[ 35.091746][ T51] bridge0: port 1(bridge_slave_0) entered disabled state
[ 35.103597][ T51] veth1_macvtap: left promiscuous mode
[ 35.109974][ T51] veth0_macvtap: left promiscuous mode
[ 35.115555][ T51] veth1_vlan: left promiscuous mode
[ 35.120876][ T51] veth0_vlan: left promiscuous mode
[ 35.178961][ T51] team0 (unregistering): Port device team_slave_1 removed
[ 35.190332][ T51] team0 (unregistering): Port device team_slave_0 removed
[ 35.199383][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 35.210675][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 35.237480][ T51] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
2023/05/06 03:40:19 ignoring optional flag "sandboxArg"="0"
2023/05/06 03:40:19 parsed 1 programs
2023/05/06 03:40:19 executed programs: 0
[ 47.079578][ T4395] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 47.087355][ T4395] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 47.094784][ T4395] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 47.103740][ T4395] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 47.111054][ T4395] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 47.118383][ T4395] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 47.190576][ T5279] chnl_net:caif_netlink_parms(): no params data found
[ 47.223269][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.230423][ T5279] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.237754][ T5279] bridge_slave_0: entered allmulticast mode
[ 47.243899][ T5279] bridge_slave_0: entered promiscuous mode
[ 47.250905][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.258016][ T5279] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.265140][ T5279] bridge_slave_1: entered allmulticast mode
[ 47.271690][ T5279] bridge_slave_1: entered promiscuous mode
[ 47.285200][ T5279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 47.295449][ T5279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 47.315170][ T5279] team0: Port device team_slave_0 added
[ 47.322446][ T5279] team0: Port device team_slave_1 added
[ 47.338275][ T5279] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 47.345203][ T5279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 47.371226][ T5279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 47.382874][ T5279] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 47.389963][ T5279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 47.416174][ T5279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 47.441003][ T5279] hsr_slave_0: entered promiscuous mode
[ 47.449168][ T5279] hsr_slave_1: entered promiscuous mode
[ 47.767916][ T5279] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 47.776136][ T5279] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 47.785146][ T5279] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 47.793798][ T5279] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 47.809575][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.816645][ T5279] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 47.823905][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.830970][ T5279] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.861615][ T5279] 8021q: adding VLAN 0 to HW filter on device bond0
[ 47.872761][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 47.881599][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 47.889466][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 47.897279][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 47.908865][ T5279] 8021q: adding VLAN 0 to HW filter on device team0
[ 47.918901][ T5001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 47.927611][ T5001] bridge0: port 1(bridge_slave_0) entered blocking state
[ 47.934666][ T5001] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 47.953654][ T5279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 47.965338][ T5279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 47.978217][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 47.987284][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 47.994317][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 48.002431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 48.010636][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 48.018796][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 48.026856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 48.037160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 48.045208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 48.106245][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 48.114633][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 48.124842][ T5279] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 48.139017][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 48.154492][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 48.162906][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 48.171315][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 48.179763][ T5279] veth0_vlan: entered promiscuous mode
[ 48.190058][ T5279] veth1_vlan: entered promiscuous mode
[ 48.204584][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 48.213299][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 48.222782][ T5279] veth0_macvtap: entered promiscuous mode
[ 48.231822][ T5279] veth1_macvtap: entered promiscuous mode
[ 48.244632][ T5279] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 48.252186][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 48.261854][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 48.269864][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 48.280476][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 48.290525][ T5279] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 48.304957][ T5279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.314423][ T5279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.323858][ T5279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.332605][ T5279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 48.343157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 48.351676][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 48.384266][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.392598][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.402775][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 48.414581][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 48.423887][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 48.433836][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 48.635129][ T5410] loop0: detected capacity change from 0 to 32768
[ 48.646960][ T5410] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 48.656967][ T5410] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 48.671062][ T5410] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 48.680495][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 48.688317][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 48.717844][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 29ms
[ 48.726156][ T7] gfs2: fsid=syz:syz.0: jid=0: Done
[ 48.732355][ T5410] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 48.804666][ T5410] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 48.841496][ T5279] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 48.841496][ T5279] inode = 11 2340
[ 48.841496][ T5279] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 48.860954][ T5279] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 48.870371][ T5279] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5279 [syz-executor.0] gfs2_quota_sync+0x24e/0x540
[ 48.881290][ T5279] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 48.889754][ T5279] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 48.898713][ T5279] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 48.913450][ T5279] CPU: 1 PID: 5279 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller #0
[ 48.921859][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 48.931894][ T5279] Call Trace:
[ 48.935157][ T5279]
[ 48.938101][ T5279] dump_stack_lvl+0x8e/0xb0
[ 48.942592][ T5279] gfs2_assert_warn_i+0x15b/0x2b0
[ 48.947602][ T5279] gfs2_quota_cleanup+0x53d/0x740
[ 48.952639][ T5279] gfs2_make_fs_ro+0x1f1/0x610
[ 48.957401][ T5279] ? gfs2_dirty_inode+0x760/0x760
[ 48.962414][ T5279] ? gfs2_instantiate+0x7f/0x1e0
[ 48.967340][ T5279] ? gfs2_glock_wait+0x137/0x280
[ 48.972265][ T5279] gfs2_withdraw+0xcb5/0x1200
[ 48.976937][ T5279] ? gfs2_lm+0x1b0/0x1b0
[ 48.981165][ T5279] ? gfs2_withdraw+0xca4/0x1200
[ 48.985999][ T5279] gfs2_inode_refresh+0xbf3/0x1180
[ 48.991097][ T5279] ? spin_bug+0x1c0/0x1c0
[ 48.995430][ T5279] ? inode_go_sync+0x460/0x460
[ 49.000193][ T5279] gfs2_instantiate+0x120/0x1e0
[ 49.005033][ T5279] gfs2_glock_wait+0x137/0x280
[ 49.009787][ T5279] do_sync+0x535/0xae0
[ 49.013848][ T5279] ? gfs2_qa_put+0x120/0x120
[ 49.018420][ T5279] ? gfs2_quota_sync+0x316/0x540
[ 49.023330][ T5279] ? gfs2_quota_sync+0x24e/0x540
[ 49.028234][ T5279] ? spin_bug+0x1c0/0x1c0
[ 49.032619][ T5279] ? do_raw_spin_unlock+0x175/0x230
[ 49.037818][ T5279] gfs2_quota_sync+0x24e/0x540
[ 49.042554][ T5279] ? get_nr_dirty_inodes+0x17/0x180
[ 49.047724][ T5279] gfs2_sync_fs+0x3f/0xa0
[ 49.052022][ T5279] sync_filesystem.part.0+0x63/0x170
[ 49.057275][ T5279] generic_shutdown_super+0x68/0x420
[ 49.062533][ T5279] kill_block_super+0x9a/0xe0
[ 49.067181][ T5279] deactivate_locked_super+0x7f/0x130
[ 49.072604][ T5279] cleanup_mnt+0x253/0x360
[ 49.076989][ T5279] ? _raw_spin_unlock_irq+0x23/0x50
[ 49.082156][ T5279] task_work_run+0x12f/0x220
[ 49.086802][ T5279] ? task_work_cancel+0x20/0x20
[ 49.091626][ T5279] ? __x64_sys_umount+0xff/0x120
[ 49.096531][ T5279] exit_to_user_mode_prepare+0x210/0x240
[ 49.102131][ T5279] syscall_exit_to_user_mode+0x1d/0x50
[ 49.107563][ T5279] do_syscall_64+0x46/0xb0
[ 49.111948][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.117807][ T5279] RIP: 0033:0x7fb37a08d567
[ 49.122199][ T5279] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.141774][ T5279] RSP: 002b:00007ffcc5f01248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 49.150150][ T5279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb37a08d567
[ 49.158090][ T5279] RDX: 00007ffcc5f01319 RSI: 000000000000000a RDI: 00007ffcc5f01310
[ 49.166029][ T5279] RBP: 00007ffcc5f01310 R08: 00000000ffffffff R09: 00007ffcc5f010e0
[ 49.173971][ T5279] R10: 00005555562c2893 R11: 0000000000000246 R12: 00007fb37a0e6b24
[ 49.181913][ T5279] R13: 00007ffcc5f023d0 R14: 00005555562c2810 R15: 00007ffcc5f02410
[ 49.189861][ T5279]
[ 49.193942][ T4988] Bluetooth: hci0: command 0x0409 tx timeout
[ 49.201654][ T5279] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 49.211616][ T5279] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 49.221376][ T5279] gfs2: fsid=syz:syz.0: File system withdrawn
[ 49.227586][ T5279] CPU: 1 PID: 5279 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller #0
[ 49.235808][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 49.245850][ T5279] Call Trace:
[ 49.249115][ T5279]
[ 49.252033][ T5279] dump_stack_lvl+0x8e/0xb0
[ 49.256519][ T5279] gfs2_withdraw+0xab4/0x1200
[ 49.261186][ T5279] ? gfs2_lm+0x1b0/0x1b0
[ 49.265500][ T5279] gfs2_inode_refresh+0xbf3/0x1180
[ 49.270591][ T5279] ? spin_bug+0x1c0/0x1c0
[ 49.274904][ T5279] ? inode_go_sync+0x460/0x460
[ 49.279653][ T5279] gfs2_instantiate+0x120/0x1e0
[ 49.284485][ T5279] gfs2_glock_wait+0x137/0x280
[ 49.289233][ T5279] do_sync+0x535/0xae0
[ 49.293287][ T5279] ? gfs2_qa_put+0x120/0x120
[ 49.297857][ T5279] ? gfs2_quota_sync+0x316/0x540
[ 49.302777][ T5279] ? gfs2_quota_sync+0x24e/0x540
[ 49.307691][ T5279] ? spin_bug+0x1c0/0x1c0
[ 49.312003][ T5279] ? do_raw_spin_unlock+0x175/0x230
[ 49.317190][ T5279] gfs2_quota_sync+0x24e/0x540
[ 49.321937][ T5279] ? get_nr_dirty_inodes+0x17/0x180
[ 49.327119][ T5279] gfs2_sync_fs+0x3f/0xa0
[ 49.331433][ T5279] sync_filesystem.part.0+0x63/0x170
[ 49.336703][ T5279] generic_shutdown_super+0x68/0x420
[ 49.341970][ T5279] kill_block_super+0x9a/0xe0
[ 49.346637][ T5279] deactivate_locked_super+0x7f/0x130
[ 49.351996][ T5279] cleanup_mnt+0x253/0x360
[ 49.356395][ T5279] ? _raw_spin_unlock_irq+0x23/0x50
[ 49.361580][ T5279] task_work_run+0x12f/0x220
[ 49.366161][ T5279] ? task_work_cancel+0x20/0x20
[ 49.370989][ T5279] ? __x64_sys_umount+0xff/0x120
[ 49.375911][ T5279] exit_to_user_mode_prepare+0x210/0x240
[ 49.381529][ T5279] syscall_exit_to_user_mode+0x1d/0x50
[ 49.386971][ T5279] do_syscall_64+0x46/0xb0
[ 49.391372][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.397245][ T5279] RIP: 0033:0x7fb37a08d567
[ 49.401645][ T5279] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.421494][ T5279] RSP: 002b:00007ffcc5f01248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 49.429889][ T5279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb37a08d567
[ 49.437845][ T5279] RDX: 00007ffcc5f01319 RSI: 000000000000000a RDI: 00007ffcc5f01310
[ 49.445798][ T5279] RBP: 00007ffcc5f01310 R08: 00000000ffffffff R09: 00007ffcc5f010e0
[ 49.453751][ T5279] R10: 00005555562c2893 R11: 0000000000000246 R12: 00007fb37a0e6b24
[ 49.461713][ T5279] R13: 00007ffcc5f023d0 R14: 00005555562c2810 R15: 00007ffcc5f02410
[ 49.469678][ T5279]
[ 49.475560][ T5279] ==================================================================
[ 49.483601][ T5279] BUG: KASAN: slab-use-after-free in qd_unlock+0x1b/0x160
[ 49.490689][ T5279] Read of size 8 at addr ffff888074932090 by task syz-executor.0/5279
[ 49.498812][ T5279]
[ 49.501114][ T5279] CPU: 1 PID: 5279 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller #0
[ 49.509328][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 49.519363][ T5279] Call Trace:
[ 49.522623][ T5279]
[ 49.525532][ T5279] dump_stack_lvl+0x64/0xb0
[ 49.530016][ T5279] print_address_description.constprop.0+0x2c/0x3c0
[ 49.536581][ T5279] ? qd_unlock+0x1b/0x160
[ 49.540892][ T5279] kasan_report+0x11c/0x130
[ 49.545378][ T5279] ? qd_unlock+0x1b/0x160
[ 49.549688][ T5279] kasan_check_range+0x141/0x190
[ 49.554601][ T5279] qd_unlock+0x1b/0x160
[ 49.558736][ T5279] gfs2_quota_sync+0x2f5/0x540
[ 49.563477][ T5279] ? get_nr_dirty_inodes+0x17/0x180
[ 49.568653][ T5279] gfs2_sync_fs+0x3f/0xa0
[ 49.572956][ T5279] sync_filesystem.part.0+0x63/0x170
[ 49.578216][ T5279] generic_shutdown_super+0x68/0x420
[ 49.583465][ T5279] kill_block_super+0x9a/0xe0
[ 49.588105][ T5279] deactivate_locked_super+0x7f/0x130
[ 49.593437][ T5279] cleanup_mnt+0x253/0x360
[ 49.597821][ T5279] ? _raw_spin_unlock_irq+0x23/0x50
[ 49.602999][ T5279] task_work_run+0x12f/0x220
[ 49.607550][ T5279] ? task_work_cancel+0x20/0x20
[ 49.612362][ T5279] ? __x64_sys_umount+0xff/0x120
[ 49.617260][ T5279] exit_to_user_mode_prepare+0x210/0x240
[ 49.622856][ T5279] syscall_exit_to_user_mode+0x1d/0x50
[ 49.628279][ T5279] do_syscall_64+0x46/0xb0
[ 49.632660][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.638519][ T5279] RIP: 0033:0x7fb37a08d567
[ 49.642903][ T5279] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 49.662497][ T5279] RSP: 002b:00007ffcc5f01248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 49.670888][ T5279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb37a08d567
[ 49.678826][ T5279] RDX: 00007ffcc5f01319 RSI: 000000000000000a RDI: 00007ffcc5f01310
[ 49.686762][ T5279] RBP: 00007ffcc5f01310 R08: 00000000ffffffff R09: 00007ffcc5f010e0
[ 49.694699][ T5279] R10: 00005555562c2893 R11: 0000000000000246 R12: 00007fb37a0e6b24
[ 49.702634][ T5279] R13: 00007ffcc5f023d0 R14: 00005555562c2810 R15: 00007ffcc5f02410
[ 49.710573][ T5279]
[ 49.713564][ T5279]
[ 49.715855][ T5279] Allocated by task 5410:
[ 49.720150][ T5279] kasan_save_stack+0x22/0x40
[ 49.724791][ T5279] kasan_set_track+0x25/0x30
[ 49.729516][ T5279] __kasan_slab_alloc+0x7f/0x90
[ 49.734328][ T5279] kmem_cache_alloc+0x17c/0x3b0
[ 49.739142][ T5279] qd_alloc+0x48/0x2d0
[ 49.743187][ T5279] gfs2_quota_init+0x58d/0xcd0
[ 49.747911][ T5279] gfs2_make_fs_rw+0x332/0x500
[ 49.752635][ T5279] gfs2_fill_super+0x1cf7/0x2660
[ 49.757531][ T5279] get_tree_bdev+0x3a2/0x690
[ 49.762090][ T5279] gfs2_get_tree+0x49/0x240
[ 49.766551][ T5279] vfs_get_tree+0x83/0x320
[ 49.770929][ T5279] path_mount+0x836/0x1a30
[ 49.775310][ T5279] __x64_sys_mount+0x1f9/0x270
[ 49.780034][ T5279] do_syscall_64+0x39/0xb0
[ 49.784416][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.790270][ T5279]
[ 49.792581][ T5279] Freed by task 15:
[ 49.796351][ T5279] kasan_save_stack+0x22/0x40
[ 49.800994][ T5279] kasan_set_track+0x25/0x30
[ 49.805555][ T5279] kasan_save_free_info+0x2e/0x40
[ 49.810542][ T5279] ____kasan_slab_free+0x160/0x1c0
[ 49.815618][ T5279] slab_free_freelist_hook+0x8b/0x1c0
[ 49.820948][ T5279] kmem_cache_free+0xe9/0x480
[ 49.825584][ T5279] rcu_core+0x806/0x1ad0
[ 49.829787][ T5279] __do_softirq+0x1d4/0x905
[ 49.834256][ T5279]
[ 49.836548][ T5279] Last potentially related work creation:
[ 49.842228][ T5279] kasan_save_stack+0x22/0x40
[ 49.846870][ T5279] __kasan_record_aux_stack+0xbc/0xd0
[ 49.852289][ T5279] __call_rcu_common.constprop.0+0x99/0x7e0
[ 49.858143][ T5279] gfs2_quota_cleanup+0x3bb/0x740
[ 49.863129][ T5279] gfs2_make_fs_ro+0x1f1/0x610
[ 49.867853][ T5279] gfs2_withdraw+0xcb5/0x1200
[ 49.872493][ T5279] gfs2_inode_refresh+0xbf3/0x1180
[ 49.877568][ T5279] gfs2_instantiate+0x120/0x1e0
[ 49.882381][ T5279] gfs2_glock_wait+0x137/0x280
[ 49.887104][ T5279] do_sync+0x535/0xae0
[ 49.891161][ T5279] gfs2_quota_sync+0x24e/0x540
[ 49.895998][ T5279] gfs2_sync_fs+0x3f/0xa0
[ 49.900293][ T5279] sync_filesystem.part.0+0x63/0x170
[ 49.905541][ T5279] generic_shutdown_super+0x68/0x420
[ 49.910790][ T5279] kill_block_super+0x9a/0xe0
[ 49.915435][ T5279] deactivate_locked_super+0x7f/0x130
[ 49.920769][ T5279] cleanup_mnt+0x253/0x360
[ 49.925146][ T5279] task_work_run+0x12f/0x220
[ 49.929697][ T5279] exit_to_user_mode_prepare+0x210/0x240
[ 49.935296][ T5279] syscall_exit_to_user_mode+0x1d/0x50
[ 49.940719][ T5279] do_syscall_64+0x46/0xb0
[ 49.945102][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.951061][ T5279]
[ 49.953358][ T5279] The buggy address belongs to the object at ffff888074932000
[ 49.953358][ T5279] which belongs to the cache gfs2_quotad of size 272
[ 49.967380][ T5279] The buggy address is located 144 bytes inside of
[ 49.967380][ T5279] freed 272-byte region [ffff888074932000, ffff888074932110)
[ 49.981174][ T5279]
[ 49.983468][ T5279] The buggy address belongs to the physical page:
[ 49.989849][ T5279] page:ffffea0001d24c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74932
[ 49.999959][ T5279] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 50.007464][ T5279] page_type: 0xffffffff()
[ 50.011757][ T5279] raw: 00fff00000000200 ffff88801ab5b500 dead000000000122 0000000000000000
[ 50.020306][ T5279] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 50.028936][ T5279] page dumped because: kasan: bad access detected
[ 50.035310][ T5279] page_owner tracks the page as allocated
[ 50.040989][ T5279] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5410, tgid 5409 (syz-executor.0), ts 48789300093, free_ts 6330417925
[ 50.062304][ T5279] get_page_from_freelist+0xf41/0x2c00
[ 50.067731][ T5279] __alloc_pages+0x1cb/0x4a0
[ 50.072284][ T5279] allocate_slab+0x25f/0x390
[ 50.076838][ T5279] ___slab_alloc+0xa91/0x1400
[ 50.081501][ T5279] __slab_alloc.constprop.0+0x56/0xa0
[ 50.086938][ T5279] kmem_cache_alloc+0x38e/0x3b0
[ 50.091764][ T5279] qd_alloc+0x48/0x2d0
[ 50.095798][ T5279] gfs2_quota_init+0x58d/0xcd0
[ 50.100526][ T5279] gfs2_make_fs_rw+0x332/0x500
[ 50.105255][ T5279] gfs2_fill_super+0x1cf7/0x2660
[ 50.110157][ T5279] get_tree_bdev+0x3a2/0x690
[ 50.114712][ T5279] gfs2_get_tree+0x49/0x240
[ 50.119180][ T5279] vfs_get_tree+0x83/0x320
[ 50.123559][ T5279] path_mount+0x836/0x1a30
[ 50.127936][ T5279] __x64_sys_mount+0x1f9/0x270
[ 50.132662][ T5279] do_syscall_64+0x39/0xb0
[ 50.137043][ T5279] page last free stack trace:
[ 50.141680][ T5279] free_unref_page_prepare+0x629/0xca0
[ 50.147112][ T5279] free_unref_page+0x33/0x370
[ 50.151753][ T5279] free_contig_range+0xb5/0x180
[ 50.156588][ T5279] destroy_args+0x50a/0x700
[ 50.161058][ T5279] debug_vm_pgtable+0x18fd/0x31a0
[ 50.166064][ T5279] do_one_initcall+0xc2/0x3c0
[ 50.170713][ T5279] kernel_init_freeable+0x541/0x950
[ 50.175880][ T5279] kernel_init+0x1a/0x1c0
[ 50.180179][ T5279] ret_from_fork+0x1f/0x30
[ 50.184559][ T5279]
[ 50.186852][ T5279] Memory state around the buggy address:
[ 50.192504][ T5279] ffff888074931f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.200531][ T5279] ffff888074932000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.208555][ T5279] >ffff888074932080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.216589][ T5279] ^
[ 50.221142][ T5279] ffff888074932100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.229164][ T5279] ffff888074932180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 50.237195][ T5279] ==================================================================
[ 50.248252][ T5279] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 50.255459][ T5279] CPU: 1 PID: 5279 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller #0
[ 50.263669][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 50.273689][ T5279] Call Trace:
[ 50.276970][ T5279]
[ 50.279871][ T5279] dump_stack_lvl+0x64/0xb0
[ 50.284342][ T5279] panic+0x24f/0x540
[ 50.288204][ T5279] ? panic_smp_self_stop+0x70/0x70
[ 50.293279][ T5279] ? preempt_schedule_thunk+0x1a/0x20
[ 50.298625][ T5279] ? preempt_schedule_common+0x45/0xb0
[ 50.304050][ T5279] ? preempt_schedule_thunk+0x1a/0x20
[ 50.309392][ T5279] check_panic_on_warn+0x75/0x80
[ 50.314294][ T5279] end_report+0xe9/0x120
[ 50.318501][ T5279] ? qd_unlock+0x1b/0x160
[ 50.322884][ T5279] kasan_report+0xf9/0x130
[ 50.327272][ T5279] ? qd_unlock+0x1b/0x160
[ 50.331656][ T5279] kasan_check_range+0x141/0x190
[ 50.336559][ T5279] qd_unlock+0x1b/0x160
[ 50.340769][ T5279] gfs2_quota_sync+0x2f5/0x540
[ 50.345495][ T5279] ? get_nr_dirty_inodes+0x17/0x180
[ 50.350656][ T5279] gfs2_sync_fs+0x3f/0xa0
[ 50.354970][ T5279] sync_filesystem.part.0+0x63/0x170
[ 50.360229][ T5279] generic_shutdown_super+0x68/0x420
[ 50.365511][ T5279] kill_block_super+0x9a/0xe0
[ 50.370161][ T5279] deactivate_locked_super+0x7f/0x130
[ 50.375552][ T5279] cleanup_mnt+0x253/0x360
[ 50.379930][ T5279] ? _raw_spin_unlock_irq+0x23/0x50
[ 50.385091][ T5279] task_work_run+0x12f/0x220
[ 50.389728][ T5279] ? task_work_cancel+0x20/0x20
[ 50.394625][ T5279] ? __x64_sys_umount+0xff/0x120
[ 50.399530][ T5279] exit_to_user_mode_prepare+0x210/0x240
[ 50.405124][ T5279] syscall_exit_to_user_mode+0x1d/0x50
[ 50.410554][ T5279] do_syscall_64+0x46/0xb0
[ 50.414939][ T5279] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.420819][ T5279] RIP: 0033:0x7fb37a08d567
[ 50.425196][ T5279] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 50.444767][ T5279] RSP: 002b:00007ffcc5f01248 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 50.453143][ T5279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb37a08d567
[ 50.461078][ T5279] RDX: 00007ffcc5f01319 RSI: 000000000000000a RDI: 00007ffcc5f01310
[ 50.469018][ T5279] RBP: 00007ffcc5f01310 R08: 00000000ffffffff R09: 00007ffcc5f010e0
[ 50.477041][ T5279] R10: 00005555562c2893 R11: 0000000000000246 R12: 00007fb37a0e6b24
[ 50.484974][ T5279] R13: 00007ffcc5f023d0 R14: 00005555562c2810 R15: 00007ffcc5f02410
[ 50.492914][ T5279]
[ 50.496748][ T5279] Kernel Offset: disabled
[ 50.501045][ T5279] Rebooting in 86400 seconds..