syzbot

 sign-in | mailing list | source | docs
🐞 Open [754]
🐞 Fixed [45]
🐞 Invalid [406]
Missing Backports [57]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

KASAN: use-after-free Read in qd_unlock

Status: upstream: reported C repro on 2024/06/24 17:41
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+edea969b2d7e2438f7f1@syzkaller.appspotmail.com
First crash: 75d, last: 57d
Bug presence (2)
Date Name Commit Repro Result
2024/07/12 linux-5.15.y (ToT) f45bea23c39c C [report] KASAN: use-after-free Read in qd_unlock
2024/07/12 upstream (ToT) 43db1e03c086 C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in qd_unlock (2) gfs2 C error done 5 385d 614d 23/27 fixed on 2023/10/12 12:47
linux-6.1 KASAN: use-after-free Read in qd_unlock 7 67d 75d 0/3 upstream: reported on 2024/06/24 18:01
upstream KASAN: use-after-free Read in qd_unlock gfs2 1 898d 894d 0/27 auto-closed as invalid on 2022/07/22 08:43
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/07/27 22:24 1m fix candidate upstream error job log

Sample crash report:
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
==================================================================
BUG: KASAN: use-after-free in arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline]
BUG: KASAN: use-after-free in qd_unlock+0x44/0x2c8 fs/gfs2/quota.c:497
Read of size 8 at addr ffff0000e2711b10 by task syz-executor119/3965

CPU: 0 PID: 3965 Comm: syz-executor119 Not tainted 5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x174/0x1e4 mm/kasan/report.c:451
 __asan_report_load8_noabort+0x44/0x50 mm/kasan/report_generic.c:309
 arch_test_bit include/asm-generic/bitops/non-atomic.h:118 [inline]
 qd_unlock+0x44/0x2c8 fs/gfs2/quota.c:497
 gfs2_quota_sync+0x3c4/0x548 fs/gfs2/quota.c:1336
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Allocated by task 4202:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0x8c/0xcc mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x74/0x3f4 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x1dc/0x45c mm/slub.c:3233
 kmem_cache_zalloc include/linux/slab.h:711 [inline]
 qd_alloc+0x64/0x23c fs/gfs2/quota.c:216
 gfs2_quota_init+0x68c/0xebc fs/gfs2/quota.c:1426
 gfs2_make_fs_rw+0x364/0x4c4 fs/gfs2/super.c:155
 gfs2_fill_super+0x1c74/0x2010 fs/gfs2/ops_fstype.c:1276
 get_tree_bdev+0x360/0x54c fs/super.c:1312
 gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1332
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Freed by task 14:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x84 mm/kasan/common.c:46
 kasan_set_free_info+0x28/0x4c mm/kasan/generic.c:360
 ____kasan_slab_free+0x118/0x164 mm/kasan/common.c:366
 __kasan_slab_free+0x18/0x28 mm/kasan/common.c:374
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:1705 [inline]
 slab_free_freelist_hook+0x128/0x1ec mm/slub.c:1731
 slab_free mm/slub.c:3499 [inline]
 kmem_cache_free+0xdc/0x3c4 mm/slub.c:3515
 gfs2_qd_dealloc+0x54/0x64 fs/gfs2/quota.c:109
 rcu_do_batch kernel/rcu/tree.c:2523 [inline]
 rcu_core+0x830/0x1b34 kernel/rcu/tree.c:2763
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2776
 handle_softirqs+0x384/0xdbc kernel/softirq.c:558
 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870

Last potentially related work creation:
 kasan_save_stack+0x38/0x68 mm/kasan/common.c:38
 kasan_record_aux_stack+0xd4/0x11c mm/kasan/generic.c:348
 __call_rcu kernel/rcu/tree.c:3007 [inline]
 call_rcu+0x118/0xb40 kernel/rcu/tree.c:3087
 gfs2_quota_cleanup+0x400/0x67c fs/gfs2/quota.c:1490
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Second to last potentially related work creation:
 kasan_save_stack+0x38/0x68 mm/kasan/common.c:38
 kasan_record_aux_stack+0xd4/0x11c mm/kasan/generic.c:348
 __call_rcu kernel/rcu/tree.c:3007 [inline]
 call_rcu+0x118/0xb40 kernel/rcu/tree.c:3087
 gfs2_quota_cleanup+0x400/0x67c fs/gfs2/quota.c:1490
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

The buggy address belongs to the object at ffff0000e2711a80
 which belongs to the cache gfs2_quotad of size 272
The buggy address is located 144 bytes inside of
 272-byte region [ffff0000e2711a80, ffff0000e2711b90)
The buggy address belongs to the page:
page:00000000b93a2c26 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000e2711930 pfn:0x122711
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 fffffc0003897f40 0000000300000003 ffff0000c690e000
raw: ffff0000e2711930 00000000800c000a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000e2711a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff0000e2711a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000e2711b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                         ^
 ffff0000e2711b80: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
 ffff0000e2711c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 0 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2080 (type: exp=2, found=0)
  function = gfs2_rgrp_bh_get, file = fs/gfs2/rgrp.c, line = 1224
gfs2: fsid=syz:syz.0: about to withdraw this file system
gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_assert_warn_i+0x16c/0x278 fs/gfs2/util.c:416
 gfs2_quota_cleanup+0x464/0x67c fs/gfs2/quota.c:1485
 gfs2_make_fs_ro+0x1f0/0x554 fs/gfs2/super.c:557
 signal_our_withdraw fs/gfs2/util.c:166 [inline]
 gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
gfs2: fsid=syz:syz.0: File system withdrawn
CPU: 1 PID: 3965 Comm: syz-executor119 Tainted: G    B             5.15.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 gfs2_withdraw+0xeac/0x12a4 fs/gfs2/util.c:355
 gfs2_metatype_check_ii+0x8c/0xac fs/gfs2/util.c:520
 gfs2_metatype_check_i fs/gfs2/util.h:129 [inline]
 gfs2_rgrp_bh_get+0x314/0xf00 fs/gfs2/rgrp.c:1223
 gfs2_rgrp_go_lock+0xe4/0x134 fs/gfs2/rgrp.c:1300
 do_promote+0x680/0xa80 fs/gfs2/glock.c:507
 finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
 do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
 run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
 gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
 gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
 gfs2_inplace_reserve+0xb18/0x3098 fs/gfs2/rgrp.c:2109
 do_sync+0x57c/0xaf8 fs/gfs2/quota.c:951
 gfs2_quota_sync+0x2e8/0x548 fs/gfs2/quota.c:1329
 gfs2_sync_fs+0x4c/0xc4 fs/gfs2/super.c:647
 sync_filesystem+0xe8/0x218 fs/sync.c:56
 generic_shutdown_super+0x70/0x29c fs/super.c:448
 kill_block_super+0x70/0xdc fs/super.c:1414
 gfs2_kill_sb+0xc0/0xd4
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/12 13:35 linux-5.15.y f45bea23c39c eaeb5c15 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/06/25 06:30 linux-5.15.y 4878aadf2d15 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: use-after-free Read in qd_unlock
2024/06/24 19:36 linux-5.15.y 4878aadf2d15 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: use-after-free Read in qd_unlock
2024/06/24 17:43 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: use-after-free Read in qd_unlock
2024/06/24 17:41 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: use-after-free Read in qd_unlock
2024/07/12 11:14 linux-5.15.y f45bea23c39c eaeb5c15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/07/02 16:36 linux-5.15.y 4878aadf2d15 07f0a0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/06/25 22:20 linux-5.15.y 4878aadf2d15 dec8bc94 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/06/25 10:15 linux-5.15.y 4878aadf2d15 04bd2a30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/06/24 21:09 linux-5.15.y 4878aadf2d15 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
2024/06/24 17:45 linux-5.15.y 4878aadf2d15 edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: use-after-free Read in qd_unlock
* Struck through repros no longer work on HEAD.