no interfaces have a carrier
[ 44.927368][ T3855] 8021q: adding VLAN 0 to HW filter on device bond0
[ 44.937963][ T3855] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.67' (ED25519) to the list of known hosts.
2026/03/30 18:28:10 parsed 1 programs
syzkaller login: [ 72.324110][ T4189] cgroup: Unknown subsys name 'net'
[ 72.467738][ T4189] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 74.066859][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 76.344006][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.352318][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.365605][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 76.390160][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 76.398379][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.410192][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 78.425314][ T4279] chnl_net:caif_netlink_parms(): no params data found
[ 78.477118][ T4279] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.485505][ T4279] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.494151][ T4279] device bridge_slave_0 entered promiscuous mode
[ 78.504317][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.511716][ T4279] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.520101][ T4279] device bridge_slave_1 entered promiscuous mode
[ 78.546243][ T4279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.557771][ T4279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.583516][ T4279] team0: Port device team_slave_0 added
[ 78.592454][ T4279] team0: Port device team_slave_1 added
[ 78.613603][ T4279] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.621115][ T4279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.647314][ T4279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.685898][ T4279] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.693108][ T4279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 78.719622][ T4279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.752114][ T4279] device hsr_slave_0 entered promiscuous mode
[ 78.759271][ T4279] device hsr_slave_1 entered promiscuous mode
[ 78.918200][ T4279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 78.931108][ T4279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 78.943384][ T4279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 78.975863][ T4279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 79.061145][ T4279] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.076078][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 79.085662][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 79.097295][ T4279] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.112423][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 79.123615][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 79.133977][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.141517][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.177086][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 79.186506][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 79.196752][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 79.206062][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.213400][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.226801][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 79.268667][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 79.280158][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 79.289831][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 79.299796][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 79.313340][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 79.322915][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 79.355624][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 79.364694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 79.379533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 79.388530][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 79.402321][ T4279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 79.534518][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 79.543153][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 79.569573][ T4279] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.602781][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 79.623006][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 79.632317][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 79.641454][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 79.662767][ T4279] device veth0_vlan entered promiscuous mode
[ 79.704095][ T4279] device veth1_vlan entered promiscuous mode
[ 79.728384][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 79.737465][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 79.749060][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 79.763865][ T4279] device veth0_macvtap entered promiscuous mode
[ 79.773407][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 79.787122][ T4279] device veth1_macvtap entered promiscuous mode
[ 79.810016][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.819938][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 79.831027][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 79.844909][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.853111][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 79.862887][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 79.875645][ T4279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.886785][ T4279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.896444][ T4279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.907165][ T4279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/03/30 18:28:21 executed programs: 0
[ 80.988267][ T4299] chnl_net:caif_netlink_parms(): no params data found
[ 81.067241][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.074710][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.083439][ T4299] device bridge_slave_0 entered promiscuous mode
[ 81.093741][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.101205][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.109561][ T4299] device bridge_slave_1 entered promiscuous mode
[ 81.134505][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.149374][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.175280][ T4299] team0: Port device team_slave_0 added
[ 81.187202][ T4299] team0: Port device team_slave_1 added
[ 81.207655][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.214997][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.241160][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.254879][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.262150][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 81.288333][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 81.331363][ T4299] device hsr_slave_0 entered promiscuous mode
[ 81.341256][ T4299] device hsr_slave_1 entered promiscuous mode
[ 81.348091][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 81.356765][ T4299] Cannot create hsr debugfs directory
[ 81.459404][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.851578][ T1108] Bluetooth: hci0: command 0x0409 tx timeout
[ 84.239181][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.529338][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.615346][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.731363][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.743449][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.754185][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.763579][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.838489][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.853149][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 84.861871][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 84.886936][ T4299] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.899972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 84.910069][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 84.920917][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.928173][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.934782][ T4270] Bluetooth: hci0: command 0x041b tx timeout
[ 84.963920][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 84.972489][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 84.981849][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 84.991898][ T154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.999087][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.007930][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 85.023504][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 85.049476][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 85.059263][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 85.077700][ T4299] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 85.088638][ T4299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 85.101670][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 85.111273][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 85.121865][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 85.132090][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 85.140788][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 85.149807][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 85.158803][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 85.169945][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 85.232255][ T9] device hsr_slave_0 left promiscuous mode
[ 85.239395][ T9] device hsr_slave_1 left promiscuous mode
[ 85.246422][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 85.254492][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.264102][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.271607][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.279433][ T9] device bridge_slave_1 left promiscuous mode
[ 85.286998][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.303275][ T9] device bridge_slave_0 left promiscuous mode
[ 85.309635][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.328859][ T9] device veth1_macvtap left promiscuous mode
[ 85.336441][ T9] device veth0_macvtap left promiscuous mode
[ 85.342637][ T9] device veth1_vlan left promiscuous mode
[ 85.348814][ T9] device veth0_vlan left promiscuous mode
[ 85.531276][ T9] team0 (unregistering): Port device team_slave_1 removed
[ 85.544695][ T9] team0 (unregistering): Port device team_slave_0 removed
[ 85.566265][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 85.582196][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 85.644863][ T9] bond0 (unregistering): Released all slaves
[ 85.757195][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 85.765372][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 85.778400][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.804131][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 85.814322][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 85.839935][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 85.849018][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 85.857886][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 85.867074][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 85.876883][ T4299] device veth0_vlan entered promiscuous mode
[ 85.893611][ T4299] device veth1_vlan entered promiscuous mode
[ 85.930169][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 85.939241][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 85.952583][ T4299] device veth0_macvtap entered promiscuous mode
[ 85.963704][ T4299] device veth1_macvtap entered promiscuous mode
[ 85.982578][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.990102][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 85.998982][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 86.007571][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 86.017670][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 86.031128][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 86.042275][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.054626][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.063455][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.073965][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.092648][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 86.102204][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 86.154718][ T1248] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.166781][ T1248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.174785][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 86.203196][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.213652][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.223887][ T1160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 86.884486][ T4312] loop0: detected capacity change from 0 to 32768
[ 86.940172][ T4312] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 86.960348][ T4312] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 87.011095][ T4273] Bluetooth: hci0: command 0x040f tx timeout
[ 87.023090][ T4312] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[ 87.045500][ T4311] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 87.060365][ T4311] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 87.115017][ T4311] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 54ms
[ 87.133130][ T4311] gfs2: fsid=syz:syz.0: jid=0: Done
[ 87.139806][ T4312] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 87.253477][ T1326] cfg80211: failed to load regulatory.db
[ 87.288096][ T4312] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 87.328847][ T4299] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 87.328847][ T4299] inode = 11 2339
[ 87.328847][ T4299] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[ 87.372230][ T4299] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 87.409647][ T4299] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[ 87.450797][ T4299] CPU: 1 PID: 4299 Comm: syz-executor Not tainted syzkaller #0
[ 87.458509][ T4299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 87.468700][ T4299] Call Trace:
[ 87.472056][ T4299]
[ 87.475036][ T4299] dump_stack_lvl+0x188/0x250
[ 87.479894][ T4299] ? show_regs_print_info+0x20/0x20
[ 87.485143][ T4299] ? load_image+0x400/0x400
[ 87.489703][ T4299] ? do_raw_spin_unlock+0x11d/0x230
[ 87.495182][ T4299] gfs2_assert_warn_i+0x18f/0x2c0
[ 87.500272][ T4299] gfs2_quota_cleanup+0x4b4/0x6a0
[ 87.505347][ T4299] gfs2_make_fs_ro+0x440/0x620
[ 87.510263][ T4299] ? __might_sleep+0xf0/0xf0
[ 87.515124][ T4299] ? gfs2_dinode_out+0xb00/0xb00
[ 87.520155][ T4299] ? _raw_spin_unlock+0x24/0x40
[ 87.525050][ T4299] ? gfs2_glock_nq+0xcb0/0x1550
[ 87.529995][ T4299] gfs2_withdraw+0x610/0x1490
[ 87.534819][ T4299] ? gfs2_lm+0x240/0x240
[ 87.539144][ T4299] ? __schedule+0x11f7/0x43c0
[ 87.543874][ T4299] ? gfs2_freeze_lock+0x52/0xc0
[ 87.549027][ T4299] ? gfs2_consist_inode_i+0xc0/0xe0
[ 87.554317][ T4299] gfs2_inode_refresh+0xb64/0xff0
[ 87.559799][ T4299] ? do_promote+0x71a/0xab0
[ 87.564350][ T4299] ? gfs2_inode_metasync+0xf0/0xf0
[ 87.569526][ T4299] ? __lock_acquire+0x7d10/0x7d10
[ 87.574621][ T4299] inode_go_lock+0x127/0x470
[ 87.579359][ T4299] do_promote+0x741/0xab0
[ 87.583746][ T4299] finish_xmote+0x4df/0xb00
[ 87.588408][ T4299] do_xmote+0x7b6/0x1120
[ 87.592702][ T4299] gfs2_glock_nq+0xc7a/0x1550
[ 87.597427][ T4299] do_sync+0x4ab/0xc40
[ 87.601553][ T4299] ? slot_put+0x1e0/0x1e0
[ 87.605942][ T4299] ? __lock_acquire+0x7d10/0x7d10
[ 87.610999][ T4299] ? do_raw_spin_lock+0x128/0x2f0
[ 87.616262][ T4299] ? do_sync+0x4a3/0xc40
[ 87.620630][ T4299] ? do_raw_spin_unlock+0x11d/0x230
[ 87.626046][ T4299] gfs2_quota_sync+0x32c/0x700
[ 87.631506][ T4299] gfs2_sync_fs+0x48/0xb0
[ 87.635872][ T4299] sync_filesystem+0xe6/0x220
[ 87.640591][ T4299] generic_shutdown_super+0x6b/0x300
[ 87.645916][ T4299] kill_block_super+0x7c/0xe0
[ 87.650630][ T4299] deactivate_locked_super+0x93/0xf0
[ 87.655945][ T4299] cleanup_mnt+0x42d/0x4e0
[ 87.660400][ T4299] ? lockdep_hardirqs_on+0x94/0x140
[ 87.665921][ T4299] task_work_run+0x125/0x1a0
[ 87.670661][ T4299] exit_to_user_mode_loop+0x10f/0x130
[ 87.676106][ T4299] exit_to_user_mode_prepare+0xee/0x180
[ 87.681707][ T4299] syscall_exit_to_user_mode+0x16/0x40
[ 87.687213][ T4299] do_syscall_64+0x58/0xa0
[ 87.691694][ T4299] ? clear_bhb_loop+0x30/0x80
[ 87.696493][ T4299] ? clear_bhb_loop+0x30/0x80
[ 87.701303][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.707237][ T4299] RIP: 0033:0x7fe453b9aa57
[ 87.711693][ T4299] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 87.731647][ T4299] RSP: 002b:00007fffd001f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 87.740221][ T4299] RAX: 0000000000000000 RBX: 00007fe453c2f048 RCX: 00007fe453b9aa57
[ 87.748225][ T4299] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd001f800
[ 87.756226][ T4299] RBP: 00007fffd001f800 R08: 00007fffd0020800 R09: 00000000ffffffff
[ 87.764325][ T4299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd0020890
[ 87.772417][ T4299] R13: 00007fe453c2f048 R14: 00000000000150d6 R15: 00007fffd00208d0
[ 87.780448][ T4299]
[ 88.123827][ T4299] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 88.134403][ T4299] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 88.152132][ T4299] gfs2: fsid=syz:syz.0: File system withdrawn
[ 88.158490][ T4299] CPU: 1 PID: 4299 Comm: syz-executor Not tainted syzkaller #0
[ 88.166086][ T4299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 88.176197][ T4299] Call Trace:
[ 88.179532][ T4299]
[ 88.182509][ T4299] dump_stack_lvl+0x188/0x250
[ 88.187390][ T4299] ? kobject_uevent_env+0x371/0x890
[ 88.192826][ T4299] ? show_regs_print_info+0x20/0x20
[ 88.198222][ T4299] ? load_image+0x400/0x400
[ 88.203312][ T4299] ? kobject_uevent_env+0x371/0x890
[ 88.208658][ T4299] ? lockref_put_or_lock+0x6e/0xb0
[ 88.213826][ T4299] gfs2_withdraw+0x1149/0x1490
[ 88.218652][ T4299] ? gfs2_lm+0x240/0x240
[ 88.222931][ T4299] ? __schedule+0x11f7/0x43c0
[ 88.227831][ T4299] ? gfs2_consist_inode_i+0xc0/0xe0
[ 88.233081][ T4299] gfs2_inode_refresh+0xb64/0xff0
[ 88.238168][ T4299] ? do_promote+0x71a/0xab0
[ 88.242716][ T4299] ? gfs2_inode_metasync+0xf0/0xf0
[ 88.247857][ T4299] ? __lock_acquire+0x7d10/0x7d10
[ 88.253111][ T4299] inode_go_lock+0x127/0x470
[ 88.257735][ T4299] do_promote+0x741/0xab0
[ 88.262105][ T4299] finish_xmote+0x4df/0xb00
[ 88.266659][ T4299] do_xmote+0x7b6/0x1120
[ 88.270945][ T4299] gfs2_glock_nq+0xc7a/0x1550
[ 88.275669][ T4299] do_sync+0x4ab/0xc40
[ 88.279782][ T4299] ? slot_put+0x1e0/0x1e0
[ 88.284177][ T4299] ? __lock_acquire+0x7d10/0x7d10
[ 88.289338][ T4299] ? do_raw_spin_lock+0x128/0x2f0
[ 88.294400][ T4299] ? do_sync+0x4a3/0xc40
[ 88.298767][ T4299] ? do_raw_spin_unlock+0x11d/0x230
[ 88.304092][ T4299] gfs2_quota_sync+0x32c/0x700
[ 88.308903][ T4299] gfs2_sync_fs+0x48/0xb0
[ 88.313263][ T4299] sync_filesystem+0xe6/0x220
[ 88.317982][ T4299] generic_shutdown_super+0x6b/0x300
[ 88.323481][ T4299] kill_block_super+0x7c/0xe0
[ 88.328193][ T4299] deactivate_locked_super+0x93/0xf0
[ 88.333511][ T4299] cleanup_mnt+0x42d/0x4e0
[ 88.337991][ T4299] ? lockdep_hardirqs_on+0x94/0x140
[ 88.343220][ T4299] task_work_run+0x125/0x1a0
[ 88.347849][ T4299] exit_to_user_mode_loop+0x10f/0x130
[ 88.353286][ T4299] exit_to_user_mode_prepare+0xee/0x180
[ 88.358882][ T4299] syscall_exit_to_user_mode+0x16/0x40
[ 88.364392][ T4299] do_syscall_64+0x58/0xa0
[ 88.368862][ T4299] ? clear_bhb_loop+0x30/0x80
[ 88.373573][ T4299] ? clear_bhb_loop+0x30/0x80
[ 88.378315][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.384331][ T4299] RIP: 0033:0x7fe453b9aa57
[ 88.388785][ T4299] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 88.408548][ T4299] RSP: 002b:00007fffd001f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 88.417119][ T4299] RAX: 0000000000000000 RBX: 00007fe453c2f048 RCX: 00007fe453b9aa57
[ 88.425130][ T4299] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd001f800
[ 88.433138][ T4299] RBP: 00007fffd001f800 R08: 00007fffd0020800 R09: 00000000ffffffff
[ 88.441142][ T4299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd0020890
[ 88.449545][ T4299] R13: 00007fe453c2f048 R14: 00000000000150d6 R15: 00007fffd00208d0
[ 88.457836][ T4299]
[ 88.494333][ T4299] ==================================================================
[ 88.503181][ T4299] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[ 88.509949][ T4299] Read of size 8 at addr ffff88805d55a090 by task syz-executor/4299
[ 88.517986][ T4299]
[ 88.520345][ T4299] CPU: 1 PID: 4299 Comm: syz-executor Not tainted syzkaller #0
[ 88.527934][ T4299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 88.538124][ T4299] Call Trace:
[ 88.541459][ T4299]
[ 88.544563][ T4299] dump_stack_lvl+0x188/0x250
[ 88.549466][ T4299] ? show_regs_print_info+0x20/0x20
[ 88.554736][ T4299] ? _printk+0xda/0x130
[ 88.558968][ T4299] ? qd_unlock+0x30/0x2d0
[ 88.563377][ T4299] ? load_image+0x400/0x400
[ 88.567907][ T4299] ? _raw_spin_lock_irqsave+0xbc/0x100
[ 88.573506][ T4299] print_address_description+0x60/0x2d0
[ 88.579103][ T4299] ? qd_unlock+0x30/0x2d0
[ 88.583465][ T4299] kasan_report+0xdf/0x130
[ 88.587958][ T4299] ? qd_unlock+0x30/0x2d0
[ 88.592534][ T4299] kasan_check_range+0x235/0x290
[ 88.597682][ T4299] qd_unlock+0x30/0x2d0
[ 88.602022][ T4299] gfs2_quota_sync+0x5cf/0x700
[ 88.606831][ T4299] gfs2_sync_fs+0x48/0xb0
[ 88.611368][ T4299] sync_filesystem+0xe6/0x220
[ 88.616181][ T4299] generic_shutdown_super+0x6b/0x300
[ 88.621501][ T4299] kill_block_super+0x7c/0xe0
[ 88.626212][ T4299] deactivate_locked_super+0x93/0xf0
[ 88.631641][ T4299] cleanup_mnt+0x42d/0x4e0
[ 88.636101][ T4299] ? lockdep_hardirqs_on+0x94/0x140
[ 88.641333][ T4299] task_work_run+0x125/0x1a0
[ 88.645966][ T4299] exit_to_user_mode_loop+0x10f/0x130
[ 88.651372][ T4299] exit_to_user_mode_prepare+0xee/0x180
[ 88.656954][ T4299] syscall_exit_to_user_mode+0x16/0x40
[ 88.662451][ T4299] do_syscall_64+0x58/0xa0
[ 88.666901][ T4299] ? clear_bhb_loop+0x30/0x80
[ 88.671612][ T4299] ? clear_bhb_loop+0x30/0x80
[ 88.676325][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.682335][ T4299] RIP: 0033:0x7fe453b9aa57
[ 88.686976][ T4299] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[ 88.706932][ T4299] RSP: 002b:00007fffd001f748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 88.715448][ T4299] RAX: 0000000000000000 RBX: 00007fe453c2f048 RCX: 00007fe453b9aa57
[ 88.723571][ T4299] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd001f800
[ 88.731671][ T4299] RBP: 00007fffd001f800 R08: 00007fffd0020800 R09: 00000000ffffffff
[ 88.739683][ T4299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd0020890
[ 88.747771][ T4299] R13: 00007fe453c2f048 R14: 00000000000150d6 R15: 00007fffd00208d0
[ 88.755903][ T4299]
[ 88.758953][ T4299]
[ 88.761298][ T4299] Allocated by task 4312:
[ 88.765637][ T4299] __kasan_slab_alloc+0x9c/0xd0
[ 88.770522][ T4299] slab_post_alloc_hook+0x4c/0x380
[ 88.775745][ T4299] kmem_cache_alloc+0x100/0x290
[ 88.780619][ T4299] qd_alloc+0x50/0x260
[ 88.784815][ T4299] gfs2_quota_init+0x74e/0xea0
[ 88.789602][ T4299] gfs2_make_fs_rw+0x414/0x580
[ 88.794403][ T4299] gfs2_fill_super+0x1837/0x1f00
[ 88.799499][ T4299] get_tree_bdev+0x3f1/0x610
[ 88.804269][ T4299] gfs2_get_tree+0x4d/0x1e0
[ 88.808811][ T4299] vfs_get_tree+0x88/0x270
[ 88.813280][ T4299] do_new_mount+0x24a/0xa40
[ 88.817829][ T4299] __se_sys_mount+0x2e3/0x3d0
[ 88.822623][ T4299] do_syscall_64+0x4c/0xa0
[ 88.827109][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 88.833038][ T4299]
[ 88.835396][ T4299] Freed by task 9:
[ 88.839137][ T4299] kasan_set_track+0x4b/0x70
[ 88.843785][ T4299] kasan_set_free_info+0x1f/0x40
[ 88.848935][ T4299] ____kasan_slab_free+0xd5/0x110
[ 88.854003][ T4299] slab_free_freelist_hook+0xea/0x170
[ 88.859497][ T4299] kmem_cache_free+0x8f/0x210
[ 88.864280][ T4299] rcu_core+0x9d2/0x1670
[ 88.868588][ T4299] handle_softirqs+0x339/0x830
[ 88.873390][ T4299] __irq_exit_rcu+0x13b/0x230
[ 88.878205][ T4299] irq_exit_rcu+0x5/0x20
[ 88.882479][ T4299] sysvec_apic_timer_interrupt+0xa0/0xc0
[ 88.888150][ T4299] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 88.894160][ T4299]
[ 88.896511][ T4299] Last potentially related work creation:
[ 88.902245][ T4299] kasan_save_stack+0x35/0x60
[ 88.907065][ T4299] kasan_record_aux_stack+0xb8/0x100
[ 88.912473][ T4299] call_rcu+0x189/0x950
[ 88.916662][ T4299] gfs2_quota_cleanup+0x43c/0x6a0
[ 88.921725][ T4299] gfs2_make_fs_ro+0x440/0x620
[ 88.926518][ T4299] gfs2_withdraw+0x610/0x1490
[ 88.931226][ T4299] gfs2_inode_refresh+0xb64/0xff0
[ 88.936295][ T4299] inode_go_lock+0x127/0x470
[ 88.940941][ T4299] do_promote+0x741/0xab0
[ 88.945304][ T4299] finish_xmote+0x4df/0xb00
[ 88.949927][ T4299] do_xmote+0x7b6/0x1120
[ 88.954208][ T4299] gfs2_glock_nq+0xc7a/0x1550
[ 88.958925][ T4299] do_sync+0x4ab/0xc40
[ 88.963023][ T4299] gfs2_quota_sync+0x32c/0x700
[ 88.967814][ T4299] gfs2_sync_fs+0x48/0xb0
[ 88.972167][ T4299] sync_filesystem+0xe6/0x220
[ 88.976903][ T4299] generic_shutdown_super+0x6b/0x300
[ 88.982391][ T4299] kill_block_super+0x7c/0xe0
[ 88.987102][ T4299] deactivate_locked_super+0x93/0xf0
[ 88.992444][ T4299] cleanup_mnt+0x42d/0x4e0
[ 88.996906][ T4299] task_work_run+0x125/0x1a0
[ 89.001705][ T4299] exit_to_user_mode_loop+0x10f/0x130
[ 89.007113][ T4299] exit_to_user_mode_prepare+0xee/0x180
[ 89.012700][ T4299] syscall_exit_to_user_mode+0x16/0x40
[ 89.018196][ T4299] do_syscall_64+0x58/0xa0
[ 89.022639][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.028695][ T4299]
[ 89.031050][ T4299] The buggy address belongs to the object at ffff88805d55a000
[ 89.031050][ T4299] which belongs to the cache gfs2_quotad of size 272
[ 89.045130][ T4299] The buggy address is located 144 bytes inside of
[ 89.045130][ T4299] 272-byte region [ffff88805d55a000, ffff88805d55a110)
[ 89.058445][ T4299] The buggy address belongs to the page:
[ 89.064119][ T4299] page:ffffea0001755680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d55a
[ 89.074308][ T4299] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 89.082010][ T4299] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801e58a8c0
[ 89.090634][ T4299] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 89.099497][ T4299] page dumped because: kasan: bad access detected
[ 89.105957][ T4299] page_owner tracks the page as allocated
[ 89.111738][ T4299] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4312, ts 87271304117, free_ts 25293318117
[ 89.130885][ T4299] get_page_from_freelist+0x1bbd/0x1ca0
[ 89.136488][ T4299] __alloc_pages+0x1ee/0x480
[ 89.141108][ T4299] new_slab+0xc0/0x4b0
[ 89.145208][ T4299] ___slab_alloc+0x80a/0xdd0
[ 89.149821][ T4299] kmem_cache_alloc+0x195/0x290
[ 89.154700][ T4299] qd_alloc+0x50/0x260
[ 89.158807][ T4299] gfs2_quota_init+0x74e/0xea0
[ 89.163602][ T4299] gfs2_make_fs_rw+0x414/0x580
[ 89.168387][ T4299] gfs2_fill_super+0x1837/0x1f00
[ 89.173363][ T4299] get_tree_bdev+0x3f1/0x610
[ 89.178080][ T4299] gfs2_get_tree+0x4d/0x1e0
[ 89.182654][ T4299] vfs_get_tree+0x88/0x270
[ 89.187101][ T4299] do_new_mount+0x24a/0xa40
[ 89.191628][ T4299] __se_sys_mount+0x2e3/0x3d0
[ 89.196349][ T4299] do_syscall_64+0x4c/0xa0
[ 89.200919][ T4299] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 89.206877][ T4299] page last free stack trace:
[ 89.211817][ T4299] free_unref_page_prepare+0x637/0x6c0
[ 89.217331][ T4299] free_unref_page+0x8f/0x2a0
[ 89.222032][ T4299] free_contig_range+0x96/0xf0
[ 89.226941][ T4299] destroy_args+0xf0/0xa00
[ 89.231400][ T4299] debug_vm_pgtable+0x321/0x380
[ 89.236285][ T4299] do_one_initcall+0x272/0x730
[ 89.241166][ T4299] do_initcall_level+0x137/0x1f0
[ 89.246128][ T4299] do_initcalls+0x4b/0x90
[ 89.250478][ T4299] kernel_init_freeable+0x3e9/0x570
[ 89.255701][ T4299] kernel_init+0x19/0x1b0
[ 89.260156][ T4299] ret_from_fork+0x1f/0x30
[ 89.264610][ T4299]
[ 89.266952][ T4299] Memory state around the buggy address:
[ 89.272720][ T4299] ffff88805d559f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.280917][ T4299] ffff88805d55a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.289015][ T4299] >ffff88805d55a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.297104][ T4299] ^
[ 89.301718][ T4299] ffff88805d55a100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.309801][ T4299] ffff88805d55a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.317969][ T4299] ==================================================================
[ 89.326157][ T4299] Disabling lock debugging due to kernel taint
[ 89.335303][ T4270] Bluetooth: hci0: command 0x0419 tx timeout