./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor681437923
<...>
DUID 00:04:d6:b0:09:ff:72:32:c6:5d:c0:56:b1:2d:70:06:fa:56
forked to background, child pid 4660
[ 28.817700][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.829139][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
execve("./syz-executor681437923", ["./syz-executor681437923"], 0x7ffe5232c7d0 /* 10 vars */) = 0
brk(NULL) = 0x5555556c4000
brk(0x5555556c4c40) = 0x5555556c4c40
arch_prctl(ARCH_SET_FS, 0x5555556c4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor681437923", 4096) = 27
brk(0x5555556e5c40) = 0x5555556e5c40
brk(0x5555556e6000) = 0x5555556e6000
mprotect(0x7f608e560000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 4992
mkdir("./syzkaller.ApZooG", 0700) = 0
chmod("./syzkaller.ApZooG", 0777) = 0
chdir("./syzkaller.ApZooG") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556c45d0) = 4993
./strace-static-x86_64: Process 4993 attached
[pid 4993] chdir("./0") = 0
[pid 4993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4993] setpgid(0, 0) = 0
[pid 4993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4993] write(3, "1000", 4) = 4
[pid 4993] close(3) = 0
[pid 4993] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4993] memfd_create("syzkaller", 0) = 3
[pid 4993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6086093000
syzkaller login: [ 57.844213][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor681'
[pid 4993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4993] munmap(0x7f6086093000, 16777216) = 0
[pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4993] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4993] close(3) = 0
[pid 4993] mkdir("./file0", 0777) = 0
[ 58.056425][ T4993] loop0: detected capacity change from 0 to 32768
[ 58.072221][ T4993] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 58.080694][ T4993] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 58.092751][ T4993] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 58.102277][ T901] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 58.109321][ T901] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 58.143174][ T901] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[ 58.152738][ T901] gfs2: fsid=syz:syz.0: jid=0: Done
[ 58.158781][ T4993] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 4993] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 4993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4993] chdir("./file0") = 0
[pid 4993] ioctl(4, LOOP_CLR_FD) = 0
[pid 4993] close(4) = 0
[pid 4993] exit_group(0) = ?
[pid 4993] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4993, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555556c5620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 58.256801][ T4993] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 58.302872][ T4992] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[ 58.302872][ T4992] inode = 11 2340
[ 58.302872][ T4992] function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 469
[ 58.322044][ T4992] gfs2: fsid=syz:syz.0: G: s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[ 58.331526][ T4992] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:4992 [syz-executor681] gfs2_quota_sync+0x37d/0x820
[ 58.342121][ T4992] gfs2: fsid=syz:syz.0: I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[ 58.350612][ T4992] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 58.359001][ T4992] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[ 58.373067][ T4992] CPU: 0 PID: 4992 Comm: syz-executor681 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
[ 58.383481][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.393535][ T4992] Call Trace:
[ 58.396807][ T4992]
[ 58.399725][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 58.404393][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.409839][ T4992] ? panic+0x770/0x770
[ 58.413893][ T4992] ? do_raw_spin_unlock+0x13b/0x8b0
[ 58.419088][ T4992] gfs2_assert_warn_i+0x19f/0x2e0
[ 58.424112][ T4992] gfs2_quota_cleanup+0x4b5/0x6b0
[ 58.429137][ T4992] gfs2_make_fs_ro+0x589/0x680
[ 58.433898][ T4992] ? __might_sleep+0xc0/0xc0
[ 58.438486][ T4992] ? gfs2_dinode_out+0xaf0/0xaf0
[ 58.443425][ T4992] ? gfs2_glock_nq+0xcbf/0x16c0
[ 58.448276][ T4992] ? gfs2_instantiate+0x234/0x250
[ 58.453301][ T4992] ? gfs2_glock_wait+0x21a/0x2b0
[ 58.458242][ T4992] gfs2_withdraw+0x62b/0x1550
[ 58.462949][ T4992] ? gfs2_lm+0x240/0x240
[ 58.467189][ T4992] ? make_kgid+0x1f6/0x6f0
[ 58.471604][ T4992] ? gfs2_withdraw+0x5ee/0x1550
[ 58.476465][ T4992] ? gfs2_consist_inode_i+0xf5/0x110
[ 58.481750][ T4992] gfs2_inode_refresh+0xbe2/0x1060
[ 58.486862][ T4992] ? gfs2_inode_metasync+0xf0/0xf0
[ 58.491971][ T4992] ? _raw_spin_unlock+0x28/0x40
[ 58.496820][ T4992] ? gfs2_glock_nq+0xcbf/0x16c0
[ 58.501674][ T4992] gfs2_instantiate+0x18c/0x250
[ 58.506533][ T4992] gfs2_glock_wait+0x1df/0x2b0
[ 58.511385][ T4992] do_sync+0x492/0xc70
[ 58.515447][ T4992] ? gfs2_quota_sync+0x37d/0x820
[ 58.520393][ T4992] ? slot_put+0x210/0x210
[ 58.524715][ T4992] ? do_raw_spin_lock+0x14d/0x3a0
[ 58.529741][ T4992] ? gfs2_quota_sync+0x37d/0x820
[ 58.534671][ T4992] ? do_raw_spin_unlock+0x13b/0x8b0
[ 58.539867][ T4992] ? qd_check_sync+0xba/0x3f0
[ 58.544543][ T4992] gfs2_quota_sync+0x37d/0x820
[ 58.549305][ T4992] ? get_nr_dirty_inodes+0x1c7/0x210
[ 58.554660][ T4992] gfs2_sync_fs+0x4d/0xb0
[ 58.559018][ T4992] sync_filesystem+0xec/0x220
[ 58.563705][ T4992] generic_shutdown_super+0x6f/0x340
[ 58.569011][ T4992] kill_block_super+0x84/0xf0
[ 58.573720][ T4992] deactivate_locked_super+0xa4/0x110
[ 58.579113][ T4992] cleanup_mnt+0x426/0x4c0
[ 58.583557][ T4992] ? _raw_spin_unlock_irq+0x23/0x50
[ 58.588779][ T4992] task_work_run+0x24a/0x300
[ 58.593371][ T4992] ? dput+0x3a1/0x420
[ 58.597353][ T4992] ? task_work_cancel+0x2b0/0x2b0
[ 58.602394][ T4992] ? __x64_sys_umount+0x126/0x170
[ 58.607441][ T4992] ptrace_notify+0x2cd/0x380
[ 58.612057][ T4992] ? do_notify_parent+0xf50/0xf50
[ 58.617102][ T4992] ? user_path_at_empty+0x12f/0x180
[ 58.622308][ T4992] ? __x64_sys_umount+0x126/0x170
[ 58.627335][ T4992] ? path_umount+0xea0/0xea0
[ 58.631924][ T4992] ? syscall_enter_from_user_mode+0x32/0x230
[ 58.637923][ T4992] syscall_exit_to_user_mode+0x157/0x280
[ 58.643577][ T4992] do_syscall_64+0x4d/0xc0
[ 58.648006][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.653904][ T4992] RIP: 0033:0x7f608e4e1c57
[ 58.658322][ T4992] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.677929][ T4992] RSP: 002b:00007fff2aa9a1c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 58.686344][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f608e4e1c57
[ 58.694311][ T4992] RDX: 00007fff2aa9a289 RSI: 000000000000000a RDI: 00007fff2aa9a280
[ 58.702278][ T4992] RBP: 00007fff2aa9a280 R08: 00000000ffffffff R09: 00007fff2aa9a060
[ 58.710244][ T4992] R10: 00005555556c5653 R11: 0000000000000202 R12: 00007fff2aa9b2e0
[ 58.718222][ T4992] R13: 00005555556c55f0 R14: 00007fff2aa9a1f0 R15: 0000000000000001
[ 58.726221][ T4992]
[ 58.735036][ T4992] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[ 58.743879][ T4992] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[ 58.752626][ T4992] gfs2: fsid=syz:syz.0: File system withdrawn
[ 58.758946][ T4992] CPU: 1 PID: 4992 Comm: syz-executor681 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
[ 58.769379][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.779423][ T4992] Call Trace:
[ 58.782688][ T4992]
[ 58.785610][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 58.790312][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.795782][ T4992] ? panic+0x770/0x770
[ 58.799855][ T4992] ? kobject_uevent_env+0x54e/0x8e0
[ 58.805045][ T4992] ? lockref_put_or_lock+0x75/0xc0
[ 58.810177][ T4992] gfs2_withdraw+0xf48/0x1550
[ 58.814880][ T4992] ? gfs2_lm+0x240/0x240
[ 58.819119][ T4992] ? make_kgid+0x1f6/0x6f0
[ 58.823536][ T4992] ? gfs2_consist_inode_i+0xf5/0x110
[ 58.828813][ T4992] gfs2_inode_refresh+0xbe2/0x1060
[ 58.833915][ T4992] ? gfs2_inode_metasync+0xf0/0xf0
[ 58.839033][ T4992] ? _raw_spin_unlock+0x28/0x40
[ 58.843882][ T4992] ? gfs2_glock_nq+0xcbf/0x16c0
[ 58.848734][ T4992] gfs2_instantiate+0x18c/0x250
[ 58.853579][ T4992] gfs2_glock_wait+0x1df/0x2b0
[ 58.858341][ T4992] do_sync+0x492/0xc70
[ 58.862420][ T4992] ? gfs2_quota_sync+0x37d/0x820
[ 58.867346][ T4992] ? slot_put+0x210/0x210
[ 58.871659][ T4992] ? do_raw_spin_lock+0x14d/0x3a0
[ 58.876675][ T4992] ? gfs2_quota_sync+0x37d/0x820
[ 58.881601][ T4992] ? do_raw_spin_unlock+0x13b/0x8b0
[ 58.886875][ T4992] ? qd_check_sync+0xba/0x3f0
[ 58.891535][ T4992] gfs2_quota_sync+0x37d/0x820
[ 58.896298][ T4992] ? get_nr_dirty_inodes+0x1c7/0x210
[ 58.901572][ T4992] gfs2_sync_fs+0x4d/0xb0
[ 58.905895][ T4992] sync_filesystem+0xec/0x220
[ 58.910558][ T4992] generic_shutdown_super+0x6f/0x340
[ 58.915835][ T4992] kill_block_super+0x84/0xf0
[ 58.920671][ T4992] deactivate_locked_super+0xa4/0x110
[ 58.926029][ T4992] cleanup_mnt+0x426/0x4c0
[ 58.930432][ T4992] ? _raw_spin_unlock_irq+0x23/0x50
[ 58.935617][ T4992] task_work_run+0x24a/0x300
[ 58.940189][ T4992] ? dput+0x3a1/0x420
[ 58.944157][ T4992] ? task_work_cancel+0x2b0/0x2b0
[ 58.949165][ T4992] ? __x64_sys_umount+0x126/0x170
[ 58.954176][ T4992] ptrace_notify+0x2cd/0x380
[ 58.958754][ T4992] ? do_notify_parent+0xf50/0xf50
[ 58.963761][ T4992] ? user_path_at_empty+0x12f/0x180
[ 58.968947][ T4992] ? __x64_sys_umount+0x126/0x170
[ 58.973958][ T4992] ? path_umount+0xea0/0xea0
[ 58.978537][ T4992] ? syscall_enter_from_user_mode+0x32/0x230
[ 58.984505][ T4992] syscall_exit_to_user_mode+0x157/0x280
[ 58.990129][ T4992] do_syscall_64+0x4d/0xc0
[ 58.994527][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.000407][ T4992] RIP: 0033:0x7f608e4e1c57
[ 59.004807][ T4992] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.024400][ T4992] RSP: 002b:00007fff2aa9a1c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 59.032803][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f608e4e1c57
[ 59.040762][ T4992] RDX: 00007fff2aa9a289 RSI: 000000000000000a RDI: 00007fff2aa9a280
[ 59.048719][ T4992] RBP: 00007fff2aa9a280 R08: 00000000ffffffff R09: 00007fff2aa9a060
[ 59.056677][ T4992] R10: 00005555556c5653 R11: 0000000000000202 R12: 00007fff2aa9b2e0
[ 59.064636][ T4992] R13: 00005555556c55f0 R14: 00007fff2aa9a1f0 R15: 0000000000000001
[ 59.072605][ T4992]
[ 59.077433][ T4992] ==================================================================
[ 59.085522][ T4992] BUG: KASAN: slab-use-after-free in qd_unlock+0x30/0x2d0
[ 59.092974][ T4992] Read of size 8 at addr ffff888075e36090 by task syz-executor681/4992
[ 59.101198][ T4992]
[ 59.103503][ T4992] CPU: 1 PID: 4992 Comm: syz-executor681 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
[ 59.113891][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 59.123929][ T4992] Call Trace:
[ 59.127199][ T4992]
[ 59.130202][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 59.134861][ T4992] ? irq_work_queue+0xca/0x150
[ 59.139608][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.145050][ T4992] ? panic+0x770/0x770
[ 59.149102][ T4992] ? _printk+0xd5/0x120
[ 59.153240][ T4992] print_report+0x163/0x540
[ 59.157728][ T4992] ? do_sync+0xb12/0xc70
[ 59.161949][ T4992] ? gfs2_quota_sync+0x37d/0x820
[ 59.166865][ T4992] ? __virt_addr_valid+0x22f/0x2e0
[ 59.171959][ T4992] ? __phys_addr+0xba/0x170
[ 59.176446][ T4992] ? qd_unlock+0x30/0x2d0
[ 59.180755][ T4992] kasan_report+0x176/0x1b0
[ 59.185238][ T4992] ? qd_unlock+0x30/0x2d0
[ 59.189553][ T4992] kasan_check_range+0x283/0x290
[ 59.194481][ T4992] qd_unlock+0x30/0x2d0
[ 59.198621][ T4992] gfs2_quota_sync+0x6e7/0x820
[ 59.203366][ T4992] ? get_nr_dirty_inodes+0x1c7/0x210
[ 59.208636][ T4992] gfs2_sync_fs+0x4d/0xb0
[ 59.212949][ T4992] sync_filesystem+0xec/0x220
[ 59.217608][ T4992] generic_shutdown_super+0x6f/0x340
[ 59.222892][ T4992] kill_block_super+0x84/0xf0
[ 59.227555][ T4992] deactivate_locked_super+0xa4/0x110
[ 59.232918][ T4992] cleanup_mnt+0x426/0x4c0
[ 59.237318][ T4992] ? _raw_spin_unlock_irq+0x23/0x50
[ 59.242496][ T4992] task_work_run+0x24a/0x300
[ 59.247066][ T4992] ? dput+0x3a1/0x420
[ 59.251029][ T4992] ? task_work_cancel+0x2b0/0x2b0
[ 59.256037][ T4992] ? __x64_sys_umount+0x126/0x170
[ 59.261045][ T4992] ptrace_notify+0x2cd/0x380
[ 59.265615][ T4992] ? do_notify_parent+0xf50/0xf50
[ 59.270622][ T4992] ? user_path_at_empty+0x12f/0x180
[ 59.275802][ T4992] ? __x64_sys_umount+0x126/0x170
[ 59.280807][ T4992] ? path_umount+0xea0/0xea0
[ 59.285375][ T4992] ? syscall_enter_from_user_mode+0x32/0x230
[ 59.291341][ T4992] syscall_exit_to_user_mode+0x157/0x280
[ 59.296960][ T4992] do_syscall_64+0x4d/0xc0
[ 59.301356][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.307232][ T4992] RIP: 0033:0x7f608e4e1c57
[ 59.311630][ T4992] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.331220][ T4992] RSP: 002b:00007fff2aa9a1c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 59.339618][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f608e4e1c57
[ 59.347575][ T4992] RDX: 00007fff2aa9a289 RSI: 000000000000000a RDI: 00007fff2aa9a280
[ 59.355527][ T4992] RBP: 00007fff2aa9a280 R08: 00000000ffffffff R09: 00007fff2aa9a060
[ 59.363482][ T4992] R10: 00005555556c5653 R11: 0000000000000202 R12: 00007fff2aa9b2e0
[ 59.371433][ T4992] R13: 00005555556c55f0 R14: 00007fff2aa9a1f0 R15: 0000000000000001
[ 59.379392][ T4992]
[ 59.382392][ T4992]
[ 59.384698][ T4992] Allocated by task 4993:
[ 59.389013][ T4992] kasan_set_track+0x4f/0x70
[ 59.393588][ T4992] __kasan_slab_alloc+0x66/0x70
[ 59.398424][ T4992] slab_post_alloc_hook+0x68/0x3a0
[ 59.403514][ T4992] kmem_cache_alloc+0x11f/0x2e0
[ 59.408340][ T4992] qd_alloc+0x51/0x250
[ 59.412389][ T4992] gfs2_quota_init+0x7ee/0x1110
[ 59.417217][ T4992] gfs2_make_fs_rw+0x43a/0x5c0
[ 59.421959][ T4992] gfs2_fill_super+0x2530/0x2840
[ 59.426880][ T4992] get_tree_bdev+0x405/0x620
[ 59.431450][ T4992] gfs2_get_tree+0x54/0x210
[ 59.435937][ T4992] vfs_get_tree+0x8c/0x270
[ 59.440334][ T4992] do_new_mount+0x28f/0xae0
[ 59.444813][ T4992] __se_sys_mount+0x2d9/0x3c0
[ 59.449470][ T4992] do_syscall_64+0x41/0xc0
[ 59.453866][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.459739][ T4992]
[ 59.462042][ T4992] Freed by task 0:
[ 59.465744][ T4992] kasan_set_track+0x4f/0x70
[ 59.470331][ T4992] kasan_save_free_info+0x2b/0x40
[ 59.475339][ T4992] ____kasan_slab_free+0xd6/0x120
[ 59.480343][ T4992] kmem_cache_free+0x297/0x520
[ 59.485082][ T4992] rcu_core+0x9d7/0x15f0
[ 59.489303][ T4992] __do_softirq+0x2ab/0x908
[ 59.493789][ T4992]
[ 59.496094][ T4992] Last potentially related work creation:
[ 59.501784][ T4992] kasan_save_stack+0x3f/0x60
[ 59.506444][ T4992] __kasan_record_aux_stack+0xb0/0xc0
[ 59.511798][ T4992] call_rcu+0x167/0xa70
[ 59.515932][ T4992] gfs2_quota_cleanup+0x442/0x6b0
[ 59.520933][ T4992] gfs2_make_fs_ro+0x589/0x680
[ 59.525672][ T4992] gfs2_withdraw+0x62b/0x1550
[ 59.530330][ T4992] gfs2_inode_refresh+0xbe2/0x1060
[ 59.535419][ T4992] gfs2_instantiate+0x18c/0x250
[ 59.540267][ T4992] gfs2_glock_wait+0x1df/0x2b0
[ 59.545011][ T4992] do_sync+0x492/0xc70
[ 59.549058][ T4992] gfs2_quota_sync+0x37d/0x820
[ 59.553795][ T4992] gfs2_sync_fs+0x4d/0xb0
[ 59.558103][ T4992] sync_filesystem+0xec/0x220
[ 59.562759][ T4992] generic_shutdown_super+0x6f/0x340
[ 59.568021][ T4992] kill_block_super+0x84/0xf0
[ 59.572678][ T4992] deactivate_locked_super+0xa4/0x110
[ 59.578032][ T4992] cleanup_mnt+0x426/0x4c0
[ 59.582428][ T4992] task_work_run+0x24a/0x300
[ 59.586993][ T4992] ptrace_notify+0x2cd/0x380
[ 59.591563][ T4992] syscall_exit_to_user_mode+0x157/0x280
[ 59.597175][ T4992] do_syscall_64+0x4d/0xc0
[ 59.601567][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.607440][ T4992]
[ 59.609743][ T4992] The buggy address belongs to the object at ffff888075e36000
[ 59.609743][ T4992] which belongs to the cache gfs2_quotad of size 272
[ 59.623769][ T4992] The buggy address is located 144 bytes inside of
[ 59.623769][ T4992] freed 272-byte region [ffff888075e36000, ffff888075e36110)
[ 59.637543][ T4992]
[ 59.639850][ T4992] The buggy address belongs to the physical page:
[ 59.646239][ T4992] page:ffffea0001d78d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75e36
[ 59.656367][ T4992] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 59.663883][ T4992] page_type: 0xffffffff()
[ 59.668192][ T4992] raw: 00fff00000000200 ffff8881442f1c80 dead000000000122 0000000000000000
[ 59.676753][ T4992] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 59.685307][ T4992] page dumped because: kasan: bad access detected
[ 59.691695][ T4992] page_owner tracks the page as allocated
[ 59.697385][ T4992] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 4993, tgid 4993 (syz-executor681), ts 58231744744, free_ts 13177397283
[ 59.717517][ T4992] post_alloc_hook+0x1e6/0x210
[ 59.722271][ T4992] get_page_from_freelist+0x321c/0x33a0
[ 59.727801][ T4992] __alloc_pages+0x255/0x670
[ 59.732372][ T4992] alloc_slab_page+0x6a/0x160
[ 59.737037][ T4992] new_slab+0x84/0x2f0
[ 59.741084][ T4992] ___slab_alloc+0xa85/0x10a0
[ 59.745744][ T4992] kmem_cache_alloc+0x1b9/0x2e0
[ 59.750586][ T4992] qd_alloc+0x51/0x250
[ 59.754633][ T4992] gfs2_quota_init+0x7ee/0x1110
[ 59.759461][ T4992] gfs2_make_fs_rw+0x43a/0x5c0
[ 59.764206][ T4992] gfs2_fill_super+0x2530/0x2840
[ 59.769136][ T4992] get_tree_bdev+0x405/0x620
[ 59.773722][ T4992] gfs2_get_tree+0x54/0x210
[ 59.778218][ T4992] vfs_get_tree+0x8c/0x270
[ 59.782618][ T4992] do_new_mount+0x28f/0xae0
[ 59.787106][ T4992] __se_sys_mount+0x2d9/0x3c0
[ 59.791773][ T4992] page last free stack trace:
[ 59.796428][ T4992] free_unref_page_prepare+0x903/0xa30
[ 59.801869][ T4992] free_unref_page+0x37/0x3f0
[ 59.806529][ T4992] free_contig_range+0x9e/0x150
[ 59.811362][ T4992] destroy_args+0x102/0x9a0
[ 59.815847][ T4992] debug_vm_pgtable+0x405/0x490
[ 59.820678][ T4992] do_one_initcall+0x23d/0x7d0
[ 59.825438][ T4992] do_initcall_level+0x157/0x210
[ 59.830357][ T4992] do_initcalls+0x3f/0x80
[ 59.834686][ T4992] kernel_init_freeable+0x43b/0x5d0
[ 59.839884][ T4992] kernel_init+0x1d/0x2a0
[ 59.844207][ T4992] ret_from_fork+0x1f/0x30
[ 59.848613][ T4992]
[ 59.850917][ T4992] Memory state around the buggy address:
[ 59.856525][ T4992] ffff888075e35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.864564][ T4992] ffff888075e36000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.872606][ T4992] >ffff888075e36080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.880645][ T4992] ^
[ 59.885211][ T4992] ffff888075e36100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.893250][ T4992] ffff888075e36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.901304][ T4992] ==================================================================
[ 59.911051][ T4992] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.918260][ T4992] CPU: 1 PID: 4992 Comm: syz-executor681 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
[ 59.928677][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 59.938717][ T4992] Call Trace:
[ 59.941979][ T4992]
[ 59.944892][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 59.949556][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.954997][ T4992] ? panic+0x770/0x770
[ 59.959056][ T4992] ? preempt_schedule_common+0x83/0xc0
[ 59.964500][ T4992] ? vscnprintf+0x5d/0x80
[ 59.968821][ T4992] panic+0x30f/0x770
[ 59.972704][ T4992] ? check_panic_on_warn+0x21/0xa0
[ 59.977798][ T4992] ? __memcpy_flushcache+0x2b0/0x2b0
[ 59.983066][ T4992] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 59.989032][ T4992] ? _raw_spin_unlock+0x40/0x40
[ 59.993863][ T4992] ? print_report+0x4fb/0x540
[ 59.998523][ T4992] check_panic_on_warn+0x82/0xa0
[ 60.003444][ T4992] ? qd_unlock+0x30/0x2d0
[ 60.007759][ T4992] end_report+0x63/0x110
[ 60.011982][ T4992] kasan_report+0x183/0x1b0
[ 60.016468][ T4992] ? qd_unlock+0x30/0x2d0
[ 60.020780][ T4992] kasan_check_range+0x283/0x290
[ 60.025698][ T4992] qd_unlock+0x30/0x2d0
[ 60.029842][ T4992] gfs2_quota_sync+0x6e7/0x820
[ 60.034585][ T4992] ? get_nr_dirty_inodes+0x1c7/0x210
[ 60.039855][ T4992] gfs2_sync_fs+0x4d/0xb0
[ 60.044187][ T4992] sync_filesystem+0xec/0x220
[ 60.048858][ T4992] generic_shutdown_super+0x6f/0x340
[ 60.054134][ T4992] kill_block_super+0x84/0xf0
[ 60.058804][ T4992] deactivate_locked_super+0xa4/0x110
[ 60.064172][ T4992] cleanup_mnt+0x426/0x4c0
[ 60.068601][ T4992] ? _raw_spin_unlock_irq+0x23/0x50
[ 60.073798][ T4992] task_work_run+0x24a/0x300
[ 60.078375][ T4992] ? dput+0x3a1/0x420
[ 60.082437][ T4992] ? task_work_cancel+0x2b0/0x2b0
[ 60.087446][ T4992] ? __x64_sys_umount+0x126/0x170
[ 60.092892][ T4992] ptrace_notify+0x2cd/0x380
[ 60.097468][ T4992] ? do_notify_parent+0xf50/0xf50
[ 60.102478][ T4992] ? user_path_at_empty+0x12f/0x180
[ 60.107659][ T4992] ? __x64_sys_umount+0x126/0x170
[ 60.112664][ T4992] ? path_umount+0xea0/0xea0
[ 60.117233][ T4992] ? syscall_enter_from_user_mode+0x32/0x230
[ 60.123198][ T4992] syscall_exit_to_user_mode+0x157/0x280
[ 60.128817][ T4992] do_syscall_64+0x4d/0xc0
[ 60.133213][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.139093][ T4992] RIP: 0033:0x7f608e4e1c57
[ 60.143488][ T4992] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.163076][ T4992] RSP: 002b:00007fff2aa9a1c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 60.171488][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f608e4e1c57
[ 60.179447][ T4992] RDX: 00007fff2aa9a289 RSI: 000000000000000a RDI: 00007fff2aa9a280
[ 60.187397][ T4992] RBP: 00007fff2aa9a280 R08: 00000000ffffffff R09: 00007fff2aa9a060
[ 60.195343][ T4992] R10: 00005555556c5653 R11: 0000000000000202 R12: 00007fff2aa9b2e0
[ 60.203293][ T4992] R13: 00005555556c55f0 R14: 00007fff2aa9a1f0 R15: 0000000000000001
[ 60.211259][ T4992]
[ 60.214436][ T4992] Kernel Offset: disabled
[ 60.218745][ T4992] Rebooting in 86400 seconds..