Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts.
2026/04/09 14:51:22 parsed 1 programs
[ 70.340995][ T4187] cgroup: Unknown subsys name 'net'
[ 70.485252][ T4187] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.512424][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.519109][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.996637][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 73.672600][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.698268][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.711790][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 73.737400][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.745943][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.754272][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 74.712959][ T4231] chnl_net:caif_netlink_parms(): no params data found
[ 74.787527][ T4231] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.795770][ T4231] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.804425][ T4231] device bridge_slave_0 entered promiscuous mode
[ 74.815025][ T4231] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.822653][ T4231] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.831418][ T4231] device bridge_slave_1 entered promiscuous mode
[ 74.862136][ T4231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.876490][ T4231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.909545][ T4231] team0: Port device team_slave_0 added
[ 74.917596][ T4231] team0: Port device team_slave_1 added
[ 74.943695][ T4231] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.952225][ T4231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.982070][ T4231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.996458][ T4231] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.005361][ T4231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.033557][ T4231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.077659][ T4231] device hsr_slave_0 entered promiscuous mode
[ 75.085804][ T4231] device hsr_slave_1 entered promiscuous mode
[ 75.240770][ T4231] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.256834][ T4231] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.267485][ T4231] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.279942][ T4231] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.318477][ T4231] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.325802][ T4231] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.334003][ T4231] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.341187][ T4231] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.417121][ T4231] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.434556][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 75.445168][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.455071][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.464439][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 75.479892][ T4231] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.492688][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 75.502288][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.509561][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.530516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 75.542626][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.550080][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.571238][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 75.582377][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 75.591913][ T1166] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 75.609932][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 75.620476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 75.633181][ T4231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.774365][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 75.784558][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 75.800266][ T4231] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.842237][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 75.862475][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 75.886554][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 75.896089][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 75.905178][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 75.914061][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 75.925261][ T4231] device veth0_vlan entered promiscuous mode
[ 75.937459][ T4231] device veth1_vlan entered promiscuous mode
[ 75.957583][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 75.966039][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 75.974632][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 75.984038][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.995772][ T4231] device veth0_macvtap entered promiscuous mode
[ 76.006968][ T4231] device veth1_macvtap entered promiscuous mode
[ 76.035157][ T4231] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.043872][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 76.052884][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 76.062286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 76.071694][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 76.099094][ T4231] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.107121][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 76.116216][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 76.128719][ T4231] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.137944][ T4231] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.147784][ T4231] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.157631][ T4231] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.253714][ T4231] syz-executor (4231) used greatest stack depth: 20408 bytes left
2026/04/09 14:51:32 executed programs: 0
[ 78.177066][ T4283] chnl_net:caif_netlink_parms(): no params data found
[ 78.227403][ T4283] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.234852][ T4283] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.243790][ T4283] device bridge_slave_0 entered promiscuous mode
[ 78.252977][ T4283] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.260318][ T4283] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.268848][ T4283] device bridge_slave_1 entered promiscuous mode
[ 78.291892][ T4283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.304458][ T4283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.334301][ T4283] team0: Port device team_slave_0 added
[ 78.344350][ T4283] team0: Port device team_slave_1 added
[ 78.366355][ T4283] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.373798][ T4283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.400765][ T4283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.413839][ T4283] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.421255][ T4283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.447815][ T4283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.485937][ T4283] device hsr_slave_0 entered promiscuous mode
[ 78.493176][ T4283] device hsr_slave_1 entered promiscuous mode
[ 78.500843][ T4283] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 78.509121][ T4283] Cannot create hsr debugfs directory
[ 78.567513][ T1275] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.069371][ T21] Bluetooth: hci0: command 0x0409 tx timeout
[ 80.965683][ T1275] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.013884][ T1275] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.070542][ T1275] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.884952][ T4283] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.896335][ T4283] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.907392][ T4283] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.918646][ T4283] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.999698][ T4283] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.034729][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 82.043108][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 82.053843][ T4283] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.065504][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 82.075269][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 82.087182][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.094453][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.104820][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 82.137783][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 82.147071][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 82.156318][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.159866][ T4308] Bluetooth: hci0: command 0x041b tx timeout
[ 82.164473][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.192068][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 82.201329][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 82.210760][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 82.222053][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 82.231025][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 82.240177][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 82.249151][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 82.260091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 82.269873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 82.292432][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 82.301926][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 82.315995][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 82.435408][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 82.443987][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 82.457527][ T4283] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.511387][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 82.520838][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 82.534959][ T4283] device veth0_vlan entered promiscuous mode
[ 82.544669][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 82.555522][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 82.566960][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 82.576111][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 82.606035][ T4283] device veth1_vlan entered promiscuous mode
[ 82.627034][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 82.636807][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 82.645599][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 82.656516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 82.685426][ T4283] device veth0_macvtap entered promiscuous mode
[ 82.697852][ T4283] device veth1_macvtap entered promiscuous mode
[ 82.722247][ T1275] device hsr_slave_0 left promiscuous mode
[ 82.730516][ T1275] device hsr_slave_1 left promiscuous mode
[ 82.737133][ T1275] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 82.745542][ T1275] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 82.754044][ T1275] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 82.761942][ T1275] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 82.770346][ T1275] device bridge_slave_1 left promiscuous mode
[ 82.777641][ T1275] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.792981][ T1275] device bridge_slave_0 left promiscuous mode
[ 82.800863][ T1275] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.821238][ T1275] device veth1_macvtap left promiscuous mode
[ 82.828029][ T1275] device veth0_macvtap left promiscuous mode
[ 82.834617][ T1275] device veth1_vlan left promiscuous mode
[ 82.840902][ T1275] device veth0_vlan left promiscuous mode
[ 83.036877][ T1275] team0 (unregistering): Port device team_slave_1 removed
[ 83.055893][ T1275] team0 (unregistering): Port device team_slave_0 removed
[ 83.073110][ T1275] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 83.089257][ T1275] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 83.150165][ T1275] bond0 (unregistering): Released all slaves
[ 83.226906][ T4283] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.237399][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 83.246596][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 83.255217][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 83.265430][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 83.278657][ T4283] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.287895][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 83.297328][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 83.313736][ T4283] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.322966][ T4283] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.331861][ T4283] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.341397][ T4283] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.414141][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.425643][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.443859][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 83.474994][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.483466][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.491582][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 83.827628][ T4336] loop0: detected capacity change from 0 to 32768
[ 83.956420][ T4336] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 83.966356][ T4336] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 83.995647][ T4336] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 84.011716][ T13] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 84.019624][ T13] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 84.051482][ T13] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 31ms
[ 84.069971][ T13] gfs2: fsid=syz:syz.0: jid=0: Done
[ 84.079257][ T4336] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 84.238617][ T4308] Bluetooth: hci0: command 0x040f tx timeout
[ 84.246531][ T4336] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 84.330673][ T4283] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 84.330673][ T4283] inode = 11 2339
[ 84.330673][ T4283] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 84.398196][ T4283] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 84.449709][ T4283] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 84.478212][ T4283] CPU: 0 PID: 4283 Comm: syz-executor Not tainted syzkaller #0
[ 84.486030][ T4283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 84.496243][ T4283] Call Trace:
[ 84.499563][ T4283]
[ 84.502531][ T4283] dump_stack_lvl+0x188/0x250
[ 84.507266][ T4283] ? show_regs_print_info+0x20/0x20
[ 84.512517][ T4283] ? load_image+0x400/0x400
[ 84.517080][ T4283] ? do_raw_spin_unlock+0x11d/0x230
[ 84.522446][ T4283] gfs2_assert_warn_i+0x18f/0x2c0
[ 84.527643][ T4283] gfs2_quota_cleanup+0x4b4/0x6a0
[ 84.532901][ T4283] gfs2_make_fs_ro+0x440/0x620
[ 84.537697][ T4283] ? __might_sleep+0xf0/0xf0
[ 84.542422][ T4283] ? gfs2_dinode_out+0xb00/0xb00
[ 84.547393][ T4283] ? _raw_spin_unlock+0x24/0x40
[ 84.552390][ T4283] ? gfs2_glock_nq+0xcb0/0x1550
[ 84.557301][ T4283] gfs2_withdraw+0x610/0x1490
[ 84.562026][ T4283] ? gfs2_lm+0x240/0x240
[ 84.566305][ T4283] ? __schedule+0x11f7/0x43c0
[ 84.571023][ T4283] ? gfs2_freeze_lock+0x52/0xc0
[ 84.576009][ T4283] ? gfs2_consist_inode_i+0xc0/0xe0
[ 84.581476][ T4283] gfs2_inode_refresh+0xb64/0xff0
[ 84.586785][ T4283] ? do_promote+0x71a/0xab0
[ 84.591341][ T4283] ? gfs2_inode_metasync+0xf0/0xf0
[ 84.596718][ T4283] ? __lock_acquire+0x7d10/0x7d10
[ 84.601794][ T4283] inode_go_lock+0x127/0x470
[ 84.606566][ T4283] do_promote+0x741/0xab0
[ 84.610950][ T4283] finish_xmote+0x4df/0xb00
[ 84.615507][ T4283] do_xmote+0x7b6/0x1120
[ 84.619821][ T4283] gfs2_glock_nq+0xc7a/0x1550
[ 84.624919][ T4283] do_sync+0x4ab/0xc40
[ 84.629031][ T4283] ? slot_put+0x1e0/0x1e0
[ 84.633403][ T4283] ? __lock_acquire+0x7d10/0x7d10
[ 84.638500][ T4283] ? do_raw_spin_lock+0x128/0x2f0
[ 84.643645][ T4283] ? do_sync+0x4a3/0xc40
[ 84.647933][ T4283] ? do_raw_spin_unlock+0x11d/0x230
[ 84.653305][ T4283] gfs2_quota_sync+0x32c/0x700
[ 84.658202][ T4283] gfs2_sync_fs+0x48/0xb0
[ 84.662561][ T4283] sync_filesystem+0xe6/0x220
[ 84.667276][ T4283] generic_shutdown_super+0x6b/0x300
[ 84.672686][ T4283] kill_block_super+0x7c/0xe0
[ 84.677430][ T4283] deactivate_locked_super+0x93/0xf0
[ 84.682889][ T4283] cleanup_mnt+0x42d/0x4e0
[ 84.687362][ T4283] ? lockdep_hardirqs_on+0x94/0x140
[ 84.693024][ T4283] task_work_run+0x125/0x1a0
[ 84.697857][ T4283] exit_to_user_mode_loop+0x10f/0x130
[ 84.703273][ T4283] exit_to_user_mode_prepare+0xee/0x180
[ 84.708857][ T4283] syscall_exit_to_user_mode+0x16/0x40
[ 84.714449][ T4283] do_syscall_64+0x58/0xa0
[ 84.719277][ T4283] ? clear_bhb_loop+0x30/0x80
[ 84.724292][ T4283] ? clear_bhb_loop+0x30/0x80
[ 84.729038][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 84.734997][ T4283] RIP: 0033:0x7fb35df4ea57
[ 84.739460][ T4283] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 84.759457][ T4283] RSP: 002b:00007ffc3bc6b198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 84.768007][ T4283] RAX: 0000000000000000 RBX: 00007fb35dfe3048 RCX: 00007fb35df4ea57
[ 84.776202][ T4283] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3bc6b250
[ 84.785299][ T4283] RBP: 00007ffc3bc6b250 R08: 00007ffc3bc6c250 R09: 00000000ffffffff
[ 84.793424][ T4283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc3bc6c2e0
[ 84.801665][ T4283] R13: 00007fb35dfe3048 R14: 000000000001491c R15: 00007ffc3bc6c320
[ 84.809891][ T4283]
[ 85.178330][ T4283] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 85.187607][ T4283] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 85.218832][ T4283] gfs2: fsid=syz:syz.0: File system withdrawn
[ 85.225038][ T4283] CPU: 1 PID: 4283 Comm: syz-executor Not tainted syzkaller #0
[ 85.232639][ T4283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 85.242830][ T4283] Call Trace:
[ 85.246156][ T4283]
[ 85.249154][ T4283] dump_stack_lvl+0x188/0x250
[ 85.253868][ T4283] ? kobject_uevent_env+0x371/0x890
[ 85.259107][ T4283] ? show_regs_print_info+0x20/0x20
[ 85.264351][ T4283] ? load_image+0x400/0x400
[ 85.268887][ T4283] ? kobject_uevent_env+0x371/0x890
[ 85.274268][ T4283] ? lockref_put_or_lock+0x6e/0xb0
[ 85.279426][ T4283] gfs2_withdraw+0x1149/0x1490
[ 85.284276][ T4283] ? gfs2_lm+0x240/0x240
[ 85.288563][ T4283] ? __schedule+0x11f7/0x43c0
[ 85.293392][ T4283] ? gfs2_consist_inode_i+0xc0/0xe0
[ 85.298723][ T4283] gfs2_inode_refresh+0xb64/0xff0
[ 85.303971][ T4283] ? do_promote+0x71a/0xab0
[ 85.308619][ T4283] ? gfs2_inode_metasync+0xf0/0xf0
[ 85.314322][ T4283] ? __lock_acquire+0x7d10/0x7d10
[ 85.319396][ T4283] inode_go_lock+0x127/0x470
[ 85.324292][ T4283] do_promote+0x741/0xab0
[ 85.328762][ T4283] finish_xmote+0x4df/0xb00
[ 85.333310][ T4283] do_xmote+0x7b6/0x1120
[ 85.337938][ T4283] gfs2_glock_nq+0xc7a/0x1550
[ 85.342692][ T4283] do_sync+0x4ab/0xc40
[ 85.346811][ T4283] ? slot_put+0x1e0/0x1e0
[ 85.351179][ T4283] ? __lock_acquire+0x7d10/0x7d10
[ 85.356264][ T4283] ? do_raw_spin_lock+0x128/0x2f0
[ 85.361323][ T4283] ? do_sync+0x4a3/0xc40
[ 85.365699][ T4283] ? do_raw_spin_unlock+0x11d/0x230
[ 85.370936][ T4283] gfs2_quota_sync+0x32c/0x700
[ 85.375750][ T4283] gfs2_sync_fs+0x48/0xb0
[ 85.380204][ T4283] sync_filesystem+0xe6/0x220
[ 85.385638][ T4283] generic_shutdown_super+0x6b/0x300
[ 85.390984][ T4283] kill_block_super+0x7c/0xe0
[ 85.395806][ T4283] deactivate_locked_super+0x93/0xf0
[ 85.401139][ T4283] cleanup_mnt+0x42d/0x4e0
[ 85.405963][ T4283] ? lockdep_hardirqs_on+0x94/0x140
[ 85.411557][ T4283] task_work_run+0x125/0x1a0
[ 85.416208][ T4283] exit_to_user_mode_loop+0x10f/0x130
[ 85.421618][ T4283] exit_to_user_mode_prepare+0xee/0x180
[ 85.427195][ T4283] syscall_exit_to_user_mode+0x16/0x40
[ 85.432716][ T4283] do_syscall_64+0x58/0xa0
[ 85.437187][ T4283] ? clear_bhb_loop+0x30/0x80
[ 85.441896][ T4283] ? clear_bhb_loop+0x30/0x80
[ 85.446697][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.452628][ T4283] RIP: 0033:0x7fb35df4ea57
[ 85.457075][ T4283] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 85.476815][ T4283] RSP: 002b:00007ffc3bc6b198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.485451][ T4283] RAX: 0000000000000000 RBX: 00007fb35dfe3048 RCX: 00007fb35df4ea57
[ 85.493471][ T4283] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3bc6b250
[ 85.501564][ T4283] RBP: 00007ffc3bc6b250 R08: 00007ffc3bc6c250 R09: 00000000ffffffff
[ 85.509569][ T4283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc3bc6c2e0
[ 85.517580][ T4283] R13: 00007fb35dfe3048 R14: 000000000001491c R15: 00007ffc3bc6c320
[ 85.525696][ T4283]
[ 85.543529][ T4283] ==================================================================
[ 85.551902][ T4283] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 85.558706][ T4283] Read of size 8 at addr ffff8880686c0090 by task syz-executor/4283
[ 85.566711][ T4283]
[ 85.569067][ T4283] CPU: 1 PID: 4283 Comm: syz-executor Not tainted syzkaller #0
[ 85.576725][ T4283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 85.586814][ T4283] Call Trace:
[ 85.590142][ T4283]
[ 85.593199][ T4283] dump_stack_lvl+0x188/0x250
[ 85.597928][ T4283] ? show_regs_print_info+0x20/0x20
[ 85.603169][ T4283] ? _printk+0xda/0x130
[ 85.607364][ T4283] ? qd_unlock+0x30/0x2d0
[ 85.611739][ T4283] ? load_image+0x400/0x400
[ 85.616802][ T4283] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 85.622680][ T4283] print_address_description+0x60/0x2d0
[ 85.628367][ T4283] ? qd_unlock+0x30/0x2d0
[ 85.632822][ T4283] kasan_report+0xdf/0x130
[ 85.637277][ T4283] ? qd_unlock+0x30/0x2d0
[ 85.641641][ T4283] kasan_check_range+0x235/0x290
[ 85.646617][ T4283] qd_unlock+0x30/0x2d0
[ 85.650903][ T4283] gfs2_quota_sync+0x5cf/0x700
[ 85.655724][ T4283] gfs2_sync_fs+0x48/0xb0
[ 85.660112][ T4283] sync_filesystem+0xe6/0x220
[ 85.665058][ T4283] generic_shutdown_super+0x6b/0x300
[ 85.670518][ T4283] kill_block_super+0x7c/0xe0
[ 85.675247][ T4283] deactivate_locked_super+0x93/0xf0
[ 85.680579][ T4283] cleanup_mnt+0x42d/0x4e0
[ 85.685043][ T4283] ? lockdep_hardirqs_on+0x94/0x140
[ 85.690409][ T4283] task_work_run+0x125/0x1a0
[ 85.695146][ T4283] exit_to_user_mode_loop+0x10f/0x130
[ 85.700564][ T4283] exit_to_user_mode_prepare+0xee/0x180
[ 85.706146][ T4283] syscall_exit_to_user_mode+0x16/0x40
[ 85.711643][ T4283] do_syscall_64+0x58/0xa0
[ 85.716222][ T4283] ? clear_bhb_loop+0x30/0x80
[ 85.720937][ T4283] ? clear_bhb_loop+0x30/0x80
[ 85.725649][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.731574][ T4283] RIP: 0033:0x7fb35df4ea57
[ 85.736022][ T4283] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 85.755756][ T4283] RSP: 002b:00007ffc3bc6b198 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 85.764337][ T4283] RAX: 0000000000000000 RBX: 00007fb35dfe3048 RCX: 00007fb35df4ea57
[ 85.772443][ T4283] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3bc6b250
[ 85.780454][ T4283] RBP: 00007ffc3bc6b250 R08: 00007ffc3bc6c250 R09: 00000000ffffffff
[ 85.788544][ T4283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc3bc6c2e0
[ 85.796559][ T4283] R13: 00007fb35dfe3048 R14: 000000000001491c R15: 00007ffc3bc6c320
[ 85.804862][ T4283]
[ 85.807908][ T4283]
[ 85.810262][ T4283] Allocated by task 4336:
[ 85.814614][ T4283] __kasan_slab_alloc+0x9c/0xd0
[ 85.819608][ T4283] slab_post_alloc_hook+0x4c/0x380
[ 85.824891][ T4283] kmem_cache_alloc+0x100/0x290
[ 85.829904][ T4283] qd_alloc+0x50/0x260
[ 85.834041][ T4283] gfs2_quota_init+0x74e/0xea0
[ 85.838842][ T4283] gfs2_make_fs_rw+0x414/0x580
[ 85.843754][ T4283] gfs2_fill_super+0x1837/0x1f00
[ 85.848829][ T4283] get_tree_bdev+0x3f1/0x610
[ 85.853501][ T4283] gfs2_get_tree+0x4d/0x1e0
[ 85.858136][ T4283] vfs_get_tree+0x88/0x270
[ 85.862871][ T4283] do_new_mount+0x24a/0xa40
[ 85.867518][ T4283] __se_sys_mount+0x2e3/0x3d0
[ 85.872237][ T4283] do_syscall_64+0x4c/0xa0
[ 85.876697][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 85.882709][ T4283]
[ 85.885071][ T4283] Freed by task 1275:
[ 85.889069][ T4283] kasan_set_track+0x4b/0x70
[ 85.893688][ T4283] kasan_set_free_info+0x1f/0x40
[ 85.898667][ T4283] ____kasan_slab_free+0xd5/0x110
[ 85.903747][ T4283] slab_free_freelist_hook+0xea/0x170
[ 85.909173][ T4283] kmem_cache_free+0x8f/0x210
[ 85.913881][ T4283] rcu_core+0x9d2/0x1670
[ 85.918154][ T4283] handle_softirqs+0x339/0x830
[ 85.925343][ T4283] __irq_exit_rcu+0x13b/0x230
[ 85.930354][ T4283] irq_exit_rcu+0x5/0x20
[ 85.934729][ T4283] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 85.940407][ T4283] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 85.946516][ T4283]
[ 85.948896][ T4283] Last potentially related work creation:
[ 85.955332][ T4283] kasan_save_stack+0x35/0x60
[ 85.960040][ T4283] kasan_record_aux_stack+0xb8/0x100
[ 85.965354][ T4283] call_rcu+0x189/0x950
[ 85.969525][ T4283] gfs2_quota_cleanup+0x43c/0x6a0
[ 85.974578][ T4283] gfs2_make_fs_ro+0x440/0x620
[ 85.979750][ T4283] gfs2_withdraw+0x610/0x1490
[ 85.984471][ T4283] gfs2_inode_refresh+0xb64/0xff0
[ 85.989536][ T4283] inode_go_lock+0x127/0x470
[ 85.994156][ T4283] do_promote+0x741/0xab0
[ 85.998834][ T4283] finish_xmote+0x4df/0xb00
[ 86.003711][ T4283] do_xmote+0x7b6/0x1120
[ 86.008042][ T4283] gfs2_glock_nq+0xc7a/0x1550
[ 86.012745][ T4283] do_sync+0x4ab/0xc40
[ 86.017007][ T4283] gfs2_quota_sync+0x32c/0x700
[ 86.021815][ T4283] gfs2_sync_fs+0x48/0xb0
[ 86.026270][ T4283] sync_filesystem+0xe6/0x220
[ 86.030969][ T4283] generic_shutdown_super+0x6b/0x300
[ 86.036289][ T4283] kill_block_super+0x7c/0xe0
[ 86.041115][ T4283] deactivate_locked_super+0x93/0xf0
[ 86.046418][ T4283] cleanup_mnt+0x42d/0x4e0
[ 86.050853][ T4283] task_work_run+0x125/0x1a0
[ 86.055483][ T4283] exit_to_user_mode_loop+0x10f/0x130
[ 86.060878][ T4283] exit_to_user_mode_prepare+0xee/0x180
[ 86.066448][ T4283] syscall_exit_to_user_mode+0x16/0x40
[ 86.072109][ T4283] do_syscall_64+0x58/0xa0
[ 86.076545][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.082462][ T4283]
[ 86.084851][ T4283] The buggy address belongs to the object at ffff8880686c0000
[ 86.084851][ T4283] which belongs to the cache gfs2_quotad of size 272
[ 86.098931][ T4283] The buggy address is located 144 bytes inside of
[ 86.098931][ T4283] 272-byte region [ffff8880686c0000, ffff8880686c0110)
[ 86.112334][ T4283] The buggy address belongs to the page:
[ 86.118052][ T4283] page:ffffea0001a1b000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x686c0
[ 86.128535][ T4283] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 86.136464][ T4283] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888146b95b40
[ 86.145260][ T4283] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 86.153865][ T4283] page dumped because: kasan: bad access detected
[ 86.160299][ T4283] page_owner tracks the page as allocated
[ 86.166219][ T4283] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4336, ts 84224646364, free_ts 23922026826
[ 86.185349][ T4283] get_page_from_freelist+0x1bbd/0x1ca0
[ 86.190926][ T4283] __alloc_pages+0x1ee/0x480
[ 86.195540][ T4283] new_slab+0xc0/0x4b0
[ 86.199788][ T4283] ___slab_alloc+0x80a/0xdd0
[ 86.204527][ T4283] kmem_cache_alloc+0x195/0x290
[ 86.209394][ T4283] qd_alloc+0x50/0x260
[ 86.213490][ T4283] gfs2_quota_init+0x74e/0xea0
[ 86.218362][ T4283] gfs2_make_fs_rw+0x414/0x580
[ 86.223143][ T4283] gfs2_fill_super+0x1837/0x1f00
[ 86.228100][ T4283] get_tree_bdev+0x3f1/0x610
[ 86.232811][ T4283] gfs2_get_tree+0x4d/0x1e0
[ 86.237725][ T4283] vfs_get_tree+0x88/0x270
[ 86.242157][ T4283] do_new_mount+0x24a/0xa40
[ 86.246674][ T4283] __se_sys_mount+0x2e3/0x3d0
[ 86.251379][ T4283] do_syscall_64+0x4c/0xa0
[ 86.255811][ T4283] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.261728][ T4283] page last free stack trace:
[ 86.266416][ T4283] free_unref_page_prepare+0x637/0x6c0
[ 86.271896][ T4283] free_unref_page+0x8f/0x2a0
[ 86.276593][ T4283] free_contig_range+0x96/0xf0
[ 86.281379][ T4283] destroy_args+0xf0/0xa00
[ 86.286101][ T4283] debug_vm_pgtable+0x321/0x380
[ 86.291065][ T4283] do_one_initcall+0x272/0x730
[ 86.295866][ T4283] do_initcall_level+0x137/0x1f0
[ 86.300826][ T4283] do_initcalls+0x4b/0x90
[ 86.305182][ T4283] kernel_init_freeable+0x3e9/0x570
[ 86.310398][ T4283] kernel_init+0x19/0x1b0
[ 86.314878][ T4283] ret_from_fork+0x1f/0x30
[ 86.319345][ T4283]
[ 86.321687][ T4283] Memory state around the buggy address:
[ 86.327329][ T4283] ffff8880686bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.335590][ T4283] ffff8880686c0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.343696][ T4283] >ffff8880686c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.351860][ T4283] ^
[ 86.356565][ T4283] ffff8880686c0100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.364849][ T4283] ffff8880686c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 86.373204][ T4283] ==================================================================
[ 86.381294][ T4283] Disabling lock debugging due to kernel taint
[ 86.409093][ T4297] Bluetooth: hci0: command 0x0419 tx timeout