Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
2023/04/05 20:42:22 ignoring optional flag "sandboxArg"="0"
2023/04/05 20:42:22 parsed 1 programs
2023/04/05 20:42:22 executed programs: 0
[ 49.589302][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 49.597349][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 49.605283][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 49.613419][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 49.621050][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 49.628280][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 49.704582][ T5425] chnl_net:caif_netlink_parms(): no params data found
[ 49.735591][ T5425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.742789][ T5425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.749894][ T5425] bridge_slave_0: entered allmulticast mode
[ 49.757063][ T5425] bridge_slave_0: entered promiscuous mode
[ 49.764285][ T5425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.772008][ T5425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.779065][ T5425] bridge_slave_1: entered allmulticast mode
[ 49.785672][ T5425] bridge_slave_1: entered promiscuous mode
[ 49.802584][ T5425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 49.812887][ T5425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 49.833658][ T5425] team0: Port device team_slave_0 added
[ 49.841620][ T5425] team0: Port device team_slave_1 added
[ 49.856571][ T5425] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 49.863610][ T5425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 49.889691][ T5425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 49.901510][ T5425] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 49.908426][ T5425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 49.934681][ T5425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 49.959520][ T5425] hsr_slave_0: entered promiscuous mode
[ 49.966022][ T5425] hsr_slave_1: entered promiscuous mode
[ 50.344482][ T5425] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 50.352945][ T5425] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 50.366245][ T5425] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 50.374494][ T5425] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 50.390632][ T5425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.397673][ T5425] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.404983][ T5425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.412045][ T5425] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.444660][ T5425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.455810][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.464996][ T5093] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.473213][ T5093] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.481100][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 50.491391][ T5425] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.501112][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.509386][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.516460][ T5093] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.535992][ T5425] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 50.546431][ T5425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 50.558694][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.567143][ T890] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.574325][ T890] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.582782][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 50.591644][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 50.599733][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.608595][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.617050][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 50.625162][ T890] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 50.706320][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 50.714171][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 50.723336][ T5425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 50.737332][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 50.747196][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.762833][ T5425] veth0_vlan: entered promiscuous mode
[ 50.768958][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 50.777836][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.788483][ T5425] veth1_vlan: entered promiscuous mode
[ 50.795488][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.803993][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.811592][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 50.825461][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 50.833272][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 50.841655][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.852324][ T5425] veth0_macvtap: entered promiscuous mode
[ 50.860205][ T5425] veth1_macvtap: entered promiscuous mode
[ 50.872897][ T5425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 50.880121][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 50.888237][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 50.896553][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 50.905216][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.916022][ T5425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 50.924240][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 50.933407][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 50.942810][ T5425] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.952854][ T5425] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.961538][ T5425] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 50.970184][ T5425] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.010002][ T3124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.021975][ T3124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.030424][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 51.046922][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.055650][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.065412][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 51.252504][ T5548] loop0: detected capacity change from 0 to 32768
[ 51.270074][ T5548] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 51.278408][ T5548] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 51.301268][ T5548] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 51.310629][ T890] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 51.317470][ T890] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 51.349262][ T890] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 31ms
[ 51.357323][ T890] gfs2: fsid=syz:syz.0: jid=0: Done
[ 51.363716][ T5548] gfs2: fsid=syz:syz.0: first mount done, others may mount
[ 51.444176][ T5548] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 51.478547][ T5425] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 51.478547][ T5425] inode = 11 2340
[ 51.478547][ T5425] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 463
[ 51.497885][ T5425] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 51.508096][ T5425] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5425 [syz-executor.0] gfs2_quota_sync+0x24e/0x540
[ 51.519626][ T5425] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 51.528780][ T5425] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 51.537496][ T5425] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 51.552460][ T5425] CPU: 1 PID: 5425 Comm: syz-executor.0 Not tainted 6.3.0-rc5-syzkaller #0
[ 51.561036][ T5425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 51.571079][ T5425] Call Trace:
[ 51.574354][ T5425]
[ 51.577282][ T5425] dump_stack_lvl+0x8e/0xb0
[ 51.581777][ T5425] gfs2_assert_warn_i+0x15b/0x2b0
[ 51.586792][ T5425] gfs2_quota_cleanup+0x53d/0x740
[ 51.591807][ T5425] gfs2_make_fs_ro+0x1f1/0x600
[ 51.596553][ T5425] ? gfs2_dirty_inode+0x760/0x760
[ 51.602032][ T5425] ? gfs2_instantiate+0x7f/0x1e0
[ 51.606986][ T5425] ? gfs2_glock_wait+0x137/0x280
[ 51.611908][ T5425] gfs2_withdraw+0xcb5/0x1200
[ 51.616574][ T5425] ? gfs2_lm+0x1b0/0x1b0
[ 51.620799][ T5425] ? gfs2_withdraw+0xca4/0x1200
[ 51.625636][ T5425] gfs2_inode_refresh+0xb6f/0xfb0
[ 51.630638][ T5425] ? spin_bug+0x1c0/0x1c0
[ 51.634954][ T5425] ? inode_go_sync+0x450/0x450
[ 51.639707][ T5425] gfs2_instantiate+0x120/0x1e0
[ 51.644540][ T5425] gfs2_glock_wait+0x137/0x280
[ 51.649291][ T5425] do_sync+0x535/0xae0
[ 51.653346][ T5425] ? lock_acquire+0x1af/0x520
[ 51.658006][ T5425] ? gfs2_qa_put+0x120/0x120
[ 51.662580][ T5425] ? gfs2_quota_sync+0x316/0x540
[ 51.667505][ T5425] ? gfs2_quota_sync+0x24e/0x540
[ 51.672432][ T5425] ? spin_bug+0x1c0/0x1c0
[ 51.676830][ T5425] ? do_raw_spin_unlock+0x175/0x230
[ 51.682014][ T5425] gfs2_quota_sync+0x24e/0x540
[ 51.686763][ T5425] ? get_nr_dirty_inodes+0x17/0x180
[ 51.691944][ T5425] gfs2_sync_fs+0x3f/0xa0
[ 51.696256][ T5425] sync_filesystem.part.0+0x63/0x170
[ 51.701528][ T5425] generic_shutdown_super+0x68/0x420
[ 51.706796][ T5425] kill_block_super+0x94/0xd0
[ 51.711452][ T5425] deactivate_locked_super+0x7f/0x130
[ 51.712250][ T47] Bluetooth: hci0: command 0x0409 tx timeout
[ 51.716802][ T5425] cleanup_mnt+0x253/0x360
[ 51.727208][ T5425] ? _raw_spin_unlock_irq+0x23/0x50
[ 51.732392][ T5425] task_work_run+0x12f/0x220
[ 51.736967][ T5425] ? task_work_cancel+0x20/0x20
[ 51.741799][ T5425] ? __x64_sys_umount+0xff/0x120
[ 51.746722][ T5425] exit_to_user_mode_prepare+0x210/0x240
[ 51.752336][ T5425] syscall_exit_to_user_mode+0x1d/0x50
[ 51.757778][ T5425] do_syscall_64+0x46/0xb0
[ 51.762178][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.768050][ T5425] RIP: 0033:0x7f306468d567
[ 51.772538][ T5425] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 51.792154][ T5425] RSP: 002b:00007ffc1cbba1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 51.800550][ T5425] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f306468d567
[ 51.808505][ T5425] RDX: 00007ffc1cbba2a9 RSI: 000000000000000a RDI: 00007ffc1cbba2a0
[ 51.816546][ T5425] RBP: 00007ffc1cbba2a0 R08: 00000000ffffffff R09: 00007ffc1cbba070
[ 51.824498][ T5425] R10: 00005555563b08b3 R11: 0000000000000246 R12: 00007f30646e6b24
[ 51.832452][ T5425] R13: 00007ffc1cbbb360 R14: 00005555563b0810 R15: 00007ffc1cbbb3a0
[ 51.840445][ T5425]
[ 51.850744][ T5425] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 51.859532][ T5425] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 51.868610][ T5425] gfs2: fsid=syz:syz.0: File system withdrawn
[ 51.875109][ T5425] CPU: 1 PID: 5425 Comm: syz-executor.0 Not tainted 6.3.0-rc5-syzkaller #0
[ 51.883679][ T5425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 51.893736][ T5425] Call Trace:
[ 51.897003][ T5425]
[ 51.899924][ T5425] dump_stack_lvl+0x8e/0xb0
[ 51.904414][ T5425] gfs2_withdraw+0xab4/0x1200
[ 51.909082][ T5425] ? gfs2_lm+0x1b0/0x1b0
[ 51.913404][ T5425] gfs2_inode_refresh+0xb6f/0xfb0
[ 51.918407][ T5425] ? spin_bug+0x1c0/0x1c0
[ 51.922717][ T5425] ? inode_go_sync+0x450/0x450
[ 51.927473][ T5425] gfs2_instantiate+0x120/0x1e0
[ 51.932308][ T5425] gfs2_glock_wait+0x137/0x280
[ 51.937056][ T5425] do_sync+0x535/0xae0
[ 51.941112][ T5425] ? lock_acquire+0x1af/0x520
[ 51.945770][ T5425] ? gfs2_qa_put+0x120/0x120
[ 51.950345][ T5425] ? gfs2_quota_sync+0x316/0x540
[ 51.955326][ T5425] ? gfs2_quota_sync+0x24e/0x540
[ 51.960245][ T5425] ? spin_bug+0x1c0/0x1c0
[ 51.964555][ T5425] ? do_raw_spin_unlock+0x175/0x230
[ 51.969740][ T5425] gfs2_quota_sync+0x24e/0x540
[ 51.974490][ T5425] ? get_nr_dirty_inodes+0x17/0x180
[ 51.979677][ T5425] gfs2_sync_fs+0x3f/0xa0
[ 51.983989][ T5425] sync_filesystem.part.0+0x63/0x170
[ 51.989260][ T5425] generic_shutdown_super+0x68/0x420
[ 51.994528][ T5425] kill_block_super+0x94/0xd0
[ 51.999216][ T5425] deactivate_locked_super+0x7f/0x130
[ 52.004573][ T5425] cleanup_mnt+0x253/0x360
[ 52.008970][ T5425] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.014182][ T5425] task_work_run+0x12f/0x220
[ 52.018846][ T5425] ? task_work_cancel+0x20/0x20
[ 52.023687][ T5425] ? __x64_sys_umount+0xff/0x120
[ 52.028609][ T5425] exit_to_user_mode_prepare+0x210/0x240
[ 52.034223][ T5425] syscall_exit_to_user_mode+0x1d/0x50
[ 52.039665][ T5425] do_syscall_64+0x46/0xb0
[ 52.044064][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.049941][ T5425] RIP: 0033:0x7f306468d567
[ 52.054339][ T5425] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.073931][ T5425] RSP: 002b:00007ffc1cbba1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 52.082329][ T5425] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f306468d567
[ 52.090284][ T5425] RDX: 00007ffc1cbba2a9 RSI: 000000000000000a RDI: 00007ffc1cbba2a0
[ 52.098238][ T5425] RBP: 00007ffc1cbba2a0 R08: 00000000ffffffff R09: 00007ffc1cbba070
[ 52.106189][ T5425] R10: 00005555563b08b3 R11: 0000000000000246 R12: 00007f30646e6b24
[ 52.114145][ T5425] R13: 00007ffc1cbbb360 R14: 00005555563b0810 R15: 00007ffc1cbbb3a0
[ 52.122109][ T5425]
[ 52.131778][ T5425] ==================================================================
[ 52.139835][ T5425] BUG: KASAN: slab-use-after-free in qd_unlock+0x1b/0x160
[ 52.146920][ T5425] Read of size 8 at addr ffff888070c9d090 by task syz-executor.0/5425
[ 52.155035][ T5425]
[ 52.157332][ T5425] CPU: 0 PID: 5425 Comm: syz-executor.0 Not tainted 6.3.0-rc5-syzkaller #0
[ 52.165884][ T5425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 52.175931][ T5425] Call Trace:
[ 52.179182][ T5425]
[ 52.182089][ T5425] dump_stack_lvl+0x64/0xb0
[ 52.186561][ T5425] print_address_description.constprop.0+0x2c/0x3c0
[ 52.193117][ T5425] ? qd_unlock+0x1b/0x160
[ 52.197413][ T5425] kasan_report+0x11c/0x130
[ 52.201882][ T5425] ? qd_unlock+0x1b/0x160
[ 52.206179][ T5425] kasan_check_range+0x141/0x190
[ 52.211081][ T5425] qd_unlock+0x1b/0x160
[ 52.215208][ T5425] gfs2_quota_sync+0x2f5/0x540
[ 52.219941][ T5425] ? get_nr_dirty_inodes+0x17/0x180
[ 52.225108][ T5425] gfs2_sync_fs+0x3f/0xa0
[ 52.229403][ T5425] sync_filesystem.part.0+0x63/0x170
[ 52.234655][ T5425] generic_shutdown_super+0x68/0x420
[ 52.239910][ T5425] kill_block_super+0x94/0xd0
[ 52.244555][ T5425] deactivate_locked_super+0x7f/0x130
[ 52.249917][ T5425] cleanup_mnt+0x253/0x360
[ 52.254298][ T5425] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.259463][ T5425] task_work_run+0x12f/0x220
[ 52.264024][ T5425] ? task_work_cancel+0x20/0x20
[ 52.268840][ T5425] ? __x64_sys_umount+0xff/0x120
[ 52.273743][ T5425] exit_to_user_mode_prepare+0x210/0x240
[ 52.279341][ T5425] syscall_exit_to_user_mode+0x1d/0x50
[ 52.284767][ T5425] do_syscall_64+0x46/0xb0
[ 52.289150][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.295010][ T5425] RIP: 0033:0x7f306468d567
[ 52.299397][ T5425] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.318975][ T5425] RSP: 002b:00007ffc1cbba1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 52.327353][ T5425] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f306468d567
[ 52.335317][ T5425] RDX: 00007ffc1cbba2a9 RSI: 000000000000000a RDI: 00007ffc1cbba2a0
[ 52.343255][ T5425] RBP: 00007ffc1cbba2a0 R08: 00000000ffffffff R09: 00007ffc1cbba070
[ 52.351191][ T5425] R10: 00005555563b08b3 R11: 0000000000000246 R12: 00007f30646e6b24
[ 52.359129][ T5425] R13: 00007ffc1cbbb360 R14: 00005555563b0810 R15: 00007ffc1cbbb3a0
[ 52.367090][ T5425]
[ 52.370078][ T5425]
[ 52.372373][ T5425] Allocated by task 5548:
[ 52.376666][ T5425] kasan_save_stack+0x22/0x40
[ 52.381311][ T5425] kasan_set_track+0x25/0x30
[ 52.385870][ T5425] __kasan_slab_alloc+0x7f/0x90
[ 52.390704][ T5425] kmem_cache_alloc+0x17c/0x3b0
[ 52.395516][ T5425] qd_alloc+0x48/0x2d0
[ 52.399556][ T5425] gfs2_quota_init+0x58d/0xcd0
[ 52.404281][ T5425] gfs2_make_fs_rw+0x332/0x500
[ 52.409008][ T5425] gfs2_fill_super+0x1cf1/0x2650
[ 52.413910][ T5425] get_tree_bdev+0x39c/0x680
[ 52.418484][ T5425] gfs2_get_tree+0x49/0x240
[ 52.422976][ T5425] vfs_get_tree+0x83/0x320
[ 52.427357][ T5425] path_mount+0x82d/0x1a30
[ 52.431736][ T5425] __x64_sys_mount+0x1f9/0x270
[ 52.436463][ T5425] do_syscall_64+0x39/0xb0
[ 52.440874][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.446734][ T5425]
[ 52.449027][ T5425] Freed by task 21:
[ 52.452799][ T5425] kasan_save_stack+0x22/0x40
[ 52.457442][ T5425] kasan_set_track+0x25/0x30
[ 52.461994][ T5425] kasan_save_free_info+0x2e/0x40
[ 52.466983][ T5425] ____kasan_slab_free+0x160/0x1c0
[ 52.472056][ T5425] slab_free_freelist_hook+0x8b/0x1c0
[ 52.477394][ T5425] kmem_cache_free+0xe9/0x480
[ 52.482034][ T5425] rcu_core+0x814/0x1960
[ 52.486248][ T5425] __do_softirq+0x1d4/0x905
[ 52.490740][ T5425]
[ 52.493039][ T5425] Last potentially related work creation:
[ 52.498717][ T5425] kasan_save_stack+0x22/0x40
[ 52.503358][ T5425] __kasan_record_aux_stack+0xbc/0xd0
[ 52.508694][ T5425] __call_rcu_common.constprop.0+0x99/0x7e0
[ 52.514575][ T5425] gfs2_quota_cleanup+0x3bb/0x740
[ 52.519567][ T5425] gfs2_make_fs_ro+0x1f1/0x600
[ 52.524384][ T5425] gfs2_withdraw+0xcb5/0x1200
[ 52.529027][ T5425] gfs2_inode_refresh+0xb6f/0xfb0
[ 52.534018][ T5425] gfs2_instantiate+0x120/0x1e0
[ 52.538834][ T5425] gfs2_glock_wait+0x137/0x280
[ 52.543559][ T5425] do_sync+0x535/0xae0
[ 52.547679][ T5425] gfs2_quota_sync+0x24e/0x540
[ 52.552407][ T5425] gfs2_sync_fs+0x3f/0xa0
[ 52.556697][ T5425] sync_filesystem.part.0+0x63/0x170
[ 52.561975][ T5425] generic_shutdown_super+0x68/0x420
[ 52.567221][ T5425] kill_block_super+0x94/0xd0
[ 52.571863][ T5425] deactivate_locked_super+0x7f/0x130
[ 52.577197][ T5425] cleanup_mnt+0x253/0x360
[ 52.581581][ T5425] task_work_run+0x12f/0x220
[ 52.586154][ T5425] exit_to_user_mode_prepare+0x210/0x240
[ 52.591763][ T5425] syscall_exit_to_user_mode+0x1d/0x50
[ 52.597214][ T5425] do_syscall_64+0x46/0xb0
[ 52.601693][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.607564][ T5425]
[ 52.609861][ T5425] The buggy address belongs to the object at ffff888070c9d000
[ 52.609861][ T5425] which belongs to the cache gfs2_quotad of size 272
[ 52.623888][ T5425] The buggy address is located 144 bytes inside of
[ 52.623888][ T5425] freed 272-byte region [ffff888070c9d000, ffff888070c9d110)
[ 52.637650][ T5425]
[ 52.639946][ T5425] The buggy address belongs to the physical page:
[ 52.646348][ T5425] page:ffffea0001c32740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x70c9d
[ 52.656459][ T5425] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 52.663973][ T5425] raw: 00fff00000000200 ffff888146082280 dead000000000122 0000000000000000
[ 52.672525][ T5425] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 52.681071][ T5425] page dumped because: kasan: bad access detected
[ 52.687448][ T5425] page_owner tracks the page as allocated
[ 52.693133][ T5425] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5548, tgid 5547 (syz-executor.0), ts 51427492260, free_ts 32591516505
[ 52.714537][ T5425] get_page_from_freelist+0x1190/0x2e20
[ 52.720053][ T5425] __alloc_pages+0x1cb/0x4a0
[ 52.724607][ T5425] allocate_slab+0x25f/0x390
[ 52.729164][ T5425] ___slab_alloc+0xa91/0x1400
[ 52.733803][ T5425] __slab_alloc.constprop.0+0x56/0xa0
[ 52.739169][ T5425] kmem_cache_alloc+0x38e/0x3b0
[ 52.743985][ T5425] qd_alloc+0x48/0x2d0
[ 52.748019][ T5425] gfs2_quota_init+0x58d/0xcd0
[ 52.752753][ T5425] gfs2_make_fs_rw+0x332/0x500
[ 52.757482][ T5425] gfs2_fill_super+0x1cf1/0x2650
[ 52.762384][ T5425] get_tree_bdev+0x39c/0x680
[ 52.766936][ T5425] gfs2_get_tree+0x49/0x240
[ 52.771403][ T5425] vfs_get_tree+0x83/0x320
[ 52.775786][ T5425] path_mount+0x82d/0x1a30
[ 52.780165][ T5425] __x64_sys_mount+0x1f9/0x270
[ 52.784893][ T5425] do_syscall_64+0x39/0xb0
[ 52.789277][ T5425] page last free stack trace:
[ 52.793918][ T5425] free_pcp_prepare+0x5d5/0xa50
[ 52.798732][ T5425] free_unref_page+0x1d/0x490
[ 52.803374][ T5425] release_pages+0x2ed/0x10e0
[ 52.808041][ T5425] tlb_batch_pages_flush+0x85/0x160
[ 52.813202][ T5425] tlb_finish_mmu+0x114/0x6c0
[ 52.817842][ T5425] exit_mmap+0x1d0/0x540
[ 52.822050][ T5425] __mmput+0xf3/0x440
[ 52.825996][ T5425] do_exit+0x88d/0x2480
[ 52.830117][ T5425] do_group_exit+0xb4/0x250
[ 52.834608][ T5425] __x64_sys_exit_group+0x39/0x40
[ 52.839598][ T5425] do_syscall_64+0x39/0xb0
[ 52.843979][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.849839][ T5425]
[ 52.852153][ T5425] Memory state around the buggy address:
[ 52.857770][ T5425] ffff888070c9cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.865795][ T5425] ffff888070c9d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.873821][ T5425] >ffff888070c9d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.881846][ T5425] ^
[ 52.886420][ T5425] ffff888070c9d100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.894458][ T5425] ffff888070c9d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 52.902489][ T5425] ==================================================================
[ 52.925674][ T5425] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 52.932864][ T5425] CPU: 1 PID: 5425 Comm: syz-executor.0 Not tainted 6.3.0-rc5-syzkaller #0
[ 52.941422][ T5425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
[ 52.951446][ T5425] Call Trace:
[ 52.954697][ T5425]
[ 52.957602][ T5425] dump_stack_lvl+0x64/0xb0
[ 52.962073][ T5425] panic+0x4af/0x550
[ 52.965941][ T5425] ? panic_smp_self_stop+0x70/0x70
[ 52.971039][ T5425] ? preempt_schedule_thunk+0x1a/0x20
[ 52.976376][ T5425] ? preempt_schedule_common+0x45/0xb0
[ 52.981799][ T5425] ? preempt_schedule_thunk+0x1a/0x20
[ 52.987138][ T5425] check_panic_on_warn+0x75/0x80
[ 52.992040][ T5425] end_report+0xe9/0x120
[ 52.996250][ T5425] ? qd_unlock+0x1b/0x160
[ 53.000548][ T5425] kasan_report+0xf9/0x130
[ 53.004932][ T5425] ? qd_unlock+0x1b/0x160
[ 53.009227][ T5425] kasan_check_range+0x141/0x190
[ 53.014128][ T5425] qd_unlock+0x1b/0x160
[ 53.018249][ T5425] gfs2_quota_sync+0x2f5/0x540
[ 53.022981][ T5425] ? get_nr_dirty_inodes+0x17/0x180
[ 53.028149][ T5425] gfs2_sync_fs+0x3f/0xa0
[ 53.032466][ T5425] sync_filesystem.part.0+0x63/0x170
[ 53.037721][ T5425] generic_shutdown_super+0x68/0x420
[ 53.042997][ T5425] kill_block_super+0x94/0xd0
[ 53.047647][ T5425] deactivate_locked_super+0x7f/0x130
[ 53.052988][ T5425] cleanup_mnt+0x253/0x360
[ 53.057374][ T5425] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.062542][ T5425] task_work_run+0x12f/0x220
[ 53.067097][ T5425] ? task_work_cancel+0x20/0x20
[ 53.071911][ T5425] ? __x64_sys_umount+0xff/0x120
[ 53.076812][ T5425] exit_to_user_mode_prepare+0x210/0x240
[ 53.082411][ T5425] syscall_exit_to_user_mode+0x1d/0x50
[ 53.087857][ T5425] do_syscall_64+0x46/0xb0
[ 53.092240][ T5425] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.098098][ T5425] RIP: 0033:0x7f306468d567
[ 53.102485][ T5425] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 53.122058][ T5425] RSP: 002b:00007ffc1cbba1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 53.130436][ T5425] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f306468d567
[ 53.138376][ T5425] RDX: 00007ffc1cbba2a9 RSI: 000000000000000a RDI: 00007ffc1cbba2a0
[ 53.146314][ T5425] RBP: 00007ffc1cbba2a0 R08: 00000000ffffffff R09: 00007ffc1cbba070
[ 53.154251][ T5425] R10: 00005555563b08b3 R11: 0000000000000246 R12: 00007f30646e6b24
[ 53.162190][ T5425] R13: 00007ffc1cbbb360 R14: 00005555563b0810 R15: 00007ffc1cbbb3a0
[ 53.170131][ T5425]
[ 53.173993][ T5425] Kernel Offset: disabled
[ 53.178311][ T5425] Rebooting in 86400 seconds..