Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. 2026/02/28 09:59:29 ignoring optional flag "type"="gce" 2026/02/28 09:59:29 parsed 1 programs 2026/02/28 09:59:31 executed programs: 0 [ 97.947388][ T5978] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 98.003856][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.006984][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.012813][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.013848][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.016505][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.223002][ T5984] chnl_net:caif_netlink_parms(): no params data found [ 98.488022][ T5984] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.488159][ T5984] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.488268][ T5984] bridge_slave_0: entered allmulticast mode [ 98.489588][ T5984] bridge_slave_0: entered promiscuous mode [ 98.491822][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.491939][ T5984] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.492205][ T5984] bridge_slave_1: entered allmulticast mode [ 98.493602][ T5984] bridge_slave_1: entered promiscuous mode [ 98.659842][ T5984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.662561][ T5984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.837986][ T5984] team0: Port device team_slave_0 added [ 98.841111][ T5984] team0: Port device team_slave_1 added [ 98.976745][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.976761][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.976782][ T5984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.978196][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.978208][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.978230][ T5984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.180821][ T5984] hsr_slave_0: entered promiscuous mode [ 99.181535][ T5984] hsr_slave_1: entered promiscuous mode [ 100.045100][ T5800] Bluetooth: hci0: command tx timeout [ 100.908888][ T5984] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.950099][ T5984] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.993957][ T5984] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.030119][ T5984] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.206052][ T5984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.227185][ T5984] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.237969][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.238171][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.253133][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.253321][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.581905][ T5984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.664167][ T5984] veth0_vlan: entered promiscuous mode [ 101.682964][ T5984] veth1_vlan: entered promiscuous mode [ 101.733648][ T5984] veth0_macvtap: entered promiscuous mode [ 101.747953][ T5984] veth1_macvtap: entered promiscuous mode [ 101.770866][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.786412][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.807501][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.808718][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.809490][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.810087][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.124921][ T5800] Bluetooth: hci0: command tx timeout [ 102.730970][ T6079] loop0: detected capacity change from 0 to 32768 [ 102.819770][ T6079] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 102.819801][ T6079] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 102.918501][ T6079] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 102.939868][ T6073] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 102.939887][ T6073] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 103.128057][ T6073] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 188ms [ 103.136864][ T6073] gfs2: fsid=syz:syz.0: jid=0: Done [ 103.142611][ T6079] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 103.206732][ T6079] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 103.206753][ T6079] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6079, name: syz-executor.0 [ 103.206769][ T6079] preempt_count: 1, expected: 0 [ 103.206778][ T6079] RCU nest depth: 1, expected: 1 [ 103.206799][ T6079] 4 locks held by syz-executor.0/6079: [ 103.206810][ T6079] #0: ffff88804351e0d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 103.206892][ T6079] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 103.206938][ T6079] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 103.206988][ T6079] #3: ffff88804edf8b78 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 103.207039][ T6079] Preemption disabled at: [ 103.207043][ T6079] [] spin_lock_bucket+0x3b/0x150 [ 103.207086][ T6079] CPU: 0 UID: 0 PID: 6079 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 103.207107][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 103.207126][ T6079] Call Trace: [ 103.207136][ T6079] [ 103.207145][ T6079] dump_stack_lvl+0xe8/0x150 [ 103.207175][ T6079] __might_resched+0x329/0x480 [ 103.207203][ T6079] ? spin_lock_bucket+0x3b/0x150 [ 103.207224][ T6079] rt_spin_lock+0xc2/0x400 [ 103.207247][ T6079] ? __pfx_rt_spin_lock+0x10/0x10 [ 103.207268][ T6079] ? preempt_count_add+0x91/0x190 [ 103.207295][ T6079] ? rt_spin_lock+0x2ce/0x400 [ 103.207319][ T6079] lockref_get_not_dead+0x28/0xd0 [ 103.207344][ T6079] gfs2_qd_search_bucket+0x139/0x210 [ 103.207368][ T6079] gfs2_quota_init+0x86c/0x1220 [ 103.207386][ T6079] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 103.207433][ T6079] ? __pfx_gfs2_quota_init+0x10/0x10 [ 103.207452][ T6079] ? __pfx_wake_up_bit+0x10/0x10 [ 103.207479][ T6079] ? rt_spin_unlock+0x160/0x200 [ 103.207505][ T6079] ? inode_go_inval+0x2a0/0x360 [ 103.207529][ T6079] gfs2_make_fs_rw+0x143/0x230 [ 103.207558][ T6079] gfs2_fill_super+0x1bfd/0x2220 [ 103.207597][ T6079] ? __pfx_gfs2_fill_super+0x10/0x10 [ 103.207618][ T6079] ? rt_spin_unlock+0x14f/0x200 [ 103.207642][ T6079] ? init_locking+0xb8/0x210 [ 103.207663][ T6079] ? sb_set_blocksize+0x11b/0x210 [ 103.207700][ T6079] ? setup_bdev_super+0x4c1/0x5b0 [ 103.207731][ T6079] get_tree_bdev_flags+0x431/0x4f0 [ 103.207760][ T6079] ? __pfx_gfs2_fill_super+0x10/0x10 [ 103.207782][ T6079] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 103.207808][ T6079] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 103.207837][ T6079] ? rcu_is_watching+0x15/0xb0 [ 103.207858][ T6079] ? cap_capable+0x123/0x490 [ 103.207886][ T6079] gfs2_get_tree+0x51/0x1e0 [ 103.207912][ T6079] vfs_get_tree+0x92/0x2a0 [ 103.207942][ T6079] do_new_mount+0x341/0xd30 [ 103.207962][ T6079] ? safesetid_security_capable+0xa9/0x1a0 [ 103.207992][ T6079] ? __pfx_do_new_mount+0x10/0x10 [ 103.208013][ T6079] ? ns_capable+0x89/0xe0 [ 103.208051][ T6079] ? user_path_at+0xd4/0x160 [ 103.208078][ T6079] __se_sys_mount+0x31d/0x420 [ 103.208106][ T6079] ? __pfx___se_sys_mount+0x10/0x10 [ 103.208135][ T6079] ? __x64_sys_mount+0x20/0xc0 [ 103.208158][ T6079] do_syscall_64+0x14d/0xf80 [ 103.208184][ T6079] ? trace_irq_disable+0x3b/0x150 [ 103.208206][ T6079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.208224][ T6079] ? clear_bhb_loop+0x40/0x90 [ 103.208245][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.208263][ T6079] RIP: 0033:0x7fbb2689ea4a [ 103.208288][ T6079] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 103.208306][ T6079] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 103.208323][ T6079] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 103.208335][ T6079] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 103.208346][ T6079] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 103.208358][ T6079] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 103.208369][ T6079] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 103.208397][ T6079] [ 103.208601][ T6079] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 103.208773][ T6079] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 103.208799][ T6079] CPU: 0 UID: 0 PID: 6079 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 103.208824][ T6079] Tainted: [W]=WARN [ 103.208831][ T6079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 103.208841][ T6079] Call Trace: [ 103.208848][ T6079] [ 103.208856][ T6079] dump_stack_lvl+0xe8/0x150 [ 103.208888][ T6079] gfs2_assert_warn_i+0x194/0x2c0 2026/02/28 09:59:37 executed programs: 1 [ 103.208918][ T6079] gfs2_qd_dispose+0x466/0x570 [ 103.208942][ T6079] gfs2_quota_init+0xcda/0x1220 [ 103.208960][ T6079] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 103.209006][ T6079] ? __pfx_gfs2_quota_init+0x10/0x10 [ 103.209025][ T6079] ? __pfx_wake_up_bit+0x10/0x10 [ 103.209051][ T6079] ? rt_spin_unlock+0x160/0x200 [ 103.209074][ T6079] ? inode_go_inval+0x2a0/0x360 [ 103.209095][ T6079] gfs2_make_fs_rw+0x143/0x230 [ 103.209122][ T6079] gfs2_fill_super+0x1bfd/0x2220 [ 103.209156][ T6079] ? __pfx_gfs2_fill_super+0x10/0x10 [ 103.209176][ T6079] ? rt_spin_unlock+0x14f/0x200 [ 103.209199][ T6079] ? init_locking+0xb8/0x210 [ 103.209220][ T6079] ? sb_set_blocksize+0x11b/0x210 [ 103.209248][ T6079] ? setup_bdev_super+0x4c1/0x5b0 [ 103.209279][ T6079] get_tree_bdev_flags+0x431/0x4f0 [ 103.209308][ T6079] ? __pfx_gfs2_fill_super+0x10/0x10 [ 103.209330][ T6079] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 103.209356][ T6079] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 103.209384][ T6079] ? rcu_is_watching+0x15/0xb0 [ 103.209406][ T6079] ? cap_capable+0x123/0x490 [ 103.209432][ T6079] gfs2_get_tree+0x51/0x1e0 [ 103.209458][ T6079] vfs_get_tree+0x92/0x2a0 [ 103.209486][ T6079] do_new_mount+0x341/0xd30 [ 103.209505][ T6079] ? safesetid_security_capable+0xa9/0x1a0 [ 103.209535][ T6079] ? __pfx_do_new_mount+0x10/0x10 [ 103.209556][ T6079] ? ns_capable+0x89/0xe0 [ 103.209593][ T6079] ? user_path_at+0xd4/0x160 [ 103.209618][ T6079] __se_sys_mount+0x31d/0x420 [ 103.209644][ T6079] ? __pfx___se_sys_mount+0x10/0x10 [ 103.209679][ T6079] ? __x64_sys_mount+0x20/0xc0 [ 103.209703][ T6079] do_syscall_64+0x14d/0xf80 [ 103.209728][ T6079] ? trace_irq_disable+0x3b/0x150 [ 103.209750][ T6079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.209769][ T6079] ? clear_bhb_loop+0x40/0x90 [ 103.209792][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.209810][ T6079] RIP: 0033:0x7fbb2689ea4a [ 103.209828][ T6079] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 103.209843][ T6079] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 103.209863][ T6079] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 103.209877][ T6079] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 103.209890][ T6079] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 103.209902][ T6079] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 103.209915][ T6079] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 103.209945][ T6079] [ 103.703498][ T6079] gfs2: fsid=syz:syz.0: found 1 quota changes [ 104.215038][ T5800] Bluetooth: hci0: command tx timeout [ 104.903847][ T6127] loop0: detected capacity change from 0 to 32768 [ 104.930716][ T6127] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 104.930734][ T6127] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 104.964675][ T6127] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 104.979916][ T809] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 104.979935][ T809] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 105.253655][ T809] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 273ms [ 105.254291][ T809] gfs2: fsid=syz:syz.0: jid=0: Done [ 105.274933][ T6127] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 105.329083][ T6127] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 105.329104][ T6127] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6127, name: syz-executor.0 [ 105.329120][ T6127] preempt_count: 1, expected: 0 [ 105.329128][ T6127] RCU nest depth: 1, expected: 1 [ 105.329137][ T6127] 4 locks held by syz-executor.0/6127: [ 105.329148][ T6127] #0: ffff888038e380d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 105.329215][ T6127] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 105.329261][ T6127] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 105.329308][ T6127] #3: ffff88804edf8858 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 105.329359][ T6127] Preemption disabled at: [ 105.329363][ T6127] [] spin_lock_bucket+0x3b/0x150 [ 105.329393][ T6127] CPU: 0 UID: 0 PID: 6127 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 105.329417][ T6127] Tainted: [W]=WARN [ 105.329423][ T6127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 105.329433][ T6127] Call Trace: [ 105.329440][ T6127] [ 105.329457][ T6127] dump_stack_lvl+0xe8/0x150 [ 105.329487][ T6127] __might_resched+0x329/0x480 [ 105.329515][ T6127] ? spin_lock_bucket+0x3b/0x150 [ 105.329536][ T6127] rt_spin_lock+0xc2/0x400 [ 105.329557][ T6127] ? __pfx_rt_spin_lock+0x10/0x10 [ 105.329576][ T6127] ? preempt_count_add+0x91/0x190 [ 105.329601][ T6127] ? rt_spin_lock+0x2ce/0x400 [ 105.329626][ T6127] lockref_get_not_dead+0x28/0xd0 [ 105.329651][ T6127] gfs2_qd_search_bucket+0x139/0x210 [ 105.329674][ T6127] gfs2_quota_init+0x86c/0x1220 [ 105.329691][ T6127] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 105.329734][ T6127] ? __pfx_gfs2_quota_init+0x10/0x10 [ 105.329753][ T6127] ? __pfx_wake_up_bit+0x10/0x10 [ 105.329779][ T6127] ? rt_spin_unlock+0x160/0x200 [ 105.329804][ T6127] ? inode_go_inval+0x2a0/0x360 [ 105.329828][ T6127] gfs2_make_fs_rw+0x143/0x230 [ 105.329855][ T6127] gfs2_fill_super+0x1bfd/0x2220 [ 105.329893][ T6127] ? __pfx_gfs2_fill_super+0x10/0x10 [ 105.329914][ T6127] ? rt_spin_unlock+0x14f/0x200 [ 105.329938][ T6127] ? init_locking+0xb8/0x210 [ 105.329957][ T6127] ? sb_set_blocksize+0x11b/0x210 [ 105.329989][ T6127] ? setup_bdev_super+0x4c1/0x5b0 [ 105.330017][ T6127] get_tree_bdev_flags+0x431/0x4f0 [ 105.330045][ T6127] ? __pfx_gfs2_fill_super+0x10/0x10 [ 105.330067][ T6127] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 105.330092][ T6127] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 105.330120][ T6127] ? rcu_is_watching+0x15/0xb0 [ 105.330140][ T6127] ? cap_capable+0x123/0x490 [ 105.330166][ T6127] gfs2_get_tree+0x51/0x1e0 [ 105.330189][ T6127] vfs_get_tree+0x92/0x2a0 [ 105.330219][ T6127] do_new_mount+0x341/0xd30 [ 105.330239][ T6127] ? safesetid_security_capable+0xa9/0x1a0 [ 105.330269][ T6127] ? __pfx_do_new_mount+0x10/0x10 [ 105.330290][ T6127] ? ns_capable+0x89/0xe0 [ 105.330328][ T6127] ? user_path_at+0xd4/0x160 [ 105.330355][ T6127] __se_sys_mount+0x31d/0x420 [ 105.330382][ T6127] ? __pfx___se_sys_mount+0x10/0x10 [ 105.330409][ T6127] ? __x64_sys_mount+0x20/0xc0 [ 105.330433][ T6127] do_syscall_64+0x14d/0xf80 [ 105.330464][ T6127] ? trace_irq_disable+0x3b/0x150 [ 105.330484][ T6127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.330502][ T6127] ? clear_bhb_loop+0x40/0x90 [ 105.330527][ T6127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.330546][ T6127] RIP: 0033:0x7fbb2689ea4a [ 105.330564][ T6127] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 105.330580][ T6127] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 105.330599][ T6127] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 105.330613][ T6127] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 105.330626][ T6127] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 105.330639][ T6127] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 105.330651][ T6127] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 105.330683][ T6127] [ 105.330698][ T6127] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 105.330728][ T6127] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 105.330753][ T6127] CPU: 0 UID: 0 PID: 6127 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 105.330777][ T6127] Tainted: [W]=WARN [ 105.330783][ T6127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 105.330792][ T6127] Call Trace: [ 105.330799][ T6127] [ 105.330806][ T6127] dump_stack_lvl+0xe8/0x150 [ 105.330836][ T6127] gfs2_assert_warn_i+0x194/0x2c0 [ 105.330865][ T6127] gfs2_qd_dispose+0x466/0x570 [ 105.330889][ T6127] gfs2_quota_init+0xcda/0x1220 [ 105.330907][ T6127] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 105.330948][ T6127] ? __pfx_gfs2_quota_init+0x10/0x10 [ 105.330967][ T6127] ? __pfx_wake_up_bit+0x10/0x10 [ 105.330993][ T6127] ? rt_spin_unlock+0x160/0x200 [ 105.331019][ T6127] ? inode_go_inval+0x2a0/0x360 [ 105.331042][ T6127] gfs2_make_fs_rw+0x143/0x230 [ 105.331068][ T6127] gfs2_fill_super+0x1bfd/0x2220 [ 105.331103][ T6127] ? __pfx_gfs2_fill_super+0x10/0x10 [ 105.331122][ T6127] ? rt_spin_unlock+0x14f/0x200 [ 105.331145][ T6127] ? init_locking+0xb8/0x210 [ 105.331165][ T6127] ? sb_set_blocksize+0x11b/0x210 [ 105.331194][ T6127] ? setup_bdev_super+0x4c1/0x5b0 [ 105.331224][ T6127] get_tree_bdev_flags+0x431/0x4f0 [ 105.331251][ T6127] ? __pfx_gfs2_fill_super+0x10/0x10 [ 105.331274][ T6127] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 105.331300][ T6127] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 105.331328][ T6127] ? rcu_is_watching+0x15/0xb0 [ 105.331348][ T6127] ? cap_capable+0x123/0x490 [ 105.331380][ T6127] gfs2_get_tree+0x51/0x1e0 [ 105.331405][ T6127] vfs_get_tree+0x92/0x2a0 [ 105.331434][ T6127] do_new_mount+0x341/0xd30 [ 105.331461][ T6127] ? safesetid_security_capable+0xa9/0x1a0 [ 105.331492][ T6127] ? __pfx_do_new_mount+0x10/0x10 [ 105.331513][ T6127] ? ns_capable+0x89/0xe0 [ 105.331550][ T6127] ? user_path_at+0xd4/0x160 [ 105.331578][ T6127] __se_sys_mount+0x31d/0x420 [ 105.331605][ T6127] ? __pfx___se_sys_mount+0x10/0x10 [ 105.331629][ T6127] ? __x64_sys_mount+0x20/0xc0 [ 105.331650][ T6127] do_syscall_64+0x14d/0xf80 [ 105.331672][ T6127] ? trace_irq_disable+0x3b/0x150 [ 105.331692][ T6127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.331711][ T6127] ? clear_bhb_loop+0x40/0x90 [ 105.331734][ T6127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.331753][ T6127] RIP: 0033:0x7fbb2689ea4a [ 105.331768][ T6127] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 105.331783][ T6127] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 105.331802][ T6127] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 105.331817][ T6127] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 105.331830][ T6127] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 105.331843][ T6127] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 105.331855][ T6127] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 105.331884][ T6127] [ 105.655967][ T6127] gfs2: fsid=syz:syz.0: found 1 quota changes [ 106.285013][ T5800] Bluetooth: hci0: command tx timeout [ 106.678110][ T6161] loop0: detected capacity change from 0 to 32768 [ 106.710505][ T6161] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 106.710525][ T6161] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 106.760129][ T6161] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 106.762424][ T6073] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 106.762442][ T6073] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 106.937926][ T6073] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 175ms [ 106.939009][ T6073] gfs2: fsid=syz:syz.0: jid=0: Done [ 106.940397][ T6161] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 107.069699][ T6161] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 107.069721][ T6161] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6161, name: syz-executor.0 [ 107.069734][ T6161] preempt_count: 1, expected: 0 [ 107.069743][ T6161] RCU nest depth: 1, expected: 1 [ 107.069751][ T6161] 4 locks held by syz-executor.0/6161: [ 107.069761][ T6161] #0: ffff8880395500d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 107.069827][ T6161] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 107.069871][ T6161] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 107.069916][ T6161] #3: ffff88804ee397f8 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 107.069965][ T6161] Preemption disabled at: [ 107.069970][ T6161] [] spin_lock_bucket+0x3b/0x150 [ 107.069998][ T6161] CPU: 1 UID: 0 PID: 6161 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 107.070022][ T6161] Tainted: [W]=WARN [ 107.070028][ T6161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.070040][ T6161] Call Trace: [ 107.070047][ T6161] [ 107.070055][ T6161] dump_stack_lvl+0xe8/0x150 [ 107.070085][ T6161] __might_resched+0x329/0x480 [ 107.070112][ T6161] ? spin_lock_bucket+0x3b/0x150 [ 107.070132][ T6161] rt_spin_lock+0xc2/0x400 [ 107.070154][ T6161] ? __pfx_rt_spin_lock+0x10/0x10 [ 107.070175][ T6161] ? preempt_count_add+0x91/0x190 [ 107.070201][ T6161] ? rt_spin_lock+0x2ce/0x400 [ 107.070225][ T6161] lockref_get_not_dead+0x28/0xd0 [ 107.070251][ T6161] gfs2_qd_search_bucket+0x139/0x210 [ 107.070274][ T6161] gfs2_quota_init+0x86c/0x1220 [ 107.070292][ T6161] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 107.070338][ T6161] ? __pfx_gfs2_quota_init+0x10/0x10 [ 107.070357][ T6161] ? __pfx_wake_up_bit+0x10/0x10 [ 107.070383][ T6161] ? rt_spin_unlock+0x160/0x200 [ 107.070410][ T6161] ? inode_go_inval+0x2a0/0x360 [ 107.070434][ T6161] gfs2_make_fs_rw+0x143/0x230 [ 107.070462][ T6161] gfs2_fill_super+0x1bfd/0x2220 [ 107.070506][ T6161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 107.070534][ T6161] ? rt_spin_unlock+0x14f/0x200 [ 107.070557][ T6161] ? init_locking+0xb8/0x210 [ 107.070578][ T6161] ? sb_set_blocksize+0x11b/0x210 [ 107.070608][ T6161] ? setup_bdev_super+0x4c1/0x5b0 [ 107.070639][ T6161] get_tree_bdev_flags+0x431/0x4f0 [ 107.070668][ T6161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 107.070690][ T6161] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 107.070716][ T6161] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 107.070745][ T6161] ? rcu_is_watching+0x15/0xb0 [ 107.070766][ T6161] ? cap_capable+0x123/0x490 [ 107.070793][ T6161] gfs2_get_tree+0x51/0x1e0 [ 107.070818][ T6161] vfs_get_tree+0x92/0x2a0 [ 107.070848][ T6161] do_new_mount+0x341/0xd30 [ 107.070869][ T6161] ? safesetid_security_capable+0xa9/0x1a0 [ 107.070902][ T6161] ? __pfx_do_new_mount+0x10/0x10 [ 107.070924][ T6161] ? ns_capable+0x89/0xe0 [ 107.070962][ T6161] ? user_path_at+0xd4/0x160 [ 107.070990][ T6161] __se_sys_mount+0x31d/0x420 [ 107.071017][ T6161] ? __pfx___se_sys_mount+0x10/0x10 [ 107.071044][ T6161] ? __x64_sys_mount+0x20/0xc0 [ 107.071068][ T6161] do_syscall_64+0x14d/0xf80 [ 107.071094][ T6161] ? trace_irq_disable+0x3b/0x150 [ 107.071116][ T6161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.071136][ T6161] ? clear_bhb_loop+0x40/0x90 [ 107.071160][ T6161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.071179][ T6161] RIP: 0033:0x7fbb2689ea4a [ 107.071197][ T6161] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 107.071212][ T6161] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 107.071231][ T6161] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 107.071245][ T6161] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 107.071258][ T6161] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 107.071271][ T6161] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 107.071283][ T6161] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 107.071314][ T6161] [ 107.071352][ T6161] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 107.078592][ T6161] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 107.078627][ T6161] CPU: 1 UID: 0 PID: 6161 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 107.078654][ T6161] Tainted: [W]=WARN [ 107.078660][ T6161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.078672][ T6161] Call Trace: [ 107.078679][ T6161] [ 107.078687][ T6161] dump_stack_lvl+0xe8/0x150 [ 107.078720][ T6161] gfs2_assert_warn_i+0x194/0x2c0 [ 107.078752][ T6161] gfs2_qd_dispose+0x466/0x570 [ 107.078777][ T6161] gfs2_quota_init+0xcda/0x1220 [ 107.078795][ T6161] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 107.078840][ T6161] ? __pfx_gfs2_quota_init+0x10/0x10 [ 107.078859][ T6161] ? __pfx_wake_up_bit+0x10/0x10 [ 107.078885][ T6161] ? rt_spin_unlock+0x160/0x200 [ 107.078910][ T6161] ? inode_go_inval+0x2a0/0x360 [ 107.078932][ T6161] gfs2_make_fs_rw+0x143/0x230 [ 107.078954][ T6161] gfs2_fill_super+0x1bfd/0x2220 [ 107.078996][ T6161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 107.079016][ T6161] ? rt_spin_unlock+0x14f/0x200 [ 107.079084][ T6161] ? init_locking+0xb8/0x210 [ 107.079096][ T6161] ? sb_set_blocksize+0x11b/0x210 [ 107.079113][ T6161] ? setup_bdev_super+0x4c1/0x5b0 [ 107.079130][ T6161] get_tree_bdev_flags+0x431/0x4f0 [ 107.079149][ T6161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 107.079167][ T6161] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 107.079204][ T6161] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 107.079232][ T6161] ? rcu_is_watching+0x15/0xb0 [ 107.079252][ T6161] ? cap_capable+0x123/0x490 [ 107.079279][ T6161] gfs2_get_tree+0x51/0x1e0 [ 107.079305][ T6161] vfs_get_tree+0x92/0x2a0 [ 107.079334][ T6161] do_new_mount+0x341/0xd30 [ 107.079355][ T6161] ? safesetid_security_capable+0xa9/0x1a0 [ 107.079385][ T6161] ? __pfx_do_new_mount+0x10/0x10 [ 107.079406][ T6161] ? ns_capable+0x89/0xe0 [ 107.079452][ T6161] ? user_path_at+0xd4/0x160 [ 107.079479][ T6161] __se_sys_mount+0x31d/0x420 [ 107.079507][ T6161] ? __pfx___se_sys_mount+0x10/0x10 [ 107.079547][ T6161] ? __x64_sys_mount+0x20/0xc0 [ 107.079572][ T6161] do_syscall_64+0x14d/0xf80 [ 107.079601][ T6161] ? trace_irq_disable+0x3b/0x150 [ 107.079628][ T6161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.079648][ T6161] ? clear_bhb_loop+0x40/0x90 [ 107.079672][ T6161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.079690][ T6161] RIP: 0033:0x7fbb2689ea4a [ 107.079709][ T6161] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 107.079725][ T6161] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 107.079745][ T6161] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 107.079760][ T6161] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 107.079773][ T6161] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 107.079784][ T6161] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 107.079796][ T6161] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 107.079875][ T6161] [ 107.955060][ T6161] gfs2: fsid=syz:syz.0: found 1 quota changes [ 108.482985][ T6194] loop0: detected capacity change from 0 to 32768 [ 108.513242][ T6194] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 108.513263][ T6194] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 108.542134][ T6194] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 108.552894][ T31] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 108.552913][ T31] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 108.702539][ T31] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 149ms [ 108.703692][ T31] gfs2: fsid=syz:syz.0: jid=0: Done [ 108.719145][ T6194] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 108.762652][ T6194] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 108.762674][ T6194] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6194, name: syz-executor.0 [ 108.762690][ T6194] preempt_count: 1, expected: 0 [ 108.762707][ T6194] RCU nest depth: 1, expected: 1 [ 108.762716][ T6194] 4 locks held by syz-executor.0/6194: [ 108.762727][ T6194] #0: ffff88803e1d20d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 108.762793][ T6194] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 108.762818][ T6194] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 108.762842][ T6194] #3: ffff88804edf8538 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 108.762869][ T6194] Preemption disabled at: [ 108.762871][ T6194] [] spin_lock_bucket+0x3b/0x150 [ 108.762888][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 108.762902][ T6194] Tainted: [W]=WARN [ 108.762905][ T6194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.762911][ T6194] Call Trace: [ 108.762916][ T6194] [ 108.762920][ T6194] dump_stack_lvl+0xe8/0x150 [ 108.762937][ T6194] __might_resched+0x329/0x480 [ 108.762951][ T6194] ? spin_lock_bucket+0x3b/0x150 [ 108.762962][ T6194] rt_spin_lock+0xc2/0x400 [ 108.762974][ T6194] ? __pfx_rt_spin_lock+0x10/0x10 [ 108.762984][ T6194] ? preempt_count_add+0x91/0x190 [ 108.762998][ T6194] ? rt_spin_lock+0x2ce/0x400 [ 108.763010][ T6194] lockref_get_not_dead+0x28/0xd0 [ 108.763022][ T6194] gfs2_qd_search_bucket+0x139/0x210 [ 108.763034][ T6194] gfs2_quota_init+0x86c/0x1220 [ 108.763044][ T6194] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 108.763066][ T6194] ? __pfx_gfs2_quota_init+0x10/0x10 [ 108.763076][ T6194] ? __pfx_wake_up_bit+0x10/0x10 [ 108.763089][ T6194] ? rt_spin_unlock+0x160/0x200 [ 108.763102][ T6194] ? inode_go_inval+0x2a0/0x360 [ 108.763114][ T6194] gfs2_make_fs_rw+0x143/0x230 [ 108.763129][ T6194] gfs2_fill_super+0x1bfd/0x2220 [ 108.763149][ T6194] ? __pfx_gfs2_fill_super+0x10/0x10 [ 108.763159][ T6194] ? rt_spin_unlock+0x14f/0x200 [ 108.763176][ T6194] ? init_locking+0xb8/0x210 [ 108.763187][ T6194] ? sb_set_blocksize+0x11b/0x210 [ 108.763202][ T6194] ? setup_bdev_super+0x4c1/0x5b0 [ 108.763218][ T6194] get_tree_bdev_flags+0x431/0x4f0 [ 108.763231][ T6194] ? __pfx_gfs2_fill_super+0x10/0x10 [ 108.763242][ T6194] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 108.763255][ T6194] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 108.763269][ T6194] ? rcu_is_watching+0x15/0xb0 [ 108.763281][ T6194] ? cap_capable+0x123/0x490 [ 108.763294][ T6194] gfs2_get_tree+0x51/0x1e0 [ 108.763307][ T6194] vfs_get_tree+0x92/0x2a0 [ 108.763322][ T6194] do_new_mount+0x341/0xd30 [ 108.763333][ T6194] ? safesetid_security_capable+0xa9/0x1a0 [ 108.763352][ T6194] ? __pfx_do_new_mount+0x10/0x10 [ 108.763363][ T6194] ? ns_capable+0x89/0xe0 [ 108.763382][ T6194] ? user_path_at+0xd4/0x160 [ 108.763396][ T6194] __se_sys_mount+0x31d/0x420 [ 108.763410][ T6194] ? __pfx___se_sys_mount+0x10/0x10 [ 108.763424][ T6194] ? __x64_sys_mount+0x20/0xc0 [ 108.763436][ T6194] do_syscall_64+0x14d/0xf80 [ 108.763449][ T6194] ? trace_irq_disable+0x3b/0x150 [ 108.763460][ T6194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.763471][ T6194] ? clear_bhb_loop+0x40/0x90 [ 108.763483][ T6194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.763493][ T6194] RIP: 0033:0x7fbb2689ea4a 2026/02/28 09:59:42 executed programs: 4 [ 108.763503][ T6194] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 108.763511][ T6194] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 108.763521][ T6194] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 108.763528][ T6194] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 108.763535][ T6194] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 108.763541][ T6194] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 108.763547][ T6194] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 108.763562][ T6194] [ 108.763585][ T6194] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 108.763668][ T6194] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 108.763692][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 108.763717][ T6194] Tainted: [W]=WARN [ 108.763723][ T6194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.763733][ T6194] Call Trace: [ 108.763740][ T6194] [ 108.763747][ T6194] dump_stack_lvl+0xe8/0x150 [ 108.763771][ T6194] gfs2_assert_warn_i+0x194/0x2c0 [ 108.763788][ T6194] gfs2_qd_dispose+0x466/0x570 [ 108.763800][ T6194] gfs2_quota_init+0xcda/0x1220 [ 108.763810][ T6194] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 108.763832][ T6194] ? __pfx_gfs2_quota_init+0x10/0x10 [ 108.763842][ T6194] ? __pfx_wake_up_bit+0x10/0x10 [ 108.763854][ T6194] ? rt_spin_unlock+0x160/0x200 [ 108.763867][ T6194] ? inode_go_inval+0x2a0/0x360 [ 108.763879][ T6194] gfs2_make_fs_rw+0x143/0x230 [ 108.763893][ T6194] gfs2_fill_super+0x1bfd/0x2220 [ 108.763912][ T6194] ? __pfx_gfs2_fill_super+0x10/0x10 [ 108.763922][ T6194] ? rt_spin_unlock+0x14f/0x200 [ 108.763933][ T6194] ? init_locking+0xb8/0x210 [ 108.763943][ T6194] ? sb_set_blocksize+0x11b/0x210 [ 108.763958][ T6194] ? setup_bdev_super+0x4c1/0x5b0 [ 108.763973][ T6194] get_tree_bdev_flags+0x431/0x4f0 [ 108.763987][ T6194] ? __pfx_gfs2_fill_super+0x10/0x10 [ 108.763998][ T6194] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 108.764010][ T6194] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 108.764024][ T6194] ? rcu_is_watching+0x15/0xb0 [ 108.764035][ T6194] ? cap_capable+0x123/0x490 [ 108.764048][ T6194] gfs2_get_tree+0x51/0x1e0 [ 108.764061][ T6194] vfs_get_tree+0x92/0x2a0 [ 108.764075][ T6194] do_new_mount+0x341/0xd30 [ 108.764085][ T6194] ? safesetid_security_capable+0xa9/0x1a0 [ 108.764101][ T6194] ? __pfx_do_new_mount+0x10/0x10 [ 108.764111][ T6194] ? ns_capable+0x89/0xe0 [ 108.764129][ T6194] ? user_path_at+0xd4/0x160 [ 108.764142][ T6194] __se_sys_mount+0x31d/0x420 [ 108.764156][ T6194] ? __pfx___se_sys_mount+0x10/0x10 [ 108.764176][ T6194] ? __x64_sys_mount+0x20/0xc0 [ 108.764188][ T6194] do_syscall_64+0x14d/0xf80 [ 108.764200][ T6194] ? trace_irq_disable+0x3b/0x150 [ 108.764212][ T6194] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.764221][ T6194] ? clear_bhb_loop+0x40/0x90 [ 108.764238][ T6194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.764248][ T6194] RIP: 0033:0x7fbb2689ea4a [ 108.764257][ T6194] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 108.764265][ T6194] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 108.764275][ T6194] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 108.764282][ T6194] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 108.764288][ T6194] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 108.764294][ T6194] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 108.764300][ T6194] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 108.764315][ T6194] [ 109.104795][ T6194] gfs2: fsid=syz:syz.0: found 1 quota changes [ 109.749024][ T6200] loop0: detected capacity change from 0 to 32768 [ 109.776120][ T6200] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 109.776139][ T6200] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 109.812282][ T6200] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 109.822630][ T809] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 109.822648][ T809] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 109.960229][ T809] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 137ms [ 109.960397][ T809] gfs2: fsid=syz:syz.0: jid=0: Done [ 109.962115][ T6200] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 110.002865][ T6200] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 110.002887][ T6200] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6200, name: syz-executor.0 [ 110.002904][ T6200] preempt_count: 1, expected: 0 [ 110.002913][ T6200] RCU nest depth: 1, expected: 1 [ 110.002922][ T6200] 4 locks held by syz-executor.0/6200: [ 110.002932][ T6200] #0: ffff88803b6280d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 110.002998][ T6200] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 110.003022][ T6200] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 110.003045][ T6200] #3: ffff88804edf8218 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 110.003072][ T6200] Preemption disabled at: [ 110.003075][ T6200] [] spin_lock_bucket+0x3b/0x150 [ 110.003092][ T6200] CPU: 0 UID: 0 PID: 6200 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 110.003105][ T6200] Tainted: [W]=WARN [ 110.003109][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.003115][ T6200] Call Trace: [ 110.003119][ T6200] [ 110.003124][ T6200] dump_stack_lvl+0xe8/0x150 [ 110.003140][ T6200] __might_resched+0x329/0x480 [ 110.003162][ T6200] ? spin_lock_bucket+0x3b/0x150 [ 110.003173][ T6200] rt_spin_lock+0xc2/0x400 [ 110.003185][ T6200] ? __pfx_rt_spin_lock+0x10/0x10 [ 110.003196][ T6200] ? preempt_count_add+0x91/0x190 [ 110.003209][ T6200] ? rt_spin_lock+0x2ce/0x400 [ 110.003221][ T6200] lockref_get_not_dead+0x28/0xd0 [ 110.003234][ T6200] gfs2_qd_search_bucket+0x139/0x210 [ 110.003245][ T6200] gfs2_quota_init+0x86c/0x1220 [ 110.003255][ T6200] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 110.003278][ T6200] ? __pfx_gfs2_quota_init+0x10/0x10 [ 110.003287][ T6200] ? __pfx_wake_up_bit+0x10/0x10 [ 110.003301][ T6200] ? rt_spin_unlock+0x160/0x200 [ 110.003316][ T6200] ? inode_go_inval+0x2a0/0x360 [ 110.003329][ T6200] gfs2_make_fs_rw+0x143/0x230 [ 110.003344][ T6200] gfs2_fill_super+0x1bfd/0x2220 [ 110.003363][ T6200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 110.003373][ T6200] ? rt_spin_unlock+0x14f/0x200 [ 110.003385][ T6200] ? init_locking+0xb8/0x210 [ 110.003395][ T6200] ? sb_set_blocksize+0x11b/0x210 [ 110.003411][ T6200] ? setup_bdev_super+0x4c1/0x5b0 [ 110.003427][ T6200] get_tree_bdev_flags+0x431/0x4f0 [ 110.003441][ T6200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 110.003452][ T6200] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 110.003464][ T6200] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 110.003479][ T6200] ? rcu_is_watching+0x15/0xb0 [ 110.003490][ T6200] ? cap_capable+0x123/0x490 [ 110.003504][ T6200] gfs2_get_tree+0x51/0x1e0 [ 110.003517][ T6200] vfs_get_tree+0x92/0x2a0 [ 110.003532][ T6200] do_new_mount+0x341/0xd30 [ 110.003543][ T6200] ? safesetid_security_capable+0xa9/0x1a0 [ 110.003558][ T6200] ? __pfx_do_new_mount+0x10/0x10 [ 110.003569][ T6200] ? ns_capable+0x89/0xe0 [ 110.003588][ T6200] ? user_path_at+0xd4/0x160 [ 110.003601][ T6200] __se_sys_mount+0x31d/0x420 [ 110.003615][ T6200] ? __pfx___se_sys_mount+0x10/0x10 [ 110.003630][ T6200] ? __x64_sys_mount+0x20/0xc0 [ 110.003641][ T6200] do_syscall_64+0x14d/0xf80 [ 110.003655][ T6200] ? trace_irq_disable+0x3b/0x150 [ 110.003669][ T6200] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.003679][ T6200] ? clear_bhb_loop+0x40/0x90 [ 110.003691][ T6200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.003701][ T6200] RIP: 0033:0x7fbb2689ea4a [ 110.003712][ T6200] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 110.003720][ T6200] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 110.003730][ T6200] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 110.003737][ T6200] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 110.003743][ T6200] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 110.003750][ T6200] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 110.003756][ T6200] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 110.003772][ T6200] [ 110.003794][ T6200] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 110.003872][ T6200] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 110.003896][ T6200] CPU: 0 UID: 0 PID: 6200 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 110.003922][ T6200] Tainted: [W]=WARN [ 110.003928][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.003938][ T6200] Call Trace: [ 110.003945][ T6200] [ 110.003952][ T6200] dump_stack_lvl+0xe8/0x150 [ 110.003970][ T6200] gfs2_assert_warn_i+0x194/0x2c0 [ 110.003986][ T6200] gfs2_qd_dispose+0x466/0x570 [ 110.003998][ T6200] gfs2_quota_init+0xcda/0x1220 [ 110.004007][ T6200] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 110.004030][ T6200] ? __pfx_gfs2_quota_init+0x10/0x10 [ 110.004039][ T6200] ? __pfx_wake_up_bit+0x10/0x10 [ 110.004052][ T6200] ? rt_spin_unlock+0x160/0x200 [ 110.004065][ T6200] ? inode_go_inval+0x2a0/0x360 [ 110.004077][ T6200] gfs2_make_fs_rw+0x143/0x230 [ 110.004090][ T6200] gfs2_fill_super+0x1bfd/0x2220 [ 110.004109][ T6200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 110.004119][ T6200] ? rt_spin_unlock+0x14f/0x200 [ 110.004130][ T6200] ? init_locking+0xb8/0x210 [ 110.004140][ T6200] ? sb_set_blocksize+0x11b/0x210 [ 110.004161][ T6200] ? setup_bdev_super+0x4c1/0x5b0 [ 110.004176][ T6200] get_tree_bdev_flags+0x431/0x4f0 [ 110.004190][ T6200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 110.004201][ T6200] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 110.004213][ T6200] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 110.004227][ T6200] ? rcu_is_watching+0x15/0xb0 [ 110.004238][ T6200] ? cap_capable+0x123/0x490 [ 110.004251][ T6200] gfs2_get_tree+0x51/0x1e0 [ 110.004264][ T6200] vfs_get_tree+0x92/0x2a0 [ 110.004278][ T6200] do_new_mount+0x341/0xd30 [ 110.004288][ T6200] ? safesetid_security_capable+0xa9/0x1a0 [ 110.004303][ T6200] ? __pfx_do_new_mount+0x10/0x10 [ 110.004314][ T6200] ? ns_capable+0x89/0xe0 [ 110.004332][ T6200] ? user_path_at+0xd4/0x160 [ 110.004345][ T6200] __se_sys_mount+0x31d/0x420 [ 110.004359][ T6200] ? __pfx___se_sys_mount+0x10/0x10 [ 110.004373][ T6200] ? __x64_sys_mount+0x20/0xc0 [ 110.004385][ T6200] do_syscall_64+0x14d/0xf80 [ 110.004397][ T6200] ? trace_irq_disable+0x3b/0x150 [ 110.004408][ T6200] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.004418][ T6200] ? clear_bhb_loop+0x40/0x90 [ 110.004430][ T6200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.004439][ T6200] RIP: 0033:0x7fbb2689ea4a [ 110.004448][ T6200] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 110.004456][ T6200] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 110.004466][ T6200] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 110.004473][ T6200] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 110.004479][ T6200] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 110.004485][ T6200] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 110.004491][ T6200] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 110.004506][ T6200] [ 110.324374][ T6200] gfs2: fsid=syz:syz.0: found 1 quota changes [ 110.995708][ T6207] loop0: detected capacity change from 0 to 32768 [ 111.018534][ T6207] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 111.018553][ T6207] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 111.046194][ T6207] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 111.051227][ T6073] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 111.051243][ T6073] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 111.163004][ T6073] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 111ms [ 111.163232][ T6073] gfs2: fsid=syz:syz.0: jid=0: Done [ 111.163284][ T6207] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 111.220733][ T6207] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 111.220755][ T6207] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6207, name: syz-executor.0 [ 111.220771][ T6207] preempt_count: 1, expected: 0 [ 111.220780][ T6207] RCU nest depth: 1, expected: 1 [ 111.220788][ T6207] 4 locks held by syz-executor.0/6207: [ 111.220799][ T6207] #0: ffff88803610e0d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 111.220866][ T6207] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 111.220892][ T6207] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 111.220916][ T6207] #3: ffff88804ee394d8 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 111.220949][ T6207] Preemption disabled at: [ 111.220952][ T6207] [] spin_lock_bucket+0x3b/0x150 [ 111.220970][ T6207] CPU: 1 UID: 0 PID: 6207 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 111.220984][ T6207] Tainted: [W]=WARN [ 111.220987][ T6207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.220993][ T6207] Call Trace: [ 111.220997][ T6207] [ 111.221002][ T6207] dump_stack_lvl+0xe8/0x150 [ 111.221019][ T6207] __might_resched+0x329/0x480 [ 111.221034][ T6207] ? spin_lock_bucket+0x3b/0x150 [ 111.221045][ T6207] rt_spin_lock+0xc2/0x400 [ 111.221056][ T6207] ? __pfx_rt_spin_lock+0x10/0x10 [ 111.221067][ T6207] ? preempt_count_add+0x91/0x190 [ 111.221080][ T6207] ? rt_spin_lock+0x2ce/0x400 [ 111.221092][ T6207] lockref_get_not_dead+0x28/0xd0 [ 111.221105][ T6207] gfs2_qd_search_bucket+0x139/0x210 [ 111.221117][ T6207] gfs2_quota_init+0x86c/0x1220 [ 111.221126][ T6207] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 111.221149][ T6207] ? __pfx_gfs2_quota_init+0x10/0x10 [ 111.221158][ T6207] ? __pfx_wake_up_bit+0x10/0x10 [ 111.221171][ T6207] ? rt_spin_unlock+0x160/0x200 [ 111.221184][ T6207] ? inode_go_inval+0x2a0/0x360 [ 111.221197][ T6207] gfs2_make_fs_rw+0x143/0x230 [ 111.221212][ T6207] gfs2_fill_super+0x1bfd/0x2220 [ 111.221231][ T6207] ? __pfx_gfs2_fill_super+0x10/0x10 [ 111.221242][ T6207] ? rt_spin_unlock+0x14f/0x200 [ 111.221253][ T6207] ? init_locking+0xb8/0x210 [ 111.221263][ T6207] ? sb_set_blocksize+0x11b/0x210 [ 111.221278][ T6207] ? setup_bdev_super+0x4c1/0x5b0 [ 111.221294][ T6207] get_tree_bdev_flags+0x431/0x4f0 [ 111.221307][ T6207] ? __pfx_gfs2_fill_super+0x10/0x10 [ 111.221318][ T6207] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 111.221331][ T6207] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 111.221345][ T6207] ? rcu_is_watching+0x15/0xb0 [ 111.221355][ T6207] ? cap_capable+0x123/0x490 [ 111.221369][ T6207] gfs2_get_tree+0x51/0x1e0 [ 111.221382][ T6207] vfs_get_tree+0x92/0x2a0 [ 111.221396][ T6207] do_new_mount+0x341/0xd30 [ 111.221407][ T6207] ? safesetid_security_capable+0xa9/0x1a0 [ 111.221431][ T6207] ? __pfx_do_new_mount+0x10/0x10 [ 111.221446][ T6207] ? ns_capable+0x89/0xe0 [ 111.221466][ T6207] ? user_path_at+0xd4/0x160 [ 111.221480][ T6207] __se_sys_mount+0x31d/0x420 [ 111.221493][ T6207] ? __pfx___se_sys_mount+0x10/0x10 [ 111.221508][ T6207] ? __x64_sys_mount+0x20/0xc0 [ 111.221520][ T6207] do_syscall_64+0x14d/0xf80 [ 111.221533][ T6207] ? trace_irq_disable+0x3b/0x150 [ 111.221545][ T6207] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.221555][ T6207] ? clear_bhb_loop+0x40/0x90 [ 111.221567][ T6207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.221577][ T6207] RIP: 0033:0x7fbb2689ea4a [ 111.221588][ T6207] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 111.221596][ T6207] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 111.221606][ T6207] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 111.221613][ T6207] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 111.221620][ T6207] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 111.221626][ T6207] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 111.221632][ T6207] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 111.221647][ T6207] [ 111.221658][ T6207] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 111.221675][ T6207] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 111.221687][ T6207] CPU: 1 UID: 0 PID: 6207 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 111.221700][ T6207] Tainted: [W]=WARN [ 111.221703][ T6207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 111.221708][ T6207] Call Trace: [ 111.221712][ T6207] [ 111.221715][ T6207] dump_stack_lvl+0xe8/0x150 [ 111.221730][ T6207] gfs2_assert_warn_i+0x194/0x2c0 [ 111.221752][ T6207] gfs2_qd_dispose+0x466/0x570 [ 111.221775][ T6207] gfs2_quota_init+0xcda/0x1220 [ 111.221792][ T6207] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 111.221843][ T6207] ? __pfx_gfs2_quota_init+0x10/0x10 [ 111.221862][ T6207] ? __pfx_wake_up_bit+0x10/0x10 [ 111.221895][ T6207] ? rt_spin_unlock+0x160/0x200 [ 111.221915][ T6207] ? inode_go_inval+0x2a0/0x360 [ 111.221931][ T6207] gfs2_make_fs_rw+0x143/0x230 [ 111.221945][ T6207] gfs2_fill_super+0x1bfd/0x2220 [ 111.221964][ T6207] ? __pfx_gfs2_fill_super+0x10/0x10 [ 111.221974][ T6207] ? rt_spin_unlock+0x14f/0x200 [ 111.221986][ T6207] ? init_locking+0xb8/0x210 [ 111.221996][ T6207] ? sb_set_blocksize+0x11b/0x210 [ 111.222011][ T6207] ? setup_bdev_super+0x4c1/0x5b0 [ 111.222026][ T6207] get_tree_bdev_flags+0x431/0x4f0 [ 111.222040][ T6207] ? __pfx_gfs2_fill_super+0x10/0x10 [ 111.222051][ T6207] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 111.222063][ T6207] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 111.222077][ T6207] ? rcu_is_watching+0x15/0xb0 [ 111.222087][ T6207] ? cap_capable+0x123/0x490 [ 111.222100][ T6207] gfs2_get_tree+0x51/0x1e0 [ 111.222113][ T6207] vfs_get_tree+0x92/0x2a0 [ 111.222128][ T6207] do_new_mount+0x341/0xd30 [ 111.222138][ T6207] ? safesetid_security_capable+0xa9/0x1a0 [ 111.222153][ T6207] ? __pfx_do_new_mount+0x10/0x10 [ 111.222163][ T6207] ? ns_capable+0x89/0xe0 [ 111.222181][ T6207] ? user_path_at+0xd4/0x160 [ 111.222194][ T6207] __se_sys_mount+0x31d/0x420 [ 111.222208][ T6207] ? __pfx___se_sys_mount+0x10/0x10 [ 111.222222][ T6207] ? __x64_sys_mount+0x20/0xc0 [ 111.222234][ T6207] do_syscall_64+0x14d/0xf80 [ 111.222246][ T6207] ? trace_irq_disable+0x3b/0x150 [ 111.222256][ T6207] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.222266][ T6207] ? clear_bhb_loop+0x40/0x90 [ 111.222278][ T6207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.222287][ T6207] RIP: 0033:0x7fbb2689ea4a [ 111.222296][ T6207] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 111.222304][ T6207] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 111.222314][ T6207] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 111.222321][ T6207] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 111.222327][ T6207] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 111.222333][ T6207] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 111.222339][ T6207] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 111.222354][ T6207] [ 111.552832][ T6207] gfs2: fsid=syz:syz.0: found 1 quota changes [ 112.197802][ T6213] loop0: detected capacity change from 0 to 32768 [ 112.217121][ T6213] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 112.217140][ T6213] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 112.265547][ T6213] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 112.271727][ T809] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 112.271744][ T809] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 112.399765][ T809] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 128ms [ 112.402303][ T809] gfs2: fsid=syz:syz.0: jid=0: Done [ 112.402429][ T6213] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 112.449106][ T6213] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 112.449129][ T6213] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6213, name: syz-executor.0 [ 112.449145][ T6213] preempt_count: 1, expected: 0 [ 112.449153][ T6213] RCU nest depth: 1, expected: 1 [ 112.449162][ T6213] 4 locks held by syz-executor.0/6213: [ 112.449173][ T6213] #0: ffff8880344560d0 (&type->s_umount_key#52/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xac0 [ 112.449240][ T6213] #1: ffffffff8e415e38 (qd_lock){+.+.}-{3:3}, at: gfs2_quota_init+0x854/0x1220 [ 112.449265][ T6213] #2: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 112.449289][ T6213] #3: ffff88804ee391b8 (&lockref->lock#3){+.+.}-{3:3}, at: lockref_get_not_dead+0x28/0xd0 [ 112.449316][ T6213] Preemption disabled at: [ 112.449318][ T6213] [] spin_lock_bucket+0x3b/0x150 [ 112.449336][ T6213] CPU: 1 UID: 0 PID: 6213 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 112.449350][ T6213] Tainted: [W]=WARN [ 112.449353][ T6213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.449359][ T6213] Call Trace: [ 112.449364][ T6213] [ 112.449368][ T6213] dump_stack_lvl+0xe8/0x150 [ 112.449385][ T6213] __might_resched+0x329/0x480 [ 112.449406][ T6213] ? spin_lock_bucket+0x3b/0x150 [ 112.449417][ T6213] rt_spin_lock+0xc2/0x400 [ 112.449429][ T6213] ? __pfx_rt_spin_lock+0x10/0x10 [ 112.449440][ T6213] ? preempt_count_add+0x91/0x190 [ 112.449453][ T6213] ? rt_spin_lock+0x2ce/0x400 [ 112.449465][ T6213] lockref_get_not_dead+0x28/0xd0 [ 112.449477][ T6213] gfs2_qd_search_bucket+0x139/0x210 [ 112.449489][ T6213] gfs2_quota_init+0x86c/0x1220 [ 112.449499][ T6213] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 112.449540][ T6213] ? __pfx_gfs2_quota_init+0x10/0x10 [ 112.449558][ T6213] ? __pfx_wake_up_bit+0x10/0x10 [ 112.449583][ T6213] ? rt_spin_unlock+0x160/0x200 [ 112.449608][ T6213] ? inode_go_inval+0x2a0/0x360 [ 112.449632][ T6213] gfs2_make_fs_rw+0x143/0x230 [ 112.449660][ T6213] gfs2_fill_super+0x1bfd/0x2220 [ 112.449683][ T6213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 112.449694][ T6213] ? rt_spin_unlock+0x14f/0x200 [ 112.449705][ T6213] ? init_locking+0xb8/0x210 [ 112.449718][ T6213] ? sb_set_blocksize+0x11b/0x210 [ 112.449738][ T6213] ? setup_bdev_super+0x4c1/0x5b0 [ 112.449753][ T6213] get_tree_bdev_flags+0x431/0x4f0 [ 112.449767][ T6213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 112.449778][ T6213] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 112.449791][ T6213] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 112.449805][ T6213] ? rcu_is_watching+0x15/0xb0 [ 112.449816][ T6213] ? cap_capable+0x123/0x490 [ 112.449830][ T6213] gfs2_get_tree+0x51/0x1e0 [ 112.449843][ T6213] vfs_get_tree+0x92/0x2a0 [ 112.449857][ T6213] do_new_mount+0x341/0xd30 [ 112.449868][ T6213] ? safesetid_security_capable+0xa9/0x1a0 [ 112.449884][ T6213] ? __pfx_do_new_mount+0x10/0x10 [ 112.449895][ T6213] ? ns_capable+0x89/0xe0 [ 112.449917][ T6213] ? user_path_at+0xd4/0x160 [ 112.449931][ T6213] __se_sys_mount+0x31d/0x420 [ 112.449945][ T6213] ? __pfx___se_sys_mount+0x10/0x10 [ 112.449959][ T6213] ? __x64_sys_mount+0x20/0xc0 [ 112.449971][ T6213] do_syscall_64+0x14d/0xf80 [ 112.449985][ T6213] ? trace_irq_disable+0x3b/0x150 [ 112.449996][ T6213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.450006][ T6213] ? clear_bhb_loop+0x40/0x90 [ 112.450019][ T6213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.450028][ T6213] RIP: 0033:0x7fbb2689ea4a [ 112.450039][ T6213] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 112.450048][ T6213] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 112.450059][ T6213] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 112.450066][ T6213] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 112.450072][ T6213] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 112.450078][ T6213] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 112.450084][ T6213] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 112.450100][ T6213] [ 112.450111][ T6213] gfs2: fsid=syz:syz.0: Corruption found in quota_change0file: duplicate identifier in slot 26671 [ 112.450128][ T6213] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 112.450141][ T6213] CPU: 1 UID: 0 PID: 6213 Comm: syz-executor.0 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 112.450154][ T6213] Tainted: [W]=WARN [ 112.450157][ T6213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.450162][ T6213] Call Trace: [ 112.450166][ T6213] [ 112.450170][ T6213] dump_stack_lvl+0xe8/0x150 [ 112.450185][ T6213] gfs2_assert_warn_i+0x194/0x2c0 [ 112.450201][ T6213] gfs2_qd_dispose+0x466/0x570 [ 112.450214][ T6213] gfs2_quota_init+0xcda/0x1220 [ 112.450223][ T6213] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 112.450245][ T6213] ? __pfx_gfs2_quota_init+0x10/0x10 [ 112.450254][ T6213] ? __pfx_wake_up_bit+0x10/0x10 [ 112.450266][ T6213] ? rt_spin_unlock+0x160/0x200 [ 112.450279][ T6213] ? inode_go_inval+0x2a0/0x360 [ 112.450291][ T6213] gfs2_make_fs_rw+0x143/0x230 [ 112.450305][ T6213] gfs2_fill_super+0x1bfd/0x2220 [ 112.450323][ T6213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 112.450334][ T6213] ? rt_spin_unlock+0x14f/0x200 [ 112.450345][ T6213] ? init_locking+0xb8/0x210 [ 112.450355][ T6213] ? sb_set_blocksize+0x11b/0x210 [ 112.450370][ T6213] ? setup_bdev_super+0x4c1/0x5b0 [ 112.450384][ T6213] get_tree_bdev_flags+0x431/0x4f0 [ 112.450404][ T6213] ? __pfx_gfs2_fill_super+0x10/0x10 [ 112.450415][ T6213] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 112.450428][ T6213] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 112.450441][ T6213] ? rcu_is_watching+0x15/0xb0 [ 112.450452][ T6213] ? cap_capable+0x123/0x490 [ 112.450465][ T6213] gfs2_get_tree+0x51/0x1e0 [ 112.450477][ T6213] vfs_get_tree+0x92/0x2a0 [ 112.450492][ T6213] do_new_mount+0x341/0xd30 [ 112.450502][ T6213] ? safesetid_security_capable+0xa9/0x1a0 [ 112.450517][ T6213] ? __pfx_do_new_mount+0x10/0x10 [ 112.450527][ T6213] ? ns_capable+0x89/0xe0 [ 112.450545][ T6213] ? user_path_at+0xd4/0x160 [ 112.450558][ T6213] __se_sys_mount+0x31d/0x420 [ 112.450572][ T6213] ? __pfx___se_sys_mount+0x10/0x10 [ 112.450586][ T6213] ? __x64_sys_mount+0x20/0xc0 [ 112.450598][ T6213] do_syscall_64+0x14d/0xf80 [ 112.450610][ T6213] ? trace_irq_disable+0x3b/0x150 [ 112.450620][ T6213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.450630][ T6213] ? clear_bhb_loop+0x40/0x90 [ 112.450643][ T6213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.450660][ T6213] RIP: 0033:0x7fbb2689ea4a [ 112.450676][ T6213] Code: 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 d0 ff ff ff f7 d8 64 89 01 48 [ 112.450690][ T6213] RSP: 002b:00007fbb25c2dee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 112.450708][ T6213] RAX: ffffffffffffffda RBX: 00007fbb25c2df70 RCX: 00007fbb2689ea4a [ 112.450721][ T6213] RDX: 0000000020000100 RSI: 0000000020013440 RDI: 00007fbb25c2df30 [ 112.450733][ T6213] RBP: 0000000020000100 R08: 00007fbb25c2df70 R09: 0000000001000000 [ 112.450746][ T6213] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000020013440 [ 112.450757][ T6213] R13: 00007fbb25c2df30 R14: 000000000001343f R15: 0000000020002380 [ 112.450787][ T6213] [ 112.761664][ T6213] gfs2: fsid=syz:syz.0: found 1 quota changes