Warning: Permanently added '[localhost]:21199' (ED25519) to the list of known hosts.
2025/11/28 21:45:22 parsed 1 programs
syzkaller login: [ 84.845785][ T5310] cgroup: Unknown subsys name 'net'
[ 84.914036][ T5310] cgroup: Unknown subsys name 'cpuset'
[ 84.919580][ T5310] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 86.737874][ T5310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 91.870584][ T9] cfg80211: failed to load regulatory.db
[ 92.246990][ T5327] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 96.583195][ T5371] chnl_net:caif_netlink_parms(): no params data found
[ 96.732994][ T5371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.736733][ T5371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.739879][ T5371] bridge_slave_0: entered allmulticast mode
[ 96.752250][ T5371] bridge_slave_0: entered promiscuous mode
[ 96.757963][ T5371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.770583][ T5371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.773651][ T5371] bridge_slave_1: entered allmulticast mode
[ 96.780400][ T5371] bridge_slave_1: entered promiscuous mode
[ 96.832874][ T5371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.838909][ T5371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.892300][ T5371] team0: Port device team_slave_0 added
[ 96.911183][ T5371] team0: Port device team_slave_1 added
[ 96.954470][ T5371] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.957444][ T5371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 96.981113][ T5371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 97.001139][ T5371] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 97.003933][ T5371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 97.030579][ T5371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.101589][ T5371] hsr_slave_0: entered promiscuous mode
[ 97.112063][ T5371] hsr_slave_1: entered promiscuous mode
[ 97.404707][ T5371] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.425855][ T5371] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.444061][ T5371] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 97.453205][ T5371] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 97.591097][ T5371] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.619233][ T5371] 8021q: adding VLAN 0 to HW filter on device team0
[ 97.634004][ T1042] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.637210][ T1042] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 97.662356][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.666014][ T4091] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 97.718702][ T5371] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 97.741105][ T5371] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 98.103494][ T5371] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.205289][ T5371] veth0_vlan: entered promiscuous mode
[ 98.233898][ T5371] veth1_vlan: entered promiscuous mode
[ 98.305393][ T5371] veth0_macvtap: entered promiscuous mode
[ 98.322829][ T5371] veth1_macvtap: entered promiscuous mode
[ 98.354078][ T5371] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.373327][ T5371] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.396647][ T4091] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.402118][ T4091] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.405790][ T4091] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.409547][ T4091] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.642576][ T1042] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.706105][ T1042] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.753235][ T1042] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 98.795893][ T1042] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.108032][ T4091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.117118][ T4091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.164072][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.168155][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.628242][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 99.632540][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 99.635968][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 99.639660][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 99.643686][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/28 21:45:40 executed programs: 0
[ 100.389604][ T4666] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.393666][ T4666] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.396931][ T4666] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.401108][ T4666] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.405760][ T4666] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.555418][ T1042] bridge_slave_1: left allmulticast mode
[ 100.557963][ T1042] bridge_slave_1: left promiscuous mode
[ 100.569445][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.576736][ T1042] bridge_slave_0: left allmulticast mode
[ 100.579160][ T1042] bridge_slave_0: left promiscuous mode
[ 100.592272][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.789986][ T1042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 100.796332][ T1042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 100.803123][ T1042] bond0 (unregistering): Released all slaves
[ 100.927290][ T1042] hsr_slave_0: left promiscuous mode
[ 100.941018][ T1042] hsr_slave_1: left promiscuous mode
[ 100.943900][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 100.946950][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 100.959910][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 100.970370][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 100.988364][ T1042] veth1_macvtap: left promiscuous mode
[ 100.996648][ T1042] veth0_macvtap: left promiscuous mode
[ 100.999065][ T1042] veth1_vlan: left promiscuous mode
[ 101.010943][ T1042] veth0_vlan: left promiscuous mode
[ 101.445521][ T1042] team0 (unregistering): Port device team_slave_1 removed
[ 101.476906][ T1042] team0 (unregistering): Port device team_slave_0 removed
[ 101.953179][ T5420] chnl_net:caif_netlink_parms(): no params data found
[ 102.212547][ T5420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.215758][ T5420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 102.218928][ T5420] bridge_slave_0: entered allmulticast mode
[ 102.235565][ T5420] bridge_slave_0: entered promiscuous mode
[ 102.246087][ T5420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.249131][ T5420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 102.260646][ T5420] bridge_slave_1: entered allmulticast mode
[ 102.271689][ T5420] bridge_slave_1: entered promiscuous mode
[ 102.493088][ T47] Bluetooth: hci0: command tx timeout
[ 102.522658][ T5420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 102.537000][ T5420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 102.697196][ T5420] team0: Port device team_slave_0 added
[ 102.713640][ T5420] team0: Port device team_slave_1 added
[ 102.832024][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 102.835129][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 102.861424][ T5420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 102.921022][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 102.923957][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 102.962104][ T5420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.061763][ T5420] hsr_slave_0: entered promiscuous mode
[ 103.070749][ T5420] hsr_slave_1: entered promiscuous mode
[ 103.638939][ T5420] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 103.653678][ T5420] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 103.664763][ T5420] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 103.683017][ T5420] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 103.821172][ T5420] 8021q: adding VLAN 0 to HW filter on device bond0
[ 103.853072][ T5420] 8021q: adding VLAN 0 to HW filter on device team0
[ 103.892491][ T1042] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.895550][ T1042] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 103.899780][ T1042] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.902665][ T1042] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 104.207518][ T5420] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 104.283883][ T5420] veth0_vlan: entered promiscuous mode
[ 104.303782][ T5420] veth1_vlan: entered promiscuous mode
[ 104.347847][ T5420] veth0_macvtap: entered promiscuous mode
[ 104.363868][ T5420] veth1_macvtap: entered promiscuous mode
[ 104.386344][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 104.414379][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 104.432358][ T4091] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.464056][ T4091] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.479738][ T4091] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.486387][ T4091] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 104.562491][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.565969][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 104.576138][ T47] Bluetooth: hci0: command tx timeout
[ 104.626292][ T4091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 104.629367][ T4091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.233894][ T5483] loop0: detected capacity change from 0 to 32768
[ 105.285085][ T5483] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 105.299636][ T5483] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 105.335732][ T5483] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[ 105.347898][ T10] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 105.372889][ T10] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 105.447247][ T10] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 74ms
[ 105.457267][ T10] gfs2: fsid=syz:syz.0: jid=0: Done
[ 105.459983][ T5483] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 105.516185][ T5483] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 105.561130][ T5483] loop0: detected capacity change from 32768 to 64
[ 105.577461][ T5483] syz.0.17: attempt to access beyond end of device
[ 105.577461][ T5483] loop0: rw=12288, sector=18720, nr_sectors = 8 limit=64
[ 105.615415][ T5483] syz.0.17: attempt to access beyond end of device
[ 105.615415][ T5483] loop0: rw=1, sector=3112, nr_sectors = 56 limit=64
[ 105.623365][ T5483] gfs2: fsid=syz:syz.0: Error -5 writing to journal, jid=0
[ 105.626844][ T5486] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 106.650390][ T47] Bluetooth: hci0: command tx timeout
[ 108.730933][ T47] Bluetooth: hci0: command tx timeout
[ 110.653410][ T5486] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 110.657348][ T5486] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 110.661533][ T5486] gfs2: fsid=syz:syz.0: File system withdrawn
[ 110.664201][ T5486] CPU: 0 UID: 0 PID: 5486 Comm: gfs2_logd/syz:s Not tainted syzkaller #0 PREEMPT(full)
[ 110.664215][ T5486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 110.664221][ T5486] Call Trace:
[ 110.664226][ T5486]
[ 110.664231][ T5486] dump_stack_lvl+0x189/0x250
[ 110.664353][ T5486] ? __pfx_dump_stack_lvl+0x10/0x10
[ 110.664367][ T5486] ? __pfx__printk+0x10/0x10
[ 110.664378][ T5486] ? kobject_uevent_env+0x36b/0x8c0
[ 110.664425][ T5486] gfs2_withdraw+0xb30/0x1430
[ 110.664475][ T5486] ? __pfx_gfs2_withdraw+0x10/0x10
[ 110.664487][ T5486] ? __pfx_autoremove_wake_function+0x10/0x10
[ 110.664506][ T5486] ? prepare_to_wait_event+0x437/0x480
[ 110.664524][ T5486] gfs2_logd+0x12e2/0x1360
[ 110.664548][ T5486] ? __pfx_gfs2_logd+0x10/0x10
[ 110.664562][ T5486] ? __lock_acquire+0xab9/0xd20
[ 110.664576][ T5486] ? do_raw_spin_lock+0x121/0x290
[ 110.664594][ T5486] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 110.664607][ T5486] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.664621][ T5486] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 110.664633][ T5486] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 110.664648][ T5486] ? __pfx_autoremove_wake_function+0x10/0x10
[ 110.664659][ T5486] ? __kthread_parkme+0x7b/0x200
[ 110.664671][ T5486] ? __kthread_parkme+0x1a1/0x200
[ 110.664686][ T5486] kthread+0x711/0x8a0
[ 110.664701][ T5486] ? __pfx_gfs2_logd+0x10/0x10
[ 110.664714][ T5486] ? __pfx_kthread+0x10/0x10
[ 110.664728][ T5486] ? _raw_spin_unlock_irq+0x23/0x50
[ 110.664740][ T5486] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.664752][ T5486] ? __pfx_kthread+0x10/0x10
[ 110.664766][ T5486] ret_from_fork+0x4bc/0x870
[ 110.664779][ T5486] ? __pfx_ret_from_fork+0x10/0x10
[ 110.664794][ T5486] ? __pfx_kthread+0x10/0x10
[ 110.664804][ T5486] ret_from_fork_asm+0x1a/0x30
[ 110.664821][ T5486]
[ 110.666307][ T5483] ==================================================================
[ 110.742662][ T5483] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0xb5/0x190
[ 110.746288][ T5483] Read of size 8 at addr ffff88800098a080 by task syz.0.17/5483
[ 110.750179][ T5483]
[ 110.751230][ T5483] CPU: 0 UID: 0 PID: 5483 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 110.751245][ T5483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 110.751252][ T5483] Call Trace:
[ 110.751260][ T5483]
[ 110.751266][ T5483] dump_stack_lvl+0x189/0x250
[ 110.751284][ T5483] ? rcu_is_watching+0x15/0xb0
[ 110.751297][ T5483] ? __kasan_check_byte+0x12/0x40
[ 110.751312][ T5483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 110.751325][ T5483] ? rcu_is_watching+0x15/0xb0
[ 110.751336][ T5483] ? lock_release+0x4b/0x3e0
[ 110.751348][ T5483] ? __virt_addr_valid+0x1c8/0x5c0
[ 110.751363][ T5483] ? __virt_addr_valid+0x4a5/0x5c0
[ 110.751378][ T5483] print_report+0xca/0x240
[ 110.751391][ T5483] ? __list_del_entry_valid_or_report+0xb5/0x190
[ 110.751405][ T5483] kasan_report+0x118/0x150
[ 110.751419][ T5483] ? __list_del_entry_valid_or_report+0xb5/0x190
[ 110.751434][ T5483] __list_del_entry_valid_or_report+0xb5/0x190
[ 110.751449][ T5483] list_lru_del+0x98/0x210
[ 110.751464][ T5483] ? list_lru_del_obj+0x108/0x270
[ 110.751478][ T5483] gfs2_quota_cleanup+0x21e/0x6f0
[ 110.751491][ T5483] ? __pfx_gfs2_quota_cleanup+0x10/0x10
[ 110.751502][ T5483] ? rcu_is_watching+0x15/0xb0
[ 110.751517][ T5483] gfs2_make_fs_ro+0x27a/0x300
[ 110.751532][ T5483] ? __pfx_gfs2_make_fs_ro+0x10/0x10
[ 110.751545][ T5483] ? do_raw_spin_lock+0x121/0x290
[ 110.751563][ T5483] ? do_raw_spin_unlock+0x4d/0x240
[ 110.751577][ T5483] gfs2_put_super+0x224/0x950
[ 110.751594][ T5483] ? __pfx_gfs2_put_super+0x10/0x10
[ 110.751608][ T5483] generic_shutdown_super+0x135/0x2c0
[ 110.751622][ T5483] kill_block_super+0x44/0x90
[ 110.751635][ T5483] deactivate_locked_super+0xbc/0x130
[ 110.751648][ T5483] cleanup_mnt+0x425/0x4c0
[ 110.751659][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.751681][ T5483] task_work_run+0x1d4/0x260
[ 110.751697][ T5483] ? __pfx_task_work_run+0x10/0x10
[ 110.751712][ T5483] ? do_exit+0x6b0/0x2300
[ 110.751726][ T5483] ? kmem_cache_free+0x19b/0x690
[ 110.751741][ T5483] do_exit+0x6b5/0x2300
[ 110.751759][ T5483] ? __pfx_do_exit+0x10/0x10
[ 110.751774][ T5483] ? _raw_spin_unlock_irq+0x23/0x50
[ 110.751786][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.751799][ T5483] do_group_exit+0x21c/0x2d0
[ 110.751815][ T5483] __x64_sys_exit_group+0x3f/0x40
[ 110.751834][ T5483] x64_sys_call+0x21f7/0x2200
[ 110.751843][ T5483] do_syscall_64+0xfa/0xfa0
[ 110.751858][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 110.751872][ T5483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.751888][ T5483] ? clear_bhb_loop+0x60/0xb0
[ 110.751904][ T5483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.751915][ T5483] RIP: 0033:0x7f4bb3d8f7c9
[ 110.751926][ T5483] Code: Unable to access opcode bytes at 0x7f4bb3d8f79f.
[ 110.751931][ T5483] RSP: 002b:00007ffd56395328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 110.751944][ T5483] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4bb3d8f7c9
[ 110.751952][ T5483] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 110.751958][ T5483] RBP: 0000000000000003 R08: 0000001d5639541f R09: 00007f4bb3fb4280
[ 110.751966][ T5483] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 110.751976][ T5483] R13: 00007f4bb3fb4280 R14: 0000000000000003 R15: 00007ffd563953e0
[ 110.751989][ T5483]
[ 110.751993][ T5483]
[ 110.888050][ T5483] Allocated by task 5483:
[ 110.889917][ T5483] kasan_save_track+0x3e/0x80
[ 110.891959][ T5483] __kasan_slab_alloc+0x6c/0x80
[ 110.894057][ T5483] kmem_cache_alloc_noprof+0x367/0x6e0
[ 110.896433][ T5483] qd_alloc+0x50/0x250
[ 110.898237][ T5483] gfs2_quota_init+0x762/0x1200
[ 110.900384][ T5483] gfs2_make_fs_rw+0x181/0x2b0
[ 110.902454][ T5483] gfs2_fill_super+0x1a7b/0x20d0
[ 110.904588][ T5483] get_tree_bdev_flags+0x40e/0x4d0
[ 110.906800][ T5483] gfs2_get_tree+0x51/0x1e0
[ 110.908836][ T5483] vfs_get_tree+0x92/0x2b0
[ 110.910793][ T5483] do_new_mount+0x302/0xa10
[ 110.912633][ T5483] __se_sys_mount+0x313/0x410
[ 110.914533][ T5483] do_syscall_64+0xfa/0xfa0
[ 110.916389][ T5483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.918755][ T5483]
[ 110.919760][ T5483] Freed by task 15:
[ 110.921364][ T5483] kasan_save_track+0x3e/0x80
[ 110.923282][ T5483] __kasan_save_free_info+0x46/0x50
[ 110.925380][ T5483] __kasan_slab_free+0x5c/0x80
[ 110.927477][ T5483] kmem_cache_free+0x19b/0x690
[ 110.929546][ T5483] gfs2_qd_dealloc+0x70/0xe0
[ 110.931579][ T5483] rcu_core+0xcab/0x1770
[ 110.933350][ T5483] handle_softirqs+0x286/0x870
[ 110.935397][ T5483] run_ksoftirqd+0x9b/0x100
[ 110.937353][ T5483] smpboot_thread_fn+0x542/0xa60
[ 110.939491][ T5483] kthread+0x711/0x8a0
[ 110.941244][ T5483] ret_from_fork+0x4bc/0x870
[ 110.943251][ T5483] ret_from_fork_asm+0x1a/0x30
[ 110.945306][ T5483]
[ 110.946361][ T5483] Last potentially related work creation:
[ 110.948818][ T5483] kasan_save_stack+0x3e/0x60
[ 110.950858][ T5483] kasan_record_aux_stack+0xbd/0xd0
[ 110.953153][ T5483] call_rcu+0x157/0x9c0
[ 110.954947][ T5483] gfs2_quota_sync+0x3c4/0x460
[ 110.956952][ T5483] gfs2_sync_fs+0x4c/0xb0
[ 110.958849][ T5483] sync_filesystem+0xee/0x230
[ 110.960976][ T5483] generic_shutdown_super+0x6f/0x2c0
[ 110.963209][ T5483] kill_block_super+0x44/0x90
[ 110.965259][ T5483] deactivate_locked_super+0xbc/0x130
[ 110.967602][ T5483] cleanup_mnt+0x425/0x4c0
[ 110.969553][ T5483] task_work_run+0x1d4/0x260
[ 110.971612][ T5483] do_exit+0x6b5/0x2300
[ 110.973411][ T5483] do_group_exit+0x21c/0x2d0
[ 110.975423][ T5483] __x64_sys_exit_group+0x3f/0x40
[ 110.977678][ T5483] x64_sys_call+0x21f7/0x2200
[ 110.979701][ T5483] do_syscall_64+0xfa/0xfa0
[ 110.981649][ T5483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 110.984214][ T5483]
[ 110.985292][ T5483] The buggy address belongs to the object at ffff88800098a000
[ 110.985292][ T5483] which belongs to the cache gfs2_quotad of size 272
[ 110.991269][ T5483] The buggy address is located 128 bytes inside of
[ 110.991269][ T5483] freed 272-byte region [ffff88800098a000, ffff88800098a110)
[ 110.997175][ T5483]
[ 110.998201][ T5483] The buggy address belongs to the physical page:
[ 111.000880][ T5483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x98a
[ 111.004548][ T5483] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
[ 111.007549][ T5483] page_type: f5(slab)
[ 111.009309][ T5483] raw: 007ff00000000000 ffff888032687dc0 dead000000000122 0000000000000000
[ 111.012989][ T5483] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[ 111.016713][ T5483] page dumped because: kasan: bad access detected
[ 111.019533][ T5483] page_owner tracks the page as allocated
[ 111.021996][ T5483] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x52c50(GFP_NOFS|__GFP_RECLAIMABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5483, tgid 5483 (syz.0.17), ts 105510017652, free_ts 102275632308
[ 111.030696][ T5483] post_alloc_hook+0x234/0x290
[ 111.032824][ T5483] get_page_from_freelist+0x2365/0x2440
[ 111.035295][ T5483] __alloc_frozen_pages_noprof+0x181/0x370
[ 111.037885][ T5483] alloc_pages_mpol+0x232/0x4a0
[ 111.040027][ T5483] allocate_slab+0x96/0x350
[ 111.041994][ T5483] ___slab_alloc+0xf56/0x1990
[ 111.044100][ T5483] __slab_alloc+0x65/0x100
[ 111.046129][ T5483] kmem_cache_alloc_noprof+0x3f9/0x6e0
[ 111.048537][ T5483] qd_alloc+0x50/0x250
[ 111.050374][ T5483] gfs2_quota_init+0x762/0x1200
[ 111.052530][ T5483] gfs2_make_fs_rw+0x181/0x2b0
[ 111.054538][ T5483] gfs2_fill_super+0x1a7b/0x20d0
[ 111.056699][ T5483] get_tree_bdev_flags+0x40e/0x4d0
[ 111.058909][ T5483] gfs2_get_tree+0x51/0x1e0
[ 111.060947][ T5483] vfs_get_tree+0x92/0x2b0
[ 111.062948][ T5483] do_new_mount+0x302/0xa10
[ 111.064936][ T5483] page last free pid 5433 tgid 5433 stack trace:
[ 111.067606][ T5483] free_unref_folios+0xdb3/0x14f0
[ 111.069769][ T5483] folios_put_refs+0x584/0x670
[ 111.071829][ T5483] free_pages_and_swap_cache+0x4be/0x520
[ 111.074215][ T5483] tlb_flush_mmu+0x3a0/0x680
[ 111.076320][ T5483] tlb_finish_mmu+0xc3/0x1d0
[ 111.078359][ T5483] exit_mmap+0x444/0xb40
[ 111.080242][ T5483] __mmput+0x118/0x430
[ 111.082049][ T5483] exit_mm+0x1da/0x2c0
[ 111.083885][ T5483] do_exit+0x648/0x2300
[ 111.085683][ T5483] do_group_exit+0x21c/0x2d0
[ 111.087703][ T5483] __x64_sys_exit_group+0x3f/0x40
[ 111.089873][ T5483] x64_sys_call+0x21f7/0x2200
[ 111.091900][ T5483] do_syscall_64+0xfa/0xfa0
[ 111.093900][ T5483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.096372][ T5483]
[ 111.097433][ T5483] Memory state around the buggy address:
[ 111.099812][ T5483] ffff888000989f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 111.103218][ T5483] ffff88800098a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.106654][ T5483] >ffff88800098a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 111.109999][ T5483] ^
[ 111.111682][ T5483] ffff88800098a100: fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00
[ 111.115166][ T5483] ffff88800098a180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 111.118587][ T5483] ==================================================================
[ 111.122653][ T5483] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 111.125740][ T5483] CPU: 0 UID: 0 PID: 5483 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
[ 111.129605][ T5483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 111.134224][ T5483] Call Trace:
[ 111.135681][ T5483]
[ 111.137013][ T5483] dump_stack_lvl+0x99/0x250
[ 111.138977][ T5483] ? __asan_memcpy+0x40/0x70
[ 111.140964][ T5483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.143276][ T5483] ? __pfx__printk+0x10/0x10
[ 111.145261][ T5483] vpanic+0x237/0x6d0
[ 111.147007][ T5483] ? __pfx_vpanic+0x10/0x10
[ 111.148928][ T5483] panic+0xb9/0xc0
[ 111.150547][ T5483] ? __pfx_panic+0x10/0x10
[ 111.152457][ T5483] ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 111.155063][ T5483] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 111.157587][ T5483] ? __list_del_entry_valid_or_report+0xb5/0x190
[ 111.160299][ T5483] check_panic_on_warn+0x89/0xb0
[ 111.162471][ T5483] ? __list_del_entry_valid_or_report+0xb5/0x190
[ 111.165139][ T5483] end_report+0x78/0x160
[ 111.166975][ T5483] kasan_report+0x129/0x150
[ 111.168938][ T5483] ? __list_del_entry_valid_or_report+0xb5/0x190
[ 111.171714][ T5483] __list_del_entry_valid_or_report+0xb5/0x190
[ 111.174333][ T5483] list_lru_del+0x98/0x210
[ 111.176339][ T5483] ? list_lru_del_obj+0x108/0x270
[ 111.178491][ T5483] gfs2_quota_cleanup+0x21e/0x6f0
[ 111.180602][ T5483] ? __pfx_gfs2_quota_cleanup+0x10/0x10
[ 111.182935][ T5483] ? rcu_is_watching+0x15/0xb0
[ 111.185021][ T5483] gfs2_make_fs_ro+0x27a/0x300
[ 111.187134][ T5483] ? __pfx_gfs2_make_fs_ro+0x10/0x10
[ 111.189386][ T5483] ? do_raw_spin_lock+0x121/0x290
[ 111.191563][ T5483] ? do_raw_spin_unlock+0x4d/0x240
[ 111.193756][ T5483] gfs2_put_super+0x224/0x950
[ 111.195828][ T5483] ? __pfx_gfs2_put_super+0x10/0x10
[ 111.198072][ T5483] generic_shutdown_super+0x135/0x2c0
[ 111.200360][ T5483] kill_block_super+0x44/0x90
[ 111.202457][ T5483] deactivate_locked_super+0xbc/0x130
[ 111.204831][ T5483] cleanup_mnt+0x425/0x4c0
[ 111.206745][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 111.208988][ T5483] task_work_run+0x1d4/0x260
[ 111.210949][ T5483] ? __pfx_task_work_run+0x10/0x10
[ 111.213199][ T5483] ? do_exit+0x6b0/0x2300
[ 111.215098][ T5483] ? kmem_cache_free+0x19b/0x690
[ 111.217246][ T5483] do_exit+0x6b5/0x2300
[ 111.219128][ T5483] ? __pfx_do_exit+0x10/0x10
[ 111.221100][ T5483] ? _raw_spin_unlock_irq+0x23/0x50
[ 111.223328][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 111.225528][ T5483] do_group_exit+0x21c/0x2d0
[ 111.227615][ T5483] __x64_sys_exit_group+0x3f/0x40
[ 111.229797][ T5483] x64_sys_call+0x21f7/0x2200
[ 111.231862][ T5483] do_syscall_64+0xfa/0xfa0
[ 111.233864][ T5483] ? lockdep_hardirqs_on+0x9c/0x150
[ 111.236119][ T5483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.238655][ T5483] ? clear_bhb_loop+0x60/0xb0
[ 111.240860][ T5483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.243329][ T5483] RIP: 0033:0x7f4bb3d8f7c9
[ 111.245213][ T5483] Code: Unable to access opcode bytes at 0x7f4bb3d8f79f.
[ 111.248096][ T5483] RSP: 002b:00007ffd56395328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 111.251646][ T5483] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4bb3d8f7c9
[ 111.254807][ T5483] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 111.258094][ T5483] RBP: 0000000000000003 R08: 0000001d5639541f R09: 00007f4bb3fb4280
[ 111.261394][ T5483] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 111.264641][ T5483] R13: 00007f4bb3fb4280 R14: 0000000000000003 R15: 00007ffd563953e0
[ 111.268054][ T5483]
[ 111.269765][ T5483] Kernel Offset: disabled
[ 111.271659][ T5483] Rebooting in 86400 seconds..
VM DIAGNOSIS:
21:45:50 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000cc1f170
R8 =ffff888033558237 R9 =1ffff110066ab046 R10=dffffc0000000000 R11=ffffffff85169580
R12=dffffc0000000000 R13=ffffffff997e7926 R14=ffffffff99afb340 R15=0000000000000000
RIP=ffffffff851695fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88808d72d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000555563a385c8 CR3=000000005949d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000104080 Opmask01=0000000000000109 Opmask02=000000007ffeffff Opmask03=0000000000000000
Opmask04=00000000ffff7fff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a79733a7a79732f 327366672f73662f
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055cafe006e00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7bb2bf1b20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7bb2bf1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7bb2b52c80
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3434444239434431 304243412d463337 392d363146342d39 3131432d43333135
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 540018534b4e494c 56454400184d4554 5359534255530018 4854415056454400
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000