./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2219666254

<...>
DUID 00:04:f8:32:f0:25:6b:f7:7b:d6:d2:5e:34:7f:1d:07:e3:4e
forked to background, child pid 4645
[   30.676408][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.687276][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
execve("./syz-executor2219666254", ["./syz-executor2219666254"], 0x7ffd3929cc20 /* 10 vars */) = 0
brk(NULL)                               = 0x555557057000
brk(0x555557057d00)                     = 0x555557057d00
arch_prctl(ARCH_SET_FS, 0x5555570573c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2219666254", 4096) = 28
brk(0x555557078d00)                     = 0x555557078d00
brk(0x555557079000)                     = 0x555557079000
mprotect(0x7f2c4310a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5066
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5066", 4)                     = 4
close(3)                                = 0
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
chmod("/dev/raw-gadget", 0666)          = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5066}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f2c43043950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f2c43044da0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f2c43043950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f2c43044da0}, NULL, 8) = 0
getpid()                                = 5066
mkdir("./syzkaller.CiZ13f", 0700)       = 0
chmod("./syzkaller.CiZ13f", 0777)       = 0
chdir("./syzkaller.CiZ13f")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557057690) = 5069
./strace-static-x86_64: Process 5069 attached
[pid  5069] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5069] setsid()                    = 1
[pid  5069] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5069] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5069] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5069] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5069] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5069] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5069] unshare(CLONE_NEWNS)        = 0
[pid  5069] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5069] unshare(CLONE_NEWIPC)       = 0
[pid  5069] unshare(CLONE_NEWCGROUP)    = 0
[pid  5069] unshare(CLONE_NEWUTS)       = 0
[pid  5069] unshare(CLONE_SYSVSEM)      = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "16777216", 8)     = 8
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "536870912", 9)    = 9
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "1024", 4)         = 4
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "8192", 4)         = 4
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "1024", 4)         = 4
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "1024", 4)         = 4
[pid  5069] close(3)                    = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5069] close(3)                    = 0
[pid  5069] getpid()                    = 1
[pid  5069] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5069] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5069] unshare(CLONE_NEWNET)       = 0
[pid  5069] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "0 65535", 7)      = 7
[pid  5069] close(3)                    = 0
[pid  5069] mkdir("/dev/binderfs", 0777) = 0
[pid  5069] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5069] memfd_create("syzkaller", 0) = 3
[pid  5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2c3ac39000
[pid  5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5069] munmap(0x7f2c3ac39000, 16777216) = 0
[pid  5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5069] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5069] close(3)                    = 0
[pid  5069] mkdir("./file0", 0777)      = 0
syzkaller login: [   50.759102][ T5069] loop0: detected capacity change from 0 to 32768
[   50.770881][ T5069] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   50.779329][ T5069] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   50.791328][ T5069] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[   50.800568][  T897] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   50.807421][  T897] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   50.844909][  T897] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[   50.852756][  T897] gfs2: fsid=syz:syz.0: jid=0: Done
[   50.858724][ T5069] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  5069] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid  5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5069] chdir("./file0")            = 0
[pid  5069] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5069] close(4)                    = 0
[pid  5069] close(3)                    = 0
[pid  5069] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5069] exit_group(1)               = ?
[   50.954221][ T5069] gfs2: fsid=syz:syz.0: found 1 quota changes
[   50.981561][ T5069] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   50.981561][ T5069]   inode = 11 2340
[   50.981561][ T5069]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 460
[   51.000986][ T5069] gfs2: fsid=syz:syz.0: G:  s:EX n:2/924 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[   51.017935][ T5069] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5069 [syz-executor221] gfs2_quota_sync+0x3da/0x8b0
[   51.028717][ T5069] gfs2: fsid=syz:syz.0:  I: n:11/2340 t:8 f:0x00 d:0x00000201 s:176 p:0
[   51.037171][ T5069] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   51.053046][ T5069] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1474
[   51.067123][ T5069] CPU: 0 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0
[   51.075795][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.085918][ T5069] Call Trace:
[   51.089187][ T5069]  <TASK>
[   51.092107][ T5069]  dump_stack_lvl+0x1b1/0x290
[   51.096784][ T5069]  ? nf_tcp_handle_invalid+0x630/0x630
[   51.102231][ T5069]  ? panic+0x710/0x710
[   51.106292][ T5069]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.111490][ T5069]  gfs2_assert_warn_i+0x19a/0x2e0
[   51.116509][ T5069]  gfs2_quota_cleanup+0x4c6/0x6b0
[   51.121532][ T5069]  gfs2_make_fs_ro+0x517/0x610
[   51.128628][ T5069]  ? __might_sleep+0xc0/0xc0
[   51.133209][ T5069]  ? gfs2_dinode_out+0xad0/0xad0
[   51.138131][ T5069]  ? gfs2_glock_nq+0xdaa/0x1700
[   51.142973][ T5069]  ? gfs2_instantiate+0x207/0x220
[   51.148014][ T5069]  ? gfs2_glock_wait+0x213/0x2a0
[   51.152951][ T5069]  gfs2_withdraw+0x609/0x1540
[   51.157629][ T5069]  ? gfs2_lm+0x220/0x220
[   51.161863][ T5069]  ? make_kgid+0x1fe/0x710
[   51.166275][ T5069]  ? gfs2_withdraw+0x5cc/0x1540
[   51.171202][ T5069]  ? gfs2_consist_inode_i+0xf3/0x110
[   51.176484][ T5069]  gfs2_inode_refresh+0xb2d/0xf60
[   51.181506][ T5069]  ? gfs2_inode_metasync+0xf0/0xf0
[   51.186607][ T5069]  ? _raw_spin_unlock+0x24/0x40
[   51.191446][ T5069]  ? gfs2_glock_nq+0xdaa/0x1700
[   51.196371][ T5069]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.201579][ T5069]  gfs2_instantiate+0x15e/0x220
[   51.206426][ T5069]  gfs2_glock_wait+0x1d9/0x2a0
[   51.211179][ T5069]  do_sync+0x485/0xc80
[   51.215245][ T5069]  ? gfs2_quota_sync+0x3da/0x8b0
[   51.220791][ T5069]  ? slot_put+0x1f0/0x1f0
[   51.225202][ T5069]  ? do_raw_spin_lock+0x147/0x3a0
[   51.230217][ T5069]  ? __lock_acquire+0x1f60/0x1f60
[   51.235248][ T5069]  ? gfs2_quota_sync+0x3da/0x8b0
[   51.240175][ T5069]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.245359][ T5069]  ? qd_check_sync+0xba/0x3f0
[   51.250028][ T5069]  gfs2_quota_sync+0x3da/0x8b0
[   51.254792][ T5069]  gfs2_sync_fs+0x49/0xb0
[   51.259196][ T5069]  sync_filesystem+0xe8/0x220
[   51.263866][ T5069]  generic_shutdown_super+0x6b/0x310
[   51.269144][ T5069]  kill_block_super+0x79/0xd0
[   51.273811][ T5069]  deactivate_locked_super+0xa7/0xf0
[   51.279096][ T5069]  cleanup_mnt+0x494/0x520
[   51.283500][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.288696][ T5069]  task_work_run+0x243/0x300
[   51.293316][ T5069]  ? task_work_cancel+0x290/0x290
[   51.298370][ T5069]  ? do_exit+0x63f/0x2150
[   51.302709][ T5069]  do_exit+0x644/0x2150
[   51.306870][ T5069]  ? mm_update_next_owner+0x6d0/0x6d0
[   51.312255][ T5069]  ? print_irqtrace_events+0x220/0x220
[   51.317806][ T5069]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.323078][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.328349][ T5069]  do_group_exit+0x1fd/0x2b0
[   51.332942][ T5069]  __x64_sys_exit_group+0x3b/0x40
[   51.338762][ T5069]  do_syscall_64+0x3d/0xb0
[   51.343176][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.349062][ T5069] RIP: 0033:0x7f2c4308d0c9
[   51.353552][ T5069] Code: Unable to access opcode bytes at 0x7f2c4308d09f.
[   51.360553][ T5069] RSP: 002b:00007ffcdd2f81f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.369055][ T5069] RAX: ffffffffffffffda RBX: 00007f2c431103d0 RCX: 00007f2c4308d0c9
[   51.377109][ T5069] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   51.385073][ T5069] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000012550
[   51.393047][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c431103d0
[   51.401014][ T5069] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   51.408992][ T5069]  </TASK>
[   51.418962][ T5069] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   51.427729][ T5069] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   51.436313][ T5069] gfs2: fsid=syz:syz.0: File system withdrawn
[   51.442526][ T5069] CPU: 1 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0
[   51.451223][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.461272][ T5069] Call Trace:
[   51.464546][ T5069]  <TASK>
[   51.467471][ T5069]  dump_stack_lvl+0x1b1/0x290
[   51.472149][ T5069]  ? nf_tcp_handle_invalid+0x630/0x630
[   51.477606][ T5069]  ? panic+0x710/0x710
[   51.481663][ T5069]  ? kobject_uevent_env+0x46b/0x8e0
[   51.486857][ T5069]  gfs2_withdraw+0xf33/0x1540
[   51.491538][ T5069]  ? gfs2_lm+0x220/0x220
[   51.495788][ T5069]  ? make_kgid+0x1fe/0x710
[   51.500298][ T5069]  ? gfs2_consist_inode_i+0xf3/0x110
[   51.505579][ T5069]  gfs2_inode_refresh+0xb2d/0xf60
[   51.510600][ T5069]  ? gfs2_inode_metasync+0xf0/0xf0
[   51.515703][ T5069]  ? _raw_spin_unlock+0x24/0x40
[   51.520549][ T5069]  ? gfs2_glock_nq+0xdaa/0x1700
[   51.525488][ T5069]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.530692][ T5069]  gfs2_instantiate+0x15e/0x220
[   51.535549][ T5069]  gfs2_glock_wait+0x1d9/0x2a0
[   51.540322][ T5069]  do_sync+0x485/0xc80
[   51.544393][ T5069]  ? gfs2_quota_sync+0x3da/0x8b0
[   51.549346][ T5069]  ? slot_put+0x1f0/0x1f0
[   51.553681][ T5069]  ? do_raw_spin_lock+0x147/0x3a0
[   51.558709][ T5069]  ? __lock_acquire+0x1f60/0x1f60
[   51.563735][ T5069]  ? gfs2_quota_sync+0x3da/0x8b0
[   51.568674][ T5069]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.573961][ T5069]  ? qd_check_sync+0xba/0x3f0
[   51.578647][ T5069]  gfs2_quota_sync+0x3da/0x8b0
[   51.583428][ T5069]  gfs2_sync_fs+0x49/0xb0
[   51.587763][ T5069]  sync_filesystem+0xe8/0x220
[   51.592449][ T5069]  generic_shutdown_super+0x6b/0x310
[   51.597762][ T5069]  kill_block_super+0x79/0xd0
[   51.602457][ T5069]  deactivate_locked_super+0xa7/0xf0
[   51.607763][ T5069]  cleanup_mnt+0x494/0x520
[   51.612219][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.617477][ T5069]  task_work_run+0x243/0x300
[   51.622092][ T5069]  ? task_work_cancel+0x290/0x290
[   51.627127][ T5069]  ? do_exit+0x63f/0x2150
[   51.631474][ T5069]  do_exit+0x644/0x2150
[   51.635649][ T5069]  ? mm_update_next_owner+0x6d0/0x6d0
[   51.641030][ T5069]  ? print_irqtrace_events+0x220/0x220
[   51.646497][ T5069]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.651700][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.656901][ T5069]  do_group_exit+0x1fd/0x2b0
[   51.661516][ T5069]  __x64_sys_exit_group+0x3b/0x40
[   51.666548][ T5069]  do_syscall_64+0x3d/0xb0
[   51.670976][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.676882][ T5069] RIP: 0033:0x7f2c4308d0c9
[   51.681302][ T5069] Code: Unable to access opcode bytes at 0x7f2c4308d09f.
[   51.688330][ T5069] RSP: 002b:00007ffcdd2f81f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.696743][ T5069] RAX: ffffffffffffffda RBX: 00007f2c431103d0 RCX: 00007f2c4308d0c9
[   51.704715][ T5069] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   51.712688][ T5069] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000012550
[   51.720655][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c431103d0
[   51.728624][ T5069] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   51.736611][ T5069]  </TASK>
[   51.744015][ T5069] ==================================================================
[   51.752099][ T5069] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[   51.758782][ T5069] Read of size 8 at addr ffff888073997090 by task syz-executor221/5069
[   51.767029][ T5069] 
[   51.769356][ T5069] CPU: 1 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0
[   51.778030][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.788080][ T5069] Call Trace:
[   51.791357][ T5069]  <TASK>
[   51.794287][ T5069]  dump_stack_lvl+0x1b1/0x290
[   51.798971][ T5069]  ? nf_tcp_handle_invalid+0x630/0x630
[   51.804433][ T5069]  ? __wake_up_klogd+0xcd/0x100
[   51.809292][ T5069]  ? panic+0x710/0x710
[   51.813363][ T5069]  ? _printk+0xc0/0x100
[   51.817515][ T5069]  ? _raw_spin_lock_irqsave+0x8e/0x100
[   51.822982][ T5069]  print_address_description+0x74/0x340
[   51.828534][ T5069]  print_report+0x107/0x1f0
[   51.833046][ T5069]  ? __virt_addr_valid+0x21b/0x2d0
[   51.838157][ T5069]  ? __phys_addr+0xb5/0x160
[   51.842660][ T5069]  ? qd_unlock+0x30/0x2d0
[   51.846987][ T5069]  kasan_report+0xcd/0x100
[   51.851401][ T5069]  ? qd_unlock+0x30/0x2d0
[   51.855727][ T5069]  kasan_check_range+0x2a7/0x2e0
[   51.860661][ T5069]  qd_unlock+0x30/0x2d0
[   51.864814][ T5069]  gfs2_quota_sync+0x768/0x8b0
[   51.869578][ T5069]  gfs2_sync_fs+0x49/0xb0
[   51.873899][ T5069]  sync_filesystem+0xe8/0x220
[   51.878571][ T5069]  generic_shutdown_super+0x6b/0x310
[   51.883852][ T5069]  kill_block_super+0x79/0xd0
[   51.888531][ T5069]  deactivate_locked_super+0xa7/0xf0
[   51.893833][ T5069]  cleanup_mnt+0x494/0x520
[   51.898252][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.903460][ T5069]  task_work_run+0x243/0x300
[   51.908061][ T5069]  ? task_work_cancel+0x290/0x290
[   51.913103][ T5069]  ? do_exit+0x63f/0x2150
[   51.917442][ T5069]  do_exit+0x644/0x2150
[   51.921608][ T5069]  ? mm_update_next_owner+0x6d0/0x6d0
[   51.926982][ T5069]  ? print_irqtrace_events+0x220/0x220
[   51.932439][ T5069]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.937641][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.942833][ T5069]  do_group_exit+0x1fd/0x2b0
[   51.947422][ T5069]  __x64_sys_exit_group+0x3b/0x40
[   51.952437][ T5069]  do_syscall_64+0x3d/0xb0
[   51.956884][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.962772][ T5069] RIP: 0033:0x7f2c4308d0c9
[   51.967180][ T5069] Code: Unable to access opcode bytes at 0x7f2c4308d09f.
[   51.974273][ T5069] RSP: 002b:00007ffcdd2f81f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.982688][ T5069] RAX: ffffffffffffffda RBX: 00007f2c431103d0 RCX: 00007f2c4308d0c9
[   51.990654][ T5069] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   51.998684][ T5069] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000012550
[   52.006646][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c431103d0
[   52.014613][ T5069] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   52.022759][ T5069]  </TASK>
[   52.025768][ T5069] 
[   52.028078][ T5069] Allocated by task 5069:
[   52.032393][ T5069]  kasan_set_track+0x3d/0x60
[   52.036981][ T5069]  __kasan_slab_alloc+0x65/0x70
[   52.041841][ T5069]  kmem_cache_alloc+0x1b3/0x350
[   52.046709][ T5069]  qd_alloc+0x51/0x250
[   52.050781][ T5069]  gfs2_quota_init+0x7c4/0x10e0
[   52.055633][ T5069]  gfs2_make_fs_rw+0x48e/0x590
[   52.060388][ T5069]  gfs2_fill_super+0x2357/0x2700
[   52.065319][ T5069]  get_tree_bdev+0x400/0x620
[   52.069909][ T5069]  gfs2_get_tree+0x50/0x210
[   52.074427][ T5069]  vfs_get_tree+0x88/0x270
[   52.078852][ T5069]  do_new_mount+0x289/0xad0
[   52.083349][ T5069]  __se_sys_mount+0x2d3/0x3c0
[   52.088020][ T5069]  do_syscall_64+0x3d/0xb0
[   52.092435][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.098325][ T5069] 
[   52.100638][ T5069] Freed by task 0:
[   52.104344][ T5069]  kasan_set_track+0x3d/0x60
[   52.108931][ T5069]  kasan_save_free_info+0x27/0x40
[   52.113942][ T5069]  ____kasan_slab_free+0xd6/0x120
[   52.118960][ T5069]  slab_free_freelist_hook+0x12e/0x1a0
[   52.124409][ T5069]  kmem_cache_free+0x94/0x1d0
[   52.129074][ T5069]  rcu_core+0x9c1/0x1690
[   52.133306][ T5069]  __do_softirq+0x277/0x738
[   52.137803][ T5069] 
[   52.140115][ T5069] Last potentially related work creation:
[   52.145814][ T5069]  kasan_save_stack+0x2b/0x50
[   52.150482][ T5069]  __kasan_record_aux_stack+0xb0/0xc0
[   52.155841][ T5069]  call_rcu+0x163/0xa70
[   52.159989][ T5069]  gfs2_quota_cleanup+0x457/0x6b0
[   52.165006][ T5069]  gfs2_make_fs_ro+0x517/0x610
[   52.169848][ T5069]  gfs2_withdraw+0x609/0x1540
[   52.174521][ T5069]  gfs2_inode_refresh+0xb2d/0xf60
[   52.179540][ T5069]  gfs2_instantiate+0x15e/0x220
[   52.184382][ T5069]  gfs2_glock_wait+0x1d9/0x2a0
[   52.189144][ T5069]  do_sync+0x485/0xc80
[   52.193203][ T5069]  gfs2_quota_sync+0x3da/0x8b0
[   52.197964][ T5069]  gfs2_sync_fs+0x49/0xb0
[   52.202284][ T5069]  sync_filesystem+0xe8/0x220
[   52.206956][ T5069]  generic_shutdown_super+0x6b/0x310
[   52.212234][ T5069]  kill_block_super+0x79/0xd0
[   52.216916][ T5069]  deactivate_locked_super+0xa7/0xf0
[   52.222193][ T5069]  cleanup_mnt+0x494/0x520
[   52.226599][ T5069]  task_work_run+0x243/0x300
[   52.231187][ T5069]  do_exit+0x644/0x2150
[   52.235337][ T5069]  do_group_exit+0x1fd/0x2b0
[   52.239913][ T5069]  __x64_sys_exit_group+0x3b/0x40
[   52.244923][ T5069]  do_syscall_64+0x3d/0xb0
[   52.249330][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.255214][ T5069] 
[   52.257527][ T5069] The buggy address belongs to the object at ffff888073997000
[   52.257527][ T5069]  which belongs to the cache gfs2_quotad of size 272
[   52.271565][ T5069] The buggy address is located 144 bytes inside of
[   52.271565][ T5069]  272-byte region [ffff888073997000, ffff888073997110)
[   52.284854][ T5069] 
[   52.287172][ T5069] The buggy address belongs to the physical page:
[   52.293568][ T5069] page:ffffea0001ce65c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73997
[   52.303723][ T5069] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   52.311271][ T5069] raw: 00fff00000000200 ffff8881461ae500 dead000000000122 0000000000000000
[   52.319845][ T5069] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   52.328410][ T5069] page dumped because: kasan: bad access detected
[   52.334805][ T5069] page_owner tracks the page as allocated
[   52.340502][ T5069] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 5069, tgid 5069 (syz-executor221), ts 50927644511, free_ts 12661541703
[   52.360630][ T5069]  get_page_from_freelist+0x742/0x7c0
[   52.365995][ T5069]  __alloc_pages+0x259/0x560
[   52.370578][ T5069]  alloc_slab_page+0xbd/0x190
[   52.375337][ T5069]  allocate_slab+0x5e/0x3c0
[   52.379846][ T5069]  ___slab_alloc+0x782/0xe20
[   52.384435][ T5069]  kmem_cache_alloc+0x268/0x350
[   52.389274][ T5069]  qd_alloc+0x51/0x250
[   52.393336][ T5069]  gfs2_quota_init+0x7c4/0x10e0
[   52.398180][ T5069]  gfs2_make_fs_rw+0x48e/0x590
[   52.402942][ T5069]  gfs2_fill_super+0x2357/0x2700
[   52.407877][ T5069]  get_tree_bdev+0x400/0x620
[   52.412461][ T5069]  gfs2_get_tree+0x50/0x210
[   52.417049][ T5069]  vfs_get_tree+0x88/0x270
[   52.421469][ T5069]  do_new_mount+0x289/0xad0
[   52.425962][ T5069]  __se_sys_mount+0x2d3/0x3c0
[   52.430638][ T5069]  do_syscall_64+0x3d/0xb0
[   52.435067][ T5069] page last free stack trace:
[   52.439733][ T5069]  free_pcp_prepare+0x751/0x780
[   52.444625][ T5069]  free_unref_page+0x19/0x4c0
[   52.449308][ T5069]  free_contig_range+0xa3/0x160
[   52.454169][ T5069]  destroy_args+0xfe/0x940
[   52.458590][ T5069]  debug_vm_pgtable+0x43d/0x4a0
[   52.463462][ T5069]  do_one_initcall+0x1d1/0x410
[   52.468228][ T5069]  do_initcall_level+0x168/0x220
[   52.473168][ T5069]  do_initcalls+0x43/0x90
[   52.477498][ T5069]  kernel_init_freeable+0x428/0x5e0
[   52.482714][ T5069]  kernel_init+0x19/0x2b0
[   52.487047][ T5069]  ret_from_fork+0x1f/0x30
[   52.491463][ T5069] 
[   52.493788][ T5069] Memory state around the buggy address:
[   52.499420][ T5069]  ffff888073996f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.507565][ T5069]  ffff888073997000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.515625][ T5069] >ffff888073997080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.523677][ T5069]                          ^
[   52.528252][ T5069]  ffff888073997100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.536392][ T5069]  ffff888073997180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.544445][ T5069] ==================================================================
[   52.553010][ T5069] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.560216][ T5069] CPU: 1 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0
[   52.568901][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.578972][ T5069] Call Trace:
[   52.582247][ T5069]  <TASK>
[   52.585175][ T5069]  dump_stack_lvl+0x1b1/0x290
[   52.589856][ T5069]  ? nf_tcp_handle_invalid+0x630/0x630
[   52.595312][ T5069]  ? panic+0x710/0x710
[   52.599383][ T5069]  ? lock_release+0x81/0x820
[   52.603968][ T5069]  ? vscnprintf+0x59/0x80
[   52.608295][ T5069]  panic+0x2d6/0x710
[   52.612202][ T5069]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   52.618373][ T5069]  ? check_panic_on_warn+0x1d/0xa0
[   52.623500][ T5069]  ? memcpy_page_flushcache+0x100/0x100
[   52.629068][ T5069]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[   52.635051][ T5069]  ? _raw_spin_unlock+0x40/0x40
[   52.639900][ T5069]  ? print_report+0x1b4/0x1f0
[   52.644575][ T5069]  check_panic_on_warn+0x80/0xa0
[   52.649507][ T5069]  ? qd_unlock+0x30/0x2d0
[   52.653831][ T5069]  end_report+0x47/0x90
[   52.657986][ T5069]  kasan_report+0xda/0x100
[   52.662399][ T5069]  ? qd_unlock+0x30/0x2d0
[   52.666725][ T5069]  kasan_check_range+0x2a7/0x2e0
[   52.671662][ T5069]  qd_unlock+0x30/0x2d0
[   52.675818][ T5069]  gfs2_quota_sync+0x768/0x8b0
[   52.680671][ T5069]  gfs2_sync_fs+0x49/0xb0
[   52.684994][ T5069]  sync_filesystem+0xe8/0x220
[   52.689672][ T5069]  generic_shutdown_super+0x6b/0x310
[   52.694973][ T5069]  kill_block_super+0x79/0xd0
[   52.699670][ T5069]  deactivate_locked_super+0xa7/0xf0
[   52.704982][ T5069]  cleanup_mnt+0x494/0x520
[   52.709402][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   52.714612][ T5069]  task_work_run+0x243/0x300
[   52.719210][ T5069]  ? task_work_cancel+0x290/0x290
[   52.724278][ T5069]  ? do_exit+0x63f/0x2150
[   52.728617][ T5069]  do_exit+0x644/0x2150
[   52.732785][ T5069]  ? mm_update_next_owner+0x6d0/0x6d0
[   52.738160][ T5069]  ? print_irqtrace_events+0x220/0x220
[   52.743621][ T5069]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.748822][ T5069]  ? lockdep_hardirqs_on+0x8d/0x130
[   52.754011][ T5069]  do_group_exit+0x1fd/0x2b0
[   52.758599][ T5069]  __x64_sys_exit_group+0x3b/0x40
[   52.763619][ T5069]  do_syscall_64+0x3d/0xb0
[   52.768029][ T5069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.773920][ T5069] RIP: 0033:0x7f2c4308d0c9
[   52.778326][ T5069] Code: Unable to access opcode bytes at 0x7f2c4308d09f.
[   52.785332][ T5069] RSP: 002b:00007ffcdd2f81f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.793736][ T5069] RAX: ffffffffffffffda RBX: 00007f2c431103d0 RCX: 00007f2c4308d0c9
[   52.801700][ T5069] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   52.809660][ T5069] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000012550
[   52.817724][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c431103d0
[   52.825706][ T5069] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   52.833681][ T5069]  </TASK>
[   52.836924][ T5069] Kernel Offset: disabled
[   52.841280][ T5069] Rebooting in 86400 seconds..