./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2913352956
<...>
Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts.
execve("./syz-executor2913352956", ["./syz-executor2913352956"], 0x7ffc3ccd4060 /* 10 vars */) = 0
brk(NULL) = 0x555555b1a000
brk(0x555555b1ad00) = 0x555555b1ad00
arch_prctl(ARCH_SET_FS, 0x555555b1a380) = 0
set_tid_address(0x555555b1a650) = 5012
set_robust_list(0x555555b1a660, 24) = 0
rseq(0x555555b1aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2913352956", 4096) = 28
getrandom("\xba\xb4\xdc\x62\x8d\x97\xfa\x47", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555b1ad00
brk(0x555555b3bd00) = 0x555555b3bd00
brk(0x555555b3c000) = 0x555555b3c000
mprotect(0x7f22cb256000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.laduhR", 0700) = 0
chmod("./syzkaller.laduhR", 0777) = 0
chdir("./syzkaller.laduhR") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5013 attached
, child_tidptr=0x555555b1a650) = 5013
[ 60.535734][ T26] audit: type=1400 audit(1692439762.961:83): avc: denied { write } for pid=5009 comm="strace-static-x" path="pipe:[29564]" dev="pipefs" ino=29564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 60.565620][ T26] audit: type=1400 audit(1692439762.991:84): avc: denied { execmem } for pid=5012 comm="syz-executor291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid 5013] set_robust_list(0x555555b1a660, 24) = 0
[pid 5013] chdir("./0") = 0
[pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5013] setpgid(0, 0) = 0
[pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5013] write(3, "1000", 4) = 4
[pid 5013] close(3) = 0
[pid 5013] symlink("/dev/binderfs", "./binderfs") = 0
[ 60.586027][ T26] audit: type=1400 audit(1692439762.991:85): avc: denied { read write } for pid=5012 comm="syz-executor291" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.612885][ T26] audit: type=1400 audit(1692439762.991:86): avc: denied { open } for pid=5012 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 5013] memfd_create("syzkaller", 0) = 3
[pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22c2d91000
[ 60.627954][ T5013] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5013 'syz-executor291'
[ 60.638533][ T26] audit: type=1400 audit(1692439762.991:87): avc: denied { ioctl } for pid=5012 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.673609][ T26] audit: type=1400 audit(1692439763.041:88): avc: denied { append } for pid=4450 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.696112][ T26] audit: type=1400 audit(1692439763.041:89): avc: denied { open } for pid=4450 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 60.718861][ T26] audit: type=1400 audit(1692439763.041:90): avc: denied { getattr } for pid=4450 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5013] munmap(0x7f22c2d91000, 16777216) = 0
[pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5013] close(3) = 0
[pid 5013] mkdir("./file0", 0777) = 0
[ 60.921239][ T5013] loop0: detected capacity change from 0 to 32768
[ 60.932738][ T26] audit: type=1400 audit(1692439763.351:91): avc: denied { mounton } for pid=5013 comm="syz-executor291" path="/root/syzkaller.laduhR/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 60.954195][ T5013] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 60.965724][ T5013] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 60.979387][ T5013] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 60.989063][ T6] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 60.996506][ T6] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 61.038723][ T6] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 42ms
[ 61.048570][ T6] gfs2: fsid=syz:syz.0: jid=0: Done
[ 61.054509][ T5013] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5013] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5013] chdir("./file0") = 0
[pid 5013] ioctl(4, LOOP_CLR_FD) = 0
[pid 5013] close(4) = 0
[pid 5013] exit_group(0) = ?
[pid 5013] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555b1b6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 61.166016][ T5013] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 61.176210][ T26] audit: type=1400 audit(1692439763.601:92): avc: denied { mount } for pid=5013 comm="syz-executor291" name="/" dev="loop0" ino=2341 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 61.225198][ T5012] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 61.225198][ T5012] inode = 11 2340
[ 61.225198][ T5012] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 61.244098][ T5012] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 61.253979][ T5012] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5012 [syz-executor291] gfs2_quota_sync+0x2a0/0x5f0
[ 61.264696][ T5012] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 61.273478][ T5012] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 61.282084][ T5012] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1476
[ 61.296283][ T5012] CPU: 0 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 61.306713][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 61.316757][ T5012] Call Trace:
[ 61.320024][ T5012]
[ 61.322953][ T5012] dump_stack_lvl+0x125/0x1b0
[ 61.327724][ T5012] gfs2_assert_warn_i+0x1e3/0x370
[ 61.332748][ T5012] ? gfs2_assert_withdraw_i+0x1d0/0x1d0
[ 61.338371][ T5012] ? _raw_spin_unlock+0x28/0x40
[ 61.343225][ T5012] gfs2_quota_cleanup+0x668/0x860
[ 61.348245][ T5012] gfs2_make_fs_ro+0x24b/0x740
[ 61.353022][ T5012] ? gfs2_dirty_inode+0x840/0x840
[ 61.358042][ T5012] ? mutex_trylock+0x208/0x330
[ 61.362803][ T5012] ? gfs2_withdraw+0xc22/0x10c0
[ 61.367653][ T5012] ? ww_mutex_unlock+0x260/0x260
[ 61.372583][ T5012] ? gfs2_ail_drain+0x53c/0x6b0
[ 61.377427][ T5012] gfs2_withdraw+0xc2e/0x10c0
[ 61.382096][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 61.387205][ T5012] ? inode_go_sync+0x590/0x590
[ 61.391961][ T5012] inode_go_instantiate+0x47/0x60
[ 61.396980][ T5012] gfs2_instantiate+0x167/0x240
[ 61.401826][ T5012] gfs2_glock_wait+0x210/0x330
[ 61.406584][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 61.412035][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 61.416707][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 61.421898][ T5012] do_sync+0x66e/0xc90
[ 61.425963][ T5012] ? gfs2_qa_put+0x160/0x160
[ 61.430544][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 61.435477][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 61.440407][ T5012] ? spin_bug+0x1d0/0x1d0
[ 61.444734][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 61.449499][ T5012] gfs2_sync_fs+0x44/0xb0
[ 61.453827][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 61.458766][ T5012] sync_filesystem+0x109/0x280
[ 61.463529][ T5012] generic_shutdown_super+0x74/0x480
[ 61.468825][ T5012] kill_block_super+0x64/0xb0
[ 61.473495][ T5012] gfs2_kill_sb+0x361/0x410
[ 61.477995][ T5012] deactivate_locked_super+0x9a/0x170
[ 61.483360][ T5012] deactivate_super+0xde/0x100
[ 61.488136][ T5012] cleanup_mnt+0x222/0x3d0
[ 61.492557][ T5012] task_work_run+0x14d/0x240
[ 61.497152][ T5012] ? task_work_cancel+0x30/0x30
[ 61.502006][ T5012] ptrace_notify+0x10c/0x130
[ 61.506590][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 61.512924][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 61.518294][ T5012] do_syscall_64+0x44/0xb0
[ 61.522699][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.528606][ T5012] RIP: 0033:0x7f22cb1d1307
[ 61.533026][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 61.552656][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 61.561064][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 61.569027][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 61.576989][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 61.584952][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 61.593105][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000001 R15: 431bde82d7b634db
[ 61.601084][ T5012]
[ 61.610356][ T5012] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 61.619181][ T5012] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 61.626888][ T5012] gfs2: fsid=syz:syz.0: File system withdrawn
[ 61.632985][ T5012] CPU: 0 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 61.643473][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 61.653519][ T5012] Call Trace:
[ 61.656788][ T5012]
[ 61.659708][ T5012] dump_stack_lvl+0x125/0x1b0
[ 61.664382][ T5012] gfs2_withdraw+0xb4c/0x10c0
[ 61.669052][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 61.674159][ T5012] ? inode_go_sync+0x590/0x590
[ 61.678918][ T5012] inode_go_instantiate+0x47/0x60
[ 61.683948][ T5012] gfs2_instantiate+0x167/0x240
[ 61.688790][ T5012] gfs2_glock_wait+0x210/0x330
[ 61.693634][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 61.699095][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 61.703770][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 61.708971][ T5012] do_sync+0x66e/0xc90
[ 61.713032][ T5012] ? gfs2_qa_put+0x160/0x160
[ 61.717623][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 61.722554][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 61.727481][ T5012] ? spin_bug+0x1d0/0x1d0
[ 61.731810][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 61.736576][ T5012] gfs2_sync_fs+0x44/0xb0
[ 61.740929][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 61.745889][ T5012] sync_filesystem+0x109/0x280
[ 61.750666][ T5012] generic_shutdown_super+0x74/0x480
[ 61.755968][ T5012] kill_block_super+0x64/0xb0
[ 61.760661][ T5012] gfs2_kill_sb+0x361/0x410
[ 61.765176][ T5012] deactivate_locked_super+0x9a/0x170
[ 61.770563][ T5012] deactivate_super+0xde/0x100
[ 61.775341][ T5012] cleanup_mnt+0x222/0x3d0
[ 61.779859][ T5012] task_work_run+0x14d/0x240
[ 61.784523][ T5012] ? task_work_cancel+0x30/0x30
[ 61.789393][ T5012] ptrace_notify+0x10c/0x130
[ 61.793998][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 61.800350][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 61.805741][ T5012] do_syscall_64+0x44/0xb0
[ 61.810166][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.816072][ T5012] RIP: 0033:0x7f22cb1d1307
[ 61.820507][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 61.840143][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 61.848575][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 61.856555][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 61.864633][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 61.872638][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 61.880622][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000001 R15: 431bde82d7b634db
[ 61.888610][ T5012]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555b23730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b23730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555b1b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1a650) = 5018
./strace-static-x86_64: Process 5018 attached
[pid 5018] set_robust_list(0x555555b1a660, 24) = 0
[pid 5018] chdir("./1") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22c2d91000
[pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5018] munmap(0x7f22c2d91000, 16777216) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./file0", 0777) = 0
[ 62.224752][ T5018] loop0: detected capacity change from 0 to 32768
[ 62.236580][ T5018] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 62.244942][ T5018] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 62.254003][ T5018] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 62.262587][ T6] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 62.269570][ T6] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 62.309017][ T6] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[ 62.319555][ T6] gfs2: fsid=syz:syz.0: jid=0: Done
[ 62.324987][ T5018] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5018] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./file0") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555b1b6f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 62.428980][ T5018] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 62.489435][ T5012] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 62.489435][ T5012] inode = 11 2340
[ 62.489435][ T5012] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 62.508429][ T5012] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 62.517715][ T5012] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5012 [syz-executor291] gfs2_quota_sync+0x2a0/0x5f0
[ 62.528078][ T5012] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 62.536454][ T5012] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 62.544088][ T5012] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1476
[ 62.558441][ T5012] CPU: 1 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 62.568856][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 62.578907][ T5012] Call Trace:
[ 62.582175][ T5012]
[ 62.585097][ T5012] dump_stack_lvl+0x125/0x1b0
[ 62.589767][ T5012] gfs2_assert_warn_i+0x1e3/0x370
[ 62.594790][ T5012] ? gfs2_assert_withdraw_i+0x1d0/0x1d0
[ 62.600325][ T5012] ? _raw_spin_unlock+0x28/0x40
[ 62.605174][ T5012] gfs2_quota_cleanup+0x668/0x860
[ 62.610193][ T5012] gfs2_make_fs_ro+0x24b/0x740
[ 62.614972][ T5012] ? gfs2_dirty_inode+0x840/0x840
[ 62.620010][ T5012] ? mutex_trylock+0x208/0x330
[ 62.624779][ T5012] ? gfs2_withdraw+0xc22/0x10c0
[ 62.629625][ T5012] ? ww_mutex_unlock+0x260/0x260
[ 62.634560][ T5012] ? gfs2_ail_drain+0x53c/0x6b0
[ 62.639435][ T5012] gfs2_withdraw+0xc2e/0x10c0
[ 62.644103][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 62.649296][ T5012] ? inode_go_sync+0x590/0x590
[ 62.654055][ T5012] inode_go_instantiate+0x47/0x60
[ 62.659075][ T5012] gfs2_instantiate+0x167/0x240
[ 62.663919][ T5012] gfs2_glock_wait+0x210/0x330
[ 62.668673][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 62.674124][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 62.678799][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 62.683990][ T5012] do_sync+0x66e/0xc90
[ 62.688051][ T5012] ? gfs2_qa_put+0x160/0x160
[ 62.692634][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 62.697564][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 62.702583][ T5012] ? spin_bug+0x1d0/0x1d0
[ 62.706909][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 62.711665][ T5012] gfs2_sync_fs+0x44/0xb0
[ 62.715991][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 62.720924][ T5012] sync_filesystem+0x109/0x280
[ 62.725679][ T5012] generic_shutdown_super+0x74/0x480
[ 62.730957][ T5012] kill_block_super+0x64/0xb0
[ 62.735801][ T5012] gfs2_kill_sb+0x361/0x410
[ 62.740295][ T5012] deactivate_locked_super+0x9a/0x170
[ 62.745660][ T5012] deactivate_super+0xde/0x100
[ 62.750423][ T5012] cleanup_mnt+0x222/0x3d0
[ 62.754829][ T5012] task_work_run+0x14d/0x240
[ 62.759422][ T5012] ? task_work_cancel+0x30/0x30
[ 62.764316][ T5012] ptrace_notify+0x10c/0x130
[ 62.768894][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 62.775306][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 62.780674][ T5012] do_syscall_64+0x44/0xb0
[ 62.785083][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.790966][ T5012] RIP: 0033:0x7f22cb1d1307
[ 62.795387][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 62.815006][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 62.823422][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 62.831387][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 62.839362][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 62.847340][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 62.855349][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000002 R15: 431bde82d7b634db
[ 62.863321][ T5012]
[ 62.872674][ T5012] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 62.881665][ T5012] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 62.888424][ T5012] gfs2: fsid=syz:syz.0: File system withdrawn
[ 62.894525][ T5012] CPU: 1 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 62.905018][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 62.915072][ T5012] Call Trace:
[ 62.918343][ T5012]
[ 62.921261][ T5012] dump_stack_lvl+0x125/0x1b0
[ 62.925935][ T5012] gfs2_withdraw+0xb4c/0x10c0
[ 62.930603][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 62.935734][ T5012] ? inode_go_sync+0x590/0x590
[ 62.940514][ T5012] inode_go_instantiate+0x47/0x60
[ 62.945554][ T5012] gfs2_instantiate+0x167/0x240
[ 62.950410][ T5012] gfs2_glock_wait+0x210/0x330
[ 62.955171][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 62.960627][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 62.965309][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 62.970501][ T5012] do_sync+0x66e/0xc90
[ 62.974577][ T5012] ? gfs2_qa_put+0x160/0x160
[ 62.979184][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 62.984242][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 62.989197][ T5012] ? spin_bug+0x1d0/0x1d0
[ 62.993631][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 62.998427][ T5012] gfs2_sync_fs+0x44/0xb0
[ 63.002776][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 63.007736][ T5012] sync_filesystem+0x109/0x280
[ 63.012517][ T5012] generic_shutdown_super+0x74/0x480
[ 63.017816][ T5012] kill_block_super+0x64/0xb0
[ 63.022508][ T5012] gfs2_kill_sb+0x361/0x410
[ 63.027025][ T5012] deactivate_locked_super+0x9a/0x170
[ 63.032416][ T5012] deactivate_super+0xde/0x100
[ 63.037200][ T5012] cleanup_mnt+0x222/0x3d0
[ 63.041629][ T5012] task_work_run+0x14d/0x240
[ 63.046250][ T5012] ? task_work_cancel+0x30/0x30
[ 63.051122][ T5012] ptrace_notify+0x10c/0x130
[ 63.055734][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 63.062094][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 63.067485][ T5012] do_syscall_64+0x44/0xb0
[ 63.071999][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.077904][ T5012] RIP: 0033:0x7f22cb1d1307
[ 63.082325][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 63.101953][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 63.110468][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 63.118444][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 63.126422][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 63.134399][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 63.142377][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000002 R15: 431bde82d7b634db
[ 63.150361][ T5012]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555b23730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b23730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555b1b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1a650) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] set_robust_list(0x555555b1a660, 24) = 0
[pid 5022] chdir("./2") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22c2d91000
[pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5022] munmap(0x7f22c2d91000, 16777216) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./file0", 0777) = 0
[ 63.482221][ T5022] loop0: detected capacity change from 0 to 32768
[ 63.496285][ T5022] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 63.504641][ T5022] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 63.515280][ T5022] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 63.524078][ T6] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 63.530870][ T6] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 63.569016][ T6] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[ 63.579745][ T6] gfs2: fsid=syz:syz.0: jid=0: Done
[ 63.585083][ T5022] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5022] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./file0") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] exit_group(0) = ?
[pid 5022] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555b1b6f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 63.690082][ T5022] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 63.736746][ T5012] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 63.736746][ T5012] inode = 11 2340
[ 63.736746][ T5012] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 63.755611][ T5012] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 63.765653][ T5012] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5012 [syz-executor291] gfs2_quota_sync+0x2a0/0x5f0
[ 63.776191][ T5012] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 63.784624][ T5012] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 63.792588][ T5012] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1476
[ 63.806622][ T5012] CPU: 1 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 63.817025][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 63.827071][ T5012] Call Trace:
[ 63.830337][ T5012]
[ 63.833267][ T5012] dump_stack_lvl+0x125/0x1b0
[ 63.837952][ T5012] gfs2_assert_warn_i+0x1e3/0x370
[ 63.842987][ T5012] ? gfs2_assert_withdraw_i+0x1d0/0x1d0
[ 63.848534][ T5012] ? _raw_spin_unlock+0x28/0x40
[ 63.853389][ T5012] gfs2_quota_cleanup+0x668/0x860
[ 63.858410][ T5012] gfs2_make_fs_ro+0x24b/0x740
[ 63.863177][ T5012] ? gfs2_dirty_inode+0x840/0x840
[ 63.868215][ T5012] ? mutex_trylock+0x208/0x330
[ 63.872970][ T5012] ? gfs2_withdraw+0xc22/0x10c0
[ 63.877812][ T5012] ? ww_mutex_unlock+0x260/0x260
[ 63.882742][ T5012] ? gfs2_ail_drain+0x53c/0x6b0
[ 63.887587][ T5012] gfs2_withdraw+0xc2e/0x10c0
[ 63.892255][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 63.897362][ T5012] ? inode_go_sync+0x590/0x590
[ 63.902121][ T5012] inode_go_instantiate+0x47/0x60
[ 63.907140][ T5012] gfs2_instantiate+0x167/0x240
[ 63.911984][ T5012] gfs2_glock_wait+0x210/0x330
[ 63.916741][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 63.922194][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 63.926869][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 63.932061][ T5012] do_sync+0x66e/0xc90
[ 63.936213][ T5012] ? gfs2_qa_put+0x160/0x160
[ 63.940794][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 63.945725][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 63.950651][ T5012] ? spin_bug+0x1d0/0x1d0
[ 63.954973][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 63.959731][ T5012] gfs2_sync_fs+0x44/0xb0
[ 63.964058][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 63.968988][ T5012] sync_filesystem+0x109/0x280
[ 63.973763][ T5012] generic_shutdown_super+0x74/0x480
[ 63.979038][ T5012] kill_block_super+0x64/0xb0
[ 63.983709][ T5012] gfs2_kill_sb+0x361/0x410
[ 63.988202][ T5012] deactivate_locked_super+0x9a/0x170
[ 63.993577][ T5012] deactivate_super+0xde/0x100
[ 63.998332][ T5012] cleanup_mnt+0x222/0x3d0
[ 64.002747][ T5012] task_work_run+0x14d/0x240
[ 64.007334][ T5012] ? task_work_cancel+0x30/0x30
[ 64.012176][ T5012] ptrace_notify+0x10c/0x130
[ 64.016755][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 64.023077][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 64.028442][ T5012] do_syscall_64+0x44/0xb0
[ 64.032849][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.038730][ T5012] RIP: 0033:0x7f22cb1d1307
[ 64.043135][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 64.062755][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 64.071162][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 64.079155][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 64.087119][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 64.095081][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 64.103038][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000003 R15: 431bde82d7b634db
[ 64.111004][ T5012]
[ 64.120275][ T5012] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 64.129065][ T5012] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 64.135699][ T5012] gfs2: fsid=syz:syz.0: File system withdrawn
[ 64.141769][ T5012] CPU: 1 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 64.152181][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 64.162225][ T5012] Call Trace:
[ 64.165492][ T5012]
[ 64.168411][ T5012] dump_stack_lvl+0x125/0x1b0
[ 64.173078][ T5012] gfs2_withdraw+0xb4c/0x10c0
[ 64.177745][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 64.182867][ T5012] ? inode_go_sync+0x590/0x590
[ 64.187646][ T5012] inode_go_instantiate+0x47/0x60
[ 64.192674][ T5012] gfs2_instantiate+0x167/0x240
[ 64.197520][ T5012] gfs2_glock_wait+0x210/0x330
[ 64.202279][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 64.207734][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 64.212408][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 64.217600][ T5012] do_sync+0x66e/0xc90
[ 64.221671][ T5012] ? gfs2_qa_put+0x160/0x160
[ 64.226253][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 64.231183][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 64.236119][ T5012] ? spin_bug+0x1d0/0x1d0
[ 64.240444][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 64.245205][ T5012] gfs2_sync_fs+0x44/0xb0
[ 64.249620][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 64.254551][ T5012] sync_filesystem+0x109/0x280
[ 64.259309][ T5012] generic_shutdown_super+0x74/0x480
[ 64.264587][ T5012] kill_block_super+0x64/0xb0
[ 64.269262][ T5012] gfs2_kill_sb+0x361/0x410
[ 64.273756][ T5012] deactivate_locked_super+0x9a/0x170
[ 64.279119][ T5012] deactivate_super+0xde/0x100
[ 64.283875][ T5012] cleanup_mnt+0x222/0x3d0
[ 64.288280][ T5012] task_work_run+0x14d/0x240
[ 64.292864][ T5012] ? task_work_cancel+0x30/0x30
[ 64.297707][ T5012] ptrace_notify+0x10c/0x130
[ 64.302285][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 64.308639][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 64.314007][ T5012] do_syscall_64+0x44/0xb0
[ 64.318409][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.324291][ T5012] RIP: 0033:0x7f22cb1d1307
[ 64.328865][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 64.348558][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 64.357055][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 64.365015][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 64.372973][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 64.380935][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 64.388893][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000003 R15: 431bde82d7b634db
[ 64.396856][ T5012]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555b23730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b23730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555b1b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1a650) = 5026
./strace-static-x86_64: Process 5026 attached
[pid 5026] set_robust_list(0x555555b1a660, 24) = 0
[pid 5026] chdir("./3") = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5026] memfd_create("syzkaller", 0) = 3
[pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f22c2d91000
[pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5026] munmap(0x7f22c2d91000, 16777216) = 0
[pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5026] close(3) = 0
[pid 5026] mkdir("./file0", 0777) = 0
[ 64.733119][ T5026] loop0: detected capacity change from 0 to 32768
[ 64.744567][ T5026] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 64.752767][ T5026] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 64.761857][ T5026] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 64.770535][ T2985] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 64.777489][ T2985] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 64.816044][ T2985] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[ 64.824679][ T2985] gfs2: fsid=syz:syz.0: jid=0: Done
[ 64.829953][ T5026] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5026] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5026] chdir("./file0") = 0
[pid 5026] ioctl(4, LOOP_CLR_FD) = 0
[pid 5026] close(4) = 0
[pid 5026] exit_group(0) = ?
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555b1b6f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 64.941040][ T5026] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 64.988345][ T5012] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 64.988345][ T5012] inode = 11 2340
[ 64.988345][ T5012] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 65.007111][ T5012] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 65.016587][ T5012] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5012 [syz-executor291] gfs2_quota_sync+0x2a0/0x5f0
[ 65.027019][ T5012] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 65.035724][ T5012] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 65.044696][ T5012] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1476
[ 65.058741][ T5012] CPU: 0 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 65.069149][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 65.079386][ T5012] Call Trace:
[ 65.082656][ T5012]
[ 65.085664][ T5012] dump_stack_lvl+0x125/0x1b0
[ 65.090334][ T5012] gfs2_assert_warn_i+0x1e3/0x370
[ 65.095354][ T5012] ? gfs2_assert_withdraw_i+0x1d0/0x1d0
[ 65.100894][ T5012] ? _raw_spin_unlock+0x28/0x40
[ 65.105761][ T5012] gfs2_quota_cleanup+0x668/0x860
[ 65.110781][ T5012] gfs2_make_fs_ro+0x24b/0x740
[ 65.115540][ T5012] ? gfs2_dirty_inode+0x840/0x840
[ 65.120560][ T5012] ? mutex_trylock+0x208/0x330
[ 65.125316][ T5012] ? gfs2_withdraw+0xc22/0x10c0
[ 65.130156][ T5012] ? ww_mutex_unlock+0x260/0x260
[ 65.135089][ T5012] ? gfs2_ail_drain+0x53c/0x6b0
[ 65.139936][ T5012] gfs2_withdraw+0xc2e/0x10c0
[ 65.144606][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 65.149798][ T5012] ? inode_go_sync+0x590/0x590
[ 65.154558][ T5012] inode_go_instantiate+0x47/0x60
[ 65.159578][ T5012] gfs2_instantiate+0x167/0x240
[ 65.164420][ T5012] gfs2_glock_wait+0x210/0x330
[ 65.169180][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 65.174631][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 65.179299][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 65.184490][ T5012] do_sync+0x66e/0xc90
[ 65.188552][ T5012] ? gfs2_qa_put+0x160/0x160
[ 65.193150][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 65.198179][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 65.203107][ T5012] ? spin_bug+0x1d0/0x1d0
[ 65.207449][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 65.212292][ T5012] gfs2_sync_fs+0x44/0xb0
[ 65.216617][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 65.221550][ T5012] sync_filesystem+0x109/0x280
[ 65.226393][ T5012] generic_shutdown_super+0x74/0x480
[ 65.231760][ T5012] kill_block_super+0x64/0xb0
[ 65.236432][ T5012] gfs2_kill_sb+0x361/0x410
[ 65.240927][ T5012] deactivate_locked_super+0x9a/0x170
[ 65.246295][ T5012] deactivate_super+0xde/0x100
[ 65.251050][ T5012] cleanup_mnt+0x222/0x3d0
[ 65.255457][ T5012] task_work_run+0x14d/0x240
[ 65.260043][ T5012] ? task_work_cancel+0x30/0x30
[ 65.264887][ T5012] ptrace_notify+0x10c/0x130
[ 65.269467][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 65.275818][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 65.281186][ T5012] do_syscall_64+0x44/0xb0
[ 65.285597][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.291482][ T5012] RIP: 0033:0x7f22cb1d1307
[ 65.295973][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 65.315576][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 65.323980][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 65.331963][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 65.339928][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 65.347897][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 65.355858][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000004 R15: 431bde82d7b634db
[ 65.364010][ T5012]
[ 65.374073][ T5012] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 65.382851][ T5012] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 65.389796][ T5012] gfs2: fsid=syz:syz.0: File system withdrawn
[ 65.395930][ T5012] CPU: 1 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 65.406340][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 65.416485][ T5012] Call Trace:
[ 65.419774][ T5012]
[ 65.422692][ T5012] dump_stack_lvl+0x125/0x1b0
[ 65.427389][ T5012] gfs2_withdraw+0xb4c/0x10c0
[ 65.432082][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 65.437207][ T5012] ? inode_go_sync+0x590/0x590
[ 65.441984][ T5012] inode_go_instantiate+0x47/0x60
[ 65.447026][ T5012] gfs2_instantiate+0x167/0x240
[ 65.451880][ T5012] gfs2_glock_wait+0x210/0x330
[ 65.456648][ T5012] ? gfs2_glock_async_wait+0x7f0/0x7f0
[ 65.462107][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 65.466781][ T5012] ? __gfs2_holder_init+0x18b/0x2f0
[ 65.471986][ T5012] do_sync+0x66e/0xc90
[ 65.476059][ T5012] ? gfs2_qa_put+0x160/0x160
[ 65.480646][ T5012] ? gfs2_quota_sync+0x3a1/0x5f0
[ 65.485578][ T5012] ? gfs2_quota_sync+0x2a0/0x5f0
[ 65.490509][ T5012] ? spin_bug+0x1d0/0x1d0
[ 65.495268][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 65.500039][ T5012] gfs2_sync_fs+0x44/0xb0
[ 65.504487][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 65.509434][ T5012] sync_filesystem+0x109/0x280
[ 65.514211][ T5012] generic_shutdown_super+0x74/0x480
[ 65.519504][ T5012] kill_block_super+0x64/0xb0
[ 65.524178][ T5012] gfs2_kill_sb+0x361/0x410
[ 65.528678][ T5012] deactivate_locked_super+0x9a/0x170
[ 65.534047][ T5012] deactivate_super+0xde/0x100
[ 65.538807][ T5012] cleanup_mnt+0x222/0x3d0
[ 65.543225][ T5012] task_work_run+0x14d/0x240
[ 65.547855][ T5012] ? task_work_cancel+0x30/0x30
[ 65.552701][ T5012] ptrace_notify+0x10c/0x130
[ 65.557299][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 65.563638][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 65.569036][ T5012] do_syscall_64+0x44/0xb0
[ 65.573460][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.579353][ T5012] RIP: 0033:0x7f22cb1d1307
[ 65.583771][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 65.603373][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 65.611792][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 65.619772][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 65.627748][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 65.635783][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 65.643757][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000004 R15: 431bde82d7b634db
[ 65.651734][ T5012]
[ 65.655104][ T5012] ==================================================================
[ 65.663179][ T5012] BUG: KASAN: slab-use-after-free in qd_unlock+0x20/0x190
[ 65.670310][ T5012] Read of size 8 at addr ffff888072be8b10 by task syz-executor291/5012
[ 65.678548][ T5012]
[ 65.680865][ T5012] CPU: 0 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 65.691282][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 65.701336][ T5012] Call Trace:
[ 65.704615][ T5012]
[ 65.707546][ T5012] dump_stack_lvl+0xd9/0x1b0
[ 65.712146][ T5012] print_report+0xc4/0x620
[ 65.716582][ T5012] ? __virt_addr_valid+0x5e/0x2d0
[ 65.721635][ T5012] ? __phys_addr+0xc6/0x140
[ 65.726151][ T5012] kasan_report+0xda/0x110
[ 65.730629][ T5012] ? qd_unlock+0x20/0x190
[ 65.734986][ T5012] ? qd_unlock+0x20/0x190
[ 65.739420][ T5012] kasan_check_range+0xef/0x190
[ 65.744367][ T5012] qd_unlock+0x20/0x190
[ 65.748540][ T5012] gfs2_quota_sync+0x2e9/0x5f0
[ 65.753320][ T5012] gfs2_sync_fs+0x44/0xb0
[ 65.757669][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 65.762623][ T5012] sync_filesystem+0x109/0x280
[ 65.767440][ T5012] generic_shutdown_super+0x74/0x480
[ 65.772748][ T5012] kill_block_super+0x64/0xb0
[ 65.777442][ T5012] gfs2_kill_sb+0x361/0x410
[ 65.781957][ T5012] deactivate_locked_super+0x9a/0x170
[ 65.787436][ T5012] deactivate_super+0xde/0x100
[ 65.792210][ T5012] cleanup_mnt+0x222/0x3d0
[ 65.796632][ T5012] task_work_run+0x14d/0x240
[ 65.801235][ T5012] ? task_work_cancel+0x30/0x30
[ 65.806098][ T5012] ptrace_notify+0x10c/0x130
[ 65.810689][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 65.817038][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 65.822427][ T5012] do_syscall_64+0x44/0xb0
[ 65.826845][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.832746][ T5012] RIP: 0033:0x7f22cb1d1307
[ 65.837159][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 65.856783][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 65.865203][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 65.873178][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 65.881152][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 65.889387][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 65.897360][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000004 R15: 431bde82d7b634db
[ 65.905338][ T5012]
[ 65.908354][ T5012]
[ 65.910670][ T5012] Allocated by task 5026:
[ 65.914991][ T5012] kasan_save_stack+0x33/0x50
[ 65.919680][ T5012] kasan_set_track+0x25/0x30
[ 65.924282][ T5012] __kasan_slab_alloc+0x81/0x90
[ 65.929143][ T5012] kmem_cache_alloc+0x15e/0x400
[ 65.934002][ T5012] qd_alloc+0x4e/0x2e0
[ 65.938078][ T5012] gfs2_quota_init+0x63d/0xff0
[ 65.942846][ T5012] gfs2_make_fs_rw+0x3e6/0x5c0
[ 65.947626][ T5012] gfs2_fill_super+0x263b/0x2b10
[ 65.952739][ T5012] get_tree_bdev+0x43e/0x7d0
[ 65.957333][ T5012] gfs2_get_tree+0x4e/0x280
[ 65.961837][ T5012] vfs_get_tree+0x88/0x350
[ 65.966262][ T5012] path_mount+0x1492/0x1ed0
[ 65.970770][ T5012] __x64_sys_mount+0x293/0x310
[ 65.975541][ T5012] do_syscall_64+0x38/0xb0
[ 65.979957][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.985861][ T5012]
[ 65.988177][ T5012] Freed by task 0:
[ 65.991885][ T5012] kasan_save_stack+0x33/0x50
[ 65.996576][ T5012] kasan_set_track+0x25/0x30
[ 66.001176][ T5012] kasan_save_free_info+0x28/0x40
[ 66.006296][ T5012] ____kasan_slab_free+0x13f/0x190
[ 66.011506][ T5012] kmem_cache_free+0x104/0x380
[ 66.016280][ T5012] rcu_core+0x7fb/0x1bb0
[ 66.020534][ T5012] __do_softirq+0x218/0x965
[ 66.025036][ T5012]
[ 66.027353][ T5012] Last potentially related work creation:
[ 66.033055][ T5012] kasan_save_stack+0x33/0x50
[ 66.037743][ T5012] __kasan_record_aux_stack+0x78/0x80
[ 66.043126][ T5012] __call_rcu_common.constprop.0+0x9a/0x790
[ 66.049030][ T5012] gfs2_quota_cleanup+0x46c/0x860
[ 66.054064][ T5012] gfs2_make_fs_ro+0x24b/0x740
[ 66.058839][ T5012] gfs2_withdraw+0xc2e/0x10c0
[ 66.063519][ T5012] gfs2_inode_refresh+0xcf6/0x1120
[ 66.068643][ T5012] inode_go_instantiate+0x47/0x60
[ 66.073676][ T5012] gfs2_instantiate+0x167/0x240
[ 66.078532][ T5012] gfs2_glock_wait+0x210/0x330
[ 66.083300][ T5012] gfs2_glock_nq+0xd9f/0x17b0
[ 66.087984][ T5012] do_sync+0x66e/0xc90
[ 66.092057][ T5012] gfs2_quota_sync+0x2a0/0x5f0
[ 66.096827][ T5012] gfs2_sync_fs+0x44/0xb0
[ 66.101167][ T5012] sync_filesystem+0x109/0x280
[ 66.105935][ T5012] generic_shutdown_super+0x74/0x480
[ 66.111224][ T5012] kill_block_super+0x64/0xb0
[ 66.115904][ T5012] gfs2_kill_sb+0x361/0x410
[ 66.120409][ T5012] deactivate_locked_super+0x9a/0x170
[ 66.125787][ T5012] deactivate_super+0xde/0x100
[ 66.130561][ T5012] cleanup_mnt+0x222/0x3d0
[ 66.134977][ T5012] task_work_run+0x14d/0x240
[ 66.139575][ T5012] ptrace_notify+0x10c/0x130
[ 66.144165][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 66.150526][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 66.155906][ T5012] do_syscall_64+0x44/0xb0
[ 66.160323][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.166219][ T5012]
[ 66.168540][ T5012] The buggy address belongs to the object at ffff888072be8a80
[ 66.168540][ T5012] which belongs to the cache gfs2_quotad of size 272
[ 66.182586][ T5012] The buggy address is located 144 bytes inside of
[ 66.182586][ T5012] freed 272-byte region [ffff888072be8a80, ffff888072be8b90)
[ 66.196385][ T5012]
[ 66.198700][ T5012] The buggy address belongs to the physical page:
[ 66.205103][ T5012] page:ffffea0001cafa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72be8
[ 66.215253][ T5012] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 66.222791][ T5012] page_type: 0xc()
[ 66.226512][ T5012] raw: 00fff00000000200 ffff888015f8f600 ffff888016319e50 ffff888016319e50
[ 66.235098][ T5012] raw: 0000000000000000 ffff888072be8000 000000010000000c 0000000000000000
[ 66.243674][ T5012] page dumped because: kasan: bad access detected
[ 66.250078][ T5012] page_owner tracks the page as allocated
[ 66.255783][ T5012] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x242050(__GFP_IO|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE|__GFP_RECLAIMABLE), pid 5013, tgid 5013 (syz-executor291), ts 61141342081, free_ts 16648173226
[ 66.277064][ T5012] post_alloc_hook+0x2d2/0x350
[ 66.281830][ T5012] get_page_from_freelist+0x10a9/0x31e0
[ 66.287387][ T5012] __alloc_pages+0x1d0/0x4a0
[ 66.291980][ T5012] cache_grow_begin+0x99/0x3a0
[ 66.296749][ T5012] cache_alloc_refill+0x294/0x3a0
[ 66.301782][ T5012] kmem_cache_alloc+0x3a6/0x400
[ 66.306728][ T5012] qd_alloc+0x4e/0x2e0
[ 66.310808][ T5012] gfs2_quota_init+0x63d/0xff0
[ 66.315583][ T5012] gfs2_make_fs_rw+0x3e6/0x5c0
[ 66.320356][ T5012] gfs2_fill_super+0x263b/0x2b10
[ 66.325301][ T5012] get_tree_bdev+0x43e/0x7d0
[ 66.329897][ T5012] gfs2_get_tree+0x4e/0x280
[ 66.334401][ T5012] vfs_get_tree+0x88/0x350
[ 66.338820][ T5012] path_mount+0x1492/0x1ed0
[ 66.343333][ T5012] __x64_sys_mount+0x293/0x310
[ 66.348102][ T5012] do_syscall_64+0x38/0xb0
[ 66.352517][ T5012] page last free stack trace:
[ 66.357190][ T5012] free_unref_page_prepare+0x508/0xb90
[ 66.362654][ T5012] free_unref_page+0x33/0x3b0
[ 66.367334][ T5012] free_contig_range+0xb6/0x190
[ 66.372187][ T5012] destroy_args+0x686/0x940
[ 66.376698][ T5012] debug_vm_pgtable+0x2339/0x3ff0
[ 66.381736][ T5012] do_one_initcall+0x117/0x630
[ 66.386509][ T5012] kernel_init_freeable+0x5bd/0x8f0
[ 66.391728][ T5012] kernel_init+0x1c/0x2a0
[ 66.396083][ T5012] ret_from_fork+0x2c/0x70
[ 66.400510][ T5012] ret_from_fork_asm+0x11/0x20
[ 66.405302][ T5012]
[ 66.407628][ T5012] Memory state around the buggy address:
[ 66.413258][ T5012] ffff888072be8a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 66.421402][ T5012] ffff888072be8a80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.429546][ T5012] >ffff888072be8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.437599][ T5012] ^
[ 66.442181][ T5012] ffff888072be8b80: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 66.450236][ T5012] ffff888072be8c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 66.458287][ T5012] ==================================================================
[ 66.467425][ T5012] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 66.474638][ T5012] CPU: 0 PID: 5012 Comm: syz-executor291 Not tainted 6.5.0-rc6-syzkaller-00200-gd4ddefee5160 #0
[ 66.485067][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 66.495135][ T5012] Call Trace:
[ 66.498413][ T5012]
[ 66.501345][ T5012] dump_stack_lvl+0xd9/0x1b0
[ 66.505945][ T5012] panic+0x6a4/0x750
[ 66.509940][ T5012] ? panic_smp_self_stop+0xa0/0xa0
[ 66.515060][ T5012] ? preempt_schedule_thunk+0x1a/0x30
[ 66.520447][ T5012] ? preempt_schedule_common+0x45/0xc0
[ 66.525917][ T5012] check_panic_on_warn+0xab/0xb0
[ 66.530864][ T5012] end_report+0x108/0x150
[ 66.535220][ T5012] kasan_report+0xea/0x110
[ 66.539649][ T5012] ? qd_unlock+0x20/0x190
[ 66.543986][ T5012] ? qd_unlock+0x20/0x190
[ 66.548322][ T5012] kasan_check_range+0xef/0x190
[ 66.553172][ T5012] qd_unlock+0x20/0x190
[ 66.557333][ T5012] gfs2_quota_sync+0x2e9/0x5f0
[ 66.562110][ T5012] gfs2_sync_fs+0x44/0xb0
[ 66.566453][ T5012] ? rgrp_unlock_local+0x20/0x20
[ 66.571402][ T5012] sync_filesystem+0x109/0x280
[ 66.576259][ T5012] generic_shutdown_super+0x74/0x480
[ 66.581568][ T5012] kill_block_super+0x64/0xb0
[ 66.586263][ T5012] gfs2_kill_sb+0x361/0x410
[ 66.590782][ T5012] deactivate_locked_super+0x9a/0x170
[ 66.596173][ T5012] deactivate_super+0xde/0x100
[ 66.600951][ T5012] cleanup_mnt+0x222/0x3d0
[ 66.605376][ T5012] task_work_run+0x14d/0x240
[ 66.609979][ T5012] ? task_work_cancel+0x30/0x30
[ 66.614856][ T5012] ptrace_notify+0x10c/0x130
[ 66.619471][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 66.625828][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 66.631224][ T5012] do_syscall_64+0x44/0xb0
[ 66.635645][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.641544][ T5012] RIP: 0033:0x7f22cb1d1307
[ 66.645959][ T5012] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 66.665575][ T5012] RSP: 002b:00007ffd175dcf38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 66.673992][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f22cb1d1307
[ 66.681962][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd175dcff0
[ 66.689932][ T5012] RBP: 00007ffd175dcff0 R08: 0000000000000000 R09: 0000000000000000
[ 66.697902][ T5012] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd175de050
[ 66.705885][ T5012] R13: 0000555555b1b6c0 R14: 0000000000000004 R15: 431bde82d7b634db
[ 66.713866][ T5012]
[ 66.717082][ T5012] Kernel Offset: disabled
[ 66.721400][ T5012] Rebooting in 86400 seconds..