KASAN: use-after-free Read in qd

Date	Name	Commit	Repro	Result
2024/07/12	linux-5.15.y (ToT)	f45bea23c39c	C	[report] KASAN: use-after-free Read in qd_unlock
2024/07/12	upstream (ToT)	43db1e03c086	C	Didn't crash

Date

Name

Commit

Repro

Result

2024/07/12

linux-5.15.y (ToT)

f45bea23c39c

[report] KASAN: use-after-free Read in qd_unlock

2024/07/12

upstream (ToT)

43db1e03c086

Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in qd_unlock (2) gfs2	C	error	done	5	472d	701d	23/28	fixed on 2023/10/12 12:47
linux-6.1	KASAN: use-after-free Read in qd_unlock				7	154d	162d	0/3	auto-obsoleted due to no activity on 2024/10/10 22:13
upstream	KASAN: use-after-free Read in qd_unlock gfs2				1	986d	982d	0/28	auto-closed as invalid on 2022/07/22 08:43

Created	Duration	User	Patch	Repo	Result
2024/10/09 21:54	15m	retest repro		linux-5.15.y	report log

Created

Duration

User

Patch

Repo

Result

2024/10/09 21:54

15m

retest repro

linux-5.15.y

report log

Created	Duration	User	Patch	Repo	Result
2024/10/06 14:40	1m	fix candidate		upstream	error job log
2024/07/27 22:24	1m	fix candidate		upstream	error job log

Created

Duration

User

Patch

Repo

Result

2024/10/06 14:40

fix candidate

upstream

error job log

2024/07/27 22:24

fix candidate

upstream

error job log

tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 ================================================================== BUG: KASAN: use-after-free in arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline] BUG: KASAN: use-after-free in qd_unlock+0x44/0x2c8 fs/gfs2/quota.c:497 Read of size 8 at addr ffff0000e2711b10 by task syz-executor119/3965 CPU: 0 PID: 3965 Comm: syz-executor119 Not tainted 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 __asan_report_load8_noabort+0x44/0x50 mm/kasan/report_generic.c:309 arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline] qd_unlock+0x44/0x2c8 fs/gfs2/quota.c:497 gfs2_quota_sync+0x3c4/0x548 fs/gfs2/quota.c:1336 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Allocated by task 4202: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x8c/0xcc mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519 slab_alloc_node mm/slub.c:3220 [inline] slab_alloc mm/slub.c:3228 [inline] kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233 kmem_cache_zalloc include/linux/slab.h:711 [inline] qd_alloc+0x64/0x23c fs/gfs2/quota.c:216 gfs2_quota_init+0x68c/0xebc fs/gfs2/quota.c:1426 gfs2_make_fs_rw+0x364/0x4c4 fs/gfs2/super.c:155 gfs2_fill_super+0x1c74/0x2010 fs/gfs2/ops_fstype.c:1276 get_tree_bdev+0x360/0x54c fs/super.c:1312 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1332 vfs_get_tree+0x90/0x274 fs/super.c:1517 do_new_mount+0x278/0x8fc fs/namespace.c:3005 path_mount+0x594/0x101c fs/namespace.c:3335 do_mount fs/namespace.c:3348 [inline] __do_sys_mount fs/namespace.c:3556 [inline] __se_sys_mount fs/namespace.c:3533 [inline] __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Freed by task 14: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x84 mm/kasan/common.c:46 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1705 [inline] slab_free_freelist_hook+0x128/0x1ec mm/slub.c:1731 slab_free mm/slub.c:3499 [inline] kmem_cache_free+0xdc/0x3c4 mm/slub.c:3515 gfs2_qd_dealloc+0x54/0x64 fs/gfs2/quota.c:109 rcu_do_batch kernel/rcu/tree.c:2523 [inline] rcu_core+0x830/0x1b34 kernel/rcu/tree.c:2763 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2776 handle_softirqs+0x384/0xdbc kernel/softirq.c:558 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164 kthread+0x37c/0x45c kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 Last potentially related work creation: kasan_save_stack+0x38/0x68 mm/kasan/common.c:38 kasan_record_aux_stack+0xd4/0x11c mm/kasan/generic.c:348 __call_rcu kernel/rcu/tree.c:3007 [inline] call_rcu+0x118/0xb40 kernel/rcu/tree.c:3087 gfs2_quota_cleanup+0x400/0x67c fs/gfs2/quota.c:1490 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Second to last potentially related work creation: kasan_save_stack+0x38/0x68 mm/kasan/common.c:38 kasan_record_aux_stack+0xd4/0x11c mm/kasan/generic.c:348 __call_rcu kernel/rcu/tree.c:3007 [inline] call_rcu+0x118/0xb40 kernel/rcu/tree.c:3087 gfs2_quota_cleanup+0x400/0x67c fs/gfs2/quota.c:1490 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 The buggy address belongs to the object at ffff0000e2711a80 which belongs to the cache gfs2_quotad of size 272 The buggy address is located 144 bytes inside of 272-byte region [ffff0000e2711a80, ffff0000e2711b90) The buggy address belongs to the page: page:00000000b93a2c26 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000e2711930 pfn:0x122711 flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000200 fffffc0003897f40 0000000300000003 ffff0000c690e000 raw: ffff0000e2711930 00000000800c000a 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000e2711a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff0000e2711a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff0000e2711b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff0000e2711b80: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb ffff0000e2711c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2080 (type: exp=2, found=0) function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557 signal_our_withdraw fs/gfs2/util.c:166 [inline] gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.0: File system withdrawn CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G B 5.15.162-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline] gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300 do_promote+0x680/0xa80 fs/gfs2/glock.c:507 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline] gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647 sync_filesystem+0xe8/0x218 fs/sync.c:56 generic_shutdown_super+0x70/0x29c fs/super.c:448 kill_block_super+0x70/0xdc fs/super.c:1414 gfs2_kill_sb+0xc0/0xd4 deactivate_locked_super+0xb8/0x13c fs/super.c:335 deactivate_super+0x108/0x128 fs/super.c:366 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150 task_work_run+0x130/0x1e4 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline] el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (12):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/07/12 13:35	linux-5.15.y	f45bea23c39c	eaeb5c15	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/11/14 23:38	linux-5.15.y	d98fd109f827	a8c99394	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: use-after-free Read in qd_unlock
2024/06/25 06:30	linux-5.15.y	4878aadf2d15	215eef4a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: use-after-free Read in qd_unlock
2024/06/24 19:36	linux-5.15.y	4878aadf2d15	215eef4a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: use-after-free Read in qd_unlock
2024/06/24 17:43	linux-5.15.y	4878aadf2d15	edc5149a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: use-after-free Read in qd_unlock
2024/06/24 17:41	linux-5.15.y	4878aadf2d15	edc5149a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: use-after-free Read in qd_unlock
2024/07/12 11:14	linux-5.15.y	f45bea23c39c	eaeb5c15	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/07/02 16:36	linux-5.15.y	4878aadf2d15	07f0a0a0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/06/25 22:20	linux-5.15.y	4878aadf2d15	dec8bc94	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/06/25 10:15	linux-5.15.y	4878aadf2d15	04bd2a30	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/06/24 21:09	linux-5.15.y	4878aadf2d15	215eef4a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock
2024/06/24 17:45	linux-5.15.y	4878aadf2d15	edc5149a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: use-after-free Read in qd_unlock

Crashes (12):

Assets (help?)