EXT4-fs error (device loop2): ext4_fill_super:4954: inode #2: comm syz-executor.2: iget: root inode unallocated EXT4-fs (loop2): get root inode failed EXT4-fs (loop2): mount failed ================================================================== BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: use-after-free in atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline] BUG: KASAN: use-after-free in __refcount_add include/linux/refcount.h:193 [inline] BUG: KASAN: use-after-free in __refcount_inc include/linux/refcount.h:250 [inline] BUG: KASAN: use-after-free in refcount_inc include/linux/refcount.h:267 [inline] BUG: KASAN: use-after-free in get_task_struct include/linux/sched/task.h:104 [inline] BUG: KASAN: use-after-free in kthread_stop+0x76/0x610 kernel/kthread.c:616 Write of size 4 at addr ffff88804fef32a0 by task syz-executor.2/14397 CPU: 1 PID: 14397 Comm: syz-executor.2 Not tainted 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x210 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x37/0x7c mm/kasan/report.c:562 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0xf9/0x1e0 mm/kasan/generic.c:192 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline] __refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:104 [inline] kthread_stop+0x76/0x610 kernel/kthread.c:616 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x8208/0xcf70 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2881 [inline] path_mount+0x139a/0x2080 fs/namespace.c:3211 do_mount fs/namespace.c:3224 [inline] __do_sys_mount fs/namespace.c:3432 [inline] __se_sys_mount fs/namespace.c:3409 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3409 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f277e324fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f277e325000 RBP: 00007f277e325040 R08: 00007f277e325040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007f277e325000 R15: 0000000020012e00 Allocated by task 2: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2889 [inline] kmem_cache_alloc_node+0x14b/0x370 mm/slub.c:2925 alloc_task_struct_node kernel/fork.c:170 [inline] dup_task_struct kernel/fork.c:860 [inline] copy_process+0x4380/0x6650 kernel/fork.c:1947 kernel_clone+0xe7/0xa20 kernel/fork.c:2465 kernel_thread+0xb5/0xf0 kernel/fork.c:2517 create_kthread kernel/kthread.c:315 [inline] kthreadd+0x4bb/0x710 kernel/kthread.c:658 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 Freed by task 74: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x110/0x150 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0x64/0x150 mm/slub.c:1575 slab_free mm/slub.c:3140 [inline] kmem_cache_free+0x97/0x2f0 mm/slub.c:3156 __put_task_struct+0x25a/0x3e0 kernel/fork.c:741 put_task_struct include/linux/sched/task.h:113 [inline] delayed_put_task_struct+0x1a4/0x2b0 kernel/exit.c:173 rcu_do_batch kernel/rcu/tree.c:2484 [inline] rcu_core+0x52d/0x1660 kernel/rcu/tree.c:2719 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 Last call_rcu(): kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_record_aux_stack+0x9e/0xb0 mm/kasan/generic.c:346 __call_rcu kernel/rcu/tree.c:2960 [inline] call_rcu+0x8a/0xa20 kernel/rcu/tree.c:3034 put_task_struct_rcu_user+0x7f/0xb0 kernel/exit.c:179 finish_task_switch+0x428/0x5d0 kernel/sched/core.c:3649 context_switch kernel/sched/core.c:3779 [inline] __schedule+0x850/0x1e80 kernel/sched/core.c:4525 preempt_schedule_common kernel/sched/core.c:4684 [inline] _cond_resched+0x45/0x80 kernel/sched/core.c:6117 down_read+0x79/0x420 kernel/locking/rwsem.c:1503 ext4_da_map_blocks fs/ext4/inode.c:1717 [inline] ext4_da_get_block_prep+0x7ad/0x1190 fs/ext4/inode.c:1835 __block_write_begin_int+0x3d1/0x1a50 fs/buffer.c:2011 ext4_da_write_begin+0x37d/0xde0 fs/ext4/inode.c:3019 generic_perform_write+0x1fe/0x4d0 mm/filemap.c:3333 ext4_buffered_write_iter+0x244/0x4d0 fs/ext4/file.c:270 ext4_file_write_iter+0x4ee/0x1890 fs/ext4/file.c:681 call_write_iter include/linux/fs.h:1903 [inline] new_sync_write+0x42c/0x660 fs/read_write.c:518 vfs_write+0x743/0xa20 fs/read_write.c:605 ksys_pwrite64 fs/read_write.c:712 [inline] __do_sys_pwrite64 fs/read_write.c:722 [inline] __se_sys_pwrite64 fs/read_write.c:719 [inline] __x64_sys_pwrite64+0x1fd/0x250 fs/read_write.c:719 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Second to last call_rcu(): kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_record_aux_stack+0x9e/0xb0 mm/kasan/generic.c:346 __call_rcu kernel/rcu/tree.c:2960 [inline] call_rcu+0x8a/0xa20 kernel/rcu/tree.c:3034 put_task_struct_rcu_user+0x7f/0xb0 kernel/exit.c:179 finish_task_switch+0x428/0x5d0 kernel/sched/core.c:3649 context_switch kernel/sched/core.c:3779 [inline] __schedule+0x850/0x1e80 kernel/sched/core.c:4525 schedule+0xcb/0x270 kernel/sched/core.c:4603 exit_to_user_mode_loop kernel/entry/common.c:152 [inline] exit_to_user_mode_prepare+0xdd/0x160 kernel/entry/common.c:191 irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:279 exc_page_fault+0xca/0x1a0 arch/x86/mm/fault.c:1495 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:571 The buggy address belongs to the object at ffff88804fef3280 which belongs to the cache task_struct of size 6208 The buggy address is located 32 bytes inside of 6208-byte region [ffff88804fef3280, ffff88804fef4ac0) The buggy address belongs to the page: page:00000000d5c3f97a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4fef0 head:00000000d5c3f97a order:3 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head) raw: 0100000000010200 0000000000000000 0000000400000001 ffff888007fdc140 raw: 0000000000000000 0000000000050005 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88804fef3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88804fef3200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88804fef3280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88804fef3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88804fef3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 14397 at lib/refcount.c:25 refcount_warn_saturate+0x178/0x1f0 lib/refcount.c:25 Modules linked in: CPU: 1 PID: 14397 Comm: syz-executor.2 Tainted: G B 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x178/0x1f0 lib/refcount.c:25 Code: 03 31 ff 89 de e8 e8 25 51 ff 84 db 0f 85 2e ff ff ff e8 ab 2c 51 ff 48 c7 c7 c0 37 3b 84 c6 05 ee 66 54 03 01 e8 c7 1e c9 01 <0f> 0b e9 0f ff ff ff e8 8c 2c 51 ff 0f b6 1d d8 66 54 03 31 ff 89 RSP: 0018:ffff88800ed47ac0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff812930d3 RDI: ffffed1001da8f4a RBP: ffff88804fef32a0 R08: 0000000000000001 R09: ffff88806cf2facf R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804fef32a0 R13: 0000000000000000 R14: ffff8880368fa000 R15: ffff8880368f8000 FS: 00007f277e325700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002003d000 CR3: 0000000050860000 CR4: 0000000000350ee0 Call Trace: __refcount_add include/linux/refcount.h:199 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:104 [inline] kthread_stop+0x583/0x610 kernel/kthread.c:616 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x8208/0xcf70 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2881 [inline] path_mount+0x139a/0x2080 fs/namespace.c:3211 do_mount fs/namespace.c:3224 [inline] __do_sys_mount fs/namespace.c:3432 [inline] __se_sys_mount fs/namespace.c:3409 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3409 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f277e324fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f277e325000 RBP: 00007f277e325040 R08: 00007f277e325040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007f277e325000 R15: 0000000020012e00 irq event stamp: 1524 hardirqs last enabled at (1523): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1523): [] _raw_spin_unlock_irqrestore+0x34/0x40 kernel/locking/spinlock.c:191 hardirqs last disabled at (1524): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (1524): [] _raw_spin_lock_irqsave+0x4b/0x50 kernel/locking/spinlock.c:159 softirqs last enabled at (1364): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (1309): [] asm_call_irq_on_stack+0x12/0x20 ---[ end trace ddba061754762b3c ]--- ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 0 PID: 14397 at lib/refcount.c:28 refcount_warn_saturate+0x103/0x1f0 lib/refcount.c:28 Modules linked in: CPU: 0 PID: 14397 Comm: syz-executor.2 Tainted: G B W 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x103/0x1f0 lib/refcount.c:28 Code: 1d 82 67 54 03 31 ff 89 de e8 59 26 51 ff 84 db 75 a3 e8 20 2d 51 ff 48 c7 c7 20 38 3b 84 c6 05 62 67 54 03 01 e8 3c 1f c9 01 <0f> 0b eb 87 e8 04 2d 51 ff 0f b6 1d 4b 67 54 03 31 ff 89 de e8 24 RSP: 0018:ffff88800ed47ac0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff812930d3 RDI: ffffed1001da8f4a RBP: ffff88804fef32a0 R08: 0000000000000001 R09: ffff88806ce2facf R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804fef32a0 R13: 0000000000000000 R14: ffff8880368fa000 R15: ffff8880368f8000 FS: 00007f277e325700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000205f0000 CR3: 0000000050860000 CR4: 0000000000350ef0 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] put_task_struct include/linux/sched/task.h:112 [inline] kthread_stop+0x56c/0x610 kernel/kthread.c:623 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x8208/0xcf70 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2881 [inline] path_mount+0x139a/0x2080 fs/namespace.c:3211 do_mount fs/namespace.c:3224 [inline] __do_sys_mount fs/namespace.c:3432 [inline] __se_sys_mount fs/namespace.c:3409 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3409 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f277e324fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f277e325000 RBP: 00007f277e325040 R08: 00007f277e325040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007f277e325000 R15: 0000000020012e00 irq event stamp: 1524 hardirqs last enabled at (1523): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1523): [] _raw_spin_unlock_irqrestore+0x34/0x40 kernel/locking/spinlock.c:191 hardirqs last disabled at (1524): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (1524): [] _raw_spin_lock_irqsave+0x4b/0x50 kernel/locking/spinlock.c:159 softirqs last enabled at (1364): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (1309): [] asm_call_irq_on_stack+0x12/0x20 ---[ end trace ddba061754762b3d ]--- FAULT_INJECTION: forcing a failure. name fail_usercopy, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 14420 Comm: syz-executor.1 Tainted: G B W 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 fail_dump lib/fault-inject.c:52 [inline] should_fail.cold+0x5/0xa lib/fault-inject.c:146 _copy_to_user+0x2e/0x180 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:200 [inline] simple_read_from_buffer+0xcc/0x160 fs/libfs.c:729 proc_fail_nth_read+0x194/0x220 fs/proc/base.c:1423 vfs_read+0x228/0x580 fs/read_write.c:494 ksys_read+0x12d/0x250 fs/read_write.c:634 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x41935c Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 RSP: 002b:00007f5154d8e170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041935c RDX: 000000000000000f RSI: 00007f5154d8e1e0 RDI: 0000000000000004 RBP: 00007f5154d8e1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffe988a598f R14: 00007f5154d8e300 R15: 0000000000022000 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue general protection fault, probably for non-canonical address 0x117ddfe220100: 0000 [#1] SMP KASAN NOPTI CPU: 0 PID: 74 Comm: jbd2/sda-8 Tainted: G B W 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:compound_head include/linux/page-flags.h:185 [inline] RIP: 0010:virt_to_head_page include/linux/mm.h:860 [inline] RIP: 0010:qlink_to_cache mm/kasan/quarantine.c:130 [inline] RIP: 0010:qlist_free_all+0x8d/0xd0 mm/kasan/quarantine.c:167 Code: df 48 85 db 75 cc 48 89 f0 4c 01 e8 72 56 4c 89 f2 48 2b 15 15 61 3a 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 f3 60 3a 03 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 93 49 RSP: 0018:ffff88800f6ef718 EFLAGS: 00010207 RAX: 000117ddfe220100 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000777f80000000 RSI: 004affff888044f0 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff816abb01 R10: ffff88804fef3282 R11: 0000000000000001 R12: ffff88800f6ef750 R13: 0000000080000000 R14: ffffffff80000000 R15: 004affff888044f0 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000002769098 CR3: 0000000043dc4000 CR4: 0000000000350ef0 Call Trace: quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0x9e/0xd0 mm/kasan/common.c:442 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2889 [inline] slab_alloc mm/slub.c:2897 [inline] kmem_cache_alloc+0x13b/0x350 mm/slub.c:2902 kmem_cache_zalloc include/linux/slab.h:654 [inline] alloc_buffer_head+0x20/0x100 fs/buffer.c:3336 alloc_page_buffers+0x14d/0x6c0 fs/buffer.c:856 grow_dev_page fs/buffer.c:993 [inline] grow_buffers fs/buffer.c:1043 [inline] __getblk_slow+0x2e5/0x7e0 fs/buffer.c:1070 __getblk_gfp+0x70/0x80 fs/buffer.c:1354 __getblk include/linux/buffer_head.h:380 [inline] jbd2_journal_get_descriptor_buffer+0x10a/0x410 fs/jbd2/journal.c:1022 journal_submit_commit_record.part.0+0x8a/0x9f0 fs/jbd2/commit.c:131 journal_submit_commit_record fs/jbd2/commit.c:128 [inline] jbd2_journal_commit_transaction+0x3b95/0x6610 fs/jbd2/commit.c:925 kjournald2+0x1d1/0x930 fs/jbd2/journal.c:213 kthread+0x38f/0x470 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 Modules linked in: ---[ end trace ddba061754762b3e ]--- RIP: 0010:compound_head include/linux/page-flags.h:185 [inline] RIP: 0010:virt_to_head_page include/linux/mm.h:860 [inline] RIP: 0010:qlink_to_cache mm/kasan/quarantine.c:130 [inline] RIP: 0010:qlist_free_all+0x8d/0xd0 mm/kasan/quarantine.c:167 Code: df 48 85 db 75 cc 48 89 f0 4c 01 e8 72 56 4c 89 f2 48 2b 15 15 61 3a 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 f3 60 3a 03 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 93 49 RSP: 0018:ffff88800f6ef718 EFLAGS: 00010207 RAX: 000117ddfe220100 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000777f80000000 RSI: 004affff888044f0 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff816abb01 R10: ffff88804fef3282 R11: 0000000000000001 R12: ffff88800f6ef750 R13: 0000000080000000 R14: ffffffff80000000 R15: 004affff888044f0 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000002769098 CR3: 0000000043dc4000 CR4: 0000000000350ef0