[ 44.767933][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.780725][ T54] device veth1_macvtap left promiscuous mode [ 44.786932][ T54] device veth0_macvtap left promiscuous mode [ 44.794084][ T54] device veth1_vlan left promiscuous mode [ 44.800295][ T54] device veth0_vlan left promiscuous mode [ 44.899393][ T54] team0 (unregistering): Port device team_slave_1 removed [ 44.911173][ T54] team0 (unregistering): Port device team_slave_0 removed [ 44.921068][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 44.932341][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 44.965820][ T54] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts. 2023/03/06 13:31:42 ignoring optional flag "sandboxArg"="0" 2023/03/06 13:31:42 parsed 1 programs 2023/03/06 13:31:42 executed programs: 0 [ 59.550737][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.558395][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.565823][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.574477][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.581867][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.589208][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.656154][ T5530] chnl_net:caif_netlink_parms(): no params data found [ 59.682766][ T5530] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.690173][ T5530] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.698273][ T5530] device bridge_slave_0 entered promiscuous mode [ 59.705655][ T5530] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.712802][ T5530] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.720265][ T5530] device bridge_slave_1 entered promiscuous mode [ 59.735238][ T5530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.745468][ T5530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.762729][ T5530] team0: Port device team_slave_0 added [ 59.769453][ T5530] team0: Port device team_slave_1 added [ 59.782688][ T5530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.789720][ T5530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.816468][ T5530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.828585][ T5530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.835511][ T5530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.861790][ T5530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.883486][ T5530] device hsr_slave_0 entered promiscuous mode [ 59.889975][ T5530] device hsr_slave_1 entered promiscuous mode [ 60.674288][ T5530] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.684946][ T5530] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.703387][ T5530] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.713474][ T5530] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.763961][ T5530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.776582][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.785805][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.795298][ T5530] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.805223][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.814643][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.823296][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.830408][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.847296][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.855332][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.864017][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.872558][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.879662][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.888707][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.897649][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.906193][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.916379][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.931408][ T5530] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.944563][ T5530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.957385][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.965159][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.974494][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.983307][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.991800][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.002585][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.142769][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.151570][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.161845][ T5530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.178137][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.186929][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.206399][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.214687][ T5078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.223993][ T5530] device veth0_vlan entered promiscuous mode [ 61.233250][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.240919][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.252126][ T5530] device veth1_vlan entered promiscuous mode [ 61.272711][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 61.281227][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 61.290446][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.299202][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.310114][ T5530] device veth0_macvtap entered promiscuous mode [ 61.321130][ T5530] device veth1_macvtap entered promiscuous mode [ 61.336045][ T5530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.343732][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.353195][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.361231][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.371406][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.382188][ T5530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.391000][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.399782][ T892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.412571][ T5530] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.421814][ T5530] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.431855][ T5530] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.440846][ T5530] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.491091][ T3416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.499975][ T3416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.512321][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.518228][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.521139][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.536945][ T5081] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 61.648013][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 61.833931][ T5604] loop0: detected capacity change from 0 to 32768 [ 61.849687][ T5604] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 61.858697][ T5604] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 61.874807][ T5604] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 61.884807][ T5081] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 61.895907][ T5081] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 61.933469][ T5081] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms [ 61.943554][ T5081] gfs2: fsid=syz:syz.0: jid=0: Done [ 61.949717][ T5604] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 62.076800][ T5604] gfs2: fsid=syz:syz.0: found 1 quota changes [ 62.121454][ T5530] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error [ 62.121454][ T5530] inode = 11 2340 [ 62.121454][ T5530] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 457 [ 62.142184][ T5530] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1 [ 62.152343][ T5530] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5530 [syz-executor.0] gfs2_quota_sync+0x2e6/0x660 [ 62.163598][ T5530] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0 [ 62.172038][ T5530] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 62.186044][ T5530] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474 [ 62.200846][ T5530] CPU: 1 PID: 5530 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0 [ 62.209975][ T5530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.220040][ T5530] Call Trace: [ 62.223328][ T5530] [ 62.226266][ T5530] dump_stack_lvl+0xd1/0x138 [ 62.230877][ T5530] gfs2_assert_warn_i.cold+0x3a/0x11f [ 62.236270][ T5530] gfs2_quota_cleanup+0x667/0x860 [ 62.241317][ T5530] gfs2_make_fs_ro+0x202/0x610 [ 62.246087][ T5530] ? gfs2_dirty_inode+0x820/0x820 [ 62.251125][ T5530] ? do_raw_spin_unlock+0x175/0x230 [ 62.256338][ T5530] ? __gfs2_holder_init+0x18b/0x2f0 [ 62.261552][ T5530] gfs2_withdraw.cold+0x4b4/0xf9a [ 62.266601][ T5530] ? gfs2_lm+0x1a0/0x1a0 [ 62.270858][ T5530] ? gfs2_withdraw.cold+0xc25/0xf9a [ 62.276075][ T5530] gfs2_inode_refresh+0xbf8/0xf60 [ 62.281118][ T5530] ? inode_go_sync+0x560/0x560 [ 62.285907][ T5530] inode_go_instantiate+0x4a/0x70 [ 62.290947][ T5530] gfs2_instantiate+0x16a/0x250 [ 62.295823][ T5530] gfs2_glock_wait+0x197/0x2e0 [ 62.300585][ T5530] gfs2_glock_nq+0xae4/0x1470 [ 62.305258][ T5530] ? do_raw_spin_unlock+0x175/0x230 [ 62.310450][ T5530] ? __gfs2_holder_init+0x18b/0x2f0 [ 62.315653][ T5530] do_sync+0x62f/0xcf0 [ 62.319725][ T5530] ? gfs2_qa_put+0x160/0x160 [ 62.324316][ T5530] ? gfs2_quota_sync+0x3f5/0x660 [ 62.329254][ T5530] ? gfs2_quota_sync+0x2e6/0x660 [ 62.334191][ T5530] ? rwlock_bug.part.0+0x90/0x90 [ 62.339134][ T5530] gfs2_quota_sync+0x2e6/0x660 [ 62.343905][ T5530] gfs2_sync_fs+0x44/0xb0 [ 62.348232][ T5530] ? rgrp_unlock_local+0x20/0x20 [ 62.353164][ T5530] sync_filesystem.part.0+0x75/0x1d0 [ 62.358441][ T5530] sync_filesystem+0x8f/0xc0 [ 62.363022][ T5530] generic_shutdown_super+0x74/0x410 [ 62.368394][ T5530] kill_block_super+0x9b/0xf0 [ 62.373068][ T5530] gfs2_kill_sb+0x108/0x170 [ 62.377656][ T5530] deactivate_locked_super+0x98/0x160 [ 62.383073][ T5530] deactivate_super+0xb1/0xd0 [ 62.387749][ T5530] cleanup_mnt+0x2ae/0x3d0 [ 62.392163][ T5530] task_work_run+0x16f/0x270 [ 62.396953][ T5530] ? task_work_cancel+0x30/0x30 [ 62.401809][ T5530] exit_to_user_mode_prepare+0x23c/0x250 [ 62.407440][ T5530] syscall_exit_to_user_mode+0x1d/0x50 [ 62.412909][ T5530] do_syscall_64+0x46/0xb0 [ 62.417324][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.423215][ T5530] RIP: 0033:0x7f3b10c8d567 [ 62.427620][ T5530] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.447222][ T5530] RSP: 002b:00007fffad5dbb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 62.455629][ T5530] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3b10c8d567 [ 62.463630][ T5530] RDX: 00007fffad5dbbe9 RSI: 000000000000000a RDI: 00007fffad5dbbe0 [ 62.471606][ T5530] RBP: 00007fffad5dbbe0 R08: 00000000ffffffff R09: 00007fffad5db9b0 [ 62.479652][ T5530] R10: 00005555555e18b3 R11: 0000000000000246 R12: 00007f3b10ce6b24 [ 62.487612][ T5530] R13: 00007fffad5dcca0 R14: 00005555555e1810 R15: 00007fffad5dcce0 [ 62.495585][ T5530] [ 62.504479][ T5530] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 62.518982][ T5530] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 62.531062][ T5530] gfs2: fsid=syz:syz.0: File system withdrawn [ 62.538025][ T5530] CPU: 0 PID: 5530 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0 [ 62.547148][ T5530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.557204][ T5530] Call Trace: [ 62.560473][ T5530] [ 62.563423][ T5530] dump_stack_lvl+0xd1/0x138 [ 62.568035][ T5530] gfs2_withdraw.cold+0x275/0xf9a [ 62.573075][ T5530] ? gfs2_lm+0x1a0/0x1a0 [ 62.577321][ T5530] gfs2_inode_refresh+0xbf8/0xf60 [ 62.582344][ T5530] ? inode_go_sync+0x560/0x560 [ 62.587112][ T5530] inode_go_instantiate+0x4a/0x70 [ 62.592153][ T5530] gfs2_instantiate+0x16a/0x250 [ 62.597000][ T5530] gfs2_glock_wait+0x197/0x2e0 [ 62.601766][ T5530] gfs2_glock_nq+0xae4/0x1470 [ 62.606440][ T5530] ? do_raw_spin_unlock+0x175/0x230 [ 62.611636][ T5530] ? __gfs2_holder_init+0x18b/0x2f0 [ 62.616829][ T5530] do_sync+0x62f/0xcf0 [ 62.620910][ T5530] ? gfs2_qa_put+0x160/0x160 [ 62.625495][ T5530] ? gfs2_quota_sync+0x3f5/0x660 [ 62.630437][ T5530] ? gfs2_quota_sync+0x2e6/0x660 [ 62.635388][ T5530] ? rwlock_bug.part.0+0x90/0x90 [ 62.640321][ T5530] gfs2_quota_sync+0x2e6/0x660 [ 62.645082][ T5530] gfs2_sync_fs+0x44/0xb0 [ 62.649493][ T5530] ? rgrp_unlock_local+0x20/0x20 [ 62.654546][ T5530] sync_filesystem.part.0+0x75/0x1d0 [ 62.659839][ T5530] sync_filesystem+0x8f/0xc0 [ 62.664428][ T5530] generic_shutdown_super+0x74/0x410 [ 62.669744][ T5530] kill_block_super+0x9b/0xf0 [ 62.674486][ T5530] gfs2_kill_sb+0x108/0x170 [ 62.678995][ T5530] deactivate_locked_super+0x98/0x160 [ 62.684369][ T5530] deactivate_super+0xb1/0xd0 [ 62.689054][ T5530] cleanup_mnt+0x2ae/0x3d0 [ 62.693474][ T5530] task_work_run+0x16f/0x270 [ 62.698153][ T5530] ? task_work_cancel+0x30/0x30 [ 62.703007][ T5530] exit_to_user_mode_prepare+0x23c/0x250 [ 62.708637][ T5530] syscall_exit_to_user_mode+0x1d/0x50 [ 62.714092][ T5530] do_syscall_64+0x46/0xb0 [ 62.718506][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.724399][ T5530] RIP: 0033:0x7f3b10c8d567 [ 62.728805][ T5530] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.748497][ T5530] RSP: 002b:00007fffad5dbb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 62.756904][ T5530] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3b10c8d567 [ 62.764866][ T5530] RDX: 00007fffad5dbbe9 RSI: 000000000000000a RDI: 00007fffad5dbbe0 [ 62.772829][ T5530] RBP: 00007fffad5dbbe0 R08: 00000000ffffffff R09: 00007fffad5db9b0 [ 62.780793][ T5530] R10: 00005555555e18b3 R11: 0000000000000246 R12: 00007f3b10ce6b24 [ 62.788751][ T5530] R13: 00007fffad5dcca0 R14: 00005555555e1810 R15: 00007fffad5dcce0 [ 62.796726][ T5530] [ 62.810173][ T5530] ================================================================== [ 62.818251][ T5530] BUG: KASAN: use-after-free in qd_unlock+0x20/0x190 [ 62.824939][ T5530] Read of size 8 at addr ffff888072ba0090 by task syz-executor.0/5530 [ 62.833091][ T5530] [ 62.835495][ T5530] CPU: 1 PID: 5530 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0 [ 62.844606][ T5530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.854660][ T5530] Call Trace: [ 62.857935][ T5530] [ 62.860865][ T5530] dump_stack_lvl+0xd1/0x138 [ 62.865476][ T5530] print_report+0x15e/0x45d [ 62.869986][ T5530] ? __phys_addr+0xc8/0x140 [ 62.874499][ T5530] ? qd_unlock+0x20/0x190 [ 62.878839][ T5530] kasan_report+0xbf/0x1f0 [ 62.883265][ T5530] ? qd_unlock+0x20/0x190 [ 62.887602][ T5530] kasan_check_range+0x141/0x190 [ 62.892547][ T5530] qd_unlock+0x20/0x190 [ 62.896712][ T5530] gfs2_quota_sync+0x39d/0x660 [ 62.901490][ T5530] gfs2_sync_fs+0x44/0xb0 [ 62.905918][ T5530] ? rgrp_unlock_local+0x20/0x20 [ 62.910867][ T5530] sync_filesystem.part.0+0x75/0x1d0 [ 62.916159][ T5530] sync_filesystem+0x8f/0xc0 [ 62.920757][ T5530] generic_shutdown_super+0x74/0x410 [ 62.926055][ T5530] kill_block_super+0x9b/0xf0 [ 62.930737][ T5530] gfs2_kill_sb+0x108/0x170 [ 62.935259][ T5530] deactivate_locked_super+0x98/0x160 [ 62.940640][ T5530] deactivate_super+0xb1/0xd0 [ 62.945418][ T5530] cleanup_mnt+0x2ae/0x3d0 [ 62.949844][ T5530] task_work_run+0x16f/0x270 [ 62.954444][ T5530] ? task_work_cancel+0x30/0x30 [ 62.959310][ T5530] exit_to_user_mode_prepare+0x23c/0x250 [ 62.964957][ T5530] syscall_exit_to_user_mode+0x1d/0x50 [ 62.970420][ T5530] do_syscall_64+0x46/0xb0 [ 62.974845][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.980752][ T5530] RIP: 0033:0x7f3b10c8d567 [ 62.985163][ T5530] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.004882][ T5530] RSP: 002b:00007fffad5dbb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 63.013300][ T5530] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3b10c8d567 [ 63.021274][ T5530] RDX: 00007fffad5dbbe9 RSI: 000000000000000a RDI: 00007fffad5dbbe0 [ 63.029244][ T5530] RBP: 00007fffad5dbbe0 R08: 00000000ffffffff R09: 00007fffad5db9b0 [ 63.037214][ T5530] R10: 00005555555e18b3 R11: 0000000000000246 R12: 00007f3b10ce6b24 [ 63.045186][ T5530] R13: 00007fffad5dcca0 R14: 00005555555e1810 R15: 00007fffad5dcce0 [ 63.053168][ T5530] [ 63.056361][ T5530] [ 63.058709][ T5530] Allocated by task 5604: [ 63.063026][ T5530] kasan_save_stack+0x22/0x40 [ 63.067711][ T5530] kasan_set_track+0x25/0x30 [ 63.072307][ T5530] __kasan_slab_alloc+0x82/0x90 [ 63.077168][ T5530] kmem_cache_alloc+0x1e4/0x430 [ 63.082017][ T5530] qd_alloc+0x4e/0x300 [ 63.086094][ T5530] gfs2_quota_init+0x7bb/0xf70 [ 63.090862][ T5530] gfs2_make_fs_rw+0x424/0x640 [ 63.095651][ T5530] gfs2_fill_super+0x22c8/0x27a0 [ 63.100596][ T5530] get_tree_bdev+0x444/0x760 [ 63.105196][ T5530] gfs2_get_tree+0x4e/0x270 [ 63.109704][ T5530] vfs_get_tree+0x8d/0x2f0 [ 63.114128][ T5530] path_mount+0x132a/0x1e20 [ 63.118642][ T5530] __x64_sys_mount+0x283/0x300 [ 63.123411][ T5530] do_syscall_64+0x39/0xb0 [ 63.127948][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.133868][ T5530] [ 63.136186][ T5530] Freed by task 5530: [ 63.140158][ T5530] kasan_save_stack+0x22/0x40 [ 63.144836][ T5530] kasan_set_track+0x25/0x30 [ 63.149428][ T5530] kasan_save_free_info+0x2e/0x40 [ 63.154456][ T5530] ____kasan_slab_free+0x160/0x1c0 [ 63.159581][ T5530] slab_free_freelist_hook+0x8b/0x1c0 [ 63.164961][ T5530] kmem_cache_free+0xee/0x5c0 [ 63.169634][ T5530] rcu_core+0x81f/0x1980 [ 63.173884][ T5530] __do_softirq+0x1fb/0xadc [ 63.178389][ T5530] [ 63.180710][ T5530] Last potentially related work creation: [ 63.186413][ T5530] kasan_save_stack+0x22/0x40 [ 63.191091][ T5530] __kasan_record_aux_stack+0xbc/0xd0 [ 63.196471][ T5530] __call_rcu_common.constprop.0+0x99/0x820 [ 63.202370][ T5530] gfs2_quota_cleanup+0x483/0x860 [ 63.207405][ T5530] gfs2_make_fs_ro+0x202/0x610 [ 63.212173][ T5530] gfs2_withdraw.cold+0x4b4/0xf9a [ 63.217203][ T5530] gfs2_inode_refresh+0xbf8/0xf60 [ 63.222235][ T5530] inode_go_instantiate+0x4a/0x70 [ 63.227266][ T5530] gfs2_instantiate+0x16a/0x250 [ 63.232126][ T5530] gfs2_glock_wait+0x197/0x2e0 [ 63.236986][ T5530] gfs2_glock_nq+0xae4/0x1470 [ 63.241671][ T5530] do_sync+0x62f/0xcf0 [ 63.245744][ T5530] gfs2_quota_sync+0x2e6/0x660 [ 63.250510][ T5530] gfs2_sync_fs+0x44/0xb0 [ 63.254951][ T5530] sync_filesystem.part.0+0x75/0x1d0 [ 63.260247][ T5530] sync_filesystem+0x8f/0xc0 [ 63.264846][ T5530] generic_shutdown_super+0x74/0x410 [ 63.270143][ T5530] kill_block_super+0x9b/0xf0 [ 63.274854][ T5530] gfs2_kill_sb+0x108/0x170 [ 63.279365][ T5530] deactivate_locked_super+0x98/0x160 [ 63.284831][ T5530] deactivate_super+0xb1/0xd0 [ 63.289510][ T5530] cleanup_mnt+0x2ae/0x3d0 [ 63.294195][ T5530] task_work_run+0x16f/0x270 [ 63.298882][ T5530] exit_to_user_mode_prepare+0x23c/0x250 [ 63.304516][ T5530] syscall_exit_to_user_mode+0x1d/0x50 [ 63.309976][ T5530] do_syscall_64+0x46/0xb0 [ 63.314396][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.320302][ T5530] [ 63.322629][ T5530] The buggy address belongs to the object at ffff888072ba0000 [ 63.322629][ T5530] which belongs to the cache gfs2_quotad of size 272 [ 63.336683][ T5530] The buggy address is located 144 bytes inside of [ 63.336683][ T5530] 272-byte region [ffff888072ba0000, ffff888072ba0110) [ 63.349961][ T5530] [ 63.352281][ T5530] The buggy address belongs to the physical page: [ 63.358694][ T5530] page:ffffea0001cae800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72ba0 [ 63.368849][ T5530] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 63.376397][ T5530] raw: 00fff00000000200 ffff888018fab140 dead000000000122 0000000000000000 [ 63.384983][ T5530] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 63.393568][ T5530] page dumped because: kasan: bad access detected [ 63.399970][ T5530] page_owner tracks the page as allocated [ 63.405679][ T5530] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 5604, tgid 5603 (syz-executor.0), ts 62041431121, free_ts 61836511251 [ 63.427570][ T5530] get_page_from_freelist+0x119c/0x2ce0 [ 63.433128][ T5530] __alloc_pages+0x1cb/0x5b0 [ 63.437810][ T5530] alloc_pages+0x1aa/0x270 [ 63.442230][ T5530] allocate_slab+0x25f/0x350 [ 63.446827][ T5530] ___slab_alloc+0xa91/0x1400 [ 63.451501][ T5530] __slab_alloc.constprop.0+0x56/0xa0 [ 63.456962][ T5530] kmem_cache_alloc+0x379/0x430 [ 63.462100][ T5530] qd_alloc+0x4e/0x300 [ 63.466184][ T5530] gfs2_quota_init+0x7bb/0xf70 [ 63.471571][ T5530] gfs2_make_fs_rw+0x424/0x640 [ 63.476373][ T5530] gfs2_fill_super+0x22c8/0x27a0 [ 63.481318][ T5530] get_tree_bdev+0x444/0x760 [ 63.485924][ T5530] gfs2_get_tree+0x4e/0x270 [ 63.490426][ T5530] vfs_get_tree+0x8d/0x2f0 [ 63.494848][ T5530] path_mount+0x132a/0x1e20 [ 63.499371][ T5530] __x64_sys_mount+0x283/0x300 [ 63.504150][ T5530] page last free stack trace: [ 63.508921][ T5530] free_pcp_prepare+0x66a/0xc20 [ 63.513781][ T5530] free_unref_page+0x1d/0x490 [ 63.518465][ T5530] __unfreeze_partials+0x17c/0x1a0 [ 63.523577][ T5530] qlist_free_all+0x6a/0x170 [ 63.528176][ T5530] kasan_quarantine_reduce+0x192/0x220 [ 63.533639][ T5530] __kasan_slab_alloc+0x66/0x90 [ 63.538492][ T5530] kmem_cache_alloc+0x1e4/0x430 [ 63.543344][ T5530] getname_flags.part.0+0x50/0x4f0 [ 63.548470][ T5530] __x64_sys_unlink+0xb5/0x110 [ 63.553245][ T5530] do_syscall_64+0x39/0xb0 [ 63.557676][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.563580][ T5530] [ 63.565903][ T5530] Memory state around the buggy address: [ 63.571527][ T5530] ffff888072b9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.579672][ T5530] ffff888072ba0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.587739][ T5530] >ffff888072ba0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.595795][ T5530] ^ [ 63.600380][ T5530] ffff888072ba0100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.608447][ T5530] ffff888072ba0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.616506][ T5530] ================================================================== [ 63.630736][ T5530] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.637943][ T5530] CPU: 1 PID: 5530 Comm: syz-executor.0 Not tainted 6.2.0-rc1-syzkaller-dirty #0 [ 63.647052][ T5530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.657106][ T5530] Call Trace: [ 63.660385][ T5530] [ 63.663313][ T5530] dump_stack_lvl+0xd1/0x138 [ 63.667932][ T5530] panic+0x2cc/0x626 [ 63.671840][ T5530] ? panic_print_sys_info.part.0+0x110/0x110 [ 63.678014][ T5530] ? preempt_schedule_thunk+0x1a/0x20 [ 63.683407][ T5530] ? preempt_schedule_common+0x59/0xc0 [ 63.688880][ T5530] check_panic_on_warn.cold+0x19/0x35 [ 63.694263][ T5530] end_report.part.0+0x36/0x73 [ 63.699041][ T5530] ? qd_unlock+0x20/0x190 [ 63.703381][ T5530] kasan_report.cold+0xa/0xf [ 63.707980][ T5530] ? qd_unlock+0x20/0x190 [ 63.712322][ T5530] kasan_check_range+0x141/0x190 [ 63.717263][ T5530] qd_unlock+0x20/0x190 [ 63.721426][ T5530] gfs2_quota_sync+0x39d/0x660 [ 63.726206][ T5530] gfs2_sync_fs+0x44/0xb0 [ 63.727176][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 63.736487][ T5530] ? rgrp_unlock_local+0x20/0x20 [ 63.741420][ T5530] sync_filesystem.part.0+0x75/0x1d0 [ 63.746697][ T5530] sync_filesystem+0x8f/0xc0 [ 63.751276][ T5530] generic_shutdown_super+0x74/0x410 [ 63.756551][ T5530] kill_block_super+0x9b/0xf0 [ 63.761218][ T5530] gfs2_kill_sb+0x108/0x170 [ 63.765731][ T5530] deactivate_locked_super+0x98/0x160 [ 63.771094][ T5530] deactivate_super+0xb1/0xd0 [ 63.775760][ T5530] cleanup_mnt+0x2ae/0x3d0 [ 63.780164][ T5530] task_work_run+0x16f/0x270 [ 63.784748][ T5530] ? task_work_cancel+0x30/0x30 [ 63.789592][ T5530] exit_to_user_mode_prepare+0x23c/0x250 [ 63.795299][ T5530] syscall_exit_to_user_mode+0x1d/0x50 [ 63.800744][ T5530] do_syscall_64+0x46/0xb0 [ 63.805152][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.811041][ T5530] RIP: 0033:0x7f3b10c8d567 [ 63.815440][ T5530] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.835122][ T5530] RSP: 002b:00007fffad5dbb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 63.843531][ T5530] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3b10c8d567 [ 63.851576][ T5530] RDX: 00007fffad5dbbe9 RSI: 000000000000000a RDI: 00007fffad5dbbe0 [ 63.859533][ T5530] RBP: 00007fffad5dbbe0 R08: 00000000ffffffff R09: 00007fffad5db9b0 [ 63.867487][ T5530] R10: 00005555555e18b3 R11: 0000000000000246 R12: 00007f3b10ce6b24 [ 63.875443][ T5530] R13: 00007fffad5dcca0 R14: 00005555555e1810 R15: 00007fffad5dcce0 [ 63.883577][ T5530] [ 63.887467][ T5530] Kernel Offset: disabled [ 63.891773][ T5530] Rebooting in 86400 seconds..