Warning: Permanently added '10.128.1.49' (ED25519) to the list of known hosts.
2026/01/05 22:24:36 parsed 1 programs
[ 69.400221][ T4187] cgroup: Unknown subsys name 'net'
[ 69.539123][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.125180][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 71.396302][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.402861][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 73.611290][ T4224] chnl_net:caif_netlink_parms(): no params data found
[ 73.678220][ T4224] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.686126][ T4224] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.694680][ T4224] device bridge_slave_0 entered promiscuous mode
[ 73.704632][ T4224] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.711785][ T4224] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.720403][ T4224] device bridge_slave_1 entered promiscuous mode
[ 73.748958][ T4224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.760742][ T4224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.792569][ T4224] team0: Port device team_slave_0 added
[ 73.800447][ T4224] team0: Port device team_slave_1 added
[ 73.826026][ T4224] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.833130][ T4224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.860992][ T4224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.875882][ T4224] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.883065][ T4224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.910605][ T4224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.958865][ T4224] device hsr_slave_0 entered promiscuous mode
[ 73.967228][ T4224] device hsr_slave_1 entered promiscuous mode
[ 74.113519][ T4224] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.128193][ T4224] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.139368][ T4224] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.151983][ T4224] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.187196][ T4224] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.194600][ T4224] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.202722][ T4224] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.209842][ T4224] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.270429][ T4224] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.285473][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 74.296947][ T154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.306995][ T154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.315912][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 74.331548][ T4224] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.344590][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.354936][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.362035][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.383791][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.395542][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.402673][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.420293][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.431770][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.445369][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.455286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.470116][ T4224] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 74.483190][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 74.491988][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.614745][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 74.623026][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 74.637994][ T4224] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.661390][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 74.671266][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 74.704283][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 74.715127][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 74.727455][ T4224] device veth0_vlan entered promiscuous mode
[ 74.735060][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 74.743214][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 74.758221][ T4224] device veth1_vlan entered promiscuous mode
[ 74.784630][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 74.793511][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 74.801754][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 74.810936][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 74.825601][ T4224] device veth0_macvtap entered promiscuous mode
[ 74.836511][ T4224] device veth1_macvtap entered promiscuous mode
[ 74.856632][ T4224] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.866764][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 74.875293][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 74.883683][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 74.893040][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 74.903626][ T4224] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.912058][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 74.929072][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 74.940886][ T4224] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.951067][ T4224] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.960041][ T4224] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.969382][ T4224] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.097724][ T4224] syz-executor (4224) used greatest stack depth: 20928 bytes left
[ 75.168449][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.695410][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.704848][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.715009][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 75.746249][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.755714][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.764983][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/01/05 22:24:45 executed programs: 0
[ 76.734644][ T4282] chnl_net:caif_netlink_parms(): no params data found
[ 76.787320][ T4282] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.794479][ T4282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.802949][ T4282] device bridge_slave_0 entered promiscuous mode
[ 76.810907][ T4282] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.818342][ T4282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.826832][ T4282] device bridge_slave_1 entered promiscuous mode
[ 76.853275][ T4282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 76.864706][ T4282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 76.889353][ T4282] team0: Port device team_slave_0 added
[ 76.896946][ T4282] team0: Port device team_slave_1 added
[ 76.917687][ T4282] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 76.924792][ T4282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.951077][ T4282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 76.963749][ T4282] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 76.970728][ T4282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.998630][ T4282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 77.030758][ T4282] device hsr_slave_0 entered promiscuous mode
[ 77.037768][ T4282] device hsr_slave_1 entered promiscuous mode
[ 77.044628][ T4282] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 77.052571][ T4282] Cannot create hsr debugfs directory
[ 77.649154][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 78.682931][ T4242] Bluetooth: hci0: command 0x0409 tx timeout
[ 80.348578][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.399718][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.753214][ T4307] Bluetooth: hci0: command 0x041b tx timeout
[ 81.197257][ T4282] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.207231][ T4282] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.217232][ T4282] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.227458][ T4282] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.287195][ T4282] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.314297][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 81.323182][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 81.334343][ T4282] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.345055][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 81.354347][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 81.364163][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.371268][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.380249][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 81.395248][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 81.404105][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 81.413592][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.420675][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.447299][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 81.459089][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 81.471276][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 81.481300][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 81.491859][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 81.505270][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 81.515250][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 81.544542][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 81.554180][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 81.564752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 81.573751][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 81.600294][ T4282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 81.721125][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 81.729781][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 81.745252][ T4282] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.768250][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 81.778887][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 81.859509][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 81.868272][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 81.880997][ T4282] device veth0_vlan entered promiscuous mode
[ 81.888387][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 81.899673][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 81.914925][ T4282] device veth1_vlan entered promiscuous mode
[ 81.934405][ T144] device hsr_slave_0 left promiscuous mode
[ 81.941461][ T144] device hsr_slave_1 left promiscuous mode
[ 81.949829][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 81.967076][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 81.977264][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 81.984979][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 81.993313][ T144] device bridge_slave_1 left promiscuous mode
[ 82.000570][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.016892][ T144] device bridge_slave_0 left promiscuous mode
[ 82.025006][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.048123][ T144] device veth1_macvtap left promiscuous mode
[ 82.054784][ T144] device veth0_macvtap left promiscuous mode
[ 82.060893][ T144] device veth1_vlan left promiscuous mode
[ 82.066994][ T144] device veth0_vlan left promiscuous mode
[ 82.297662][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 82.310294][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 82.324190][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 82.339241][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 82.399435][ T144] bond0 (unregistering): Released all slaves
[ 82.472373][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 82.480567][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 82.500588][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 82.509548][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 82.524122][ T4282] device veth0_macvtap entered promiscuous mode
[ 82.533947][ T4282] device veth1_macvtap entered promiscuous mode
[ 82.553798][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 82.561245][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 82.569786][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 82.578502][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 82.597484][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 82.610239][ T4282] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 82.618275][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 82.627776][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 82.638745][ T4282] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.648276][ T4282] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.657195][ T4282] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.666385][ T4282] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.740188][ T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.762036][ T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.787624][ T4339] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 82.800709][ T4339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.809301][ T4339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.818730][ T162] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/01/05 22:24:51 executed programs: 2
[ 82.843865][ T4308] Bluetooth: hci0: command 0x040f tx timeout
[ 83.217487][ T4340] loop0: detected capacity change from 0 to 32768
[ 83.246998][ T4340] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 83.256808][ T4340] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 83.287350][ T4340] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 83.298783][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 83.312277][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 83.346908][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[ 83.358998][ T7] gfs2: fsid=syz:syz.0: jid=0: Done
[ 83.365452][ T4340] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 83.486240][ T4340] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 83.505381][ T4282] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 83.505381][ T4282] inode = 11 2339
[ 83.505381][ T4282] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 83.526140][ T4282] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 83.554545][ T4282] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 83.592211][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 83.599824][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 83.609923][ T4282] Call Trace:
[ 83.613229][ T4282]
[ 83.616184][ T4282] dump_stack_lvl+0x168/0x230
[ 83.620914][ T4282] ? show_regs_print_info+0x20/0x20
[ 83.626329][ T4282] ? load_image+0x3b0/0x3b0
[ 83.630867][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 83.635927][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 83.641162][ T4282] gfs2_assert_warn_i+0x18f/0x2c0
[ 83.646231][ T4282] gfs2_quota_cleanup+0x4b4/0x6a0
[ 83.651303][ T4282] gfs2_make_fs_ro+0x237/0x5d0
[ 83.656106][ T4282] ? gfs2_dinode_out+0xb00/0xb00
[ 83.661081][ T4282] ? _raw_spin_unlock+0x24/0x40
[ 83.665971][ T4282] ? gfs2_glock_nq+0xcb0/0x1550
[ 83.670876][ T4282] gfs2_withdraw+0x5f9/0x1460
[ 83.675600][ T4282] ? gfs2_lm+0x220/0x220
[ 83.679874][ T4282] ? __schedule+0x11c3/0x4390
[ 83.684590][ T4282] ? gfs2_freeze_lock+0x52/0xc0
[ 83.689476][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 83.694712][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 83.699775][ T4282] ? do_promote+0x71a/0xab0
[ 83.704313][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 83.709460][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 83.714524][ T4282] inode_go_lock+0x127/0x470
[ 83.719153][ T4282] do_promote+0x741/0xab0
[ 83.723682][ T4282] finish_xmote+0x514/0xb70
[ 83.728234][ T4282] do_xmote+0x7b6/0x1120
[ 83.732518][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 83.737252][ T4282] do_sync+0x486/0xc00
[ 83.741367][ T4282] ? slot_put+0x1e0/0x1e0
[ 83.745749][ T4282] ? do_sync+0x47e/0xc00
[ 83.750044][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 83.755309][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 83.760130][ T4282] gfs2_sync_fs+0x48/0xb0
[ 83.764493][ T4282] sync_filesystem+0xe6/0x220
[ 83.769319][ T4282] generic_shutdown_super+0x6b/0x300
[ 83.774634][ T4282] kill_block_super+0x7c/0xe0
[ 83.779528][ T4282] deactivate_locked_super+0x93/0xf0
[ 83.784849][ T4282] cleanup_mnt+0x418/0x4d0
[ 83.789300][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 83.794549][ T4282] task_work_run+0x125/0x1a0
[ 83.799271][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 83.804683][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 83.810271][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 83.815774][ T4282] do_syscall_64+0x58/0xa0
[ 83.820222][ T4282] ? clear_bhb_loop+0x30/0x80
[ 83.825061][ T4282] ? clear_bhb_loop+0x30/0x80
[ 83.829773][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 83.835708][ T4282] RIP: 0033:0x7f59f1be8a77
[ 83.840182][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 83.859909][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 83.868371][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 83.876472][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 83.884476][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 83.892473][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 83.900465][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000014389 R15: 00007ffd79f9d5e0
[ 83.908488][ T4282]
[ 83.922477][ T4282] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 83.931414][ T4282] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 83.939913][ T4282] gfs2: fsid=syz:syz.0: File system withdrawn
[ 83.948280][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 83.955872][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 83.965958][ T4282] Call Trace:
[ 83.969264][ T4282]
[ 83.972217][ T4282] dump_stack_lvl+0x168/0x230
[ 83.976936][ T4282] ? kobject_uevent_env+0x371/0x890
[ 83.982180][ T4282] ? show_regs_print_info+0x20/0x20
[ 83.987431][ T4282] ? load_image+0x3b0/0x3b0
[ 83.992090][ T4282] ? kobject_uevent_env+0x371/0x890
[ 83.997335][ T4282] ? lockref_put_or_lock+0x6e/0xb0
[ 84.002500][ T4282] gfs2_withdraw+0x111b/0x1460
[ 84.007325][ T4282] ? gfs2_lm+0x220/0x220
[ 84.011609][ T4282] ? __schedule+0x11c3/0x4390
[ 84.016347][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 84.021581][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 84.026658][ T4282] ? do_promote+0x71a/0xab0
[ 84.031195][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 84.036338][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 84.041412][ T4282] inode_go_lock+0x127/0x470
[ 84.046041][ T4282] do_promote+0x741/0xab0
[ 84.050420][ T4282] finish_xmote+0x514/0xb70
[ 84.054978][ T4282] do_xmote+0x7b6/0x1120
[ 84.059273][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 84.064011][ T4282] do_sync+0x486/0xc00
[ 84.068122][ T4282] ? slot_put+0x1e0/0x1e0
[ 84.072492][ T4282] ? do_sync+0x47e/0xc00
[ 84.076773][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 84.082009][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 84.086920][ T4282] gfs2_sync_fs+0x48/0xb0
[ 84.091280][ T4282] sync_filesystem+0xe6/0x220
[ 84.096081][ T4282] generic_shutdown_super+0x6b/0x300
[ 84.101410][ T4282] kill_block_super+0x7c/0xe0
[ 84.106296][ T4282] deactivate_locked_super+0x93/0xf0
[ 84.111648][ T4282] cleanup_mnt+0x418/0x4d0
[ 84.116097][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 84.121342][ T4282] task_work_run+0x125/0x1a0
[ 84.125994][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 84.131506][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 84.137085][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 84.142590][ T4282] do_syscall_64+0x58/0xa0
[ 84.147040][ T4282] ? clear_bhb_loop+0x30/0x80
[ 84.151755][ T4282] ? clear_bhb_loop+0x30/0x80
[ 84.156559][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.162508][ T4282] RIP: 0033:0x7f59f1be8a77
[ 84.166963][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 84.186639][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 84.195098][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 84.203107][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 84.211112][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 84.219114][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 84.227109][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000014389 R15: 00007ffd79f9d5e0
[ 84.235125][ T4282]
[ 84.773305][ T4343] loop0: detected capacity change from 0 to 32768
[ 84.818744][ T4343] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 84.844011][ T4343] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 84.888094][ T4343] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 84.897681][ T1111] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 84.906373][ T1111] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 84.954985][ T1111] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 48ms
[ 84.965684][ T1111] gfs2: fsid=syz:syz.0: jid=0: Done
[ 84.971524][ T4343] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 85.008440][ T4344] Bluetooth: hci0: command 0x0419 tx timeout
[ 85.144172][ T4343] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 85.169834][ T4282] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 85.169834][ T4282] inode = 11 2339
[ 85.169834][ T4282] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 85.189218][ T4282] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 85.214782][ T4282] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 85.229249][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 85.237063][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 85.247232][ T4282] Call Trace:
[ 85.250537][ T4282]
[ 85.253470][ T4282] dump_stack_lvl+0x168/0x230
[ 85.258155][ T4282] ? show_regs_print_info+0x20/0x20
[ 85.263358][ T4282] ? load_image+0x3b0/0x3b0
[ 85.267867][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 85.272900][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 85.278108][ T4282] gfs2_assert_warn_i+0x18f/0x2c0
[ 85.283173][ T4282] gfs2_quota_cleanup+0x4b4/0x6a0
[ 85.288377][ T4282] gfs2_make_fs_ro+0x237/0x5d0
[ 85.293166][ T4282] ? gfs2_dinode_out+0xb00/0xb00
[ 85.298118][ T4282] ? _raw_spin_unlock+0x24/0x40
[ 85.302986][ T4282] ? gfs2_glock_nq+0xcb0/0x1550
[ 85.307857][ T4282] gfs2_withdraw+0x5f9/0x1460
[ 85.312635][ T4282] ? gfs2_lm+0x220/0x220
[ 85.316971][ T4282] ? __schedule+0x11c3/0x4390
[ 85.321653][ T4282] ? gfs2_freeze_lock+0x52/0xc0
[ 85.326519][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 85.331823][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 85.336859][ T4282] ? do_promote+0x71a/0xab0
[ 85.341371][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 85.346575][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 85.351614][ T4282] inode_go_lock+0x127/0x470
[ 85.356213][ T4282] do_promote+0x741/0xab0
[ 85.360555][ T4282] finish_xmote+0x514/0xb70
[ 85.365071][ T4282] do_xmote+0x7b6/0x1120
[ 85.369325][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 85.374044][ T4282] do_sync+0x486/0xc00
[ 85.378134][ T4282] ? slot_put+0x1e0/0x1e0
[ 85.382505][ T4282] ? do_sync+0x47e/0xc00
[ 85.386785][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 85.392090][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 85.396932][ T4282] gfs2_sync_fs+0x48/0xb0
[ 85.401270][ T4282] sync_filesystem+0xe6/0x220
[ 85.405975][ T4282] generic_shutdown_super+0x6b/0x300
[ 85.411270][ T4282] kill_block_super+0x7c/0xe0
[ 85.415956][ T4282] deactivate_locked_super+0x93/0xf0
[ 85.421248][ T4282] cleanup_mnt+0x418/0x4d0
[ 85.425674][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 85.430908][ T4282] task_work_run+0x125/0x1a0
[ 85.435603][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 85.440992][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 85.446547][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 85.452009][ T4282] do_syscall_64+0x58/0xa0
[ 85.456433][ T4282] ? clear_bhb_loop+0x30/0x80
[ 85.461115][ T4282] ? clear_bhb_loop+0x30/0x80
[ 85.465798][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.471691][ T4282] RIP: 0033:0x7f59f1be8a77
[ 85.476108][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 85.495721][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.504146][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 85.512145][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 85.520138][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 85.528118][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 85.536093][ T4282] R13: 00007f59f1c6bd7d R14: 00000000000149b4 R15: 00007ffd79f9d5e0
[ 85.544088][ T4282]
[ 85.549591][ T4282] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 85.558716][ T4282] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 85.565550][ T4282] gfs2: fsid=syz:syz.0: File system withdrawn
[ 85.571650][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 85.579234][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 85.589314][ T4282] Call Trace:
[ 85.592617][ T4282]
[ 85.595552][ T4282] dump_stack_lvl+0x168/0x230
[ 85.600240][ T4282] ? kobject_uevent_env+0x371/0x890
[ 85.605448][ T4282] ? show_regs_print_info+0x20/0x20
[ 85.610651][ T4282] ? load_image+0x3b0/0x3b0
[ 85.615156][ T4282] ? kobject_uevent_env+0x371/0x890
[ 85.620357][ T4282] ? lockref_put_or_lock+0x6e/0xb0
[ 85.625492][ T4282] gfs2_withdraw+0x111b/0x1460
[ 85.630293][ T4282] ? gfs2_lm+0x220/0x220
[ 85.634547][ T4282] ? __schedule+0x11c3/0x4390
[ 85.639235][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 85.644459][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 85.649528][ T4282] ? do_promote+0x71a/0xab0
[ 85.654042][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 85.659156][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 85.664197][ T4282] inode_go_lock+0x127/0x470
[ 85.668821][ T4282] do_promote+0x741/0xab0
[ 85.673196][ T4282] finish_xmote+0x514/0xb70
[ 85.677745][ T4282] do_xmote+0x7b6/0x1120
[ 85.682025][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 85.686720][ T4282] do_sync+0x486/0xc00
[ 85.690803][ T4282] ? slot_put+0x1e0/0x1e0
[ 85.695142][ T4282] ? do_sync+0x47e/0xc00
[ 85.699396][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 85.704603][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 85.709385][ T4282] gfs2_sync_fs+0x48/0xb0
[ 85.713738][ T4282] sync_filesystem+0xe6/0x220
[ 85.718424][ T4282] generic_shutdown_super+0x6b/0x300
[ 85.723729][ T4282] kill_block_super+0x7c/0xe0
[ 85.728435][ T4282] deactivate_locked_super+0x93/0xf0
[ 85.733727][ T4282] cleanup_mnt+0x418/0x4d0
[ 85.738149][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 85.743361][ T4282] task_work_run+0x125/0x1a0
[ 85.747963][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 85.753341][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 85.758901][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 85.764373][ T4282] do_syscall_64+0x58/0xa0
[ 85.768791][ T4282] ? clear_bhb_loop+0x30/0x80
[ 85.773478][ T4282] ? clear_bhb_loop+0x30/0x80
[ 85.778183][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.784081][ T4282] RIP: 0033:0x7f59f1be8a77
[ 85.788501][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 85.808200][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.816620][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 85.824601][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 85.832597][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 85.841096][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 85.849070][ T4282] R13: 00007f59f1c6bd7d R14: 00000000000149b4 R15: 00007ffd79f9d5e0
[ 85.857056][ T4282]
[ 86.245660][ T4349] loop0: detected capacity change from 0 to 32768
[ 86.300495][ T4349] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 86.313186][ T4349] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 86.325572][ T4349] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 86.336142][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 86.344528][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 86.376416][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 31ms
[ 86.386677][ T7] gfs2: fsid=syz:syz.0: jid=0: Done
[ 86.391967][ T4349] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 86.519431][ T4349] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 86.540386][ T4282] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 86.540386][ T4282] inode = 11 2339
[ 86.540386][ T4282] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 86.560126][ T4282] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 86.583087][ T4282] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 86.601817][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 86.609430][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 86.619529][ T4282] Call Trace:
[ 86.622846][ T4282]
[ 86.625823][ T4282] dump_stack_lvl+0x168/0x230
[ 86.630816][ T4282] ? show_regs_print_info+0x20/0x20
[ 86.636237][ T4282] ? load_image+0x3b0/0x3b0
[ 86.640773][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 86.645836][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 86.651069][ T4282] gfs2_assert_warn_i+0x18f/0x2c0
[ 86.656138][ T4282] gfs2_quota_cleanup+0x4b4/0x6a0
[ 86.661212][ T4282] gfs2_make_fs_ro+0x237/0x5d0
[ 86.666015][ T4282] ? gfs2_dinode_out+0xb00/0xb00
[ 86.670993][ T4282] ? _raw_spin_unlock+0x24/0x40
[ 86.675888][ T4282] ? gfs2_glock_nq+0xcb0/0x1550
[ 86.680790][ T4282] gfs2_withdraw+0x5f9/0x1460
[ 86.685485][ T4282] ? gfs2_lm+0x220/0x220
[ 86.689754][ T4282] ? __schedule+0x11c3/0x4390
[ 86.694702][ T4282] ? gfs2_freeze_lock+0x52/0xc0
[ 86.699559][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 86.704815][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 86.709881][ T4282] ? do_promote+0x71a/0xab0
[ 86.714403][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 86.719514][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 86.724544][ T4282] inode_go_lock+0x127/0x470
[ 86.729137][ T4282] do_promote+0x741/0xab0
[ 86.733478][ T4282] finish_xmote+0x514/0xb70
[ 86.737993][ T4282] do_xmote+0x7b6/0x1120
[ 86.742262][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 86.746949][ T4282] do_sync+0x486/0xc00
[ 86.751023][ T4282] ? slot_put+0x1e0/0x1e0
[ 86.755370][ T4282] ? do_sync+0x47e/0xc00
[ 86.759654][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 86.764901][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 86.769728][ T4282] gfs2_sync_fs+0x48/0xb0
[ 86.772930][ T21] cfg80211: failed to load regulatory.db
[ 86.774104][ T4282] sync_filesystem+0xe6/0x220
[ 86.784448][ T4282] generic_shutdown_super+0x6b/0x300
[ 86.789800][ T4282] kill_block_super+0x7c/0xe0
[ 86.794533][ T4282] deactivate_locked_super+0x93/0xf0
[ 86.799873][ T4282] cleanup_mnt+0x418/0x4d0
[ 86.804342][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 86.809697][ T4282] task_work_run+0x125/0x1a0
[ 86.814337][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 86.819942][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 86.825515][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 86.830984][ T4282] do_syscall_64+0x58/0xa0
[ 86.835399][ T4282] ? clear_bhb_loop+0x30/0x80
[ 86.840077][ T4282] ? clear_bhb_loop+0x30/0x80
[ 86.845102][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.850998][ T4282] RIP: 0033:0x7f59f1be8a77
[ 86.855440][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 86.875164][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 86.883592][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 86.891568][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 86.899631][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 86.907602][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 86.915575][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000014fb9 R15: 00007ffd79f9d5e0
[ 86.923563][ T4282]
[ 86.928468][ T4282] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 86.937513][ T4282] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 86.945551][ T4282] gfs2: fsid=syz:syz.0: File system withdrawn
[ 86.951650][ T4282] CPU: 0 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 86.959198][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 86.969261][ T4282] Call Trace:
[ 86.972547][ T4282]
[ 86.975483][ T4282] dump_stack_lvl+0x168/0x230
[ 86.980165][ T4282] ? kobject_uevent_env+0x371/0x890
[ 86.985376][ T4282] ? show_regs_print_info+0x20/0x20
[ 86.990581][ T4282] ? load_image+0x3b0/0x3b0
[ 86.995086][ T4282] ? kobject_uevent_env+0x371/0x890
[ 87.000389][ T4282] ? lockref_put_or_lock+0x6e/0xb0
[ 87.005522][ T4282] gfs2_withdraw+0x111b/0x1460
[ 87.010389][ T4282] ? gfs2_lm+0x220/0x220
[ 87.014634][ T4282] ? __schedule+0x11c3/0x4390
[ 87.019350][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 87.024561][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 87.029842][ T4282] ? do_promote+0x71a/0xab0
[ 87.034362][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 87.039488][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 87.044795][ T4282] inode_go_lock+0x127/0x470
[ 87.049633][ T4282] do_promote+0x741/0xab0
[ 87.054199][ T4282] finish_xmote+0x514/0xb70
[ 87.058832][ T4282] do_xmote+0x7b6/0x1120
[ 87.063263][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 87.067981][ T4282] do_sync+0x486/0xc00
[ 87.072147][ T4282] ? slot_put+0x1e0/0x1e0
[ 87.076525][ T4282] ? do_sync+0x47e/0xc00
[ 87.080799][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 87.086009][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 87.090838][ T4282] gfs2_sync_fs+0x48/0xb0
[ 87.095176][ T4282] sync_filesystem+0xe6/0x220
[ 87.099877][ T4282] generic_shutdown_super+0x6b/0x300
[ 87.105192][ T4282] kill_block_super+0x7c/0xe0
[ 87.110094][ T4282] deactivate_locked_super+0x93/0xf0
[ 87.115430][ T4282] cleanup_mnt+0x418/0x4d0
[ 87.119872][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 87.125220][ T4282] task_work_run+0x125/0x1a0
[ 87.129829][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 87.135219][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 87.140861][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 87.146324][ T4282] do_syscall_64+0x58/0xa0
[ 87.150839][ T4282] ? clear_bhb_loop+0x30/0x80
[ 87.155537][ T4282] ? clear_bhb_loop+0x30/0x80
[ 87.160261][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.166272][ T4282] RIP: 0033:0x7f59f1be8a77
[ 87.170726][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 87.190448][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 87.198974][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 87.206976][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 87.215066][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 87.223155][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 87.231136][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000014fb9 R15: 00007ffd79f9d5e0
[ 87.239211][ T4282]
[ 87.807038][ T4352] loop0: detected capacity change from 0 to 32768
[ 87.829327][ T4352] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 87.838976][ T4352] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 87.875489][ T4352] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 87.893237][ T1111] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 87.900070][ T1111] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 87.937533][ T1111] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[ 87.947261][ T1111] gfs2: fsid=syz:syz.0: jid=0: Done
[ 87.953250][ T4352] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 88.064030][ T4352] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 88.102633][ T4282] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 88.102633][ T4282] inode = 11 2339
2026/01/05 22:24:57 executed programs: 6
[ 88.102633][ T4282] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 88.149810][ T4282] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 88.179791][ T4282] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 88.202432][ T4282] CPU: 1 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 88.210037][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 88.220123][ T4282] Call Trace:
[ 88.223428][ T4282]
[ 88.226384][ T4282] dump_stack_lvl+0x168/0x230
[ 88.231119][ T4282] ? show_regs_print_info+0x20/0x20
[ 88.236354][ T4282] ? load_image+0x3b0/0x3b0
[ 88.240892][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 88.245951][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 88.251186][ T4282] gfs2_assert_warn_i+0x18f/0x2c0
[ 88.256332][ T4282] gfs2_quota_cleanup+0x4b4/0x6a0
[ 88.261440][ T4282] gfs2_make_fs_ro+0x237/0x5d0
[ 88.266241][ T4282] ? gfs2_dinode_out+0xb00/0xb00
[ 88.271202][ T4282] ? _raw_spin_unlock+0x24/0x40
[ 88.276078][ T4282] ? gfs2_glock_nq+0xcb0/0x1550
[ 88.280987][ T4282] gfs2_withdraw+0x5f9/0x1460
[ 88.285713][ T4282] ? gfs2_lm+0x220/0x220
[ 88.289979][ T4282] ? __schedule+0x11c3/0x4390
[ 88.294709][ T4282] ? gfs2_freeze_lock+0x52/0xc0
[ 88.299638][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 88.304873][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 88.309956][ T4282] ? do_promote+0x71a/0xab0
[ 88.314493][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 88.319660][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 88.324724][ T4282] inode_go_lock+0x127/0x470
[ 88.329373][ T4282] do_promote+0x741/0xab0
[ 88.333748][ T4282] finish_xmote+0x514/0xb70
[ 88.338295][ T4282] do_xmote+0x7b6/0x1120
[ 88.342591][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 88.347321][ T4282] do_sync+0x486/0xc00
[ 88.351523][ T4282] ? slot_put+0x1e0/0x1e0
[ 88.355898][ T4282] ? do_sync+0x47e/0xc00
[ 88.360266][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 88.365500][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 88.370310][ T4282] gfs2_sync_fs+0x48/0xb0
[ 88.374671][ T4282] sync_filesystem+0xe6/0x220
[ 88.379382][ T4282] generic_shutdown_super+0x6b/0x300
[ 88.384796][ T4282] kill_block_super+0x7c/0xe0
[ 88.389510][ T4282] deactivate_locked_super+0x93/0xf0
[ 88.394824][ T4282] cleanup_mnt+0x418/0x4d0
[ 88.399271][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 88.404505][ T4282] task_work_run+0x125/0x1a0
[ 88.409134][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 88.414538][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 88.420122][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 88.425616][ T4282] do_syscall_64+0x58/0xa0
[ 88.430066][ T4282] ? clear_bhb_loop+0x30/0x80
[ 88.434786][ T4282] ? clear_bhb_loop+0x30/0x80
[ 88.439496][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.445415][ T4282] RIP: 0033:0x7f59f1be8a77
[ 88.449964][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 88.469619][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 88.478068][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 88.486151][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 88.494233][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 88.502235][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 88.510233][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000015553 R15: 00007ffd79f9d5e0
[ 88.518252][ T4282]
[ 88.530850][ T4282] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 88.539993][ T4282] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 88.547986][ T4282] gfs2: fsid=syz:syz.0: File system withdrawn
[ 88.555053][ T4282] CPU: 1 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 88.562651][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 88.572733][ T4282] Call Trace:
[ 88.576038][ T4282]
[ 88.578992][ T4282] dump_stack_lvl+0x168/0x230
[ 88.583792][ T4282] ? kobject_uevent_env+0x371/0x890
[ 88.589029][ T4282] ? show_regs_print_info+0x20/0x20
[ 88.594263][ T4282] ? load_image+0x3b0/0x3b0
[ 88.598795][ T4282] ? kobject_uevent_env+0x371/0x890
[ 88.604023][ T4282] ? lockref_put_or_lock+0x6e/0xb0
[ 88.609173][ T4282] gfs2_withdraw+0x111b/0x1460
[ 88.613981][ T4282] ? gfs2_lm+0x220/0x220
[ 88.618257][ T4282] ? __schedule+0x11c3/0x4390
[ 88.623063][ T4282] ? gfs2_consist_inode_i+0xc0/0xe0
[ 88.628300][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 88.633455][ T4282] ? do_promote+0x71a/0xab0
[ 88.637988][ T4282] ? gfs2_inode_metasync+0xf0/0xf0
[ 88.643141][ T4282] ? __lock_acquire+0x7c60/0x7c60
[ 88.648211][ T4282] inode_go_lock+0x127/0x470
[ 88.652837][ T4282] do_promote+0x741/0xab0
[ 88.657215][ T4282] finish_xmote+0x514/0xb70
[ 88.661761][ T4282] do_xmote+0x7b6/0x1120
[ 88.666082][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 88.670806][ T4282] do_sync+0x486/0xc00
[ 88.674920][ T4282] ? slot_put+0x1e0/0x1e0
[ 88.679292][ T4282] ? do_sync+0x47e/0xc00
[ 88.683571][ T4282] ? do_raw_spin_unlock+0x11d/0x230
[ 88.688801][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 88.693609][ T4282] gfs2_sync_fs+0x48/0xb0
[ 88.697969][ T4282] sync_filesystem+0xe6/0x220
[ 88.702719][ T4282] generic_shutdown_super+0x6b/0x300
[ 88.708040][ T4282] kill_block_super+0x7c/0xe0
[ 88.712751][ T4282] deactivate_locked_super+0x93/0xf0
[ 88.718071][ T4282] cleanup_mnt+0x418/0x4d0
[ 88.722522][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 88.727846][ T4282] task_work_run+0x125/0x1a0
[ 88.732648][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 88.738061][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 88.743637][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 88.749123][ T4282] do_syscall_64+0x58/0xa0
[ 88.753569][ T4282] ? clear_bhb_loop+0x30/0x80
[ 88.758276][ T4282] ? clear_bhb_loop+0x30/0x80
[ 88.762996][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.768920][ T4282] RIP: 0033:0x7f59f1be8a77
[ 88.773420][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 88.793053][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 88.801506][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 88.809505][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 88.817505][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 88.825706][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 88.833713][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000015553 R15: 00007ffd79f9d5e0
[ 88.841728][ T4282]
[ 88.851520][ T4282] ==================================================================
[ 88.859855][ T4282] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 88.866576][ T4282] Read of size 8 at addr ffff88805caff1e0 by task syz-executor/4282
[ 88.874588][ T4282]
[ 88.876946][ T4282] CPU: 1 PID: 4282 Comm: syz-executor Not tainted syzkaller #0
[ 88.884651][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 88.894861][ T4282] Call Trace:
[ 88.898180][ T4282]
[ 88.901138][ T4282] dump_stack_lvl+0x168/0x230
[ 88.905850][ T4282] ? show_regs_print_info+0x20/0x20
[ 88.911097][ T4282] ? _printk+0xcc/0x110
[ 88.915406][ T4282] ? load_image+0x3b0/0x3b0
[ 88.920068][ T4282] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 88.925495][ T4282] print_address_description+0x60/0x2d0
[ 88.931093][ T4282] ? qd_unlock+0x30/0x2d0
[ 88.935462][ T4282] kasan_report+0xdf/0x130
[ 88.940020][ T4282] ? qd_unlock+0x30/0x2d0
[ 88.944403][ T4282] kasan_check_range+0x27b/0x290
[ 88.949522][ T4282] qd_unlock+0x30/0x2d0
[ 88.953729][ T4282] gfs2_quota_sync+0x5bf/0x6f0
[ 88.958550][ T4282] gfs2_sync_fs+0x48/0xb0
[ 88.962918][ T4282] sync_filesystem+0xe6/0x220
[ 88.967711][ T4282] generic_shutdown_super+0x6b/0x300
[ 88.973051][ T4282] kill_block_super+0x7c/0xe0
[ 88.977762][ T4282] deactivate_locked_super+0x93/0xf0
[ 88.983214][ T4282] cleanup_mnt+0x418/0x4d0
[ 88.987675][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 88.992908][ T4282] task_work_run+0x125/0x1a0
[ 88.997674][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 89.003094][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 89.008777][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 89.014283][ T4282] do_syscall_64+0x58/0xa0
[ 89.018816][ T4282] ? clear_bhb_loop+0x30/0x80
[ 89.023521][ T4282] ? clear_bhb_loop+0x30/0x80
[ 89.028227][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.034155][ T4282] RIP: 0033:0x7f59f1be8a77
[ 89.038604][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 89.058328][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 89.066784][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 89.074959][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 89.083043][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 89.091048][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 89.099048][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000015553 R15: 00007ffd79f9d5e0
[ 89.107074][ T4282]
[ 89.110116][ T4282]
[ 89.112459][ T4282] Allocated by task 4352:
[ 89.117004][ T4282] __kasan_slab_alloc+0x9c/0xd0
[ 89.121887][ T4282] slab_post_alloc_hook+0x4c/0x380
[ 89.127020][ T4282] kmem_cache_alloc+0x100/0x290
[ 89.131894][ T4282] qd_alloc+0x50/0x260
[ 89.135993][ T4282] gfs2_quota_init+0x730/0xe80
[ 89.140796][ T4282] gfs2_make_fs_rw+0x3f5/0x560
[ 89.145591][ T4282] gfs2_fill_super+0x188a/0x1f50
[ 89.150643][ T4282] get_tree_bdev+0x3f1/0x610
[ 89.155266][ T4282] gfs2_get_tree+0x4d/0x1e0
[ 89.159794][ T4282] vfs_get_tree+0x88/0x270
[ 89.164238][ T4282] do_new_mount+0x24a/0xa40
[ 89.168813][ T4282] __se_sys_mount+0x2d6/0x3c0
[ 89.173613][ T4282] do_syscall_64+0x4c/0xa0
[ 89.178080][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.184016][ T4282]
[ 89.186370][ T4282] Freed by task 4282:
[ 89.190371][ T4282] kasan_set_track+0x4b/0x70
[ 89.195078][ T4282] kasan_set_free_info+0x1f/0x40
[ 89.200047][ T4282] ____kasan_slab_free+0xd5/0x110
[ 89.205094][ T4282] slab_free_freelist_hook+0xea/0x170
[ 89.210503][ T4282] kmem_cache_free+0x8f/0x210
[ 89.215229][ T4282] rcu_core+0x962/0x15d0
[ 89.219496][ T4282] handle_softirqs+0x328/0x820
[ 89.224305][ T4282] __irq_exit_rcu+0x12f/0x220
[ 89.229102][ T4282] irq_exit_rcu+0x5/0x20
[ 89.233374][ T4282] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 89.239037][ T4282] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 89.245041][ T4282]
[ 89.247385][ T4282] Last potentially related work creation:
[ 89.253248][ T4282] kasan_save_stack+0x35/0x60
[ 89.258119][ T4282] kasan_record_aux_stack+0xb8/0x100
[ 89.263536][ T4282] call_rcu+0x182/0x930
[ 89.267715][ T4282] gfs2_quota_cleanup+0x43c/0x6a0
[ 89.272774][ T4282] gfs2_make_fs_ro+0x237/0x5d0
[ 89.277580][ T4282] gfs2_withdraw+0x5f9/0x1460
[ 89.282286][ T4282] gfs2_inode_refresh+0xb5e/0xfe0
[ 89.287461][ T4282] inode_go_lock+0x127/0x470
[ 89.292076][ T4282] do_promote+0x741/0xab0
[ 89.296440][ T4282] finish_xmote+0x514/0xb70
[ 89.300969][ T4282] do_xmote+0x7b6/0x1120
[ 89.305240][ T4282] gfs2_glock_nq+0xc7a/0x1550
[ 89.309948][ T4282] do_sync+0x486/0xc00
[ 89.314082][ T4282] gfs2_quota_sync+0x32c/0x6f0
[ 89.318884][ T4282] gfs2_sync_fs+0x48/0xb0
[ 89.323239][ T4282] sync_filesystem+0xe6/0x220
[ 89.327943][ T4282] generic_shutdown_super+0x6b/0x300
[ 89.333255][ T4282] kill_block_super+0x7c/0xe0
[ 89.337956][ T4282] deactivate_locked_super+0x93/0xf0
[ 89.343262][ T4282] cleanup_mnt+0x418/0x4d0
[ 89.347707][ T4282] task_work_run+0x125/0x1a0
[ 89.352417][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 89.357819][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 89.363395][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 89.368886][ T4282] do_syscall_64+0x58/0xa0
[ 89.373413][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.379345][ T4282]
[ 89.381697][ T4282] The buggy address belongs to the object at ffff88805caff150
[ 89.381697][ T4282] which belongs to the cache gfs2_quotad of size 272
[ 89.395862][ T4282] The buggy address is located 144 bytes inside of
[ 89.395862][ T4282] 272-byte region [ffff88805caff150, ffff88805caff260)
[ 89.409163][ T4282] The buggy address belongs to the page:
[ 89.414826][ T4282] page:ffffea000172bfc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5caff
[ 89.425010][ T4282] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 89.432695][ T4282] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881461be3c0
[ 89.441303][ T4282] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 89.449991][ T4282] page dumped because: kasan: bad access detected
[ 89.456539][ T4282] page_owner tracks the page as allocated
[ 89.462269][ T4282] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4340, ts 83465329797, free_ts 22116708546
[ 89.481309][ T4282] get_page_from_freelist+0x1b77/0x1c60
[ 89.486897][ T4282] __alloc_pages+0x1e1/0x470
[ 89.491524][ T4282] new_slab+0xc0/0x4b0
[ 89.495699][ T4282] ___slab_alloc+0x81e/0xdf0
[ 89.500398][ T4282] kmem_cache_alloc+0x195/0x290
[ 89.505281][ T4282] qd_alloc+0x50/0x260
[ 89.509383][ T4282] gfs2_quota_init+0x730/0xe80
[ 89.514189][ T4282] gfs2_make_fs_rw+0x3f5/0x560
[ 89.518977][ T4282] gfs2_fill_super+0x188a/0x1f50
[ 89.523948][ T4282] get_tree_bdev+0x3f1/0x610
[ 89.528584][ T4282] gfs2_get_tree+0x4d/0x1e0
[ 89.533370][ T4282] vfs_get_tree+0x88/0x270
[ 89.537814][ T4282] do_new_mount+0x24a/0xa40
[ 89.542350][ T4282] __se_sys_mount+0x2d6/0x3c0
[ 89.547050][ T4282] do_syscall_64+0x4c/0xa0
[ 89.551501][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.557427][ T4282] page last free stack trace:
[ 89.562124][ T4282] free_unref_page_prepare+0x637/0x6c0
[ 89.567630][ T4282] free_unref_page+0x94/0x280
[ 89.572336][ T4282] free_contig_range+0x96/0xf0
[ 89.577148][ T4282] destroy_args+0x100/0xa20
[ 89.581687][ T4282] debug_vm_pgtable+0x318/0x370
[ 89.586582][ T4282] do_one_initcall+0x1ee/0x680
[ 89.591420][ T4282] do_initcall_level+0x137/0x1f0
[ 89.596382][ T4282] do_initcalls+0x4b/0x90
[ 89.600738][ T4282] kernel_init_freeable+0x3ce/0x560
[ 89.605963][ T4282] kernel_init+0x19/0x1b0
[ 89.610323][ T4282] ret_from_fork+0x1f/0x30
[ 89.614769][ T4282]
[ 89.617126][ T4282] Memory state around the buggy address:
[ 89.622870][ T4282] ffff88805caff080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.630953][ T4282] ffff88805caff100: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 89.639041][ T4282] >ffff88805caff180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.647122][ T4282] ^
[ 89.654431][ T4282] ffff88805caff200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 89.662527][ T4282] ffff88805caff280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.670616][ T4282] ==================================================================
[ 89.678701][ T4282] Disabling lock debugging due to kernel taint
[ 89.700857][ T4282] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 89.708124][ T4282] CPU: 1 PID: 4282 Comm: syz-executor Tainted: G B syzkaller #0
[ 89.717083][ T4282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 89.727165][ T4282] Call Trace:
[ 89.730468][ T4282]
[ 89.733418][ T4282] dump_stack_lvl+0x168/0x230
[ 89.738129][ T4282] ? show_regs_print_info+0x20/0x20
[ 89.743351][ T4282] ? load_image+0x3b0/0x3b0
[ 89.747887][ T4282] panic+0x2c9/0x7f0
[ 89.751808][ T4282] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 89.757990][ T4282] ? bpf_jit_dump+0xd0/0xd0
[ 89.762530][ T4282] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 89.768453][ T4282] ? _raw_spin_unlock+0x40/0x40
[ 89.773330][ T4282] ? qd_unlock+0x30/0x2d0
[ 89.777688][ T4282] check_panic_on_warn+0x80/0xa0
[ 89.782662][ T4282] ? qd_unlock+0x30/0x2d0
[ 89.787119][ T4282] end_report+0x6d/0xf0
[ 89.791365][ T4282] kasan_report+0x102/0x130
[ 89.795935][ T4282] ? qd_unlock+0x30/0x2d0
[ 89.800324][ T4282] kasan_check_range+0x27b/0x290
[ 89.805287][ T4282] qd_unlock+0x30/0x2d0
[ 89.809566][ T4282] gfs2_quota_sync+0x5bf/0x6f0
[ 89.814365][ T4282] gfs2_sync_fs+0x48/0xb0
[ 89.820475][ T4282] sync_filesystem+0xe6/0x220
[ 89.825661][ T4282] generic_shutdown_super+0x6b/0x300
[ 89.830994][ T4282] kill_block_super+0x7c/0xe0
[ 89.835717][ T4282] deactivate_locked_super+0x93/0xf0
[ 89.841137][ T4282] cleanup_mnt+0x418/0x4d0
[ 89.845597][ T4282] ? lockdep_hardirqs_on+0x94/0x140
[ 89.850829][ T4282] task_work_run+0x125/0x1a0
[ 89.855573][ T4282] exit_to_user_mode_loop+0x10f/0x130
[ 89.860986][ T4282] exit_to_user_mode_prepare+0xee/0x180
[ 89.867095][ T4282] syscall_exit_to_user_mode+0x16/0x40
[ 89.872602][ T4282] do_syscall_64+0x58/0xa0
[ 89.877044][ T4282] ? clear_bhb_loop+0x30/0x80
[ 89.881740][ T4282] ? clear_bhb_loop+0x30/0x80
[ 89.886447][ T4282] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.892369][ T4282] RIP: 0033:0x7f59f1be8a77
[ 89.896807][ T4282] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 89.916430][ T4282] RSP: 002b:00007ffd79f9c458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 89.924866][ T4282] RAX: 0000000000000000 RBX: 00007f59f1c6bd7d RCX: 00007f59f1be8a77
[ 89.932854][ T4282] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79f9c510
[ 89.940928][ T4282] RBP: 00007ffd79f9c510 R08: 0000000000000000 R09: 0000000000000000
[ 89.949034][ T4282] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd79f9d5a0
[ 89.957025][ T4282] R13: 00007f59f1c6bd7d R14: 0000000000015553 R15: 00007ffd79f9d5e0
[ 89.965027][ T4282]
[ 89.968274][ T4282] Kernel Offset: disabled
[ 89.972632][ T4282] Rebooting in 86400 seconds..