Warning: Permanently added '10.128.1.214' (ED25519) to the list of known hosts.
2026/01/18 11:12:57 parsed 1 programs
[   69.968831][ T4186] cgroup: Unknown subsys name 'net'
[   70.080673][ T4186] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.194275][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   71.201078][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   71.565033][ T4186] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   73.372430][ T4212] chnl_net:caif_netlink_parms(): no params data found
[   73.423252][ T4212] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.430966][ T4212] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.439291][ T4212] device bridge_slave_0 entered promiscuous mode
[   73.448641][ T4212] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.456701][ T4212] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.464734][ T4212] device bridge_slave_1 entered promiscuous mode
[   73.488087][ T4212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.499283][ T4212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.526692][ T4212] team0: Port device team_slave_0 added
[   73.534174][ T4212] team0: Port device team_slave_1 added
[   73.552807][ T4212] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.559805][ T4212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.585994][ T4212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.599260][ T4212] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.606729][ T4212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.632977][ T4212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.666185][ T4212] device hsr_slave_0 entered promiscuous mode
[   73.673430][ T4212] device hsr_slave_1 entered promiscuous mode
[   73.778029][ T4212] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.791837][ T4212] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.801335][ T4212] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.810342][ T4212] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.836438][ T4212] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.843664][ T4212] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.851893][ T4212] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.859017][ T4212] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.906222][ T4212] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.924006][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.936058][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.946317][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.962013][ T4212] 8021q: adding VLAN 0 to HW filter on device team0
[   73.974574][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.983402][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.990531][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.014156][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   74.024618][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.031774][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.042212][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   74.064783][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   74.073209][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   74.085703][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   74.095145][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   74.107229][ T4212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   74.234268][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   74.242384][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   74.257060][ T4212] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.281998][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   74.307719][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   74.316761][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   74.325556][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   74.334202][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   74.346138][ T4212] device veth0_vlan entered promiscuous mode
[   74.359731][ T4212] device veth1_vlan entered promiscuous mode
[   74.385084][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   74.395578][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   74.404288][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   74.414435][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   74.426283][ T4212] device veth0_macvtap entered promiscuous mode
[   74.437215][ T4212] device veth1_macvtap entered promiscuous mode
[   74.456275][ T4212] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.464812][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   74.483499][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   74.493682][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   74.502802][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.516199][ T4212] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.524969][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   74.535345][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.548653][ T4212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.558469][ T4212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.567557][ T4212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.576514][ T4212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.499264][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.726613][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.736249][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.758170][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   75.773886][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.782913][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.791661][ T4257] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/01/18 11:13:07 executed programs: 0
[   77.031771][ T4285] chnl_net:caif_netlink_parms(): no params data found
[   77.076513][ T4285] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.083859][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.091887][ T4285] device bridge_slave_0 entered promiscuous mode
[   77.101473][ T4285] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.108613][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.116734][ T4285] device bridge_slave_1 entered promiscuous mode
[   77.137350][ T4285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.148689][ T4285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.172072][ T4285] team0: Port device team_slave_0 added
[   77.179346][ T4285] team0: Port device team_slave_1 added
[   77.197658][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.204848][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.231106][ T4285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.243949][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.250979][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.277237][ T4285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.308348][ T4285] device hsr_slave_0 entered promiscuous mode
[   77.315435][ T4285] device hsr_slave_1 entered promiscuous mode
[   77.323853][ T4285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   77.332096][ T4285] Cannot create hsr debugfs directory
[   77.636835][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.951409][ T4224] Bluetooth: hci0: command 0x0409 tx timeout
[   79.265320][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.318795][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.144677][ T4285] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.171137][ T4285] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.184028][ T4285] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.193909][ T4285] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.310201][ T4285] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.325291][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   80.335050][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.368028][ T4285] 8021q: adding VLAN 0 to HW filter on device team0
[   80.379716][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   80.389944][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.399372][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.406530][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.420474][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   80.450870][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   80.459606][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.468500][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.475667][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.486347][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   80.502410][    T9] device hsr_slave_0 left promiscuous mode
[   80.509249][    T9] device hsr_slave_1 left promiscuous mode
[   80.517212][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   80.525111][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   80.534416][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   80.542807][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   80.550669][    T9] device bridge_slave_1 left promiscuous mode
[   80.557466][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.572879][    T9] device bridge_slave_0 left promiscuous mode
[   80.579090][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.597874][    T9] device veth1_macvtap left promiscuous mode
[   80.605249][    T9] device veth0_macvtap left promiscuous mode
[   80.611722][    T9] device veth1_vlan left promiscuous mode
[   80.617719][    T9] device veth0_vlan left promiscuous mode
[   80.786983][    T9] team0 (unregistering): Port device team_slave_1 removed
[   80.802771][    T9] team0 (unregistering): Port device team_slave_0 removed
[   80.818202][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   80.833846][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   80.891716][    T9] bond0 (unregistering): Released all slaves
[   80.972874][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   80.983807][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   80.992712][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.001737][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.012516][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   81.024392][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.041298][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   81.049759][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.058979][ T1111] Bluetooth: hci0: command 0x041b tx timeout
[   81.079321][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   81.087860][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.099775][ T4285] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.215663][ T4257] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.223353][ T4257] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.235967][ T4285] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.256396][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   81.265577][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.285487][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   81.294701][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   81.304152][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   81.313866][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   81.324323][ T4285] device veth0_vlan entered promiscuous mode
[   81.341873][ T4285] device veth1_vlan entered promiscuous mode
[   81.368380][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   81.380702][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   81.392152][ T4285] device veth0_macvtap entered promiscuous mode
[   81.402888][ T4285] device veth1_macvtap entered promiscuous mode
[   81.423062][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.431702][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   81.440797][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   81.448865][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   81.458974][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   81.473243][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.485274][ T4285] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.495207][ T4285] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.504572][ T4285] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.513571][ T4285] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.524865][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   81.534506][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   81.639906][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.666908][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.688508][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   81.699228][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.720436][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.729421][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   82.331757][ T4350] loop0: detected capacity change from 0 to 32768
[   82.353861][ T4350] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   82.363579][ T4350] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   82.396967][ T4350] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   82.421173][ T2308] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   82.438833][ T2308] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   82.465441][ T2308] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 26ms
[   82.481599][ T2308] gfs2: fsid=syz:syz.0: jid=0: Done
[   82.491222][ T4350] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   82.609356][ T4350] gfs2: fsid=syz:syz.0: found 1 quota changes
[   82.680795][ T4285] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   82.680795][ T4285]   inode = 11 2339
[   82.680795][ T4285]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[   82.724430][ T4285] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   82.750659][ T4285] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[   82.781458][ T4285] CPU: 0 PID: 4285 Comm: syz-executor Not tainted syzkaller #0
[   82.789065][ T4285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   82.799163][ T4285] Call Trace:
[   82.802467][ T4285]  <TASK>
[   82.805427][ T4285]  dump_stack_lvl+0x188/0x250
[   82.810163][ T4285]  ? show_regs_print_info+0x20/0x20
[   82.815405][ T4285]  ? load_image+0x400/0x400
[   82.819934][ T4285]  ? do_raw_spin_unlock+0x11d/0x230
[   82.825195][ T4285]  gfs2_assert_warn_i+0x18f/0x2c0
[   82.830256][ T4285]  gfs2_quota_cleanup+0x4b4/0x6a0
[   82.835322][ T4285]  gfs2_make_fs_ro+0x440/0x620
[   82.840113][ T4285]  ? __might_sleep+0xf0/0xf0
[   82.844736][ T4285]  ? gfs2_dinode_out+0xb00/0xb00
[   82.849706][ T4285]  ? _raw_spin_unlock+0x24/0x40
[   82.854586][ T4285]  ? gfs2_glock_nq+0xcb0/0x1550
[   82.859500][ T4285]  gfs2_withdraw+0x610/0x1490
[   82.864214][ T4285]  ? gfs2_lm+0x240/0x240
[   82.868484][ T4285]  ? gfs2_freeze_lock+0x52/0xc0
[   82.873368][ T4285]  ? gfs2_consist_inode_i+0xc0/0xe0
[   82.878625][ T4285]  gfs2_inode_refresh+0xb64/0xff0
[   82.883770][ T4285]  ? do_promote+0x71a/0xab0
[   82.888299][ T4285]  ? gfs2_inode_metasync+0xf0/0xf0
[   82.893445][ T4285]  ? __lock_acquire+0x7d10/0x7d10
[   82.898512][ T4285]  inode_go_lock+0x127/0x470
[   82.903138][ T4285]  do_promote+0x741/0xab0
[   82.907508][ T4285]  finish_xmote+0x4df/0xb00
[   82.912054][ T4285]  do_xmote+0x7b6/0x1120
[   82.916353][ T4285]  gfs2_glock_nq+0xc7a/0x1550
[   82.921079][ T4285]  do_sync+0x4ab/0xc40
[   82.925206][ T4285]  ? slot_put+0x1e0/0x1e0
[   82.929572][ T4285]  ? __lock_acquire+0x7d10/0x7d10
[   82.934632][ T4285]  ? do_raw_spin_lock+0x128/0x2f0
[   82.939687][ T4285]  ? do_sync+0x4a3/0xc40
[   82.943965][ T4285]  ? do_raw_spin_unlock+0x11d/0x230
[   82.949201][ T4285]  gfs2_quota_sync+0x32c/0x700
[   82.954012][ T4285]  gfs2_sync_fs+0x48/0xb0
[   82.958373][ T4285]  sync_filesystem+0xe6/0x220
[   82.963088][ T4285]  generic_shutdown_super+0x6b/0x300
[   82.968424][ T4285]  kill_block_super+0x7c/0xe0
[   82.973139][ T4285]  deactivate_locked_super+0x93/0xf0
[   82.978489][ T4285]  cleanup_mnt+0x42d/0x4e0
[   82.982932][ T4285]  ? lockdep_hardirqs_on+0x94/0x140
[   82.988164][ T4285]  task_work_run+0x125/0x1a0
[   82.992784][ T4285]  exit_to_user_mode_loop+0x10f/0x130
[   82.998194][ T4285]  exit_to_user_mode_prepare+0xee/0x180
[   83.003778][ T4285]  syscall_exit_to_user_mode+0x16/0x40
[   83.009271][ T4285]  do_syscall_64+0x58/0xa0
[   83.013712][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.018415][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.023116][ T4285]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.029042][ T4285] RIP: 0033:0x7ff6f3a60f17
[   83.033485][ T4285] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   83.053222][ T4285] RSP: 002b:00007ffd55cc7898 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   83.061676][ T4285] RAX: 0000000000000000 RBX: 00007ff6f3ac971f RCX: 00007ff6f3a60f17
[   83.069677][ T4285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd55cc7950
[   83.077690][ T4285] RBP: 00007ffd55cc7950 R08: 00007ffd55cc8950 R09: 00000000ffffffff
[   83.085690][ T4285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd55cc89e0
[   83.093688][ T4285] R13: 00007ff6f3ac971f R14: 0000000000013f69 R15: 00007ffd55cc8a20
[   83.101707][ T4285]  </TASK>
[   83.119170][ T4285] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   83.121746][ T1111] Bluetooth: hci0: command 0x040f tx timeout
[   83.131449][ T4285] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   83.144367][ T4285] gfs2: fsid=syz:syz.0: File system withdrawn
[   83.151949][ T4285] CPU: 0 PID: 4285 Comm: syz-executor Not tainted syzkaller #0
[   83.159548][ T4285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   83.169629][ T4285] Call Trace:
[   83.172930][ T4285]  <TASK>
[   83.175902][ T4285]  dump_stack_lvl+0x188/0x250
[   83.180633][ T4285]  ? kobject_uevent_env+0x371/0x890
[   83.185872][ T4285]  ? show_regs_print_info+0x20/0x20
[   83.191101][ T4285]  ? load_image+0x400/0x400
[   83.195829][ T4285]  ? kobject_uevent_env+0x371/0x890
[   83.201069][ T4285]  ? lockref_put_or_lock+0x6e/0xb0
[   83.206219][ T4285]  gfs2_withdraw+0x1149/0x1490
[   83.211038][ T4285]  ? gfs2_lm+0x240/0x240
[   83.215330][ T4285]  ? gfs2_consist_inode_i+0xc0/0xe0
[   83.220565][ T4285]  gfs2_inode_refresh+0xb64/0xff0
[   83.225631][ T4285]  ? do_promote+0x71a/0xab0
[   83.230163][ T4285]  ? gfs2_inode_metasync+0xf0/0xf0
[   83.235314][ T4285]  ? __lock_acquire+0x7d10/0x7d10
[   83.240493][ T4285]  inode_go_lock+0x127/0x470
[   83.245129][ T4285]  do_promote+0x741/0xab0
[   83.249509][ T4285]  finish_xmote+0x4df/0xb00
[   83.254060][ T4285]  do_xmote+0x7b6/0x1120
[   83.258351][ T4285]  gfs2_glock_nq+0xc7a/0x1550
[   83.263073][ T4285]  do_sync+0x4ab/0xc40
[   83.267186][ T4285]  ? slot_put+0x1e0/0x1e0
[   83.271557][ T4285]  ? __lock_acquire+0x7d10/0x7d10
[   83.276611][ T4285]  ? do_raw_spin_lock+0x128/0x2f0
[   83.281672][ T4285]  ? do_sync+0x4a3/0xc40
[   83.285952][ T4285]  ? do_raw_spin_unlock+0x11d/0x230
[   83.291179][ T4285]  gfs2_quota_sync+0x32c/0x700
[   83.295983][ T4285]  gfs2_sync_fs+0x48/0xb0
[   83.300344][ T4285]  sync_filesystem+0xe6/0x220
[   83.305054][ T4285]  generic_shutdown_super+0x6b/0x300
[   83.310379][ T4285]  kill_block_super+0x7c/0xe0
[   83.315095][ T4285]  deactivate_locked_super+0x93/0xf0
[   83.320413][ T4285]  cleanup_mnt+0x42d/0x4e0
[   83.324852][ T4285]  ? lockdep_hardirqs_on+0x94/0x140
[   83.330082][ T4285]  task_work_run+0x125/0x1a0
[   83.334695][ T4285]  exit_to_user_mode_loop+0x10f/0x130
[   83.340095][ T4285]  exit_to_user_mode_prepare+0xee/0x180
[   83.345660][ T4285]  syscall_exit_to_user_mode+0x16/0x40
[   83.351142][ T4285]  do_syscall_64+0x58/0xa0
[   83.355569][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.360262][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.365004][ T4285]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.370934][ T4285] RIP: 0033:0x7ff6f3a60f17
[   83.375369][ T4285] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   83.395077][ T4285] RSP: 002b:00007ffd55cc7898 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   83.403512][ T4285] RAX: 0000000000000000 RBX: 00007ff6f3ac971f RCX: 00007ff6f3a60f17
[   83.411586][ T4285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd55cc7950
[   83.419570][ T4285] RBP: 00007ffd55cc7950 R08: 00007ffd55cc8950 R09: 00000000ffffffff
[   83.427556][ T4285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd55cc89e0
[   83.435539][ T4285] R13: 00007ff6f3ac971f R14: 0000000000013f69 R15: 00007ffd55cc8a20
[   83.443534][ T4285]  </TASK>
[   83.550058][ T4285] ==================================================================
[   83.558369][ T4285] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[   83.565091][ T4285] Read of size 8 at addr ffff888068659090 by task syz-executor/4285
[   83.573105][ T4285] 
[   83.575452][ T4285] CPU: 1 PID: 4285 Comm: syz-executor Not tainted syzkaller #0
[   83.583029][ T4285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   83.593157][ T4285] Call Trace:
[   83.596510][ T4285]  <TASK>
[   83.599463][ T4285]  dump_stack_lvl+0x188/0x250
[   83.604181][ T4285]  ? show_regs_print_info+0x20/0x20
[   83.609439][ T4285]  ? _printk+0xda/0x130
[   83.613637][ T4285]  ? qd_unlock+0x30/0x2d0
[   83.618013][ T4285]  ? load_image+0x400/0x400
[   83.622562][ T4285]  ? _raw_spin_lock_irqsave+0xbc/0x100
[   83.628057][ T4285]  print_address_description+0x60/0x2d0
[   83.633666][ T4285]  ? qd_unlock+0x30/0x2d0
[   83.638037][ T4285]  kasan_report+0xdf/0x130
[   83.642485][ T4285]  ? qd_unlock+0x30/0x2d0
[   83.646860][ T4285]  kasan_check_range+0x235/0x290
[   83.651842][ T4285]  qd_unlock+0x30/0x2d0
[   83.656035][ T4285]  gfs2_quota_sync+0x5cf/0x700
[   83.660837][ T4285]  gfs2_sync_fs+0x48/0xb0
[   83.665199][ T4285]  sync_filesystem+0xe6/0x220
[   83.669911][ T4285]  generic_shutdown_super+0x6b/0x300
[   83.675416][ T4285]  kill_block_super+0x7c/0xe0
[   83.680131][ T4285]  deactivate_locked_super+0x93/0xf0
[   83.685452][ T4285]  cleanup_mnt+0x42d/0x4e0
[   83.689905][ T4285]  ? lockdep_hardirqs_on+0x94/0x140
[   83.695142][ T4285]  task_work_run+0x125/0x1a0
[   83.699776][ T4285]  exit_to_user_mode_loop+0x10f/0x130
[   83.705361][ T4285]  exit_to_user_mode_prepare+0xee/0x180
[   83.710948][ T4285]  syscall_exit_to_user_mode+0x16/0x40
[   83.716463][ T4285]  do_syscall_64+0x58/0xa0
[   83.720919][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.725727][ T4285]  ? clear_bhb_loop+0x30/0x80
[   83.730441][ T4285]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.736362][ T4285] RIP: 0033:0x7ff6f3a60f17
[   83.740806][ T4285] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   83.760439][ T4285] RSP: 002b:00007ffd55cc7898 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   83.768894][ T4285] RAX: 0000000000000000 RBX: 00007ff6f3ac971f RCX: 00007ff6f3a60f17
[   83.776894][ T4285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd55cc7950
[   83.784893][ T4285] RBP: 00007ffd55cc7950 R08: 00007ffd55cc8950 R09: 00000000ffffffff
[   83.792893][ T4285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd55cc89e0
[   83.800889][ T4285] R13: 00007ff6f3ac971f R14: 0000000000013f69 R15: 00007ffd55cc8a20
[   83.809003][ T4285]  </TASK>
[   83.812057][ T4285] 
[   83.814405][ T4285] Allocated by task 4350:
[   83.818945][ T4285]  __kasan_slab_alloc+0x9c/0xd0
[   83.823863][ T4285]  slab_post_alloc_hook+0x4c/0x380
[   83.829007][ T4285]  kmem_cache_alloc+0x100/0x290
[   83.833880][ T4285]  qd_alloc+0x50/0x260
[   83.837985][ T4285]  gfs2_quota_init+0x74e/0xea0
[   83.842775][ T4285]  gfs2_make_fs_rw+0x414/0x580
[   83.847581][ T4285]  gfs2_fill_super+0x1837/0x1f00
[   83.852547][ T4285]  get_tree_bdev+0x3f1/0x610
[   83.857184][ T4285]  gfs2_get_tree+0x4d/0x1e0
[   83.861736][ T4285]  vfs_get_tree+0x88/0x270
[   83.866178][ T4285]  do_new_mount+0x24a/0xa40
[   83.870715][ T4285]  __se_sys_mount+0x2e3/0x3d0
[   83.875421][ T4285]  do_syscall_64+0x4c/0xa0
[   83.879865][ T4285]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.885798][ T4285] 
[   83.888157][ T4285] Freed by task 155:
[   83.892066][ T4285]  kasan_set_track+0x4b/0x70
[   83.896698][ T4285]  kasan_set_free_info+0x1f/0x40
[   83.901662][ T4285]  ____kasan_slab_free+0xd5/0x110
[   83.906718][ T4285]  slab_free_freelist_hook+0xea/0x170
[   83.912122][ T4285]  kmem_cache_free+0x8f/0x210
[   83.916826][ T4285]  rcu_core+0x9d2/0x1670
[   83.921090][ T4285]  handle_softirqs+0x339/0x830
[   83.925885][ T4285]  do_softirq+0x142/0x210
[   83.930254][ T4285]  __local_bh_enable_ip+0x180/0x1c0
[   83.935470][ T4285]  cfg80211_bss_update+0x1c79/0x2250
[   83.940787][ T4285]  cfg80211_inform_bss_frame_data+0x89f/0x1fc0
[   83.946966][ T4285]  ieee80211_bss_info_update+0x6be/0xa70
[   83.952639][ T4285]  ieee80211_ibss_rx_queued_mgmt+0x1700/0x2ab0
[   83.958822][ T4285]  ieee80211_iface_work+0x70e/0xc60
[   83.964057][ T4285]  process_one_work+0x85f/0x1010
[   83.969022][ T4285]  worker_thread+0xaa6/0x1290
[   83.973742][ T4285]  kthread+0x436/0x520
[   83.977828][ T4285]  ret_from_fork+0x1f/0x30
[   83.982284][ T4285] 
[   83.984623][ T4285] Last potentially related work creation:
[   83.990352][ T4285]  kasan_save_stack+0x35/0x60
[   83.995055][ T4285]  kasan_record_aux_stack+0xb8/0x100
[   84.000366][ T4285]  call_rcu+0x189/0x950
[   84.004543][ T4285]  gfs2_quota_cleanup+0x43c/0x6a0
[   84.009600][ T4285]  gfs2_make_fs_ro+0x440/0x620
[   84.014400][ T4285]  gfs2_withdraw+0x610/0x1490
[   84.019094][ T4285]  gfs2_inode_refresh+0xb64/0xff0
[   84.024146][ T4285]  inode_go_lock+0x127/0x470
[   84.028762][ T4285]  do_promote+0x741/0xab0
[   84.033203][ T4285]  finish_xmote+0x4df/0xb00
[   84.037734][ T4285]  do_xmote+0x7b6/0x1120
[   84.042013][ T4285]  gfs2_glock_nq+0xc7a/0x1550
[   84.046716][ T4285]  do_sync+0x4ab/0xc40
[   84.050807][ T4285]  gfs2_quota_sync+0x32c/0x700
[   84.055726][ T4285]  gfs2_sync_fs+0x48/0xb0
[   84.060093][ T4285]  sync_filesystem+0xe6/0x220
[   84.064800][ T4285]  generic_shutdown_super+0x6b/0x300
[   84.070124][ T4285]  kill_block_super+0x7c/0xe0
[   84.074832][ T4285]  deactivate_locked_super+0x93/0xf0
[   84.080139][ T4285]  cleanup_mnt+0x42d/0x4e0
[   84.084575][ T4285]  task_work_run+0x125/0x1a0
[   84.089192][ T4285]  exit_to_user_mode_loop+0x10f/0x130
[   84.094591][ T4285]  exit_to_user_mode_prepare+0xee/0x180
[   84.100181][ T4285]  syscall_exit_to_user_mode+0x16/0x40
[   84.105663][ T4285]  do_syscall_64+0x58/0xa0
[   84.110116][ T4285]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   84.116030][ T4285] 
[   84.118391][ T4285] The buggy address belongs to the object at ffff888068659000
[   84.118391][ T4285]  which belongs to the cache gfs2_quotad of size 272
[   84.132467][ T4285] The buggy address is located 144 bytes inside of
[   84.132467][ T4285]  272-byte region [ffff888068659000, ffff888068659110)
[   84.145775][ T4285] The buggy address belongs to the page:
[   84.151432][ T4285] page:ffffea0001a19640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68659
[   84.161611][ T4285] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   84.169201][ T4285] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801e12f000
[   84.177808][ T4285] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   84.186412][ T4285] page dumped because: kasan: bad access detected
[   84.192853][ T4285] page_owner tracks the page as allocated
[   84.198578][ T4285] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4350, ts 82594985919, free_ts 21488204913
[   84.217614][ T4285]  get_page_from_freelist+0x1bbd/0x1ca0
[   84.223200][ T4285]  __alloc_pages+0x1ee/0x480
[   84.227809][ T4285]  new_slab+0xc0/0x4b0
[   84.231901][ T4285]  ___slab_alloc+0x80a/0xdd0
[   84.236609][ T4285]  kmem_cache_alloc+0x195/0x290
[   84.241490][ T4285]  qd_alloc+0x50/0x260
[   84.245623][ T4285]  gfs2_quota_init+0x74e/0xea0
[   84.250416][ T4285]  gfs2_make