Warning: Permanently added '10.128.10.35' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
[ 59.103895][ T4163] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 59.194202][ T4167] chnl_net:caif_netlink_parms(): no params data found
[ 59.244860][ T4167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.253981][ T4167] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.265101][ T4167] device bridge_slave_0 entered promiscuous mode
[ 59.275834][ T4167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.283885][ T4167] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.292374][ T4167] device bridge_slave_1 entered promiscuous mode
[ 59.316407][ T4167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 59.327617][ T4167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 59.352424][ T4167] team0: Port device team_slave_0 added
[ 59.360483][ T4167] team0: Port device team_slave_1 added
[ 59.381441][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 59.388555][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.414841][ T4167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 59.427904][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 59.435290][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 59.461705][ T4167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 59.494546][ T4167] device hsr_slave_0 entered promiscuous mode
[ 59.501493][ T4167] device hsr_slave_1 entered promiscuous mode
[ 59.598669][ T4167] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 59.609440][ T4167] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 59.619226][ T4167] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 59.628916][ T4167] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 59.652413][ T4167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.659623][ T4167] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.667699][ T4167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.674865][ T4167] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.726351][ T4167] 8021q: adding VLAN 0 to HW filter on device bond0
[ 59.740179][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 59.750365][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state
[ 59.759552][ T1245] bridge0: port 2(bridge_slave_1) entered disabled state
[ 59.768406][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 59.781841][ T4167] 8021q: adding VLAN 0 to HW filter on device team0
[ 59.793784][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 59.802343][ T433] bridge0: port 1(bridge_slave_0) entered blocking state
[ 59.809455][ T433] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 59.822353][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 59.831397][ T433] bridge0: port 2(bridge_slave_1) entered blocking state
[ 59.838510][ T433] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 59.858542][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 59.868340][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 59.880509][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 59.893853][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 59.906626][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 59.917801][ T4167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 59.936151][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 59.944430][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 59.958169][ T4167] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 59.976292][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 59.996117][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 60.005359][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 60.014937][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 60.025747][ T4167] device veth0_vlan entered promiscuous mode
[ 60.039382][ T4167] device veth1_vlan entered promiscuous mode
[ 60.060083][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 60.068450][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 60.077482][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 60.089375][ T4167] device veth0_macvtap entered promiscuous mode
[ 60.099354][ T4167] device veth1_macvtap entered promiscuous mode
[ 60.117065][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 60.124922][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 60.134691][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 60.148189][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 60.156018][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 60.168003][ T4167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.177630][ T4167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.186626][ T4167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.195409][ T4167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 60.456844][ T4167] loop0: detected capacity change from 0 to 32768
[ 60.549734][ T4167] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 60.560129][ T4167] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 60.591936][ T4167] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[ 60.602413][ T2359] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 60.610433][ T2359] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 60.633285][ T2359] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 22ms
[ 60.642398][ T2359] gfs2: fsid=syz:syz.0: jid=0: Done
[ 60.648257][ T4167] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 60.724571][ T4167] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 60.766010][ T4167] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 60.766010][ T4167] inode = 11 2339
[ 60.766010][ T4167] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 60.785444][ T4167] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 60.797865][ T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 60.805585][ T4167] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 60.822426][ T4167] CPU: 0 PID: 4167 Comm: syz-executor388 Not tainted 5.15.181-syzkaller #0
[ 60.831123][ T4167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 60.841204][ T4167] Call Trace:
[ 60.844489][ T4167]
[ 60.847438][ T4167] dump_stack_lvl+0x168/0x230
[ 60.852163][ T4167] ? show_regs_print_info+0x20/0x20
[ 60.857372][ T4167] ? load_image+0x3b0/0x3b0
[ 60.861899][ T4167] ? __lock_acquire+0x7c60/0x7c60
[ 60.866943][ T4167] ? do_raw_spin_unlock+0x11d/0x230
[ 60.872150][ T4167] gfs2_assert_warn_i+0x18f/0x2c0
[ 60.877190][ T4167] gfs2_quota_cleanup+0x4b4/0x6a0
[ 60.882226][ T4167] gfs2_make_fs_ro+0x237/0x5d0
[ 60.887098][ T4167] ? gfs2_dinode_out+0xb00/0xb00
[ 60.892036][ T4167] ? _raw_spin_unlock+0x24/0x40
[ 60.896889][ T4167] ? gfs2_glock_nq+0xcb0/0x1550
[ 60.901885][ T4167] gfs2_withdraw+0x5f9/0x1460
[ 60.906588][ T4167] ? gfs2_lm+0x220/0x220
[ 60.910851][ T4167] ? __schedule+0x11c0/0x43b0
[ 60.915863][ T4167] ? gfs2_freeze_lock+0x52/0xc0
[ 60.920719][ T4167] ? gfs2_consist_inode_i+0xc0/0xe0
[ 60.925934][ T4167] gfs2_inode_refresh+0xb5e/0xfe0
[ 60.931139][ T4167] ? do_promote+0x71a/0xab0
[ 60.935673][ T4167] ? gfs2_inode_metasync+0xf0/0xf0
[ 60.940811][ T4167] ? __lock_acquire+0x7c60/0x7c60
[ 60.945856][ T4167] inode_go_lock+0x127/0x470
[ 60.950464][ T4167] do_promote+0x741/0xab0
[ 60.954808][ T4167] finish_xmote+0x514/0xb70
[ 60.959319][ T4167] do_xmote+0x7b6/0x1120
[ 60.963572][ T4167] gfs2_glock_nq+0xc7a/0x1550
[ 60.968274][ T4167] do_sync+0x486/0xc00
[ 60.972455][ T4167] ? slot_put+0x1e0/0x1e0
[ 60.976893][ T4167] ? __lock_acquire+0x7c60/0x7c60
[ 60.981924][ T4167] ? do_raw_spin_lock+0x11d/0x280
[ 60.986954][ T4167] ? do_sync+0x47e/0xc00
[ 60.991289][ T4167] ? do_raw_spin_unlock+0x11d/0x230
[ 60.996491][ T4167] gfs2_quota_sync+0x32c/0x6f0
[ 61.001352][ T4167] gfs2_sync_fs+0x48/0xb0
[ 61.005681][ T4167] sync_filesystem+0xe6/0x220
[ 61.010358][ T4167] generic_shutdown_super+0x6b/0x300
[ 61.015666][ T4167] kill_block_super+0x7c/0xe0
[ 61.020352][ T4167] deactivate_locked_super+0x93/0xf0
[ 61.025753][ T4167] cleanup_mnt+0x418/0x4d0
[ 61.030200][ T4167] ? lockdep_hardirqs_on+0x94/0x140
[ 61.035507][ T4167] task_work_run+0x125/0x1a0
[ 61.040114][ T4167] do_exit+0x616/0x20a0
[ 61.044280][ T4167] ? put_task_struct+0x80/0x80
[ 61.049071][ T4167] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 61.055144][ T4167] ? lock_chain_count+0x20/0x20
[ 61.060025][ T4167] do_group_exit+0x12e/0x300
[ 61.065057][ T4167] __x64_sys_exit_group+0x3b/0x40
[ 61.070084][ T4167] do_syscall_64+0x4c/0xa0
[ 61.074605][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.079285][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.083963][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.089871][ T4167] RIP: 0033:0x7fdf2a2d0f39
[ 61.094297][ T4167] Code: Unable to access opcode bytes at RIP 0x7fdf2a2d0f0f.
[ 61.101738][ T4167] RSP: 002b:00007ffd52023ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 61.110198][ T4167] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdf2a2d0f39
[ 61.118252][ T4167] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 61.126519][ T4167] RBP: 00007fdf2a35d370 R08: ffffffffffffffb8 R09: 00000000000124ce
[ 61.134490][ T4167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf2a35d370
[ 61.142462][ T4167] R13: 0000000000000000 R14: 00007fdf2a3601a0 R15: 00007fdf2a297420
[ 61.150536][ T4167]
[ 61.163234][ T4167] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 61.172084][ T4167] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 61.180699][ T4167] gfs2: fsid=syz:syz.0: File system withdrawn
[ 61.187104][ T4167] CPU: 0 PID: 4167 Comm: syz-executor388 Not tainted 5.15.181-syzkaller #0
[ 61.195713][ T4167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 61.205885][ T4167] Call Trace:
[ 61.209165][ T4167]
[ 61.212093][ T4167] dump_stack_lvl+0x168/0x230
[ 61.216861][ T4167] ? kobject_uevent_env+0x371/0x890
[ 61.222088][ T4167] ? show_regs_print_info+0x20/0x20
[ 61.227306][ T4167] ? load_image+0x3b0/0x3b0
[ 61.232026][ T4167] ? kobject_uevent_env+0x371/0x890
[ 61.238133][ T4167] ? lockref_put_or_lock+0x6e/0xb0
[ 61.243478][ T4167] gfs2_withdraw+0x111b/0x1460
[ 61.248446][ T4167] ? gfs2_lm+0x220/0x220
[ 61.252689][ T4167] ? __schedule+0x11c0/0x43b0
[ 61.259402][ T4167] ? gfs2_consist_inode_i+0xc0/0xe0
[ 61.264896][ T4167] gfs2_inode_refresh+0xb5e/0xfe0
[ 61.270042][ T4167] ? do_promote+0x71a/0xab0
[ 61.274749][ T4167] ? gfs2_inode_metasync+0xf0/0xf0
[ 61.280588][ T4167] ? __lock_acquire+0x7c60/0x7c60
[ 61.285726][ T4167] inode_go_lock+0x127/0x470
[ 61.290696][ T4167] do_promote+0x741/0xab0
[ 61.295228][ T4167] finish_xmote+0x514/0xb70
[ 61.300032][ T4167] do_xmote+0x7b6/0x1120
[ 61.304619][ T4167] gfs2_glock_nq+0xc7a/0x1550
[ 61.309352][ T4167] do_sync+0x486/0xc00
[ 61.313468][ T4167] ? slot_put+0x1e0/0x1e0
[ 61.317926][ T4167] ? __lock_acquire+0x7c60/0x7c60
[ 61.322985][ T4167] ? do_raw_spin_lock+0x11d/0x280
[ 61.328017][ T4167] ? do_sync+0x47e/0xc00
[ 61.332271][ T4167] ? do_raw_spin_unlock+0x11d/0x230
[ 61.337583][ T4167] gfs2_quota_sync+0x32c/0x6f0
[ 61.342363][ T4167] gfs2_sync_fs+0x48/0xb0
[ 61.346874][ T4167] sync_filesystem+0xe6/0x220
[ 61.351576][ T4167] generic_shutdown_super+0x6b/0x300
[ 61.356865][ T4167] kill_block_super+0x7c/0xe0
[ 61.361547][ T4167] deactivate_locked_super+0x93/0xf0
[ 61.366832][ T4167] cleanup_mnt+0x418/0x4d0
[ 61.371253][ T4167] ? lockdep_hardirqs_on+0x94/0x140
[ 61.376566][ T4167] task_work_run+0x125/0x1a0
[ 61.381166][ T4167] do_exit+0x616/0x20a0
[ 61.385329][ T4167] ? put_task_struct+0x80/0x80
[ 61.390111][ T4167] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 61.396103][ T4167] ? lock_chain_count+0x20/0x20
[ 61.400954][ T4167] do_group_exit+0x12e/0x300
[ 61.405551][ T4167] __x64_sys_exit_group+0x3b/0x40
[ 61.410585][ T4167] do_syscall_64+0x4c/0xa0
[ 61.415002][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.419674][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.424350][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.430262][ T4167] RIP: 0033:0x7fdf2a2d0f39
[ 61.434691][ T4167] Code: Unable to access opcode bytes at RIP 0x7fdf2a2d0f0f.
[ 61.442074][ T4167] RSP: 002b:00007ffd52023ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 61.450577][ T4167] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdf2a2d0f39
[ 61.458547][ T4167] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 61.466524][ T4167] RBP: 00007fdf2a35d370 R08: ffffffffffffffb8 R09: 00000000000124ce
[ 61.474675][ T4167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf2a35d370
[ 61.482646][ T4167] R13: 0000000000000000 R14: 00007fdf2a3601a0 R15: 00007fdf2a297420
[ 61.490630][ T4167]
[ 61.514489][ T4167] ==================================================================
[ 61.522716][ T4167] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 61.529410][ T4167] Read of size 8 at addr ffff88806fc67090 by task syz-executor388/4167
[ 61.537647][ T4167]
[ 61.539972][ T4167] CPU: 0 PID: 4167 Comm: syz-executor388 Not tainted 5.15.181-syzkaller #0
[ 61.548555][ T4167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 61.558745][ T4167] Call Trace:
[ 61.562027][ T4167]
[ 61.564966][ T4167] dump_stack_lvl+0x168/0x230
[ 61.569753][ T4167] ? show_regs_print_info+0x20/0x20
[ 61.575196][ T4167] ? _printk+0xcc/0x110
[ 61.579364][ T4167] ? qd_unlock+0x30/0x2d0
[ 61.583819][ T4167] ? load_image+0x3b0/0x3b0
[ 61.588388][ T4167] print_address_description+0x60/0x2d0
[ 61.593944][ T4167] ? qd_unlock+0x30/0x2d0
[ 61.598294][ T4167] kasan_report+0xdf/0x130
[ 61.602710][ T4167] ? qd_unlock+0x30/0x2d0
[ 61.607055][ T4167] kasan_check_range+0x27b/0x290
[ 61.611997][ T4167] qd_unlock+0x30/0x2d0
[ 61.616157][ T4167] gfs2_quota_sync+0x5bf/0x6f0
[ 61.620940][ T4167] gfs2_sync_fs+0x48/0xb0
[ 61.625379][ T4167] sync_filesystem+0xe6/0x220
[ 61.630057][ T4167] generic_shutdown_super+0x6b/0x300
[ 61.635513][ T4167] kill_block_super+0x7c/0xe0
[ 61.640208][ T4167] deactivate_locked_super+0x93/0xf0
[ 61.645588][ T4167] cleanup_mnt+0x418/0x4d0
[ 61.650009][ T4167] ? lockdep_hardirqs_on+0x94/0x140
[ 61.655207][ T4167] task_work_run+0x125/0x1a0
[ 61.659995][ T4167] do_exit+0x616/0x20a0
[ 61.664171][ T4167] ? put_task_struct+0x80/0x80
[ 61.669029][ T4167] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 61.675018][ T4167] ? lock_chain_count+0x20/0x20
[ 61.679871][ T4167] do_group_exit+0x12e/0x300
[ 61.684750][ T4167] __x64_sys_exit_group+0x3b/0x40
[ 61.689913][ T4167] do_syscall_64+0x4c/0xa0
[ 61.694357][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.699192][ T4167] ? clear_bhb_loop+0x15/0x70
[ 61.703879][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.709789][ T4167] RIP: 0033:0x7fdf2a2d0f39
[ 61.714200][ T4167] Code: Unable to access opcode bytes at RIP 0x7fdf2a2d0f0f.
[ 61.721571][ T4167] RSP: 002b:00007ffd52023ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 61.730050][ T4167] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdf2a2d0f39
[ 61.738026][ T4167] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 61.745996][ T4167] RBP: 00007fdf2a35d370 R08: ffffffffffffffb8 R09: 00000000000124ce
[ 61.753969][ T4167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf2a35d370
[ 61.761949][ T4167] R13: 0000000000000000 R14: 00007fdf2a3601a0 R15: 00007fdf2a297420
[ 61.769935][ T4167]
[ 61.772948][ T4167]
[ 61.775268][ T4167] Allocated by task 4167:
[ 61.779591][ T4167] __kasan_slab_alloc+0x9c/0xd0
[ 61.784447][ T4167] slab_post_alloc_hook+0x4c/0x380
[ 61.789585][ T4167] kmem_cache_alloc+0x100/0x290
[ 61.794449][ T4167] qd_alloc+0x50/0x260
[ 61.798527][ T4167] gfs2_quota_init+0x730/0xe80
[ 61.803282][ T4167] gfs2_make_fs_rw+0x3f5/0x560
[ 61.808311][ T4167] gfs2_fill_super+0x188a/0x1f50
[ 61.813242][ T4167] get_tree_bdev+0x3f1/0x610
[ 61.817942][ T4167] gfs2_get_tree+0x4d/0x1e0
[ 61.822449][ T4167] vfs_get_tree+0x88/0x270
[ 61.826860][ T4167] do_new_mount+0x24a/0xa40
[ 61.831371][ T4167] __se_sys_mount+0x2d6/0x3c0
[ 61.836544][ T4167] do_syscall_64+0x4c/0xa0
[ 61.841194][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.847105][ T4167]
[ 61.849424][ T4167] Freed by task 14:
[ 61.853400][ T4167] kasan_set_track+0x4b/0x70
[ 61.858020][ T4167] kasan_set_free_info+0x1f/0x40
[ 61.863077][ T4167] ____kasan_slab_free+0xd5/0x110
[ 61.868115][ T4167] slab_free_freelist_hook+0xea/0x170
[ 61.873501][ T4167] kmem_cache_free+0x8f/0x210
[ 61.878210][ T4167] rcu_core+0x962/0x15d0
[ 61.882449][ T4167] handle_softirqs+0x328/0x820
[ 61.887211][ T4167] run_ksoftirqd+0x98/0xf0
[ 61.891737][ T4167] smpboot_thread_fn+0x4f6/0x970
[ 61.896681][ T4167] kthread+0x436/0x520
[ 61.900766][ T4167] ret_from_fork+0x1f/0x30
[ 61.905477][ T4167]
[ 61.907802][ T4167] Last potentially related work creation:
[ 61.913767][ T4167] kasan_save_stack+0x35/0x60
[ 61.918470][ T4167] kasan_record_aux_stack+0xb8/0x100
[ 61.923756][ T4167] call_rcu+0x179/0x920
[ 61.927918][ T4167] gfs2_quota_cleanup+0x43c/0x6a0
[ 61.932964][ T4167] gfs2_make_fs_ro+0x237/0x5d0
[ 61.937753][ T4167] gfs2_withdraw+0x5f9/0x1460
[ 61.942439][ T4167] gfs2_inode_refresh+0xb5e/0xfe0
[ 61.947487][ T4167] inode_go_lock+0x127/0x470
[ 61.952088][ T4167] do_promote+0x741/0xab0
[ 61.956424][ T4167] finish_xmote+0x514/0xb70
[ 61.961032][ T4167] do_xmote+0x7b6/0x1120
[ 61.965276][ T4167] gfs2_glock_nq+0xc7a/0x1550
[ 61.969957][ T4167] do_sync+0x486/0xc00
[ 61.974132][ T4167] gfs2_quota_sync+0x32c/0x6f0
[ 61.978916][ T4167] gfs2_sync_fs+0x48/0xb0
[ 61.983268][ T4167] sync_filesystem+0xe6/0x220
[ 61.988343][ T4167] generic_shutdown_super+0x6b/0x300
[ 61.993669][ T4167] kill_block_super+0x7c/0xe0
[ 61.998376][ T4167] deactivate_locked_super+0x93/0xf0
[ 62.003662][ T4167] cleanup_mnt+0x418/0x4d0
[ 62.008231][ T4167] task_work_run+0x125/0x1a0
[ 62.012829][ T4167] do_exit+0x616/0x20a0
[ 62.016993][ T4167] do_group_exit+0x12e/0x300
[ 62.021591][ T4167] __x64_sys_exit_group+0x3b/0x40
[ 62.026706][ T4167] do_syscall_64+0x4c/0xa0
[ 62.031460][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.037576][ T4167]
[ 62.039901][ T4167] The buggy address belongs to the object at ffff88806fc67000
[ 62.039901][ T4167] which belongs to the cache gfs2_quotad of size 272
[ 62.054408][ T4167] The buggy address is located 144 bytes inside of
[ 62.054408][ T4167] 272-byte region [ffff88806fc67000, ffff88806fc67110)
[ 62.067952][ T4167] The buggy address belongs to the page:
[ 62.073927][ T4167] page:ffffea0001bf19c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6fc67
[ 62.084264][ T4167] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 62.092043][ T4167] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801d8d03c0
[ 62.100632][ T4167] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 62.109210][ T4167] page dumped because: kasan: bad access detected
[ 62.115626][ T4167] page_owner tracks the page as allocated
[ 62.121328][ T4167] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 4167, ts 60716130756, free_ts 18419984046
[ 62.139030][ T4167] get_page_from_freelist+0x1b77/0x1c60
[ 62.144579][ T4167] __alloc_pages+0x1e1/0x470
[ 62.149163][ T4167] new_slab+0xc0/0x4b0
[ 62.153230][ T4167] ___slab_alloc+0x81e/0xdf0
[ 62.157816][ T4167] kmem_cache_alloc+0x195/0x290
[ 62.162671][ T4167] qd_alloc+0x50/0x260
[ 62.166739][ T4167] gfs2_quota_init+0x730/0xe80
[ 62.171502][ T4167] gfs2_make_fs_rw+0x3f5/0x560
[ 62.176269][ T4167] gfs2_fill_super+0x188a/0x1f50
[ 62.181256][ T4167] get_tree_bdev+0x3f1/0x610
[ 62.185859][ T4167] gfs2_get_tree+0x4d/0x1e0
[ 62.190359][ T4167] vfs_get_tree+0x88/0x270
[ 62.194769][ T4167] do_new_mount+0x24a/0xa40
[ 62.199389][ T4167] __se_sys_mount+0x2d6/0x3c0
[ 62.204061][ T4167] do_syscall_64+0x4c/0xa0
[ 62.208645][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.214552][ T4167] page last free stack trace:
[ 62.219320][ T4167] free_unref_page_prepare+0x637/0x6c0
[ 62.224781][ T4167] free_unref_page+0x94/0x280
[ 62.229567][ T4167] free_contig_range+0x96/0xf0
[ 62.234329][ T4167] destroy_args+0xef/0x8b0
[ 62.238915][ T4167] debug_vm_pgtable+0x318/0x370
[ 62.243767][ T4167] do_one_initcall+0x1ee/0x680
[ 62.248532][ T4167] do_initcall_level+0x137/0x1f0
[ 62.253820][ T4167] do_initcalls+0x4b/0x90
[ 62.258199][ T4167] kernel_init_freeable+0x3ce/0x560
[ 62.263412][ T4167] kernel_init+0x19/0x1b0
[ 62.267769][ T4167] ret_from_fork+0x1f/0x30
[ 62.272187][ T4167]
[ 62.274507][ T4167] Memory state around the buggy address:
[ 62.280232][ T4167] ffff88806fc66f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.288309][ T4167] ffff88806fc67000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.296475][ T4167] >ffff88806fc67080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.304595][ T4167] ^
[ 62.309179][ T4167] ffff88806fc67100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.317236][ T4167] ffff88806fc67180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.325286][ T4167] ==================================================================
[ 62.333430][ T4167] Disabling lock debugging due to kernel taint
[ 62.351699][ T4167] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 62.359202][ T4167] CPU: 0 PID: 4167 Comm: syz-executor388 Tainted: G B 5.15.181-syzkaller #0
[ 62.369290][ T4167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 62.379435][ T4167] Call Trace:
[ 62.382719][ T4167]
[ 62.385652][ T4167] dump_stack_lvl+0x168/0x230
[ 62.390443][ T4167] ? show_regs_print_info+0x20/0x20
[ 62.395648][ T4167] ? load_image+0x3b0/0x3b0
[ 62.400150][ T4167] panic+0x2c9/0x7f0
[ 62.404049][ T4167] ? bpf_jit_dump+0xd0/0xd0
[ 62.408584][ T4167] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 62.414490][ T4167] ? _raw_spin_unlock+0x40/0x40
[ 62.419342][ T4167] ? print_memory_metadata+0x314/0x400
[ 62.424806][ T4167] ? qd_unlock+0x30/0x2d0
[ 62.429139][ T4167] check_panic_on_warn+0x80/0xa0
[ 62.434101][ T4167] ? qd_unlock+0x30/0x2d0
[ 62.438429][ T4167] end_report+0x6d/0xf0
[ 62.442605][ T4167] kasan_report+0x102/0x130
[ 62.447109][ T4167] ? qd_unlock+0x30/0x2d0
[ 62.451438][ T4167] kasan_check_range+0x27b/0x290
[ 62.456374][ T4167] qd_unlock+0x30/0x2d0
[ 62.460532][ T4167] gfs2_quota_sync+0x5bf/0x6f0
[ 62.465301][ T4167] gfs2_sync_fs+0x48/0xb0
[ 62.469637][ T4167] sync_filesystem+0xe6/0x220
[ 62.474486][ T4167] generic_shutdown_super+0x6b/0x300
[ 62.479773][ T4167] kill_block_super+0x7c/0xe0
[ 62.484448][ T4167] deactivate_locked_super+0x93/0xf0
[ 62.489736][ T4167] cleanup_mnt+0x418/0x4d0
[ 62.494152][ T4167] ? lockdep_hardirqs_on+0x94/0x140
[ 62.499378][ T4167] task_work_run+0x125/0x1a0
[ 62.503967][ T4167] do_exit+0x616/0x20a0
[ 62.508221][ T4167] ? put_task_struct+0x80/0x80
[ 62.512991][ T4167] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 62.519326][ T4167] ? lock_chain_count+0x20/0x20
[ 62.524173][ T4167] do_group_exit+0x12e/0x300
[ 62.528766][ T4167] __x64_sys_exit_group+0x3b/0x40
[ 62.533784][ T4167] do_syscall_64+0x4c/0xa0
[ 62.538198][ T4167] ? clear_bhb_loop+0x15/0x70
[ 62.542871][ T4167] ? clear_bhb_loop+0x15/0x70
[ 62.547545][ T4167] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.553447][ T4167] RIP: 0033:0x7fdf2a2d0f39
[ 62.557873][ T4167] Code: Unable to access opcode bytes at RIP 0x7fdf2a2d0f0f.
[ 62.565226][ T4167] RSP: 002b:00007ffd52023ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 62.573765][ T4167] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdf2a2d0f39
[ 62.581737][ T4167] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 62.589879][ T4167] RBP: 00007fdf2a35d370 R08: ffffffffffffffb8 R09: 00000000000124ce
[ 62.597848][ T4167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf2a35d370
[ 62.605813][ T4167] R13: 0000000000000000 R14: 00007fdf2a3601a0 R15: 00007fdf2a297420
[ 62.613785][ T4167]
[ 62.617001][ T4167] Kernel Offset: disabled
[ 62.621323][ T4167] Rebooting in 86400 seconds..