./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor555701528
<...>
forked to background, child pid 4644
no interfaces have a carrier
[ 22.518953][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0
[ 22.527531][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts.
execve("./syz-executor555701528", ["./syz-executor555701528"], 0x7ffd3c266270 /* 10 vars */) = 0
brk(NULL) = 0x5555556f5000
brk(0x5555556f5c40) = 0x5555556f5c40
arch_prctl(ARCH_SET_FS, 0x5555556f5300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor555701528", 4096) = 27
brk(0x555555716c40) = 0x555555716c40
brk(0x555555717000) = 0x555555717000
mprotect(0x7fe7760e7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5073
mkdir("./syzkaller.VAHhVM", 0700) = 0
chmod("./syzkaller.VAHhVM", 0777) = 0
chdir("./syzkaller.VAHhVM") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556f55d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid 5074] chdir("./0") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe76dc1a000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5074] munmap(0x7fe76dc1a000, 16777216) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
syzkaller login: [ 43.623190][ T5074] loop0: detected capacity change from 0 to 32768
[ 43.634424][ T5074] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 43.643473][ T5074] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 43.654638][ T5074] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 43.663491][ T894] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 43.670462][ T894] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid 5074] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] exit_group(0) = ?
[ 43.698155][ T894] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 27ms
[ 43.706109][ T894] gfs2: fsid=syz:syz.0: jid=0: Done
[ 43.711552][ T5074] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555556f6620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 43.789875][ T5074] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 43.814329][ T5073] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 43.814329][ T5073] inode = 11 2340
[ 43.814329][ T5073] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[ 43.833063][ T5073] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 43.842307][ T5073] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5073 [syz-executor555] gfs2_quota_sync+0x2e6/0x660
[ 43.852780][ T5073] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 43.861130][ T5073] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 43.871435][ T5073] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 43.885575][ T5073] CPU: 1 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 43.896014][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 43.906162][ T5073] Call Trace:
[ 43.909439][ T5073]
[ 43.912350][ T5073] dump_stack_lvl+0xd1/0x138
[ 43.916942][ T5073] gfs2_assert_warn_i.cold+0x3a/0x11f
[ 43.922326][ T5073] gfs2_quota_cleanup+0x667/0x860
[ 43.927344][ T5073] gfs2_make_fs_ro+0x202/0x610
[ 43.932085][ T5073] ? gfs2_dirty_inode+0x820/0x820
[ 43.937092][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 43.942362][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 43.947550][ T5073] gfs2_withdraw.cold+0x4b4/0xf9a
[ 43.952569][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 43.956800][ T5073] ? gfs2_withdraw.cold+0xc25/0xf9a
[ 43.962029][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 43.967134][ T5073] ? inode_go_sync+0x560/0x560
[ 43.971887][ T5073] inode_go_instantiate+0x4a/0x70
[ 43.976899][ T5073] gfs2_instantiate+0x16a/0x250
[ 43.981737][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 43.986578][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 43.991244][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 43.996512][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 44.001695][ T5073] do_sync+0x62f/0xcf0
[ 44.005764][ T5073] ? gfs2_qa_put+0x160/0x160
[ 44.010341][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 44.015267][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 44.020359][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 44.025280][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 44.030039][ T5073] gfs2_sync_fs+0x44/0xb0
[ 44.034368][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 44.039303][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 44.044659][ T5073] sync_filesystem+0x8f/0xc0
[ 44.049234][ T5073] generic_shutdown_super+0x74/0x410
[ 44.054506][ T5073] kill_block_super+0x9b/0xf0
[ 44.059170][ T5073] gfs2_kill_sb+0x108/0x170
[ 44.063653][ T5073] deactivate_locked_super+0x98/0x160
[ 44.069009][ T5073] deactivate_super+0xb1/0xd0
[ 44.073673][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 44.078075][ T5073] task_work_run+0x16f/0x270
[ 44.082650][ T5073] ? task_work_cancel+0x30/0x30
[ 44.087487][ T5073] ? __x64_sys_umount+0x118/0x190
[ 44.092584][ T5073] ptrace_notify+0x118/0x140
[ 44.097155][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 44.103574][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 44.108929][ T5073] do_syscall_64+0x46/0xb0
[ 44.113331][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.119209][ T5073] RIP: 0033:0x7fe776068c57
[ 44.123606][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.143374][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 44.152140][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 44.160104][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 44.168096][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 44.176137][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 44.184106][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000001
[ 44.192082][ T5073]
[ 44.199197][ T5073] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 44.208018][ T5073] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 44.215030][ T5073] gfs2: fsid=syz:syz.0: File system withdrawn
[ 44.221125][ T5073] CPU: 1 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 44.231529][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 44.241579][ T5073] Call Trace:
[ 44.244843][ T5073]
[ 44.248017][ T5073] dump_stack_lvl+0xd1/0x138
[ 44.252597][ T5073] gfs2_withdraw.cold+0x275/0xf9a
[ 44.257614][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 44.261971][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 44.267070][ T5073] ? inode_go_sync+0x560/0x560
[ 44.271825][ T5073] inode_go_instantiate+0x4a/0x70
[ 44.276945][ T5073] gfs2_instantiate+0x16a/0x250
[ 44.281868][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 44.286792][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 44.291476][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 44.296749][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 44.301933][ T5073] do_sync+0x62f/0xcf0
[ 44.306047][ T5073] ? gfs2_qa_put+0x160/0x160
[ 44.310635][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 44.315571][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 44.320503][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 44.325436][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 44.330200][ T5073] gfs2_sync_fs+0x44/0xb0
[ 44.334527][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 44.339548][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 44.344830][ T5073] sync_filesystem+0x8f/0xc0
[ 44.349411][ T5073] generic_shutdown_super+0x74/0x410
[ 44.354701][ T5073] kill_block_super+0x9b/0xf0
[ 44.359379][ T5073] gfs2_kill_sb+0x108/0x170
[ 44.363874][ T5073] deactivate_locked_super+0x98/0x160
[ 44.369247][ T5073] deactivate_super+0xb1/0xd0
[ 44.373921][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 44.378334][ T5073] task_work_run+0x16f/0x270
[ 44.382923][ T5073] ? task_work_cancel+0x30/0x30
[ 44.387865][ T5073] ? __x64_sys_umount+0x118/0x190
[ 44.392888][ T5073] ptrace_notify+0x118/0x140
[ 44.397472][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 44.403789][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 44.409153][ T5073] do_syscall_64+0x46/0xb0
[ 44.413576][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.419464][ T5073] RIP: 0033:0x7fe776068c57
[ 44.423866][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.443552][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 44.451974][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 44.459935][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 44.467903][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 44.475882][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 44.483842][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000001
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555556fe660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555556fe660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555556f6620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached
, child_tidptr=0x5555556f55d0) = 5078
[pid 5078] chdir("./1") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe76dc1a000
[ 44.491821][ T5073]
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5078] munmap(0x7fe76dc1a000, 16777216) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[ 44.687432][ T5078] loop0: detected capacity change from 0 to 32768
[ 44.697236][ T5078] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 44.705797][ T5078] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 44.715398][ T5078] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 44.723687][ T894] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 44.730545][ T894] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid 5078] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 44.755777][ T894] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[ 44.763294][ T894] gfs2: fsid=syz:syz.0: jid=0: Done
[ 44.768762][ T5078] gfs2: fsid=syz:syz.0: first mount done, others may mount
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555556f6620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 44.840583][ T5078] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 44.871222][ T5073] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 44.871222][ T5073] inode = 11 2340
[ 44.871222][ T5073] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[ 44.890061][ T5073] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 44.899351][ T5073] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5073 [syz-executor555] gfs2_quota_sync+0x2e6/0x660
[ 44.910123][ T5073] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 44.918719][ T5073] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 44.928706][ T5073] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 44.942830][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 44.953240][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 44.963285][ T5073] Call Trace:
[ 44.966545][ T5073]
[ 44.969456][ T5073] dump_stack_lvl+0xd1/0x138
[ 44.974031][ T5073] gfs2_assert_warn_i.cold+0x3a/0x11f
[ 44.979392][ T5073] gfs2_quota_cleanup+0x667/0x860
[ 44.984407][ T5073] gfs2_make_fs_ro+0x202/0x610
[ 44.989322][ T5073] ? gfs2_dirty_inode+0x820/0x820
[ 44.994332][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 44.999617][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 45.004819][ T5073] gfs2_withdraw.cold+0x4b4/0xf9a
[ 45.009847][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 45.014086][ T5073] ? gfs2_withdraw.cold+0xc25/0xf9a
[ 45.019289][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 45.024399][ T5073] ? inode_go_sync+0x560/0x560
[ 45.029178][ T5073] inode_go_instantiate+0x4a/0x70
[ 45.034206][ T5073] gfs2_instantiate+0x16a/0x250
[ 45.039062][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 45.043824][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 45.048505][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 45.053702][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 45.059048][ T5073] do_sync+0x62f/0xcf0
[ 45.063122][ T5073] ? gfs2_qa_put+0x160/0x160
[ 45.067711][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 45.072651][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 45.077587][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 45.082521][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 45.087288][ T5073] gfs2_sync_fs+0x44/0xb0
[ 45.091614][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 45.096547][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 45.101860][ T5073] sync_filesystem+0x8f/0xc0
[ 45.106449][ T5073] generic_shutdown_super+0x74/0x410
[ 45.111734][ T5073] kill_block_super+0x9b/0xf0
[ 45.116408][ T5073] gfs2_kill_sb+0x108/0x170
[ 45.120917][ T5073] deactivate_locked_super+0x98/0x160
[ 45.126288][ T5073] deactivate_super+0xb1/0xd0
[ 45.131033][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 45.135465][ T5073] task_work_run+0x16f/0x270
[ 45.140055][ T5073] ? task_work_cancel+0x30/0x30
[ 45.144909][ T5073] ? __x64_sys_umount+0x118/0x190
[ 45.149934][ T5073] ptrace_notify+0x118/0x140
[ 45.154522][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 45.160978][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 45.166374][ T5073] do_syscall_64+0x46/0xb0
[ 45.170900][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.176803][ T5073] RIP: 0033:0x7fe776068c57
[ 45.181212][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 45.200820][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 45.209315][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 45.217299][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 45.225265][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 45.233379][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 45.241341][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000002
[ 45.249406][ T5073]
[ 45.256562][ T5073] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 45.265457][ T5073] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 45.272420][ T5073] gfs2: fsid=syz:syz.0: File system withdrawn
[ 45.278539][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 45.288949][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 45.298985][ T5073] Call Trace:
[ 45.302259][ T5073]
[ 45.305176][ T5073] dump_stack_lvl+0xd1/0x138
[ 45.309754][ T5073] gfs2_withdraw.cold+0x275/0xf9a
[ 45.314769][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 45.319015][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 45.324117][ T5073] ? inode_go_sync+0x560/0x560
[ 45.328872][ T5073] inode_go_instantiate+0x4a/0x70
[ 45.333896][ T5073] gfs2_instantiate+0x16a/0x250
[ 45.338841][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 45.343595][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 45.348281][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 45.353475][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 45.358764][ T5073] do_sync+0x62f/0xcf0
[ 45.362818][ T5073] ? gfs2_qa_put+0x160/0x160
[ 45.367482][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 45.372508][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 45.377426][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 45.382434][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 45.387192][ T5073] gfs2_sync_fs+0x44/0xb0
[ 45.391626][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 45.396560][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 45.401838][ T5073] sync_filesystem+0x8f/0xc0
[ 45.406509][ T5073] generic_shutdown_super+0x74/0x410
[ 45.411791][ T5073] kill_block_super+0x9b/0xf0
[ 45.416462][ T5073] gfs2_kill_sb+0x108/0x170
[ 45.420959][ T5073] deactivate_locked_super+0x98/0x160
[ 45.426337][ T5073] deactivate_super+0xb1/0xd0
[ 45.431100][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 45.435517][ T5073] task_work_run+0x16f/0x270
[ 45.440106][ T5073] ? task_work_cancel+0x30/0x30
[ 45.444953][ T5073] ? __x64_sys_umount+0x118/0x190
[ 45.450019][ T5073] ptrace_notify+0x118/0x140
[ 45.454600][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 45.460922][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 45.466375][ T5073] do_syscall_64+0x46/0xb0
[ 45.470790][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.476766][ T5073] RIP: 0033:0x7fe776068c57
[ 45.481194][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 45.500890][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 45.509475][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 45.517436][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 45.525658][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 45.533703][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555556fe660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555556fe660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555556f6620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556f55d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./2") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe76dc1a000
[ 45.541665][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000002
[ 45.549640][ T5073]
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5081] munmap(0x7fe76dc1a000, 16777216) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 45.740838][ T5081] loop0: detected capacity change from 0 to 32768
[ 45.750523][ T5081] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 45.758883][ T5081] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 45.768223][ T5081] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 45.776705][ T894] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 45.783461][ T894] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid 5081] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555556f6620 /* 4 entries */, 32768) = 112
[ 45.809270][ T894] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[ 45.816822][ T894] gfs2: fsid=syz:syz.0: jid=0: Done
[ 45.822236][ T5081] gfs2: fsid=syz:syz.0: first mount done, others may mount
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 45.896014][ T5081] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 45.923509][ T5073] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 45.923509][ T5073] inode = 11 2340
[ 45.923509][ T5073] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[ 45.942368][ T5073] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 45.951953][ T5073] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5073 [syz-executor555] gfs2_quota_sync+0x2e6/0x660
[ 45.962475][ T5073] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 45.970997][ T5073] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 45.980802][ T5073] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 45.994933][ T5073] CPU: 1 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 46.005607][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 46.015659][ T5073] Call Trace:
[ 46.018933][ T5073]
[ 46.021942][ T5073] dump_stack_lvl+0xd1/0x138
[ 46.026534][ T5073] gfs2_assert_warn_i.cold+0x3a/0x11f
[ 46.031905][ T5073] gfs2_quota_cleanup+0x667/0x860
[ 46.037540][ T5073] gfs2_make_fs_ro+0x202/0x610
[ 46.042815][ T5073] ? gfs2_dirty_inode+0x820/0x820
[ 46.047832][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 46.053021][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 46.058220][ T5073] gfs2_withdraw.cold+0x4b4/0xf9a
[ 46.063266][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 46.067537][ T5073] ? gfs2_withdraw.cold+0xc25/0xf9a
[ 46.072834][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 46.078044][ T5073] ? inode_go_sync+0x560/0x560
[ 46.082815][ T5073] inode_go_instantiate+0x4a/0x70
[ 46.087843][ T5073] gfs2_instantiate+0x16a/0x250
[ 46.092778][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 46.097540][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 46.102216][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 46.107673][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 46.112871][ T5073] do_sync+0x62f/0xcf0
[ 46.116943][ T5073] ? gfs2_qa_put+0x160/0x160
[ 46.121537][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 46.126473][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 46.131405][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 46.136341][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 46.141107][ T5073] gfs2_sync_fs+0x44/0xb0
[ 46.145438][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 46.150371][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 46.155651][ T5073] sync_filesystem+0x8f/0xc0
[ 46.160236][ T5073] generic_shutdown_super+0x74/0x410
[ 46.165527][ T5073] kill_block_super+0x9b/0xf0
[ 46.170220][ T5073] gfs2_kill_sb+0x108/0x170
[ 46.174735][ T5073] deactivate_locked_super+0x98/0x160
[ 46.180116][ T5073] deactivate_super+0xb1/0xd0
[ 46.184793][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 46.189212][ T5073] task_work_run+0x16f/0x270
[ 46.193896][ T5073] ? task_work_cancel+0x30/0x30
[ 46.198751][ T5073] ? __x64_sys_umount+0x118/0x190
[ 46.203863][ T5073] ptrace_notify+0x118/0x140
[ 46.208446][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 46.215029][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 46.220396][ T5073] do_syscall_64+0x46/0xb0
[ 46.224810][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.230695][ T5073] RIP: 0033:0x7fe776068c57
[ 46.235099][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.254716][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 46.263209][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 46.271275][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 46.279239][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 46.287212][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 46.295179][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000003
[ 46.303155][ T5073]
[ 46.310136][ T5073] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 46.318970][ T5073] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 46.326442][ T5073] gfs2: fsid=syz:syz.0: File system withdrawn
[ 46.332519][ T5073] CPU: 1 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 46.342907][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 46.352948][ T5073] Call Trace:
[ 46.356235][ T5073]
[ 46.359153][ T5073] dump_stack_lvl+0xd1/0x138
[ 46.363739][ T5073] gfs2_withdraw.cold+0x275/0xf9a
[ 46.368755][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 46.373048][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 46.378162][ T5073] ? inode_go_sync+0x560/0x560
[ 46.383098][ T5073] inode_go_instantiate+0x4a/0x70
[ 46.388299][ T5073] gfs2_instantiate+0x16a/0x250
[ 46.393139][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 46.397896][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 46.402559][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 46.407744][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 46.412928][ T5073] do_sync+0x62f/0xcf0
[ 46.417031][ T5073] ? gfs2_qa_put+0x160/0x160
[ 46.421624][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 46.426565][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 46.431497][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 46.436432][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 46.441199][ T5073] gfs2_sync_fs+0x44/0xb0
[ 46.445529][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 46.450475][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 46.455765][ T5073] sync_filesystem+0x8f/0xc0
[ 46.460352][ T5073] generic_shutdown_super+0x74/0x410
[ 46.465638][ T5073] kill_block_super+0x9b/0xf0
[ 46.470314][ T5073] gfs2_kill_sb+0x108/0x170
[ 46.474817][ T5073] deactivate_locked_super+0x98/0x160
[ 46.480186][ T5073] deactivate_super+0xb1/0xd0
[ 46.484863][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 46.489278][ T5073] task_work_run+0x16f/0x270
[ 46.493869][ T5073] ? task_work_cancel+0x30/0x30
[ 46.498809][ T5073] ? __x64_sys_umount+0x118/0x190
[ 46.503833][ T5073] ptrace_notify+0x118/0x140
[ 46.508419][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 46.514743][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 46.520110][ T5073] do_syscall_64+0x46/0xb0
[ 46.524546][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.530428][ T5073] RIP: 0033:0x7fe776068c57
[ 46.535007][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.554780][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 46.563201][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 46.571162][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 46.579652][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 46.587625][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555556fe660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555556fe660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555556f6620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556f55d0) = 5084
./strace-static-x86_64: Process 5084 attached
[pid 5084] chdir("./3") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe76dc1a000
[ 46.595935][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000003
[ 46.604048][ T5073]
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5084] munmap(0x7fe76dc1a000, 16777216) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[ 46.794119][ T5084] loop0: detected capacity change from 0 to 32768
[ 46.803517][ T5084] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 46.811753][ T5084] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 46.821560][ T5084] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 46.830420][ T22] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 46.837269][ T22] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid 5084] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] exit_group(0) = ?
[ 46.863170][ T22] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[ 46.871331][ T22] gfs2: fsid=syz:syz.0: jid=0: Done
[ 46.876818][ T5084] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555556f6620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 46.955874][ T5084] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 46.970802][ T5073] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 46.970802][ T5073] inode = 11 2340
[ 46.970802][ T5073] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[ 46.989609][ T5073] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 46.998869][ T5073] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5073 [syz-executor555] gfs2_quota_sync+0x2e6/0x660
[ 47.009157][ T5073] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 47.017617][ T5073] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 47.027202][ T5073] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 47.041765][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 47.052252][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 47.062379][ T5073] Call Trace:
[ 47.065661][ T5073]
[ 47.068574][ T5073] dump_stack_lvl+0xd1/0x138
[ 47.073153][ T5073] gfs2_assert_warn_i.cold+0x3a/0x11f
[ 47.078518][ T5073] gfs2_quota_cleanup+0x667/0x860
[ 47.083531][ T5073] gfs2_make_fs_ro+0x202/0x610
[ 47.088363][ T5073] ? gfs2_dirty_inode+0x820/0x820
[ 47.093387][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 47.098582][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 47.103805][ T5073] gfs2_withdraw.cold+0x4b4/0xf9a
[ 47.108837][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 47.113106][ T5073] ? gfs2_withdraw.cold+0xc25/0xf9a
[ 47.118307][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 47.123420][ T5073] ? inode_go_sync+0x560/0x560
[ 47.128190][ T5073] inode_go_instantiate+0x4a/0x70
[ 47.133301][ T5073] gfs2_instantiate+0x16a/0x250
[ 47.138167][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 47.142945][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 47.147622][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 47.152905][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 47.158106][ T5073] do_sync+0x62f/0xcf0
[ 47.162176][ T5073] ? gfs2_qa_put+0x160/0x160
[ 47.166771][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 47.171703][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 47.176811][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 47.181746][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 47.186515][ T5073] gfs2_sync_fs+0x44/0xb0
[ 47.190947][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 47.196013][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 47.201298][ T5073] sync_filesystem+0x8f/0xc0
[ 47.205881][ T5073] generic_shutdown_super+0x74/0x410
[ 47.211162][ T5073] kill_block_super+0x9b/0xf0
[ 47.215840][ T5073] gfs2_kill_sb+0x108/0x170
[ 47.220337][ T5073] deactivate_locked_super+0x98/0x160
[ 47.225704][ T5073] deactivate_super+0xb1/0xd0
[ 47.230380][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 47.234902][ T5073] task_work_run+0x16f/0x270
[ 47.239491][ T5073] ? task_work_cancel+0x30/0x30
[ 47.244342][ T5073] ? __x64_sys_umount+0x118/0x190
[ 47.249451][ T5073] ptrace_notify+0x118/0x140
[ 47.254038][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 47.260450][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 47.265902][ T5073] do_syscall_64+0x46/0xb0
[ 47.270315][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.276217][ T5073] RIP: 0033:0x7fe776068c57
[ 47.280706][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.300487][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 47.308890][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 47.316851][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 47.324810][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 47.332802][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 47.340848][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000004
[ 47.348821][ T5073]
[ 47.355905][ T5073] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 47.365103][ T5073] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 47.371604][ T5073] gfs2: fsid=syz:syz.0: File system withdrawn
[ 47.377835][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 47.388245][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 47.398286][ T5073] Call Trace:
[ 47.401543][ T5073]
[ 47.404468][ T5073] dump_stack_lvl+0xd1/0x138
[ 47.409061][ T5073] gfs2_withdraw.cold+0x275/0xf9a
[ 47.414166][ T5073] ? gfs2_lm+0x1a0/0x1a0
[ 47.418441][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 47.423735][ T5073] ? inode_go_sync+0x560/0x560
[ 47.428584][ T5073] inode_go_instantiate+0x4a/0x70
[ 47.433617][ T5073] gfs2_instantiate+0x16a/0x250
[ 47.438471][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 47.443230][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 47.447902][ T5073] ? do_raw_spin_unlock+0x175/0x230
[ 47.453101][ T5073] ? __gfs2_holder_init+0x18b/0x2f0
[ 47.458290][ T5073] do_sync+0x62f/0xcf0
[ 47.462349][ T5073] ? gfs2_qa_put+0x160/0x160
[ 47.466923][ T5073] ? gfs2_quota_sync+0x3f5/0x660
[ 47.471846][ T5073] ? gfs2_quota_sync+0x2e6/0x660
[ 47.476768][ T5073] ? rwlock_bug.part.0+0x90/0x90
[ 47.481803][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 47.486657][ T5073] gfs2_sync_fs+0x44/0xb0
[ 47.490997][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 47.496028][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 47.501397][ T5073] sync_filesystem+0x8f/0xc0
[ 47.505983][ T5073] generic_shutdown_super+0x74/0x410
[ 47.511439][ T5073] kill_block_super+0x9b/0xf0
[ 47.516115][ T5073] gfs2_kill_sb+0x108/0x170
[ 47.520611][ T5073] deactivate_locked_super+0x98/0x160
[ 47.526067][ T5073] deactivate_super+0xb1/0xd0
[ 47.530740][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 47.535167][ T5073] task_work_run+0x16f/0x270
[ 47.539765][ T5073] ? task_work_cancel+0x30/0x30
[ 47.544614][ T5073] ? __x64_sys_umount+0x118/0x190
[ 47.549640][ T5073] ptrace_notify+0x118/0x140
[ 47.554226][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 47.560723][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 47.566094][ T5073] do_syscall_64+0x46/0xb0
[ 47.570542][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.576537][ T5073] RIP: 0033:0x7fe776068c57
[ 47.581037][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.601445][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 47.609860][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 47.617937][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 47.625903][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 47.633881][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 47.641852][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000004
[ 47.650042][ T5073]
[ 47.653348][ T5073] ==================================================================
[ 47.661410][ T5073] BUG: KASAN: use-after-free in qd_unlock+0x20/0x190
[ 47.668266][ T5073] Read of size 8 at addr ffff888072d22330 by task syz-executor555/5073
[ 47.676492][ T5073]
[ 47.678804][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 47.689201][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 47.699418][ T5073] Call Trace:
[ 47.702684][ T5073]
[ 47.705605][ T5073] dump_stack_lvl+0xd1/0x138
[ 47.710396][ T5073] print_report+0x15e/0x45d
[ 47.714913][ T5073] ? __phys_addr+0xc8/0x140
[ 47.719418][ T5073] ? qd_unlock+0x20/0x190
[ 47.723739][ T5073] kasan_report+0xbf/0x1f0
[ 47.728234][ T5073] ? qd_unlock+0x20/0x190
[ 47.732555][ T5073] kasan_check_range+0x141/0x190
[ 47.737486][ T5073] qd_unlock+0x20/0x190
[ 47.741630][ T5073] gfs2_quota_sync+0x39d/0x660
[ 47.746387][ T5073] gfs2_sync_fs+0x44/0xb0
[ 47.750709][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 47.755734][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 47.761036][ T5073] sync_filesystem+0x8f/0xc0
[ 47.765615][ T5073] generic_shutdown_super+0x74/0x410
[ 47.771020][ T5073] kill_block_super+0x9b/0xf0
[ 47.775684][ T5073] gfs2_kill_sb+0x108/0x170
[ 47.780269][ T5073] deactivate_locked_super+0x98/0x160
[ 47.785636][ T5073] deactivate_super+0xb1/0xd0
[ 47.790305][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 47.794711][ T5073] task_work_run+0x16f/0x270
[ 47.799300][ T5073] ? task_work_cancel+0x30/0x30
[ 47.804232][ T5073] ? __x64_sys_umount+0x118/0x190
[ 47.809250][ T5073] ptrace_notify+0x118/0x140
[ 47.813830][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 47.820149][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 47.825522][ T5073] do_syscall_64+0x46/0xb0
[ 47.829929][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.835861][ T5073] RIP: 0033:0x7fe776068c57
[ 47.840275][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.860309][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 47.868713][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 47.876674][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 47.884635][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 47.892594][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 47.900551][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000004
[ 47.908519][ T5073]
[ 47.911525][ T5073]
[ 47.913915][ T5073] Allocated by task 5084:
[ 47.918312][ T5073] kasan_save_stack+0x22/0x40
[ 47.922982][ T5073] kasan_set_track+0x25/0x30
[ 47.927560][ T5073] __kasan_slab_alloc+0x82/0x90
[ 47.932397][ T5073] kmem_cache_alloc+0x1e4/0x430
[ 47.937238][ T5073] qd_alloc+0x4e/0x300
[ 47.941298][ T5073] gfs2_quota_init+0x7bb/0xf70
[ 47.946053][ T5073] gfs2_make_fs_rw+0x424/0x640
[ 47.950801][ T5073] gfs2_fill_super+0x22c8/0x27a0
[ 47.955727][ T5073] get_tree_bdev+0x444/0x760
[ 47.960313][ T5073] gfs2_get_tree+0x4e/0x270
[ 47.964802][ T5073] vfs_get_tree+0x8d/0x2f0
[ 47.969244][ T5073] path_mount+0x132a/0x1e20
[ 47.973825][ T5073] __x64_sys_mount+0x283/0x300
[ 47.978580][ T5073] do_syscall_64+0x39/0xb0
[ 47.983033][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.988941][ T5073]
[ 47.991289][ T5073] Freed by task 5073:
[ 47.995261][ T5073] kasan_save_stack+0x22/0x40
[ 47.999933][ T5073] kasan_set_track+0x25/0x30
[ 48.004514][ T5073] kasan_save_free_info+0x2e/0x40
[ 48.009628][ T5073] ____kasan_slab_free+0x160/0x1c0
[ 48.014727][ T5073] slab_free_freelist_hook+0x8b/0x1c0
[ 48.020281][ T5073] kmem_cache_free+0xee/0x5c0
[ 48.024970][ T5073] rcu_core+0x81f/0x1980
[ 48.029211][ T5073] __do_softirq+0x1fb/0xadc
[ 48.034273][ T5073]
[ 48.036694][ T5073] Last potentially related work creation:
[ 48.042396][ T5073] kasan_save_stack+0x22/0x40
[ 48.047065][ T5073] __kasan_record_aux_stack+0xbc/0xd0
[ 48.052428][ T5073] __call_rcu_common.constprop.0+0x99/0x820
[ 48.058315][ T5073] gfs2_quota_cleanup+0x483/0x860
[ 48.063337][ T5073] gfs2_make_fs_ro+0x202/0x610
[ 48.068107][ T5073] gfs2_withdraw.cold+0x4b4/0xf9a
[ 48.073131][ T5073] gfs2_inode_refresh+0xcd1/0x1070
[ 48.078233][ T5073] inode_go_instantiate+0x4a/0x70
[ 48.083248][ T5073] gfs2_instantiate+0x16a/0x250
[ 48.088100][ T5073] gfs2_glock_wait+0x197/0x2e0
[ 48.092864][ T5073] gfs2_glock_nq+0xae4/0x1470
[ 48.097530][ T5073] do_sync+0x62f/0xcf0
[ 48.101706][ T5073] gfs2_quota_sync+0x2e6/0x660
[ 48.106461][ T5073] gfs2_sync_fs+0x44/0xb0
[ 48.110785][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 48.116145][ T5073] sync_filesystem+0x8f/0xc0
[ 48.120719][ T5073] generic_shutdown_super+0x74/0x410
[ 48.126012][ T5073] kill_block_super+0x9b/0xf0
[ 48.130735][ T5073] gfs2_kill_sb+0x108/0x170
[ 48.135224][ T5073] deactivate_locked_super+0x98/0x160
[ 48.140585][ T5073] deactivate_super+0xb1/0xd0
[ 48.145250][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 48.149651][ T5073] task_work_run+0x16f/0x270
[ 48.154314][ T5073] ptrace_notify+0x118/0x140
[ 48.158886][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 48.165197][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 48.170639][ T5073] do_syscall_64+0x46/0xb0
[ 48.175042][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.180920][ T5073]
[ 48.183225][ T5073] The buggy address belongs to the object at ffff888072d222a0
[ 48.183225][ T5073] which belongs to the cache gfs2_quotad of size 272
[ 48.197352][ T5073] The buggy address is located 144 bytes inside of
[ 48.197352][ T5073] 272-byte region [ffff888072d222a0, ffff888072d223b0)
[ 48.210612][ T5073]
[ 48.213093][ T5073] The buggy address belongs to the physical page:
[ 48.219494][ T5073] page:ffffea0001cb4880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72d22
[ 48.229835][ T5073] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 48.237887][ T5073] raw: 00fff00000000200 ffff888146137dc0 dead000000000122 0000000000000000
[ 48.246553][ T5073] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 48.255126][ T5073] page dumped because: kasan: bad access detected
[ 48.261518][ T5073] page_owner tracks the page as allocated
[ 48.267216][ T5073] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 5074, tgid 5074 (syz-executor555), ts 43771622454, free_ts 9567495700
[ 48.287352][ T5073] get_page_from_freelist+0x119c/0x2ce0
[ 48.292895][ T5073] __alloc_pages+0x1cb/0x5b0
[ 48.297473][ T5073] alloc_pages+0x1aa/0x270
[ 48.301875][ T5073] allocate_slab+0x25f/0x350
[ 48.306472][ T5073] ___slab_alloc+0xa91/0x1400
[ 48.311146][ T5073] __slab_alloc.constprop.0+0x56/0xa0
[ 48.316506][ T5073] kmem_cache_alloc+0x379/0x430
[ 48.321343][ T5073] qd_alloc+0x4e/0x300
[ 48.325399][ T5073] gfs2_quota_init+0x7bb/0xf70
[ 48.330154][ T5073] gfs2_make_fs_rw+0x424/0x640
[ 48.334902][ T5073] gfs2_fill_super+0x22c8/0x27a0
[ 48.339830][ T5073] get_tree_bdev+0x444/0x760
[ 48.344411][ T5073] gfs2_get_tree+0x4e/0x270
[ 48.348897][ T5073] vfs_get_tree+0x8d/0x2f0
[ 48.353301][ T5073] path_mount+0x132a/0x1e20
[ 48.357798][ T5073] __x64_sys_mount+0x283/0x300
[ 48.362554][ T5073] page last free stack trace:
[ 48.367206][ T5073] free_pcp_prepare+0x66a/0xc20
[ 48.372573][ T5073] free_unref_page+0x1d/0x490
[ 48.377238][ T5073] free_contig_range+0xb5/0x180
[ 48.382096][ T5073] destroy_args+0xa8/0x64c
[ 48.386499][ T5073] debug_vm_pgtable+0x28de/0x296f
[ 48.391512][ T5073] do_one_initcall+0x141/0x790
[ 48.396266][ T5073] kernel_init_freeable+0x6f9/0x782
[ 48.401450][ T5073] kernel_init+0x1e/0x1d0
[ 48.405765][ T5073] ret_from_fork+0x1f/0x30
[ 48.410173][ T5073]
[ 48.412571][ T5073] Memory state around the buggy address:
[ 48.418181][ T5073] ffff888072d22200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 48.426308][ T5073] ffff888072d22280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 48.434353][ T5073] >ffff888072d22300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 48.442503][ T5073] ^
[ 48.448112][ T5073] ffff888072d22380: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 48.456155][ T5073] ffff888072d22400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.464195][ T5073] ==================================================================
[ 48.472646][ T5073] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 48.479838][ T5073] CPU: 0 PID: 5073 Comm: syz-executor555 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 48.490242][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 48.500289][ T5073] Call Trace:
[ 48.503553][ T5073]
[ 48.506469][ T5073] dump_stack_lvl+0xd1/0x138
[ 48.511050][ T5073] panic+0x2cc/0x626
[ 48.515026][ T5073] ? panic_print_sys_info.part.0+0x110/0x110
[ 48.521262][ T5073] ? preempt_schedule_thunk+0x1a/0x20
[ 48.526636][ T5073] ? preempt_schedule_common+0x59/0xc0
[ 48.532093][ T5073] check_panic_on_warn.cold+0x19/0x35
[ 48.537455][ T5073] end_report.part.0+0x36/0x73
[ 48.542232][ T5073] ? qd_unlock+0x20/0x190
[ 48.546571][ T5073] kasan_report.cold+0xa/0xf
[ 48.551152][ T5073] ? qd_unlock+0x20/0x190
[ 48.555579][ T5073] kasan_check_range+0x141/0x190
[ 48.560508][ T5073] qd_unlock+0x20/0x190
[ 48.564654][ T5073] gfs2_quota_sync+0x39d/0x660
[ 48.569435][ T5073] gfs2_sync_fs+0x44/0xb0
[ 48.573754][ T5073] ? rgrp_unlock_local+0x20/0x20
[ 48.578690][ T5073] sync_filesystem.part.0+0x75/0x1d0
[ 48.584051][ T5073] sync_filesystem+0x8f/0xc0
[ 48.588628][ T5073] generic_shutdown_super+0x74/0x410
[ 48.593990][ T5073] kill_block_super+0x9b/0xf0
[ 48.598658][ T5073] gfs2_kill_sb+0x108/0x170
[ 48.603149][ T5073] deactivate_locked_super+0x98/0x160
[ 48.608514][ T5073] deactivate_super+0xb1/0xd0
[ 48.613269][ T5073] cleanup_mnt+0x2ae/0x3d0
[ 48.617687][ T5073] task_work_run+0x16f/0x270
[ 48.622304][ T5073] ? task_work_cancel+0x30/0x30
[ 48.627176][ T5073] ? __x64_sys_umount+0x118/0x190
[ 48.632245][ T5073] ptrace_notify+0x118/0x140
[ 48.636832][ T5073] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 48.643154][ T5073] syscall_exit_to_user_mode+0xd/0x50
[ 48.648516][ T5073] do_syscall_64+0x46/0xb0
[ 48.652928][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.658900][ T5073] RIP: 0033:0x7fe776068c57
[ 48.663303][ T5073] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.683080][ T5073] RSP: 002b:00007ffd6414ea68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 48.691484][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe776068c57
[ 48.699530][ T5073] RDX: 00007ffd6414eb29 RSI: 000000000000000a RDI: 00007ffd6414eb20
[ 48.707488][ T5073] RBP: 00007ffd6414eb20 R08: 00000000ffffffff R09: 00007ffd6414e900
[ 48.715450][ T5073] R10: 00005555556f6653 R11: 0000000000000202 R12: 00007ffd6414fb80
[ 48.723409][ T5073] R13: 00005555556f65f0 R14: 00007ffd6414ea90 R15: 0000000000000004
[ 48.731377][ T5073]
[ 48.735386][ T5073] Kernel Offset: disabled
[ 48.739870][ T5073] Rebooting in 86400 seconds..