F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
==================================================================
BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: use-after-free in atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline]
BUG: KASAN: use-after-free in gfs2_qd_dispose fs/gfs2/quota.c:137 [inline]
BUG: KASAN: use-after-free in gfs2_qd_shrink_scan+0x63d/0x860 fs/gfs2/quota.c:175
Write of size 4 at addr ffff88801e028a70 by task syz-executor.2/9144

CPU: 1 PID: 9144 Comm: syz-executor.2 Not tainted 5.15.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 print_address_description+0x63/0x3b0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x16b/0x1c0 mm/kasan/report.c:451
 kasan_check_range+0x27e/0x290 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline]
 gfs2_qd_dispose fs/gfs2/quota.c:137 [inline]
 gfs2_qd_shrink_scan+0x63d/0x860 fs/gfs2/quota.c:175
 do_shrink_slab+0x542/0xda0 mm/vmscan.c:758
 shrink_slab+0x233/0x960 mm/vmscan.c:918
 drop_slab_node+0xed/0x180 mm/vmscan.c:953
 drop_slab+0x8b/0x120 mm/vmscan.c:963
 drop_caches_sysctl_handler+0xb3/0x160 fs/drop_caches.c:66
 proc_sys_call_handler+0x541/0x8a0 fs/proc/proc_sysctl.c:587
 do_iter_readv_writev+0x594/0x7a0
 do_iter_write+0x1ea/0x760 fs/read_write.c:855
 iter_file_splice_write+0x806/0xfa0 fs/splice.c:689
 do_splice_from fs/splice.c:767 [inline]
 direct_splice_actor+0xe3/0x1c0 fs/splice.c:936
 splice_direct_to_actor+0x500/0xc10 fs/splice.c:891
 do_splice_direct+0x285/0x3d0 fs/splice.c:979
 do_sendfile+0x625/0xff0 fs/read_write.c:1249
 __do_sys_sendfile64 fs/read_write.c:1311 [inline]
 __se_sys_sendfile64+0xfc/0x1e0 fs/read_write.c:1303
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fe2c123aea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48