./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3604681500

<...>
Warning: Permanently added '10.128.1.94' (ED25519) to the list of known hosts.
execve("./syz-executor3604681500", ["./syz-executor3604681500"], 0x7ffd17daf3a0 /* 10 vars */) = 0
brk(NULL)                               = 0x55559552d000
brk(0x55559552dd00)                     = 0x55559552dd00
arch_prctl(ARCH_SET_FS, 0x55559552d380) = 0
set_tid_address(0x55559552d650)         = 5084
set_robust_list(0x55559552d660, 24)     = 0
rseq(0x55559552dca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3604681500", 4096) = 28
getrandom("\xe1\xc8\x4f\xe3\xe1\x68\xcd\xf6", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55559552dd00
brk(0x55559554ed00)                     = 0x55559554ed00
brk(0x55559554f000)                     = 0x55559554f000
mprotect(0x7f7804f67000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55559552d650) = 5085
./strace-static-x86_64: Process 5085 attached
[pid  5085] set_robust_list(0x55559552d660, 24) = 0
[pid  5085] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5085] setsid()                    = 1
[pid  5085] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5085] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5085] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5085] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5085] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5085] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5085] unshare(CLONE_NEWNS)        = 0
[pid  5085] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5085] unshare(CLONE_NEWIPC)       = 0
[pid  5085] unshare(CLONE_NEWCGROUP)    = 0
[pid  5085] unshare(CLONE_NEWUTS)       = 0
[pid  5085] unshare(CLONE_SYSVSEM)      = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "16777216", 8)     = 8
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "536870912", 9)    = 9
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1024", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "8192", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1024", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1024", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5085] close(3)                    = 0
[pid  5085] getpid()                    = 1
[pid  5085] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5085] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5085] unshare(CLONE_NEWNET)       = 0
[pid  5085] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "0 65535", 7)      = 7
[pid  5085] close(3)                    = 0
[pid  5085] mkdir("/dev/binderfs", 0777) = 0
[pid  5085] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5085] memfd_create("syzkaller", 0) = 3
[pid  5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77fca00000
[pid  5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid  5085] munmap(0x7f77fca00000, 138412032) = 0
[pid  5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5085] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5085] close(3)                    = 0
[pid  5085] close(4)                    = 0
[pid  5085] mkdir("./file0", 0777)      = 0
[   54.071374][ T5085] loop0: detected capacity change from 0 to 512
[   54.093978][ T5085] =======================================================
[   54.093978][ T5085] WARNING: The mand mount option has been deprecated and
[   54.093978][ T5085]          and is ignored by this kernel. Remove the mand
[   54.093978][ T5085]          option from the mount to silence this warning.
[   54.093978][ T5085] =======================================================
[   54.129503][ T5085] EXT4-fs: Ignoring removed nomblk_io_submit option
[   54.137575][ T5085] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.162377][ T5085] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor360: bg 0: block 248: padding at end of block bitmap is not set
[   54.177889][ T5085] Quota error (device loop0): write_blk: dquota write failed
[   54.185755][ T5085] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   54.195838][ T5085] EXT4-fs error (device loop0): ext4_acquire_dquot:6882: comm syz-executor360: Failed to acquire dquot type 1
[pid  5085] mount("/dev/loop0", "./file0", "ext4", MS_MANDLOCK|MS_NODIRATIME|MS_REC|MS_LAZYTIME, "grpid,init_itable=0x0000000000000009,dioread_nolock,init_itable=0x0000000000000003,grpjquota=,noquot"...) = 0
[pid  5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5085] chdir("./file0")            = 0
[pid  5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5085] unlink("./file1")           = 0
[pid  5085] fanotify_init(FAN_CLASS_NOTIF, O_RDONLY) = 4
[pid  5085] open(".", O_RDONLY)         = 5
[pid  5085] fanotify_mark(4, FAN_MARK_ADD|FAN_MARK_DONT_FOLLOW|FAN_MARK_ONLYDIR, FAN_ACCESS|FAN_CLOSE_WRITE|FAN_OPEN|FAN_EVENT_ON_CHILD, 5, NULL) = 0
[   54.209652][ T5085] EXT4-fs (loop0): 1 truncate cleaned up
[   54.215359][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.228315][ T5085] ext4 filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[pid  5085] exit_group(1)               = ?
[   54.310097][ T5085] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.319669][   T62] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5
[   54.329706][   T62] EXT4-fs error (device loop0): ext4_release_dquot:6905: comm kworker/u8:4: Failed to release dquot type 1
[   54.341589][   T62] ==================================================================
[   54.349672][   T62] BUG: KASAN: slab-use-after-free in fsnotify+0x2a4/0x1f70
[   54.356898][   T62] Read of size 8 at addr ffff88802f1dce80 by task kworker/u8:4/62
[   54.364685][   T62] 
[   54.366995][   T62] CPU: 0 PID: 62 Comm: kworker/u8:4 Not tainted 6.9.0-rc3-next-20240410-syzkaller #0
[   54.376432][   T62] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   54.386472][   T62] Workqueue: events_unbound quota_release_workfn
[   54.392797][   T62] Call Trace:
[   54.396065][   T62]  <TASK>
[   54.398982][   T62]  dump_stack_lvl+0x241/0x360
[   54.403656][   T62]  ? __pfx_dump_stack_lvl+0x10/0x10
[   54.408842][   T62]  ? __pfx__printk+0x10/0x10
[   54.413425][   T62]  ? _printk+0xd5/0x120
[   54.417568][   T62]  ? __virt_addr_valid+0x183/0x520
[   54.422665][   T62]  ? __virt_addr_valid+0x183/0x520
[   54.427760][   T62]  print_report+0x169/0x550
[   54.432250][   T62]  ? __virt_addr_valid+0x183/0x520
[   54.437346][   T62]  ? __virt_addr_valid+0x183/0x520
[   54.442445][   T62]  ? __virt_addr_valid+0x44e/0x520
[   54.447540][   T62]  ? __phys_addr+0xba/0x170
[   54.452028][   T62]  ? fsnotify+0x2a4/0x1f70
[   54.456432][   T62]  kasan_report+0x143/0x180
[   54.460924][   T62]  ? fsnotify+0x2a4/0x1f70
[   54.465330][   T62]  fsnotify+0x2a4/0x1f70
[   54.469565][   T62]  ? __pfx_vprintk_emit+0x10/0x10
[   54.474589][   T62]  ? _printk+0xd5/0x120
[   54.478735][   T62]  ? __pfx_fsnotify+0x10/0x10
[   54.483409][   T62]  ? rcu_is_watching+0x15/0xb0
[   54.488172][   T62]  __ext4_error+0x255/0x3b0
[   54.492672][   T62]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   54.498644][   T62]  ? __pfx___ext4_error+0x10/0x10
[   54.503663][   T62]  ? dquot_release+0x173/0x5c0
[   54.508420][   T62]  ext4_release_dquot+0x326/0x450
[   54.513437][   T62]  quota_release_workfn+0x39f/0x650
[   54.518629][   T62]  ? __pfx_quota_release_workfn+0x10/0x10
[   54.524343][   T62]  ? process_scheduled_works+0x945/0x1830
[   54.530050][   T62]  process_scheduled_works+0xa2c/0x1830
[   54.535595][   T62]  ? __pfx_process_scheduled_works+0x10/0x10
[   54.541566][   T62]  ? assign_work+0x364/0x3d0
[   54.546145][   T62]  worker_thread+0x86d/0xd70
[   54.550729][   T62]  ? __kthread_parkme+0x169/0x1d0
[   54.555743][   T62]  ? __pfx_worker_thread+0x10/0x10
[   54.560847][   T62]  kthread+0x2f0/0x390
[   54.564908][   T62]  ? __pfx_worker_thread+0x10/0x10
[   54.570010][   T62]  ? __pfx_kthread+0x10/0x10
[   54.574606][   T62]  ret_from_fork+0x4b/0x80
[   54.579027][   T62]  ? __pfx_kthread+0x10/0x10
[   54.583612][   T62]  ret_from_fork_asm+0x1a/0x30
[   54.588374][   T62]  </TASK>
[   54.591377][   T62] 
[   54.593683][   T62] Allocated by task 5085:
[   54.598002][   T62]  kasan_save_track+0x3f/0x80
[   54.602675][   T62]  __kasan_kmalloc+0x98/0xb0
[   54.607248][   T62]  kmalloc_trace_noprof+0x19c/0x2b0
[   54.612432][   T62]  fsnotify_add_mark_locked+0x3b2/0xe60
[   54.617979][   T62]  fanotify_add_mark+0xbbd/0x1330
[   54.622996][   T62]  do_fanotify_mark+0xbcc/0xd90
[   54.627838][   T62]  __x64_sys_fanotify_mark+0xb5/0xd0
[   54.633108][   T62]  do_syscall_64+0xf5/0x240
[   54.637598][   T62]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.643481][   T62] 
[   54.645793][   T62] Freed by task 5085:
[   54.649756][   T62]  kasan_save_track+0x3f/0x80
[   54.654423][   T62]  kasan_save_free_info+0x40/0x50
[   54.659435][   T62]  poison_slab_object+0xe0/0x150
[   54.664356][   T62]  __kasan_slab_free+0x37/0x60
[   54.669104][   T62]  kfree+0x149/0x350
[   54.672987][   T62]  fsnotify_sb_delete+0x686/0x6f0
[   54.677998][   T62]  generic_shutdown_super+0xa5/0x2d0
[   54.683275][   T62]  kill_block_super+0x44/0x90
[   54.687938][   T62]  ext4_kill_sb+0x68/0xa0
[   54.692254][   T62]  deactivate_locked_super+0xc4/0x130
[   54.697615][   T62]  cleanup_mnt+0x426/0x4c0
[   54.702020][   T62]  task_work_run+0x24f/0x310
[   54.706605][   T62]  do_exit+0xa1b/0x27e0
[   54.710749][   T62]  do_group_exit+0x207/0x2c0
[   54.715332][   T62]  __x64_sys_exit_group+0x3f/0x40
[   54.720348][   T62]  do_syscall_64+0xf5/0x240
[   54.724837][   T62]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.730720][   T62] 
[   54.733030][   T62] The buggy address belongs to the object at ffff88802f1dce80
[   54.733030][   T62]  which belongs to the cache kmalloc-32 of size 32
[   54.746893][   T62] The buggy address is located 0 bytes inside of
[   54.746893][   T62]  freed 32-byte region [ffff88802f1dce80, ffff88802f1dcea0)
[   54.760411][   T62] 
[   54.762722][   T62] The buggy address belongs to the physical page:
[   54.769114][   T62] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f1dc
[   54.777861][   T62] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   54.784951][   T62] page_type: 0xffffefff(slab)
[   54.789614][   T62] raw: 00fff80000000000 ffff888015041500 ffffea000096b540 dead000000000004
[   54.798178][   T62] raw: 0000000000000000 0000000080400040 00000001ffffefff 0000000000000000
[   54.806742][   T62] page dumped because: kasan: bad access detected
[   54.813138][   T62] page_owner tracks the page as allocated
[   54.818837][   T62] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid -625457465 (swapper/0), ts 1, free_ts 0
[   54.835416][   T62]  post_alloc_hook+0x1f3/0x230
[   54.840179][   T62]  get_page_from_freelist+0x2ce2/0x2d90
[   54.845731][   T62]  __alloc_pages_noprof+0x256/0x6c0
[   54.850920][   T62]  alloc_slab_page+0x5f/0x120
[   54.855581][   T62]  allocate_slab+0x5a/0x2e0
[   54.860068][   T62]  ___slab_alloc+0xcd1/0x14b0
[   54.864734][   T62]  __slab_alloc+0x58/0xa0
[   54.869052][   T62]  kmalloc_node_track_caller_noprof+0x286/0x440
[   54.875280][   T62]  kstrdup+0x3a/0x80
[   54.879165][   T62]  kobject_set_name_vargs+0x61/0x120
[   54.884435][   T62]  kobject_init_and_add+0xde/0x190
[   54.889533][   T62]  sysfs_slab_add+0x7a/0x290
[   54.894115][   T62]  slab_sysfs_init+0x66/0x170
[   54.898801][   T62]  do_one_initcall+0x248/0x880
[   54.903554][   T62]  do_initcall_level+0x157/0x210
[   54.908481][   T62]  do_initcalls+0x3f/0x80
[   54.912795][   T62] page_owner free stack trace missing
[   54.918143][   T62] 
[   54.920451][   T62] Memory state around the buggy address:
[   54.926065][   T62]  ffff88802f1dcd80: 00 00 05 fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   54.934111][   T62]  ffff88802f1dce00: 00 00 00 06 fc fc fc fc fa fb fb fb fc fc fc fc
[   54.942154][   T62] >ffff88802f1dce80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   54.950198][   T62]                    ^
[   54.954248][   T62]  ffff88802f1dcf00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   54.962296][   T62]  ffff88802f1dcf80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   54.970340][   T62] ==================================================================
[   54.979441][   T62] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   54.986651][   T62] CPU: 1 PID: 62 Comm: kworker/u8:4 Not tainted 6.9.0-rc3-next-20240410-syzkaller #0
[   54.996105][   T62] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   55.006149][   T62] Workqueue: events_unbound quota_release_workfn
[   55.012475][   T62] Call Trace:
[   55.015743][   T62]  <TASK>
[   55.018666][   T62]  dump_stack_lvl+0x241/0x360
[   55.023332][   T62]  ? __pfx_dump_stack_lvl+0x10/0x10
[   55.028535][   T62]  ? __pfx__printk+0x10/0x10
[   55.033114][   T62]  ? preempt_schedule+0xe1/0xf0
[   55.037953][   T62]  ? vscnprintf+0x5d/0x90
[   55.042278][   T62]  panic+0x349/0x860
[   55.046161][   T62]  ? check_panic_on_warn+0x21/0xb0
[   55.051265][   T62]  ? __pfx_panic+0x10/0x10
[   55.055669][   T62]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   55.061638][   T62]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   55.067953][   T62]  ? print_report+0x502/0x550
[   55.072622][   T62]  check_panic_on_warn+0x86/0xb0
[   55.077551][   T62]  ? fsnotify+0x2a4/0x1f70
[   55.081958][   T62]  end_report+0x77/0x160
[   55.086191][   T62]  kasan_report+0x154/0x180
[   55.090682][   T62]  ? fsnotify+0x2a4/0x1f70
[   55.095091][   T62]  fsnotify+0x2a4/0x1f70
[   55.099329][   T62]  ? __pfx_vprintk_emit+0x10/0x10
[   55.104348][   T62]  ? _printk+0xd5/0x120
[   55.108490][   T62]  ? __pfx_fsnotify+0x10/0x10
[   55.113158][   T62]  ? rcu_is_watching+0x15/0xb0
[   55.117916][   T62]  __ext4_error+0x255/0x3b0
[   55.122413][   T62]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   55.128383][   T62]  ? __pfx___ext4_error+0x10/0x10
[   55.133402][   T62]  ? dquot_release+0x173/0x5c0
[   55.138159][   T62]  ext4_release_dquot+0x326/0x450
[   55.143176][   T62]  quota_release_workfn+0x39f/0x650
[   55.148369][   T62]  ? __pfx_quota_release_workfn+0x10/0x10
[   55.154081][   T62]  ? process_scheduled_works+0x945/0x1830
[   55.159786][   T62]  process_scheduled_works+0xa2c/0x1830
[   55.165334][   T62]  ? __pfx_process_scheduled_works+0x10/0x10
[   55.171303][   T62]  ? assign_work+0x364/0x3d0
[   55.175882][   T62]  worker_thread+0x86d/0xd70
[   55.180468][   T62]  ? __kthread_parkme+0x169/0x1d0
[   55.185500][   T62]  ? __pfx_worker_thread+0x10/0x10
[   55.190603][   T62]  kthread+0x2f0/0x390
[   55.194661][   T62]  ? __pfx_worker_thread+0x10/0x10
[   55.199764][   T62]  ? __pfx_kthread+0x10/0x10
[   55.204343][   T62]  ret_from_fork+0x4b/0x80
[   55.208758][   T62]  ? __pfx_kthread+0x10/0x10
[   55.213354][   T62]  ret_from_fork_asm+0x1a/0x30
[   55.218115][   T62]  </TASK>
[   55.221296][   T62] Kernel Offset: disabled
[   55.225605][   T62] Rebooting in 86400 seconds..