EXT4-fs warning (device loop3): ext4_enable_quotas:6417: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): mount failed ================================================================== BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: use-after-free in atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline] BUG: KASAN: use-after-free in __refcount_add include/linux/refcount.h:193 [inline] BUG: KASAN: use-after-free in __refcount_inc include/linux/refcount.h:250 [inline] BUG: KASAN: use-after-free in refcount_inc include/linux/refcount.h:267 [inline] BUG: KASAN: use-after-free in get_task_struct include/linux/sched/task.h:104 [inline] BUG: KASAN: use-after-free in kthread_stop+0x76/0x610 kernel/kthread.c:616 Write of size 4 at addr ffff888043f70020 by task syz-executor.3/8694 CPU: 0 PID: 8694 Comm: syz-executor.3 Not tainted 5.10.60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x210 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x37/0x7c mm/kasan/report.c:562 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0xf5/0x1d0 mm/kasan/generic.c:192 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_fetch_add_relaxed include/asm-generic/atomic-instrumented.h:142 [inline] __refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:104 [inline] kthread_stop+0x76/0x610 kernel/kthread.c:616 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x79dc/0xccc0 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2895 [inline] path_mount+0x66e/0x2080 fs/namespace.c:3225 do_mount fs/namespace.c:3238 [inline] __do_sys_mount fs/namespace.c:3446 [inline] __se_sys_mount fs/namespace.c:3423 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3423 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe865965fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fe865966000 RBP: 00007fe865966040 R08: 00007fe865966040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007fe865966000 R15: 0000000020000140 Allocated by task 2: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2889 [inline] kmem_cache_alloc_node+0x14d/0x360 mm/slub.c:2925 alloc_task_struct_node kernel/fork.c:170 [inline] dup_task_struct kernel/fork.c:860 [inline] copy_process+0x43ba/0x64e0 kernel/fork.c:1947 kernel_clone+0xe7/0xa20 kernel/fork.c:2465 kernel_thread+0xb7/0xf0 kernel/fork.c:2517 create_kthread kernel/kthread.c:315 [inline] kthreadd+0x4bb/0x710 kernel/kthread.c:658 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 Freed by task 8682: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x111/0x150 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0x64/0x150 mm/slub.c:1575 slab_free mm/slub.c:3140 [inline] kmem_cache_free+0x99/0x2f0 mm/slub.c:3156 __put_task_struct+0x25a/0x3e0 kernel/fork.c:741 put_task_struct include/linux/sched/task.h:113 [inline] delayed_put_task_struct+0x1a4/0x2b0 kernel/exit.c:173 rcu_do_batch kernel/rcu/tree.c:2484 [inline] rcu_core+0x504/0xfd0 kernel/rcu/tree.c:2719 __do_softirq+0x1b6/0x86a kernel/softirq.c:298 Last call_rcu(): kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_record_aux_stack+0xa0/0xb0 mm/kasan/generic.c:346 __call_rcu kernel/rcu/tree.c:2960 [inline] call_rcu+0x8a/0x9d0 kernel/rcu/tree.c:3034 put_task_struct_rcu_user+0x7f/0xb0 kernel/exit.c:179 finish_task_switch+0x42f/0x5d0 kernel/sched/core.c:3647 context_switch kernel/sched/core.c:3777 [inline] __schedule+0x853/0x1e90 kernel/sched/core.c:4523 schedule+0xcb/0x270 kernel/sched/core.c:4601 io_schedule+0xb6/0x130 kernel/sched/core.c:6274 bit_wait_io+0x12/0xa0 kernel/sched/wait_bit.c:209 __wait_on_bit+0x59/0x1b0 kernel/sched/wait_bit.c:49 out_of_line_wait_on_bit+0xd8/0x110 kernel/sched/wait_bit.c:64 wait_on_bit_io include/linux/wait_bit.h:101 [inline] __wait_on_buffer fs/buffer.c:122 [inline] wait_on_buffer include/linux/buffer_head.h:354 [inline] __sync_dirty_buffer+0x2f8/0x3f0 fs/buffer.c:3156 ext4_commit_super+0x7da/0xc10 fs/ext4/super.c:5561 save_error_info fs/ext4/super.c:521 [inline] __ext4_error+0x246/0x290 fs/ext4/super.c:723 ext4_quota_enable fs/ext4/super.c:6380 [inline] ext4_enable_quotas+0x6d3/0x8d0 fs/ext4/super.c:6413 ext4_fill_super+0x99c5/0xccc0 fs/ext4/super.c:5064 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2895 [inline] path_mount+0x66e/0x2080 fs/namespace.c:3225 do_mount fs/namespace.c:3238 [inline] __do_sys_mount fs/namespace.c:3446 [inline] __se_sys_mount fs/namespace.c:3423 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3423 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Second to last call_rcu(): kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_record_aux_stack+0xa0/0xb0 mm/kasan/generic.c:346 __call_rcu kernel/rcu/tree.c:2960 [inline] call_rcu+0x8a/0x9d0 kernel/rcu/tree.c:3034 put_task_struct_rcu_user+0x7f/0xb0 kernel/exit.c:179 finish_task_switch+0x42f/0x5d0 kernel/sched/core.c:3647 context_switch kernel/sched/core.c:3777 [inline] __schedule+0x853/0x1e90 kernel/sched/core.c:4523 preempt_schedule_common+0x30/0x60 kernel/sched/core.c:4682 _cond_resched+0x18/0x20 kernel/sched/core.c:6097 __wait_for_common kernel/sched/completion.c:101 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x8d/0x270 kernel/sched/completion.c:138 kthread_stop+0x160/0x610 kernel/kthread.c:621 loop_unprepare_queue drivers/block/loop.c:932 [inline] __loop_clr_fd+0xa8d/0xf90 drivers/block/loop.c:1270 loop_clr_fd drivers/block/loop.c:1350 [inline] lo_ioctl+0x6a4/0x1760 drivers/block/loop.c:1708 __blkdev_driver_ioctl block/ioctl.c:237 [inline] blkdev_ioctl+0x28d/0x720 block/ioctl.c:632 block_ioctl+0xf9/0x140 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x196/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff888043f70000 which belongs to the cache task_struct of size 6208 The buggy address is located 32 bytes inside of 6208-byte region [ffff888043f70000, ffff888043f71840) The buggy address belongs to the page: page:00000000f67d0c2c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43f70 head:00000000f67d0c2c order:3 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head) raw: 0100000000010200 dead000000000100 dead000000000122 ffff888007fea140 raw: 0000000000000000 0000000000050005 00000001ffffffff ffff888017f32381 page dumped because: kasan: bad access detected page->mem_cgroup:ffff888017f32381 Memory state around the buggy address: ffff888043f6ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888043f6ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888043f70000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888043f70080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888043f70100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 0 PID: 8694 at lib/refcount.c:25 refcount_warn_saturate+0x178/0x1f0 lib/refcount.c:25 Modules linked in: CPU: 0 PID: 8694 Comm: syz-executor.3 Tainted: G B 5.10.60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x178/0x1f0 lib/refcount.c:25 Code: 03 31 ff 89 de e8 88 c7 50 ff 84 db 0f 85 2e ff ff ff e8 3b ce 50 ff 48 c7 c7 e0 40 3b 84 c6 05 92 53 56 03 01 e8 47 e6 dc 01 <0f> 0b e9 0f ff ff ff e8 1c ce 50 ff 0f b6 1d 7c 53 56 03 31 ff 89 RSP: 0018:ffff888042b5fab8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff812912c3 RDI: ffffed100856bf49 RBP: ffff888043f70020 R08: 0000000000000001 R09: ffff88806ce1ffdb R10: 0000000000000000 R11: 0000000000000001 R12: ffff888043f70020 R13: ffff88800d11c5c8 R14: ffff888040de0000 R15: ffff88800d11c000 FS: 00007fe865966700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9735f91e30 CR3: 0000000031fc2000 CR4: 0000000000350ef0 Call Trace: __refcount_add include/linux/refcount.h:199 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:104 [inline] kthread_stop+0x583/0x610 kernel/kthread.c:616 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x79dc/0xccc0 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2895 [inline] path_mount+0x66e/0x2080 fs/namespace.c:3225 do_mount fs/namespace.c:3238 [inline] __do_sys_mount fs/namespace.c:3446 [inline] __se_sys_mount fs/namespace.c:3423 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3423 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe865965fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fe865966000 RBP: 00007fe865966040 R08: 00007fe865966040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007fe865966000 R15: 0000000020000140 irq event stamp: 4120 hardirqs last enabled at (4119): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (4119): [] _raw_spin_unlock_irqrestore+0x34/0x40 kernel/locking/spinlock.c:191 hardirqs last disabled at (4120): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (4120): [] _raw_spin_lock_irqsave+0x4b/0x50 kernel/locking/spinlock.c:159 softirqs last enabled at (3940): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3673): [] asm_call_irq_on_stack+0x12/0x20 ---[ end trace 43c8e79102e45fdd ]--- ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 0 PID: 8694 at lib/refcount.c:28 refcount_warn_saturate+0x103/0x1f0 lib/refcount.c:28 Modules linked in: CPU: 0 PID: 8694 Comm: syz-executor.3 Tainted: G B W 5.10.60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:refcount_warn_saturate+0x103/0x1f0 lib/refcount.c:28 Code: 1d 26 54 56 03 31 ff 89 de e8 f9 c7 50 ff 84 db 75 a3 e8 b0 ce 50 ff 48 c7 c7 40 41 3b 84 c6 05 06 54 56 03 01 e8 bc e6 dc 01 <0f> 0b eb 87 e8 94 ce 50 ff 0f b6 1d ef 53 56 03 31 ff 89 de e8 c4 RSP: 0018:ffff888042b5fab8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff812912c3 RDI: ffffed100856bf49 RBP: ffff888043f70020 R08: 0000000000000001 R09: ffff88806ce1ffdb R10: 0000000000000000 R11: 0000000000000001 R12: ffff888043f70020 R13: 0000000000000000 R14: ffff888040de0000 R15: ffff88800d11c000 FS: 00007fe865966700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95cd179344 CR3: 0000000031fc2000 CR4: 0000000000350ef0 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] put_task_struct include/linux/sched/task.h:112 [inline] kthread_stop+0x56c/0x610 kernel/kthread.c:623 ext4_stop_mmpd+0x47/0xd0 fs/ext4/mmp.c:254 ext4_fill_super+0x79dc/0xccc0 fs/ext4/super.c:5176 mount_bdev+0x331/0x3f0 fs/super.c:1419 legacy_get_tree+0x105/0x220 fs/fs_context.c:592 vfs_get_tree+0x8e/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2895 [inline] path_mount+0x66e/0x2080 fs/namespace.c:3225 do_mount fs/namespace.c:3238 [inline] __do_sys_mount fs/namespace.c:3446 [inline] __se_sys_mount fs/namespace.c:3423 [inline] __x64_sys_mount+0x27e/0x300 fs/namespace.c:3423 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467b2a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe865965fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000467b2a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fe865966000 RBP: 00007fe865966040 R08: 00007fe865966040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 00007fe865966000 R15: 0000000020000140 irq event stamp: 4120 hardirqs last enabled at (4119): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (4119): [] _raw_spin_unlock_irqrestore+0x34/0x40 kernel/locking/spinlock.c:191 hardirqs last disabled at (4120): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (4120): [] _raw_spin_lock_irqsave+0x4b/0x50 kernel/locking/spinlock.c:159 softirqs last enabled at (3940): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (3673): [] asm_call_irq_on_stack+0x12/0x20 ---[ end trace 43c8e79102e45fde ]--- EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=continue,resgid=0x0000000000000000,errors=remount-ro,nodiscard, EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled ext4 filesystem being mounted at /syzkaller-testdir074580731/syzkaller.FE9Skw/113/file0 supports timestamps until 2038 (0x7fffffff) EXT4-fs error (device loop3): ext4_ext_check_inode:459: inode #3: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 0, max 0(0), depth 0(0) EXT4-fs (loop3): Remounting filesystem read-only EXT4-fs error (device loop3): ext4_quota_enable:6380: comm syz-executor.3: Bad quota inode # 3 EXT4-fs warning (device loop3): ext4_enable_quotas:6417: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): mount failed EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop7): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop5): bad geometry: block count 128 exceeds size of device (10 blocks) EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs error (device loop6): ext4_ext_check_inode:459: inode #4: comm syz-executor.6: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) EXT4-fs (loop6): Remounting filesystem read-only EXT4-fs error (device loop6): ext4_quota_enable:6380: comm syz-executor.6: Bad quota inode # 4 EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs error (device loop4): ext4_ext_check_inode:459: inode #4: comm syz-executor.4: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) EXT4-fs warning (device loop6): ext4_enable_quotas:6417: Failed to enable quota tracking (type=1, err=-117). Please run e2fsck to fix. EXT4-fs (loop4): Remounting filesystem read-only EXT4-fs error (device loop4): ext4_quota_enable:6380: comm syz-executor.4: Bad quota inode # 4 EXT4-fs error (device loop7): ext4_ext_check_inode:459: inode #4: comm syz-executor.7: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) EXT4-fs (loop7): Remounting filesystem read-only EXT4-fs error (device loop7): ext4_quota_enable:6380: comm syz-executor.7: Bad quota inode # 4 EXT4-fs warning (device loop7): ext4_enable_quotas:6417: Failed to enable quota tracking (type=1, err=-117). Please run e2fsck to fix. EXT4-fs (loop7): mount failed EXT4-fs warning (device loop4): ext4_enable_quotas:6417: Failed to enable quota tracking (type=1, err=-117). Please run e2fsck to fix. EXT4-fs (loop6): mount failed EXT4-fs error (device loop0): ext4_fill_super:4954: inode #2: comm syz-executor.0: iget: root inode unallocated EXT4-fs error (device loop1): ext4_fill_super:4954: inode #2: comm syz-executor.1: iget: root inode unallocated EXT4-fs (loop0): Remounting filesystem read-only EXT4-fs (loop1): Remounting filesystem read-only EXT4-fs (loop0): get root inode failed EXT4-fs (loop1): get root inode failed EXT4-fs (loop0): mount failed EXT4-fs (loop1): mount failed EXT4-fs (loop4): mount failed EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop5): bad geometry: block count 128 exceeds size of device (7 blocks) EXT4-fs error (device loop2): ext4_fill_super:4954: inode #2: comm syz-executor.2: iget: root inode unallocated EXT4-fs (loop2): Remounting filesystem read-only EXT4-fs (loop2): get root inode failed EXT4-fs (loop2): mount failed EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs error (device loop3): ext4_ext_check_inode:459: inode #3: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 0, max 0(0), depth 0(0) EXT4-fs (loop3): Remounting filesystem read-only EXT4-fs error (device loop3): ext4_quota_enable:6380: comm syz-executor.3: Bad quota inode # 3 EXT4-fs warning (device loop3): ext4_enable_quotas:6417: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop3): mount failed EXT4-fs error (device loop1): ext4_fill_super:4954: inode #2: comm syz-executor.1: iget: root inode unallocated EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop1): Remounting filesystem read-only EXT4-fs (loop1): get root inode failed EXT4-fs (loop1): mount failed EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop5): bad geometry: block count 128 exceeds size of device (4 blocks) EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled EXT4-fs error (device loop4): ext4_ext_check_inode:459: inode #4: comm syz-executor.4: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) EXT4-fs (loop4): Remounting filesystem read-only EXT4-fs error (device loop4): ext4_quota_enable:6380: comm syz-executor.4: Bad quota inode # 4 general protection fault, probably for non-canonical address 0x8797ddfe220100: 0000 [#1] SMP KASAN NOPTI CPU: 0 PID: 287 Comm: syz-executor.1 Tainted: G B W 5.10.60 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:compound_head include/linux/page-flags.h:185 [inline] RIP: 0010:virt_to_head_page include/linux/mm.h:860 [inline] RIP: 0010:qlink_to_cache mm/kasan/quarantine.c:130 [inline] RIP: 0010:qlist_free_all+0x8d/0xe0 mm/kasan/quarantine.c:167 Code: df 48 85 db 75 cc 48 89 c2 4c 01 ea 72 57 4c 89 f1 48 2b 0d 65 a9 3d 03 48 01 ca 48 c1 ea 0c 48 c1 e2 06 48 03 15 43 a9 3d 03 <48> 8b 4a 08 48 8d 71 ff 83 e1 01 48 0f 45 d6 48 8b 7a 18 eb 93 49 RSP: 0018:ffff88803d24fcb8 EFLAGS: 00010207 RAX: 21eaffff888041da RBX: 0000000000000000 RCX: 0000777f80000000 RDX: 008797ddfe220100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff816a5100 R10: ffff888043f70002 R11: 0000000000000001 R12: ffff88803d24fcf0 R13: 0000000080000000 R14: ffffffff80000000 R15: 21eaffff888041da FS: 00000000022b4400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000022c5c98 CR3: 000000003d246000 CR4: 0000000000350ef0 Call Trace: quarantine_reduce+0x176/0x1b0 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0x9e/0xd0 mm/kasan/common.c:442 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2889 [inline] slab_alloc mm/slub.c:2897 [inline] kmem_cache_alloc+0x13d/0x350 mm/slub.c:2902 sock_alloc_inode+0x18/0x1c0 net/socket.c:253 alloc_inode+0x63/0x230 fs/inode.c:234 new_inode_pseudo+0x14/0xe0 fs/inode.c:930 sock_alloc+0x3c/0x260 net/socket.c:573 __sock_create+0xb9/0x760 net/socket.c:1378 sock_create net/socket.c:1465 [inline] __sys_socket+0xef/0x200 net/socket.c:1507 __do_sys_socket net/socket.c:1516 [inline] __se_sys_socket net/socket.c:1514 [inline] __x64_sys_socket+0x6e/0xb0 net/socket.c:1514 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x467c77 Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660d8a48 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 0000000000000029 RCX: 0000000000467c77 RDX: 0000000000000006 RSI: 0000000000000001 RDI: 000000000000000a RBP: 00007fff660d8a70 R08: 0000000000000000 R09: 00007fff660d8fd0 R10: 00007fff660d8ad0 R11: 0000000000000206 R12: 0000000000000032 R13: 0000000000134175 R14: 0000000000000000 R15: 0000000000542b40 Modules linked in: ---[ end trace 43c8e79102e45fdf ]--- RIP: 0010:compound_head include/linux/page-flags.h:185 [inline] RIP: 0010:virt_to_head_page include/linux/mm.h:860 [inline] RIP: 0010:qlink_to_cache mm/kasan/quarantine.c:130 [inline] RIP: 0010:qlist_free_all+0x8d/0xe0 mm/kasan/quarantine.c:167 Code: df 48 85 db 75 cc 48 89 c2 4c 01 ea 72 57 4c 89 f1 48 2b 0d 65 a9 3d 03 48 01 ca 48 c1 ea 0c 48 c1 e2 06 48 03 15 43 a9 3d 03 <48> 8b 4a 08 48 8d 71 ff 83 e1 01 48 0f 45 d6 48 8b 7a 18 eb 93 49 RSP: 0018:ffff88803d24fcb8 EFLAGS: 00010207 RAX: 21eaffff888041da RBX: 0000000000000000 RCX: 0000777f80000000 RDX: 008797ddfe220100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff816a5100 R10: ffff888043f70002 R11: 0000000000000001 R12: ffff88803d24fcf0 R13: 0000000080000000 R14: ffffffff80000000 R15: 21eaffff888041da FS: 00000000022b4400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000022c5c98 CR3: 000000003d246000 CR4: 0000000000350ef0 EXT4-fs warning (device loop4): ext4_enable_quotas:6417: Failed to enable quota tracking (type=1, err=-117). Please run e2fsck to fix. EXT4-fs (loop4): mount failed EXT4-fs error (device loop2): ext4_fill_super:4954: inode #2: comm syz-executor.2: iget: root inode unallocated EXT4-fs (loop2): Remounting filesystem read-only EXT4-fs (loop2): get root inode failed EXT4-fs (loop2): mount failed EXT4-fs error (device loop6): ext4_ext_check_inode:459: inode #4: comm syz-executor.6: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) EXT4-fs (loop6): Remounting filesystem read-only EXT4-fs error (device loop6): ext4_quota_enable:6380: comm syz-executor.6: Bad quota inode # 4 EXT4-fs warning (device loop6): ext4_enable_quotas:6417: Failed to enable quota tracking (type=1, err=-117). Please run e2fsck to fix. EXT4-fs (loop6): mount failed