode_refresh+0xc2d/0x1160
[ 65.230668][ T4294] ? do_promote+0x71a/0xab0
[ 65.235149][ T4294] ? gfs2_inode_metasync+0xf0/0xf0
[ 65.240237][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 65.245243][ T4294] inode_go_lock+0x127/0x470
[ 65.249815][ T4294] do_promote+0x741/0xab0
[ 65.254133][ T4294] finish_xmote+0x4df/0xb00
[ 65.258621][ T4294] do_xmote+0x7b6/0x1120
[ 65.262850][ T4294] gfs2_glock_nq+0xc7a/0x1550
[ 65.267513][ T4294] do_sync+0x4ab/0xc40
[ 65.271566][ T4294] ? slot_put+0x1e0/0x1e0
[ 65.275876][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 65.280880][ T4294] ? do_raw_spin_lock+0x128/0x2f0
[ 65.285886][ T4294] ? do_sync+0x4a3/0xc40
[ 65.290107][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 65.295283][ T4294] gfs2_quota_sync+0x32c/0x700
[ 65.300033][ T4294] gfs2_sync_fs+0x48/0xb0
[ 65.304338][ T4294] sync_filesystem+0xe6/0x220
[ 65.308995][ T4294] generic_shutdown_super+0x6b/0x300
[ 65.314262][ T4294] kill_block_super+0x7c/0xe0
[ 65.318919][ T4294] deactivate_locked_super+0x93/0xf0
[ 65.324186][ T4294] cleanup_mnt+0x42d/0x4e0
[ 65.328585][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 65.333763][ T4294] task_work_run+0x125/0x1a0
[ 65.338336][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 65.343695][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 65.349243][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 65.354688][ T4294] do_syscall_64+0x58/0xa0
[ 65.359107][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.363770][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.368442][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.374315][ T4294] RIP: 0033:0x7f20ab060097
[ 65.378711][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 65.398300][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 65.406699][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 65.414654][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 65.422605][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 65.430561][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 65.438519][ T4294] R13: 00007f20ab0f41ca R14: 000000000000fc2c R15: 00007ffcfb9d3250
[ 65.446478][ T4294]
[ 65.451177][ T4294] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 65.460436][ T4294] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 65.468342][ T4294] gfs2: fsid=syz:syz.0: File system withdrawn
[ 65.474728][ T4294] CPU: 0 PID: 4294 Comm: syz-executor Not tainted syzkaller #0
[ 65.482258][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 65.492293][ T4294] Call Trace:
[ 65.495559][ T4294]
[ 65.498473][ T4294] dump_stack_lvl+0x188/0x250
[ 65.503131][ T4294] ? kobject_uevent_env+0x371/0x890
[ 65.508311][ T4294] ? show_regs_print_info+0x20/0x20
[ 65.513485][ T4294] ? load_image+0x400/0x400
[ 65.517966][ T4294] ? kobject_uevent_env+0x371/0x890
[ 65.523139][ T4294] ? lockref_put_or_lock+0x6e/0xb0
[ 65.528231][ T4294] gfs2_withdraw+0xba3/0x13d0
[ 65.532887][ T4294] ? gfs2_freeze_unlock+0x50/0x50
[ 65.537891][ T4294] ? gfs2_lm+0x240/0x240
[ 65.542116][ T4294] ? gfs2_consist_inode_i+0xc0/0xe0
[ 65.547293][ T4294] gfs2_inode_refresh+0xc2d/0x1160
[ 65.552389][ T4294] ? do_promote+0x71a/0xab0
[ 65.556868][ T4294] ? gfs2_inode_metasync+0xf0/0xf0
[ 65.561959][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 65.566970][ T4294] inode_go_lock+0x127/0x470
[ 65.571540][ T4294] do_promote+0x741/0xab0
[ 65.575851][ T4294] finish_xmote+0x4df/0xb00
[ 65.580337][ T4294] do_xmote+0x7b6/0x1120
[ 65.584564][ T4294] gfs2_glock_nq+0xc7a/0x1550
[ 65.589233][ T4294] do_sync+0x4ab/0xc40
[ 65.593285][ T4294] ? slot_put+0x1e0/0x1e0
[ 65.597594][ T4294] ? __lock_acquire+0x7d10/0x7d10
[ 65.602593][ T4294] ? do_raw_spin_lock+0x128/0x2f0
[ 65.607592][ T4294] ? do_sync+0x4a3/0xc40
[ 65.611813][ T4294] ? do_raw_spin_unlock+0x11d/0x230
[ 65.616990][ T4294] gfs2_quota_sync+0x32c/0x700
[ 65.621735][ T4294] gfs2_sync_fs+0x48/0xb0
[ 65.626041][ T4294] sync_filesystem+0xe6/0x220
[ 65.630696][ T4294] generic_shutdown_super+0x6b/0x300
[ 65.635960][ T4294] kill_block_super+0x7c/0xe0
[ 65.640620][ T4294] deactivate_locked_super+0x93/0xf0
[ 65.645881][ T4294] cleanup_mnt+0x42d/0x4e0
[ 65.650274][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 65.655451][ T4294] task_work_run+0x125/0x1a0
[ 65.660029][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 65.665393][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 65.670916][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 65.676353][ T4294] do_syscall_64+0x58/0xa0
[ 65.680744][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.685399][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.690060][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.695929][ T4294] RIP: 0033:0x7f20ab060097
[ 65.700324][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 65.719904][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 65.728292][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 65.736250][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 65.744204][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 65.752154][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 65.760103][ T4294] R13: 00007f20ab0f41ca R14: 000000000000fc2c R15: 00007ffcfb9d3250
[ 65.768066][ T4294]
[ 65.771865][ T4324] Bluetooth: hci0: command 0x0419 tx timeout
[ 65.777924][ T4294] ==================================================================
[ 65.786174][ T4294] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 65.792884][ T4294] Read of size 8 at addr ffff888071126090 by task syz-executor/4294
[ 65.800861][ T4294]
[ 65.803170][ T4294] CPU: 1 PID: 4294 Comm: syz-executor Not tainted syzkaller #0
[ 65.810687][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 65.820717][ T4294] Call Trace:
[ 65.823977][ T4294]
[ 65.826892][ T4294] dump_stack_lvl+0x188/0x250
[ 65.831550][ T4294] ? show_regs_print_info+0x20/0x20
[ 65.836724][ T4294] ? _printk+0xda/0x130
[ 65.840857][ T4294] ? qd_unlock+0x30/0x2d0
[ 65.845168][ T4294] ? load_image+0x400/0x400
[ 65.849648][ T4294] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 65.855085][ T4294] print_address_description+0x60/0x2d0
[ 65.860611][ T4294] ? qd_unlock+0x30/0x2d0
[ 65.864922][ T4294] kasan_report+0xdf/0x130
[ 65.869330][ T4294] ? qd_unlock+0x30/0x2d0
[ 65.873641][ T4294] kasan_check_range+0x235/0x290
[ 65.878558][ T4294] qd_unlock+0x30/0x2d0
[ 65.882724][ T4294] gfs2_quota_sync+0x5cf/0x700
[ 65.887471][ T4294] gfs2_sync_fs+0x48/0xb0
[ 65.891778][ T4294] sync_filesystem+0xe6/0x220
[ 65.896439][ T4294] generic_shutdown_super+0x6b/0x300
[ 65.901708][ T4294] kill_block_super+0x7c/0xe0
[ 65.906377][ T4294] deactivate_locked_super+0x93/0xf0
[ 65.911644][ T4294] cleanup_mnt+0x42d/0x4e0
[ 65.916041][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 65.921223][ T4294] task_work_run+0x125/0x1a0
[ 65.925795][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 65.931153][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 65.936674][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 65.942115][ T4294] do_syscall_64+0x58/0xa0
[ 65.946510][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.951168][ T4294] ? clear_bhb_loop+0x30/0x80
[ 65.955825][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 65.961697][ T4294] RIP: 0033:0x7f20ab060097
[ 65.966094][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 65.985688][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 65.994087][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 66.002042][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 66.009992][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 66.017945][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 66.025907][ T4294] R13: 00007f20ab0f41ca R14: 000000000000fc2c R15: 00007ffcfb9d3250
[ 66.033880][ T4294]
[ 66.036886][ T4294]
[ 66.039190][ T4294] Allocated by task 4355:
[ 66.043503][ T4294] __kasan_slab_alloc+0x9c/0xd0
[ 66.048335][ T4294] slab_post_alloc_hook+0x4c/0x380
[ 66.053421][ T4294] kmem_cache_alloc+0x100/0x290
[ 66.058248][ T4294] qd_alloc+0x50/0x260
[ 66.062294][ T4294] gfs2_quota_init+0x74e/0xea0
[ 66.067036][ T4294] gfs2_make_fs_rw+0x414/0x580
[ 66.071789][ T4294] gfs2_fill_super+0x1837/0x1f00
[ 66.076711][ T4294] get_tree_bdev+0x3f1/0x610
[ 66.081281][ T4294] gfs2_get_tree+0x4d/0x1e0
[ 66.085759][ T4294] vfs_get_tree+0x88/0x270
[ 66.090151][ T4294] do_new_mount+0x24a/0xa40
[ 66.094627][ T4294] __se_sys_mount+0x2e3/0x3d0
[ 66.099294][ T4294] do_syscall_64+0x4c/0xa0
[ 66.103686][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.109561][ T4294]
[ 66.111860][ T4294] Freed by task 0:
[ 66.115552][ T4294] kasan_set_track+0x4b/0x70
[ 66.120119][ T4294] kasan_set_free_info+0x1f/0x40
[ 66.125033][ T4294] ____kasan_slab_free+0xd5/0x110
[ 66.130037][ T4294] slab_free_freelist_hook+0xea/0x170
[ 66.135384][ T4294] kmem_cache_free+0x8f/0x210
[ 66.140037][ T4294] rcu_core+0x9d2/0x1670
[ 66.144262][ T4294] handle_softirqs+0x339/0x830
[ 66.149019][ T4294] __irq_exit_rcu+0x13b/0x230
[ 66.153674][ T4294] irq_exit_rcu+0x5/0x20
[ 66.157903][ T4294] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 66.163513][ T4294] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 66.169470][ T4294]
[ 66.171772][ T4294] Last potentially related work creation:
[ 66.177464][ T4294] kasan_save_stack+0x35/0x60
[ 66.182123][ T4294] kasan_record_aux_stack+0xb8/0x100
[ 66.187388][ T4294] call_rcu+0x189/0x950
[ 66.191521][ T4294] gfs2_quota_cleanup+0x43c/0x6a0
[ 66.196521][ T4294] gfs2_make_fs_ro+0x440/0x620
[ 66.201259][ T4294] gfs2_withdraw+0x610/0x13d0
[ 66.205910][ T4294] gfs2_inode_refresh+0xc2d/0x1160
[ 66.210996][ T4294] inode_go_lock+0x127/0x470
[ 66.215560][ T4294] do_promote+0x741/0xab0
[ 66.219889][ T4294] finish_xmote+0x4df/0xb00
[ 66.224368][ T4294] do_xmote+0x7b6/0x1120
[ 66.228589][ T4294] gfs2_glock_nq+0xc7a/0x1550
[ 66.233241][ T4294] do_sync+0x4ab/0xc40
[ 66.237287][ T4294] gfs2_quota_sync+0x32c/0x700
[ 66.242023][ T4294] gfs2_sync_fs+0x48/0xb0
[ 66.246327][ T4294] sync_filesystem+0xe6/0x220
[ 66.250979][ T4294] generic_shutdown_super+0x6b/0x300
[ 66.256236][ T4294] kill_block_super+0x7c/0xe0
[ 66.260886][ T4294] deactivate_locked_super+0x93/0xf0
[ 66.266145][ T4294] cleanup_mnt+0x42d/0x4e0
[ 66.270537][ T4294] task_work_run+0x125/0x1a0
[ 66.275108][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 66.280488][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 66.286008][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 66.291447][ T4294] do_syscall_64+0x58/0xa0
[ 66.295838][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.301710][ T4294]
[ 66.304012][ T4294] The buggy address belongs to the object at ffff888071126000
[ 66.304012][ T4294] which belongs to the cache gfs2_quotad of size 272
[ 66.318037][ T4294] The buggy address is located 144 bytes inside of
[ 66.318037][ T4294] 272-byte region [ffff888071126000, ffff888071126110)
[ 66.331288][ T4294] The buggy address belongs to the page:
[ 66.336907][ T4294] page:ffffea0001c44980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71126
[ 66.347035][ T4294] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 66.354567][ T4294] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881468af780
[ 66.363126][ T4294] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 66.371710][ T4294] page dumped because: kasan: bad access detected
[ 66.378106][ T4294] page_owner tracks the page as allocated
[ 66.383798][ T4294] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4355, ts 65044651795, free_ts 63685673210
[ 66.402788][ T4294] get_page_from_freelist+0x1bbd/0x1ca0
[ 66.408319][ T4294] __alloc_pages+0x1ee/0x480
[ 66.412887][ T4294] new_slab+0xc0/0x4b0
[ 66.416933][ T4294] ___slab_alloc+0x80a/0xdd0
[ 66.421501][ T4294] kmem_cache_alloc+0x195/0x290
[ 66.426324][ T4294] qd_alloc+0x50/0x260
[ 66.430371][ T4294] gfs2_quota_init+0x74e/0xea0
[ 66.435107][ T4294] gfs2_make_fs_rw+0x414/0x580
[ 66.439844][ T4294] gfs2_fill_super+0x1837/0x1f00
[ 66.444758][ T4294] get_tree_bdev+0x3f1/0x610
[ 66.449330][ T4294] gfs2_get_tree+0x4d/0x1e0
[ 66.453812][ T4294] vfs_get_tree+0x88/0x270
[ 66.458209][ T4294] do_new_mount+0x24a/0xa40
[ 66.462690][ T4294] __se_sys_mount+0x2e3/0x3d0
[ 66.467344][ T4294] do_syscall_64+0x4c/0xa0
[ 66.471739][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.477610][ T4294] page last free stack trace:
[ 66.482259][ T4294] free_unref_page_prepare+0x637/0x6c0
[ 66.487701][ T4294] free_unref_page+0x8f/0x2a0
[ 66.492358][ T4294] __unfreeze_partials+0x1a5/0x200
[ 66.497444][ T4294] put_cpu_partial+0x12d/0x190
[ 66.502185][ T4294] qlist_free_all+0x35/0x90
[ 66.506665][ T4294] kasan_quarantine_reduce+0x150/0x160
[ 66.512121][ T4294] __kasan_slab_alloc+0x2f/0xd0
[ 66.516949][ T4294] slab_post_alloc_hook+0x4c/0x380
[ 66.522036][ T4294] __kmalloc+0x127/0x330
[ 66.526253][ T4294] tomoyo_realpath_from_path+0x118/0x610
[ 66.531858][ T4294] tomoyo_path_perm+0x23f/0x5d0
[ 66.536689][ T4294] security_inode_getattr+0xcf/0x120
[ 66.541957][ T4294] vfs_getattr+0x26/0x3a0
[ 66.546261][ T4294] __x64_sys_newfstat+0x137/0x210
[ 66.551260][ T4294] do_syscall_64+0x4c/0xa0
[ 66.555653][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.561529][ T4294]
[ 66.563828][ T4294] Memory state around the buggy address:
[ 66.569429][ T4294] ffff888071125f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 66.577465][ T4294] ffff888071126000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.585506][ T4294] >ffff888071126080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.593544][ T4294] ^
[ 66.598111][ T4294] ffff888071126100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 66.606144][ T4294] ffff888071126180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 66.614176][ T4294] ==================================================================
[ 66.622207][ T4294] Disabling lock debugging due to kernel taint
[ 66.630212][ T4294] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 66.637426][ T4294] CPU: 1 PID: 4294 Comm: syz-executor Tainted: G B syzkaller #0
[ 66.646353][ T4294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 66.656390][ T4294] Call Trace:
[ 66.659651][ T4294]
[ 66.662583][ T4294] dump_stack_lvl+0x188/0x250
[ 66.667240][ T4294] ? show_regs_print_info+0x20/0x20
[ 66.672411][ T4294] ? load_image+0x400/0x400
[ 66.676888][ T4294] panic+0x2e5/0x810
[ 66.680759][ T4294] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 66.686890][ T4294] ? bpf_jit_dump+0xd0/0xd0
[ 66.691373][ T4294] ? _raw_spin_unlock_irqrestore+0x10d/0x120
[ 66.697326][ T4294] ? _raw_spin_unlock+0x40/0x40
[ 66.702151][ T4294] ? qd_unlock+0x30/0x2d0
[ 66.706456][ T4294] check_panic_on_warn+0x80/0xa0
[ 66.711370][ T4294] ? qd_unlock+0x30/0x2d0
[ 66.715673][ T4294] end_report+0x6d/0xf0
[ 66.719805][ T4294] kasan_report+0x102/0x130
[ 66.724292][ T4294] ? qd_unlock+0x30/0x2d0
[ 66.728599][ T4294] kasan_check_range+0x235/0x290
[ 66.733511][ T4294] qd_unlock+0x30/0x2d0
[ 66.737644][ T4294] gfs2_quota_sync+0x5cf/0x700
[ 66.742385][ T4294] gfs2_sync_fs+0x48/0xb0
[ 66.746687][ T4294] sync_filesystem+0xe6/0x220
[ 66.751340][ T4294] generic_shutdown_super+0x6b/0x300
[ 66.756599][ T4294] kill_block_super+0x7c/0xe0
[ 66.761253][ T4294] deactivate_locked_super+0x93/0xf0
[ 66.766512][ T4294] cleanup_mnt+0x42d/0x4e0
[ 66.770905][ T4294] ? lockdep_hardirqs_on+0x94/0x140
[ 66.776078][ T4294] task_work_run+0x125/0x1a0
[ 66.780647][ T4294] exit_to_user_mode_loop+0x10f/0x130
[ 66.786002][ T4294] exit_to_user_mode_prepare+0xee/0x180
[ 66.791526][ T4294] syscall_exit_to_user_mode+0x16/0x40
[ 66.796969][ T4294] do_syscall_64+0x58/0xa0
[ 66.801365][ T4294] ? clear_bhb_loop+0x30/0x80
[ 66.806015][ T4294] ? clear_bhb_loop+0x30/0x80
[ 66.810673][ T4294] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 66.816543][ T4294] RIP: 0033:0x7f20ab060097
[ 66.820935][ T4294] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 66.840518][ T4294] RSP: 002b:00007ffcfb9d20c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 66.848909][ T4294] RAX: 0000000000000000 RBX: 00007f20ab0f41ca RCX: 00007f20ab060097
[ 66.856856][ T4294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcfb9d2180
[ 66.864807][ T4294] RBP: 00007ffcfb9d2180 R08: 00007ffcfb9d3180 R09: 00000000ffffffff
[ 66.872766][ T4294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcfb9d3210
[ 66.880712][ T4294] R13: 00007f20ab0f41ca R14: 000000000000fc2c R15: 00007ffcfb9d3250
[ 66.888668][ T4294]
[ 66.891885][ T4294] Kernel Offset: disabled
[ 66.896203][ T4294] Rebooting in 86400 seconds..