[ 58.478906][ T1067] bridge0: port 1(bridge_slave_0) entered disabled state
[ 58.496134][ T1067] device veth1_macvtap left promiscuous mode
[ 58.502635][ T1067] device veth0_macvtap left promiscuous mode
[ 58.510496][ T1067] device veth1_vlan left promiscuous mode
[ 58.516525][ T1067] device veth0_vlan left promiscuous mode
[ 58.754698][ T1067] team0 (unregistering): Port device team_slave_1 removed
[ 58.770093][ T1067] team0 (unregistering): Port device team_slave_0 removed
[ 58.781700][ T1067] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 58.794291][ T1067] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 58.840839][ T1067] bond0 (unregistering): Released all slaves
[ 76.299947][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts.
2023/01/11 11:44:48 ignoring optional flag "sandboxArg"="0"
2023/01/11 11:44:48 parsed 1 programs
2023/01/11 11:44:48 executed programs: 0
[ 77.138894][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 77.146996][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 77.155740][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 77.163578][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 77.171029][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.274435][ T5528] chnl_net:caif_netlink_parms(): no params data found
[ 77.312672][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.320177][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.327870][ T5528] device bridge_slave_0 entered promiscuous mode
[ 77.336729][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.344684][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.352841][ T5528] device bridge_slave_1 entered promiscuous mode
[ 77.372993][ T5528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.384079][ T5528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.406268][ T5528] team0: Port device team_slave_0 added
[ 77.413628][ T5528] team0: Port device team_slave_1 added
[ 77.432162][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 77.439419][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.465526][ T5528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 77.477649][ T5528] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 77.484711][ T5528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.510743][ T5528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 77.540536][ T5528] device hsr_slave_0 entered promiscuous mode
[ 77.547323][ T5528] device hsr_slave_1 entered promiscuous mode
[ 78.346482][ T5528] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 78.356512][ T5528] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 78.367038][ T5528] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 78.377263][ T5528] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 78.452444][ T5528] 8021q: adding VLAN 0 to HW filter on device bond0
[ 78.480022][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 78.488377][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 78.502185][ T5528] 8021q: adding VLAN 0 to HW filter on device team0
[ 78.513737][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 78.523435][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 78.534026][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.541291][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 78.563929][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 78.573513][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 78.582698][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 78.593185][ T4731] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.600361][ T4731] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 78.610554][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 78.632708][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 78.642860][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 78.653475][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 78.663598][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 78.673479][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 78.686369][ T5528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 78.699821][ T5528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 78.709001][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 78.716933][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 78.729544][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 78.945472][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 78.953672][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 78.969354][ T5528] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 78.993832][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 79.005306][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 79.028234][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 79.037616][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 79.049967][ T5528] device veth0_vlan entered promiscuous mode
[ 79.062339][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 79.070797][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 79.082592][ T5528] device veth1_vlan entered promiscuous mode
[ 79.107625][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 79.116447][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 79.126588][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 79.135581][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 79.148786][ T5528] device veth0_macvtap entered promiscuous mode
[ 79.158105][ T5528] device veth1_macvtap entered promiscuous mode
[ 79.181086][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.188453][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 79.198079][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 79.207801][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 79.216998][ T4731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 79.229848][ T5528] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.241499][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 79.251031][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 79.260778][ T5528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.269633][ T4387] Bluetooth: hci0: command 0x0409 tx timeout
[ 79.277577][ T5528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.286999][ T5528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.296618][ T5528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.367940][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.380176][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.400847][ T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 79.414176][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.424042][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.435077][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 79.876307][ T5599] loop0: detected capacity change from 0 to 32768
[ 79.895499][ T5599] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 79.904354][ T5599] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 79.924324][ T5599] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 79.935505][ T22] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 79.944645][ T22] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 80.008268][ T22] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 63ms
[ 80.020875][ T22] gfs2: fsid=syz:syz.0: jid=0: Done
[ 80.026787][ T5599] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 80.181799][ T5599] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 80.219141][ T5528] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 80.219141][ T5528] inode = 11 2340
[ 80.219141][ T5528] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[ 80.240325][ T5528] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 80.251747][ T5528] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5528 [syz-executor.0] gfs2_quota_sync+0x3da/0x8b0
[ 80.264490][ T5528] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 80.273196][ T5528] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 80.289000][ T5528] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1476
[ 80.304747][ T5528] CPU: 1 PID: 5528 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0
[ 80.313900][ T5528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 80.323980][ T5528] Call Trace:
[ 80.327290][ T5528]
[ 80.330243][ T5528] dump_stack_lvl+0x1b1/0x290
[ 80.334953][ T5528] ? nf_tcp_handle_invalid+0x630/0x630
[ 80.340442][ T5528] ? panic+0x710/0x710
[ 80.344542][ T5528] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.349801][ T5528] gfs2_assert_warn_i+0x19a/0x2e0
[ 80.354886][ T5528] gfs2_quota_cleanup+0x4c6/0x6b0
[ 80.360055][ T5528] gfs2_make_fs_ro+0x517/0x610
[ 80.364846][ T5528] ? __might_sleep+0xc0/0xc0
[ 80.369463][ T5528] ? gfs2_dinode_out+0xad0/0xad0
[ 80.374422][ T5528] ? gfs2_glock_nq+0xdaa/0x1700
[ 80.379329][ T5528] ? gfs2_instantiate+0x207/0x220
[ 80.384507][ T5528] ? gfs2_glock_wait+0x213/0x2a0
[ 80.389761][ T5528] gfs2_withdraw+0x609/0x1540
[ 80.394489][ T5528] ? gfs2_lm+0x220/0x220
[ 80.398782][ T5528] ? make_kgid+0x1fe/0x710
[ 80.403257][ T5528] ? gfs2_withdraw+0x5cc/0x1540
[ 80.408158][ T5528] ? gfs2_consist_inode_i+0xf3/0x110
[ 80.413483][ T5528] gfs2_inode_refresh+0xb2d/0xf60
[ 80.418820][ T5528] ? gfs2_inode_metasync+0xf0/0xf0
[ 80.423987][ T5528] ? _raw_spin_unlock+0x24/0x40
[ 80.429135][ T5528] ? gfs2_glock_nq+0xdaa/0x1700
[ 80.434028][ T5528] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.439273][ T5528] gfs2_instantiate+0x15e/0x220
[ 80.444163][ T5528] gfs2_glock_wait+0x1d9/0x2a0
[ 80.448967][ T5528] do_sync+0x485/0xc80
[ 80.453082][ T5528] ? gfs2_quota_sync+0x3da/0x8b0
[ 80.458071][ T5528] ? slot_put+0x1f0/0x1f0
[ 80.462436][ T5528] ? do_raw_spin_lock+0x147/0x3a0
[ 80.467503][ T5528] ? __lock_acquire+0x1f60/0x1f60
[ 80.472568][ T5528] ? gfs2_quota_sync+0x3da/0x8b0
[ 80.477543][ T5528] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.485214][ T5528] ? qd_check_sync+0xba/0x3f0
[ 80.489935][ T5528] gfs2_quota_sync+0x3da/0x8b0
[ 80.494753][ T5528] gfs2_sync_fs+0x49/0xb0
[ 80.499148][ T5528] sync_filesystem+0xe8/0x220
[ 80.503865][ T5528] generic_shutdown_super+0x6b/0x310
[ 80.509182][ T5528] kill_block_super+0x79/0xd0
[ 80.513889][ T5528] deactivate_locked_super+0xa7/0xf0
[ 80.519210][ T5528] cleanup_mnt+0x494/0x520
[ 80.523654][ T5528] ? lockdep_hardirqs_on+0x8d/0x130
[ 80.528886][ T5528] task_work_run+0x243/0x300
[ 80.533515][ T5528] ? task_work_cancel+0x290/0x290
[ 80.538585][ T5528] ? exit_to_user_mode_loop+0x42/0x150
[ 80.544083][ T5528] exit_to_user_mode_loop+0x124/0x150
[ 80.549511][ T5528] exit_to_user_mode_prepare+0xb2/0x140
[ 80.555093][ T5528] syscall_exit_to_user_mode+0x26/0x60
[ 80.560582][ T5528] do_syscall_64+0x49/0xb0
[ 80.565035][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.570966][ T5528] RIP: 0033:0x7f48b1a8d517
[ 80.575420][ T5528] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.595492][ T5528] RSP: 002b:00007ffcfdfd53e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 80.603948][ T5528] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f48b1a8d517
[ 80.611949][ T5528] RDX: 00007ffcfdfd54b9 RSI: 000000000000000a RDI: 00007ffcfdfd54b0
[ 80.620131][ T5528] RBP: 00007ffcfdfd54b0 R08: 00000000ffffffff R09: 00007ffcfdfd5280
[ 80.628131][ T5528] R10: 00005555569628b3 R11: 0000000000000246 R12: 00007f48b1ae6b24
[ 80.636131][ T5528] R13: 00007ffcfdfd6570 R14: 0000555556962810 R15: 00007ffcfdfd65b0
[ 80.644152][ T5528]
[ 80.665998][ T5528] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 80.676546][ T5528] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 80.686618][ T5528] gfs2: fsid=syz:syz.0: File system withdrawn
[ 80.693101][ T5528] CPU: 1 PID: 5528 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0
[ 80.702244][ T5528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 80.712323][ T5528] Call Trace:
[ 80.715620][ T5528]
[ 80.718568][ T5528] dump_stack_lvl+0x1b1/0x290
[ 80.723293][ T5528] ? nf_tcp_handle_invalid+0x630/0x630
[ 80.728869][ T5528] ? panic+0x710/0x710
[ 80.732972][ T5528] ? kobject_uevent_env+0x46b/0x8e0
[ 80.738227][ T5528] gfs2_withdraw+0xf33/0x1540
[ 80.742955][ T5528] ? gfs2_lm+0x220/0x220
[ 80.747224][ T5528] ? make_kgid+0x1fe/0x710
[ 80.751685][ T5528] ? gfs2_consist_inode_i+0xf3/0x110
[ 80.757011][ T5528] gfs2_inode_refresh+0xb2d/0xf60
[ 80.762081][ T5528] ? gfs2_inode_metasync+0xf0/0xf0
[ 80.767239][ T5528] ? _raw_spin_unlock+0x24/0x40
[ 80.772634][ T5528] ? gfs2_glock_nq+0xdaa/0x1700
[ 80.777493][ T5528] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.782784][ T5528] gfs2_instantiate+0x15e/0x220
[ 80.787645][ T5528] gfs2_glock_wait+0x1d9/0x2a0
[ 80.792414][ T5528] do_sync+0x485/0xc80
[ 80.796486][ T5528] ? gfs2_quota_sync+0x3da/0x8b0
[ 80.801434][ T5528] ? slot_put+0x1f0/0x1f0
[ 80.805768][ T5528] ? do_raw_spin_lock+0x147/0x3a0
[ 80.810823][ T5528] ? __lock_acquire+0x1f60/0x1f60
[ 80.815871][ T5528] ? gfs2_quota_sync+0x3da/0x8b0
[ 80.820891][ T5528] ? do_raw_spin_unlock+0x134/0x8a0
[ 80.826163][ T5528] ? qd_check_sync+0xba/0x3f0
[ 80.830861][ T5528] gfs2_quota_sync+0x3da/0x8b0
[ 80.835741][ T5528] gfs2_sync_fs+0x49/0xb0
[ 80.840075][ T5528] sync_filesystem+0xe8/0x220
[ 80.844758][ T5528] generic_shutdown_super+0x6b/0x310
[ 80.850052][ T5528] kill_block_super+0x79/0xd0
[ 80.854729][ T5528] deactivate_locked_super+0xa7/0xf0
[ 80.860027][ T5528] cleanup_mnt+0x494/0x520
[ 80.864447][ T5528] ? lockdep_hardirqs_on+0x8d/0x130
[ 80.869647][ T5528] task_work_run+0x243/0x300
[ 80.874252][ T5528] ? task_work_cancel+0x290/0x290
[ 80.879286][ T5528] ? exit_to_user_mode_loop+0x42/0x150
[ 80.884795][ T5528] exit_to_user_mode_loop+0x124/0x150
[ 80.890194][ T5528] exit_to_user_mode_prepare+0xb2/0x140
[ 80.895783][ T5528] syscall_exit_to_user_mode+0x26/0x60
[ 80.901248][ T5528] do_syscall_64+0x49/0xb0
[ 80.905672][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.911574][ T5528] RIP: 0033:0x7f48b1a8d517
[ 80.915988][ T5528] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.935630][ T5528] RSP: 002b:00007ffcfdfd53e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 80.944055][ T5528] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f48b1a8d517
[ 80.952036][ T5528] RDX: 00007ffcfdfd54b9 RSI: 000000000000000a RDI: 00007ffcfdfd54b0
[ 80.960013][ T5528] RBP: 00007ffcfdfd54b0 R08: 00000000ffffffff R09: 00007ffcfdfd5280
[ 80.967992][ T5528] R10: 00005555569628b3 R11: 0000000000000246 R12: 00007f48b1ae6b24
[ 80.975962][ T5528] R13: 00007ffcfdfd6570 R14: 0000555556962810 R15: 00007ffcfdfd65b0
[ 80.983949][ T5528]
[ 80.995321][ T5528] ==================================================================
[ 81.003506][ T5528] BUG: KASAN: use-after-free in qd_unlock+0x3d/0x2f0
[ 81.010189][ T5528] Read of size 8 at addr ffff888072a8d090 by task syz-executor.0/5528
[ 81.018358][ T5528]
[ 81.020685][ T5528] CPU: 1 PID: 5528 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0
[ 81.029869][ T5528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 81.039913][ T5528] Call Trace:
[ 81.043205][ T5528]
[ 81.046128][ T5528] dump_stack_lvl+0x1b1/0x290
[ 81.050806][ T5528] ? nf_tcp_handle_invalid+0x630/0x630
[ 81.056265][ T5528] ? __wake_up_klogd+0xcd/0x100
[ 81.061110][ T5528] ? panic+0x710/0x710
[ 81.065173][ T5528] ? _printk+0xc0/0x100
[ 81.069406][ T5528] ? _raw_spin_lock_irqsave+0x8e/0x100
[ 81.074862][ T5528] print_address_description+0x74/0x340
[ 81.080408][ T5528] print_report+0x107/0x1f0
[ 81.084907][ T5528] ? __virt_addr_valid+0x21b/0x2d0
[ 81.090033][ T5528] ? __phys_addr+0xb5/0x160
[ 81.094547][ T5528] ? qd_unlock+0x3d/0x2f0
[ 81.098873][ T5528] kasan_report+0xcd/0x100
[ 81.103283][ T5528] ? qd_unlock+0x3d/0x2f0
[ 81.107624][ T5528] kasan_check_range+0x2a7/0x2e0
[ 81.112558][ T5528] qd_unlock+0x3d/0x2f0
[ 81.116710][ T5528] gfs2_quota_sync+0x768/0x8b0
[ 81.121473][ T5528] gfs2_sync_fs+0x49/0xb0
[ 81.125815][ T5528] sync_filesystem+0xe8/0x220
[ 81.130507][ T5528] generic_shutdown_super+0x6b/0x310
[ 81.135797][ T5528] kill_block_super+0x79/0xd0
[ 81.140492][ T5528] deactivate_locked_super+0xa7/0xf0
[ 81.145836][ T5528] cleanup_mnt+0x494/0x520
[ 81.150280][ T5528] ? lockdep_hardirqs_on+0x8d/0x130
[ 81.155485][ T5528] task_work_run+0x243/0x300
[ 81.160098][ T5528] ? task_work_cancel+0x290/0x290
[ 81.165142][ T5528] ? exit_to_user_mode_loop+0x42/0x150
[ 81.170610][ T5528] exit_to_user_mode_loop+0x124/0x150
[ 81.175992][ T5528] exit_to_user_mode_prepare+0xb2/0x140
[ 81.181546][ T5528] syscall_exit_to_user_mode+0x26/0x60
[ 81.187007][ T5528] do_syscall_64+0x49/0xb0
[ 81.191505][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.197449][ T5528] RIP: 0033:0x7f48b1a8d517
[ 81.201870][ T5528] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 81.221469][ T5528] RSP: 002b:00007ffcfdfd53e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 81.229967][ T5528] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f48b1a8d517
[ 81.237929][ T5528] RDX: 00007ffcfdfd54b9 RSI: 000000000000000a RDI: 00007ffcfdfd54b0
[ 81.245913][ T5528] RBP: 00007ffcfdfd54b0 R08: 00000000ffffffff R09: 00007ffcfdfd5280
[ 81.253889][ T5528] R10: 00005555569628b3 R11: 0000000000000246 R12: 00007f48b1ae6b24
[ 81.261850][ T5528] R13: 00007ffcfdfd6570 R14: 0000555556962810 R15: 00007ffcfdfd65b0
[ 81.269817][ T5528]
[ 81.272828][ T5528]
[ 81.275139][ T5528] Allocated by task 5599:
[ 81.279450][ T5528] kasan_set_track+0x3d/0x60
[ 81.284038][ T5528] __kasan_slab_alloc+0x65/0x70
[ 81.289056][ T5528] kmem_cache_alloc+0x1b3/0x350
[ 81.293910][ T5528] qd_alloc+0x51/0x250
[ 81.297980][ T5528] gfs2_quota_init+0x7c4/0x10e0
[ 81.302847][ T5528] gfs2_make_fs_rw+0x48e/0x590
[ 81.307599][ T5528] gfs2_fill_super+0x2357/0x2700
[ 81.312529][ T5528] get_tree_bdev+0x400/0x620
[ 81.317119][ T5528] gfs2_get_tree+0x50/0x210
[ 81.321615][ T5528] vfs_get_tree+0x88/0x270
[ 81.326799][ T5528] do_new_mount+0x289/0xad0
[ 81.331292][ T5528] __se_sys_mount+0x2d3/0x3c0
[ 81.335966][ T5528] do_syscall_64+0x3d/0xb0
[ 81.340375][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.346260][ T5528]
[ 81.348573][ T5528] Freed by task 5528:
[ 81.352546][ T5528] kasan_set_track+0x3d/0x60
[ 81.357129][ T5528] kasan_save_free_info+0x27/0x40
[ 81.362315][ T5528] ____kasan_slab_free+0xd6/0x120
[ 81.367439][ T5528] slab_free_freelist_hook+0x12e/0x1a0
[ 81.372893][ T5528] kmem_cache_free+0x94/0x1d0
[ 81.377614][ T5528] rcu_core+0x9c1/0x1690
[ 81.381851][ T5528] __do_softirq+0x277/0x738
[ 81.386406][ T5528]
[ 81.388720][ T5528] Last potentially related work creation:
[ 81.394503][ T5528] kasan_save_stack+0x2b/0x50
[ 81.399174][ T5528] __kasan_record_aux_stack+0xb0/0xc0
[ 81.404535][ T5528] call_rcu+0x163/0xa70
[ 81.409117][ T5528] gfs2_quota_cleanup+0x457/0x6b0
[ 81.414137][ T5528] gfs2_make_fs_ro+0x517/0x610
[ 81.418889][ T5528] gfs2_withdraw+0x609/0x1540
[ 81.423555][ T5528] gfs2_inode_refresh+0xb2d/0xf60
[ 81.428661][ T5528] gfs2_instantiate+0x15e/0x220
[ 81.433505][ T5528] gfs2_glock_wait+0x1d9/0x2a0
[ 81.438263][ T5528] do_sync+0x485/0xc80
[ 81.442327][ T5528] gfs2_quota_sync+0x3da/0x8b0
[ 81.447086][ T5528] gfs2_sync_fs+0x49/0xb0
[ 81.451404][ T5528] sync_filesystem+0xe8/0x220
[ 81.456073][ T5528] generic_shutdown_super+0x6b/0x310
[ 81.461351][ T5528] kill_block_super+0x79/0xd0
[ 81.466016][ T5528] deactivate_locked_super+0xa7/0xf0
[ 81.471300][ T5528] cleanup_mnt+0x494/0x520
[ 81.475704][ T5528] task_work_run+0x243/0x300
[ 81.480292][ T5528] exit_to_user_mode_loop+0x124/0x150
[ 81.485659][ T5528] exit_to_user_mode_prepare+0xb2/0x140
[ 81.491199][ T5528] syscall_exit_to_user_mode+0x26/0x60
[ 81.496734][ T5528] do_syscall_64+0x49/0xb0
[ 81.501144][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.507062][ T5528]
[ 81.509462][ T5528] The buggy address belongs to the object at ffff888072a8d000
[ 81.509462][ T5528] which belongs to the cache gfs2_quotad of size 272
[ 81.523504][ T5528] The buggy address is located 144 bytes inside of
[ 81.523504][ T5528] 272-byte region [ffff888072a8d000, ffff888072a8d110)
[ 81.536761][ T5528]
[ 81.539078][ T5528] The buggy address belongs to the physical page:
[ 81.545473][ T5528] page:ffffea0001caa340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72a8d
[ 81.555612][ T5528] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 81.563149][ T5528] raw: 00fff00000000200 ffff8880196523c0 dead000000000122 0000000000000000
[ 81.571720][ T5528] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 81.580294][ T5528] page dumped because: kasan: bad access detected
[ 81.586863][ T5528] page_owner tracks the page as allocated
[ 81.592580][ T5528] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5599, tgid 5597 (syz-executor.0), ts 80146231112, free_ts 79597710961
[ 81.614071][ T5528] get_page_from_freelist+0x742/0x7c0
[ 81.619445][ T5528] __alloc_pages+0x259/0x560
[ 81.624033][ T5528] alloc_slab_page+0xbd/0x190
[ 81.628701][ T5528] allocate_slab+0x5e/0x3c0
[ 81.633200][ T5528] ___slab_alloc+0x782/0xe20
[ 81.637787][ T5528] kmem_cache_alloc+0x268/0x350
[ 81.642630][ T5528] qd_alloc+0x51/0x250
[ 81.647566][ T5528] gfs2_quota_init+0x7c4/0x10e0
[ 81.652848][ T5528] gfs2_make_fs_rw+0x48e/0x590
[ 81.657600][ T5528] gfs2_fill_super+0x2357/0x2700
[ 81.662539][ T5528] get_tree_bdev+0x400/0x620
[ 81.667122][ T5528] gfs2_get_tree+0x50/0x210
[ 81.671702][ T5528] vfs_get_tree+0x88/0x270
[ 81.676110][ T5528] do_new_mount+0x289/0xad0
[ 81.680600][ T5528] __se_sys_mount+0x2d3/0x3c0
[ 81.685265][ T5528] do_syscall_64+0x3d/0xb0
[ 81.689946][ T5528] page last free stack trace:
[ 81.694625][ T5528] free_pcp_prepare+0x751/0x780
[ 81.699470][ T5528] free_unref_page+0x19/0x4c0
[ 81.704137][ T5528] __unfreeze_partials+0x1a5/0x1e0
[ 81.709254][ T5528] put_cpu_partial+0x106/0x170
[ 81.714013][ T5528] qlist_free_all+0x2b/0x70
[ 81.718509][ T5528] kasan_quarantine_reduce+0x156/0x170
[ 81.723961][ T5528] __kasan_slab_alloc+0x1f/0x70
[ 81.728809][ T5528] kmem_cache_alloc+0x1b3/0x350
[ 81.733735][ T5528] getname_flags+0xb8/0x4e0
[ 81.738233][ T5528] do_sys_openat2+0xba/0x4e0
[ 81.742811][ T5528] __x64_sys_openat+0x243/0x290
[ 81.747651][ T5528] do_syscall_64+0x3d/0xb0
[ 81.752061][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.757963][ T5528]
[ 81.760277][ T5528] Memory state around the buggy address:
[ 81.765894][ T5528] ffff888072a8cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 81.773941][ T5528] ffff888072a8d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.782161][ T5528] >ffff888072a8d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.790207][ T5528] ^
[ 81.794783][ T5528] ffff888072a8d100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 81.802829][ T5528] ffff888072a8d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 81.810963][ T5528] ==================================================================
[ 81.828651][ T5072] Bluetooth: hci0: command 0x041b tx timeout
[ 81.845622][ T5528] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 81.852955][ T5528] CPU: 0 PID: 5528 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0
[ 81.862352][ T5528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 81.873101][ T5528] Call Trace:
[ 81.876390][ T5528]
[ 81.879315][ T5528] dump_stack_lvl+0x1b1/0x290
[ 81.884000][ T5528] ? nf_tcp_handle_invalid+0x630/0x630
[ 81.889464][ T5528] ? panic+0x710/0x710
[ 81.893530][ T5528] ? lock_release+0x81/0x820
[ 81.898116][ T5528] ? vscnprintf+0x59/0x80
[ 81.902439][ T5528] panic+0x2d6/0x710
[ 81.906329][ T5528] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 81.912495][ T5528] ? check_panic_on_warn+0x1d/0xa0
[ 81.917614][ T5528] ? memcpy_page_flushcache+0x100/0x100
[ 81.923157][ T5528] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 81.929138][ T5528] ? _raw_spin_unlock+0x40/0x40
[ 81.933988][ T5528] ? print_report+0x1b4/0x1f0
[ 81.938665][ T5528] check_panic_on_warn+0x80/0xa0
[ 81.943600][ T5528] ? qd_unlock+0x3d/0x2f0
[ 81.947928][ T5528] end_report+0x47/0x90
[ 81.952080][ T5528] kasan_report+0xda/0x100
[ 81.956491][ T5528] ? qd_unlock+0x3d/0x2f0
[ 81.960818][ T5528] kasan_check_range+0x2a7/0x2e0
[ 81.965752][ T5528] qd_unlock+0x3d/0x2f0
[ 81.969905][ T5528] gfs2_quota_sync+0x768/0x8b0
[ 81.974671][ T5528] gfs2_sync_fs+0x49/0xb0
[ 81.978994][ T5528] sync_filesystem+0xe8/0x220
[ 81.983669][ T5528] generic_shutdown_super+0x6b/0x310
[ 81.988968][ T5528] kill_block_super+0x79/0xd0
[ 81.993639][ T5528] deactivate_locked_super+0xa7/0xf0
[ 81.998924][ T5528] cleanup_mnt+0x494/0x520
[ 82.003333][ T5528] ? lockdep_hardirqs_on+0x8d/0x130
[ 82.008523][ T5528] task_work_run+0x243/0x300
[ 82.013113][ T5528] ? task_work_cancel+0x290/0x290
[ 82.018136][ T5528] ? exit_to_user_mode_loop+0x42/0x150
[ 82.023605][ T5528] exit_to_user_mode_loop+0x124/0x150
[ 82.028987][ T5528] exit_to_user_mode_prepare+0xb2/0x140
[ 82.034530][ T5528] syscall_exit_to_user_mode+0x26/0x60
[ 82.039987][ T5528] do_syscall_64+0x49/0xb0
[ 82.044400][ T5528] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.050290][ T5528] RIP: 0033:0x7f48b1a8d517
[ 82.054789][ T5528] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.074645][ T5528] RSP: 002b:00007ffcfdfd53e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 82.083051][ T5528] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f48b1a8d517
[ 82.091015][ T5528] RDX: 00007ffcfdfd54b9 RSI: 000000000000000a RDI: 00007ffcfdfd54b0
[ 82.098992][ T5528] RBP: 00007ffcfdfd54b0 R08: 00000000ffffffff R09: 00007ffcfdfd5280
[ 82.106952][ T5528] R10: 00005555569628b3 R11: 0000000000000246 R12: 00007f48b1ae6b24
[ 82.114916][ T5528] R13: 00007ffcfdfd6570 R14: 0000555556962810 R15: 00007ffcfdfd65b0
[ 82.122884][ T5528]
[ 82.126053][ T5528] Kernel Offset: disabled
[ 82.132195][ T5528] Rebooting in 86400 seconds..