loop1: detected capacity change from 0 to 512
EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
==================================================================
BUG: KASAN: slab-out-of-bounds in lockdep_set_quota_inode fs/ext4/super.c:6805 [inline]
BUG: KASAN: slab-out-of-bounds in ext4_quota_enable fs/ext4/super.c:6936 [inline]
BUG: KASAN: slab-out-of-bounds in ext4_enable_quotas+0x5df/0xdc0 fs/ext4/super.c:6963
Read of size 8 at addr ffff8880367c7fd8 by task syz-executor.1/21748

CPU: 0 PID: 21748 Comm: syz-executor.1 Not tainted 6.2.0-rc4-syzkaller-00031-g6e50979a9c87 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
 print_address_description+0x74/0x340 mm/kasan/report.c:306
 print_report+0x107/0x1f0 mm/kasan/report.c:417
 kasan_report+0xcd/0x100 mm/kasan/report.c:517
 lockdep_set_quota_inode fs/ext4/super.c:6805 [inline]
 ext4_quota_enable fs/ext4/super.c:6936 [inline]
 ext4_enable_quotas+0x5df/0xdc0 fs/ext4/super.c:6963
 __ext4_fill_super fs/ext4/super.c:5501 [inline]
 ext4_fill_super+0x7fc4/0x8700 fs/ext4/super.c:5644
 get_tree_bdev+0x400/0x620 fs/super.c:1282
 vfs_get_tree+0x88/0x270 fs/super.c:1489
 do_new_mount+0x289/0xad0 fs/namespace.c:3145
 do_mount fs/namespace.c:3488 [inline]
 __do_sys_mount fs/namespace.c:3697 [inline]
 __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcaef68d5fa
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcaf0382f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000000050d RCX: 00007fcaef68d5fa
RDX: 0000000020000100 RSI: 00000000200006c0 RDI: 00007fcaf0382fe0
RBP: 00007fcaf0383020 R08: 00007fcaf0383020 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000202 R12: 0000000020000100
R13: 00000000200006c0 R14: 00007fcaf0382fe0 R15: 0000000020000040
 </TASK>

Allocated by task 5113:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x3d/0x60 mm/kasan/common.c:52
 __kasan_slab_alloc+0x65/0x70 mm/kasan/common.c:325
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slab.h:761 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc_lru+0x183/0x320 mm/slub.c:3483
 __d_alloc+0x31/0x750 fs/dcache.c:1769
 d_alloc+0x48/0x1d0 fs/dcache.c:1849
 __lookup_hash+0xc8/0x240 fs/namei.c:1597
 filename_create+0x25f/0x4f0 fs/namei.c:3808
 do_mkdirat+0xb5/0x530 fs/namei.c:4051
 __do_sys_mkdirat fs/namei.c:4076 [inline]
 __se_sys_mkdirat fs/namei.c:4074 [inline]
 __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4074
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Last potentially related work creation:
 kasan_save_stack+0x2b/0x50 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xb0/0xc0 mm/kasan/generic.c:488
 __call_rcu_common kernel/rcu/tree.c:2755 [inline]
 call_rcu+0x163/0xa70 kernel/rcu/tree.c:2868
 __dentry_kill+0x46b/0x5b0 fs/dcache.c:621
 shrink_dentry_list+0x386/0x6c0 fs/dcache.c:1201
 shrink_dcache_parent+0xcd/0x450
 d_invalidate+0xef/0x2a0 fs/dcache.c:1737
 lookup_fast+0x38e/0x480 fs/namei.c:1650
 walk_component+0x55/0x410 fs/namei.c:1989
 lookup_last fs/namei.c:2450 [inline]
 path_lookupat+0x17d/0x450 fs/namei.c:2474
 filename_lookup+0x274/0x650 fs/namei.c:2503
 user_path_at_empty+0x40/0x1a0 fs/namei.c:2876
 do_readlinkat+0x10c/0x3d0 fs/stat.c:471
 __do_sys_readlink fs/stat.c:504 [inline]
 __se_sys_readlink fs/stat.c:501 [inline]
 __x64_sys_readlink+0x7b/0x90 fs/stat.c:501
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Second to last potentially related work creation:
 kasan_save_stack+0x2b/0x50 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xb0/0xc0 mm/kasan/generic.c:488
 __call_rcu_common kernel/rcu/tree.c:2755 [inline]
 call_rcu+0x163/0xa70 kernel/rcu/tree.c:2868
 __dentry_kill+0x46b/0x5b0 fs/dcache.c:621
 dentry_kill+0xbb/0x290
 dput+0x1f3/0x410 fs/dcache.c:913
 lookup_fast+0x396/0x480 fs/namei.c:1651
 walk_component+0x55/0x410 fs/namei.c:1989
 lookup_last fs/namei.c:2450 [inline]
 path_lookupat+0x17d/0x450 fs/namei.c:2474
 filename_lookup+0x274/0x650 fs/namei.c:2503
 vfs_statx+0x117/0x4a0 fs/stat.c:232
 vfs_fstatat fs/stat.c:270 [inline]
 __do_sys_newfstatat fs/stat.c:440 [inline]
 __se_sys_newfstatat+0xed/0x7d0 fs/stat.c:434
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff8880367c7d60
 which belongs to the cache dentry of size 312
The buggy address is located 320 bytes to the right of
 312-byte region [ffff8880367c7d60, ffff8880367c7e98)

The buggy address belongs to the physical page:
page:ffffea0000d9f180 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880367c6bc0 pfn:0x367c6
head:ffffea0000d9f180 order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
memcg:ffff8880208e7501
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 ffff8880129eb780 ffffea0001e1ee10 ffffea0000f1b610
raw: ffff8880367c6bc0 0000000000150001 00000001ffffffff ffff8880208e7501
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4433, tgid 4433 (udevd), ts 2095402480913, free_ts 2059703768433
 prep_new_page mm/page_alloc.c:2531 [inline]
 get_page_from_freelist+0x742/0x7c0 mm/page_alloc.c:4283
 __alloc_pages+0x259/0x560 mm/page_alloc.c:5549
 alloc_slab_page+0xbd/0x190 mm/slub.c:1851
 allocate_slab+0x5e/0x3c0 mm/slub.c:1998
 new_slab mm/slub.c:2051 [inline]
 ___slab_alloc+0x782/0xe20 mm/slub.c:3193
 __slab_alloc mm/slub.c:3292 [inline]
 __slab_alloc_node mm/slub.c:3345 [inline]
 slab_alloc_node mm/slub.c:3442 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc_lru+0x238/0x320 mm/slub.c:3483
 __d_alloc+0x31/0x750 fs/dcache.c:1769
 d_alloc fs/dcache.c:1849 [inline]
 d_alloc_parallel+0xcb/0x1240 fs/dcache.c:2638
 __lookup_slow+0xfd/0x3a0 fs/namei.c:1670
 lookup_slow+0x53/0x70 fs/namei.c:1702
 walk_component+0x2e1/0x410 fs/namei.c:1993
 lookup_last fs/namei.c:2450 [inline]
 path_lookupat+0x17d/0x450 fs/namei.c:2474
 filename_lookup+0x274/0x650 fs/namei.c:2503
 user_path_at_empty+0x40/0x1a0 fs/namei.c:2876
 do_readlinkat+0x10c/0x3d0 fs/stat.c:471
 __do_sys_readlink fs/stat.c:504 [inline]
 __se_sys_readlink fs/stat.c:501 [inline]
 __x64_sys_readlink+0x7b/0x90 fs/stat.c:501
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1446 [inline]
 free_pcp_prepare+0x751/0x780 mm/page_alloc.c:1496
 free_unref_page_prepare mm/page_alloc.c:3369 [inline]
 free_unref_page+0x19/0x4c0 mm/page_alloc.c:3464
 qlist_free_all+0x2b/0x70 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x156/0x170 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1f/0x70 mm/kasan/common.c:302
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slab.h:761 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc+0x1b3/0x350 mm/slub.c:3476
 kmem_cache_zalloc include/linux/slab.h:710 [inline]
 jbd2_alloc_handle include/linux/jbd2.h:1596 [inline]
 new_handle fs/jbd2/transaction.c:476 [inline]
 jbd2__journal_start+0x143/0x5b0 fs/jbd2/transaction.c:503
 __ext4_journal_start_sb+0x13b/0x1f0 fs/ext4/ext4_jbd2.c:111
 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
 __ext4_unlink+0x3d0/0xb10 fs/ext4/namei.c:3240
 ext4_unlink+0x129/0x1b0 fs/ext4/namei.c:3299
 vfs_unlink+0x357/0x5f0 fs/namei.c:4252
 do_unlinkat+0x46f/0x930 fs/namei.c:4320
 __do_sys_unlink fs/namei.c:4368 [inline]
 __se_sys_unlink fs/namei.c:4366 [inline]
 __x64_sys_unlink+0x45/0x50 fs/namei.c:4366
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Memory state around the buggy address:
 ffff8880367c7e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880367c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880367c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8880367c8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880367c8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================