Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.59' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.699305] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14603!=0) [ 32.709634] EXT4-fs (loop0): orphan cleanup on readonly fs [ 32.717157] EXT4-fs error (device loop0): ext4_free_blocks:4856: comm syz-executor114: Freeing blocks in system zone - Block = 16, count = 16 [ 32.731363] EXT4-fs (loop0): Remounting filesystem read-only [ 32.737522] ------------[ cut here ]------------ [ 32.742273] kernel BUG at fs/ext4/ext4.h:2870! [ 32.747035] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 32.752393] CPU: 1 PID: 8078 Comm: syz-executor114 Not tainted 4.19.211-syzkaller #0 [ 32.760261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 32.769624] RIP: 0010:ext4_free_blocks+0x22d0/0x2ac0 [ 32.774708] Code: ff 48 c7 c2 20 7b 7a 88 be 74 02 00 00 48 c7 c7 80 7b 7a 88 c6 05 3b 49 2a 09 01 e8 7e f0 0e 06 e9 c6 f4 ff ff e8 30 40 7e ff <0f> 0b e8 29 40 7e ff 89 de bf a1 ff ff ff 8b ac 24 e8 00 00 00 e8 [ 32.793596] RSP: 0018:ffff888090ccf2a0 EFLAGS: 00010293 [ 32.799015] RAX: ffff8880b45a4640 RBX: 00000000ffffffff RCX: ffffffff81e426a7 [ 32.806262] RDX: 0000000000000000 RSI: ffffffff81e44540 RDI: 0000000000000004 [ 32.813513] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff [ 32.820762] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000001 [ 32.828028] R13: ffff88809561abc0 R14: 000000000000000c R15: ffff8880950c8ec0 [ 32.835274] FS: 0000555557403300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 32.843489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.849402] CR2: 00007f3b592a76c0 CR3: 00000000a8daa000 CR4: 00000000003406e0 [ 32.856657] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.863907] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.871154] Call Trace: [ 32.873733] ? ext4_mb_new_blocks+0x4370/0x4370 [ 32.878383] ? ext4_inode_block_valid+0x429/0x6a0 [ 32.883204] ? lock_downgrade+0x720/0x720 [ 32.887354] ? check_preemption_disabled+0x41/0x280 [ 32.892347] ? check_preemption_disabled+0x41/0x280 [ 32.897344] ? ext4_inode_block_valid+0x450/0x6a0 [ 32.902163] ext4_clear_blocks+0x34e/0x8b0 [ 32.906380] ? lock_acquire+0x170/0x3c0 [ 32.910329] ? ext4_es_remove_extent+0xb5/0x350 [ 32.914974] ext4_free_data+0x16f/0x390 [ 32.918933] ext4_ind_truncate+0x66d/0x910 [ 32.923150] ? ext4_ind_trans_blocks+0x70/0x70 [ 32.927719] ? lock_acquire+0x170/0x3c0 [ 32.931669] ? ext4_truncate+0x746/0x1380 [ 32.935796] ext4_truncate+0x7a3/0x1380 [ 32.939751] ? ext4_punch_hole+0x11f0/0x11f0 [ 32.944136] ? ext4_journal_check_start+0x185/0x220 [ 32.949131] ? ext4_get_nojournal+0x53/0xb0 [ 32.953434] ? __ext4_journal_start_sb+0x12d/0x3f0 [ 32.958346] ? ext4_evict_inode+0x79c/0x17b0 [ 32.962731] ext4_evict_inode+0x934/0x17b0 [ 32.966943] ? ext4_journalled_write_end+0x1450/0x1450 [ 32.972200] ? ext4_journalled_write_end+0x1450/0x1450 [ 32.977469] evict+0x2ed/0x760 [ 32.980638] iput+0x4f1/0x860 [ 32.983722] ext4_enable_quotas+0x4fa/0x780 [ 32.988022] ? ext4_clear_journal_err+0x2f0/0x2f0 [ 32.992839] ? ext4_decode_error+0x190/0x190 [ 32.997232] ? ata_dev_configure.cold+0x71c/0x1050 [ 33.002139] ? ext4_fill_super+0x7e3a/0xc850 [ 33.006525] ext4_fill_super+0x8f4b/0xc850 [ 33.010759] ? ext4_calculate_overhead+0x11c0/0x11c0 [ 33.015843] ? snprintf+0xbb/0xf0 [ 33.019296] ? vsprintf+0x30/0x30 [ 33.022725] ? wait_for_completion_io+0x10/0x10 [ 33.027867] ? set_blocksize+0x163/0x3f0 [ 33.031946] mount_bdev+0x2fc/0x3b0 [ 33.035570] ? ext4_calculate_overhead+0x11c0/0x11c0 [ 33.040656] mount_fs+0xa3/0x310 [ 33.044008] vfs_kern_mount.part.0+0x68/0x470 [ 33.048491] do_mount+0x115c/0x2f50 [ 33.052197] ? lock_acquire+0x170/0x3c0 [ 33.056161] ? check_preemption_disabled+0x41/0x280 [ 33.061160] ? copy_mount_string+0x40/0x40 [ 33.065374] ? copy_mount_options+0x59/0x380 [ 33.069777] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.074781] ? kmem_cache_alloc_trace+0x323/0x380 [ 33.079608] ? copy_mount_options+0x26f/0x380 [ 33.084095] ksys_mount+0xcf/0x130 [ 33.087617] __x64_sys_mount+0xba/0x150 [ 33.091585] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.096146] do_syscall_64+0xf9/0x620 [ 33.099932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.105107] RIP: 0033:0x7fcf59d2f4fa [ 33.108800] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.127678] RSP: 002b:00007ffdbf4fc958 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 33.135361] RAX: ffffffffffffffda RBX: 00007ffdbf4fc9b0 RCX: 00007fcf59d2f4fa [ 33.142607] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffdbf4fc970 [ 33.149853] RBP: 00007ffdbf4fc970 R08: 00007ffdbf4fc9b0 R09: 0000000800000015 [ 33.157100] R10: 0000000000000081 R11: 0000000000000202 R12: 0000000000000004 [ 33.164345] R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000010 [ 33.171590] Modules linked in: [ 33.175503] ---[ end trace b50e096428ca2327 ]--- [ 33.180277] RIP: 0010:ext4_free_blocks+0x22d0/0x2ac0 [ 33.185440] Code: ff 48 c7 c2 20 7b 7a 88 be 74 02 00 00 48 c7 c7 80 7b 7a 88 c6 05 3b 49 2a 09 01 e8 7e f0 0e 06 e9 c6 f4 ff ff e8 30 40 7e ff <0f> 0b e8 29 40 7e ff 89 de bf a1 ff ff ff 8b ac 24 e8 00 00 00 e8 [ 33.204378] RSP: 0018:ffff888090ccf2a0 EFLAGS: 00010293 [ 33.209750] RAX: ffff8880b45a4640 RBX: 00000000ffffffff RCX: ffffffff81e426a7 [ 33.217041] RDX: 0000000000000000 RSI: ffffffff81e44540 RDI: 0000000000000004 [ 33.224367] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffffffff [ 33.231616] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000001 [ 33.239276] R13: ffff88809561abc0 R14: 000000000000000c R15: ffff8880950c8ec0 [ 33.246591] FS: 0000555557403300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 33.254867] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.260745] CR2: 00007f3b592a76c0 CR3: 00000000a8daa000 CR4: 00000000003406e0 [ 33.268064] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.275396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.282659] Kernel panic - not syncing: Fatal exception [ 33.288186] Kernel Offset: disabled [ 33.291795] Rebooting in 86400 seconds..