audit: type=1326 audit(1673290852.398:13106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fa236e95034 code=0x7ffc0000 Quota error (device loop1): free_dqentry: Quota structure has offset to other block (0) than it should (5) EXT4-fs error (device loop1) in ext4_reserve_inode_write:5947: Out of memory audit: type=1326 audit(1673290852.408:13107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa236ee4747 code=0x7ffc0000 ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2870! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 14530 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 audit: type=1326 audit(1673290852.408:13108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa236ee2eb7 code=0x7ffc0000 RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2870 [inline] RIP: 0010:ext4_mb_find_by_goal+0x924/0x1340 fs/ext4/mballoc.c:1825 Code: ff 48 c7 c2 c0 7b 7a 88 be a5 02 00 00 48 c7 c7 80 7b 7a 88 c6 05 96 66 2b 09 01 e8 da 0d 10 06 e9 b1 f9 ff ff e8 8c 5d 7f ff <0f> 0b e8 85 5d 7f ff 49 8d bc 24 30 04 00 00 4d 63 ef 48 b8 00 00 RSP: 0018:ffff8880340966d0 EFLAGS: 00010293 RAX: ffff888032cca4c0 RBX: ffff88808dedacc0 RCX: ffffffff81e31ffa RDX: 0000000000000000 RSI: ffffffff81e327e4 RDI: 0000000000000004 RBP: ffff8880340967c8 R08: 0000000000000000 R09: 000000000000002e R10: 0000000000000004 R11: 0000000000000000 R12: ffff88809e552800 R13: 000000000000002e R14: ffff88803347c7c0 R15: ffff88803347ce40 FS: 00007f0215388700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c539a108b8 CR3: 00000000a96a2000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ext4_mb_regular_allocator+0x21c/0x1100 fs/ext4/mballoc.c:2128 ext4_mb_new_blocks+0x1b45/0x4370 fs/ext4/mballoc.c:4567 ext4_ext_map_blocks+0x2aa2/0x7390 fs/ext4/extents.c:4493 ext4_map_blocks+0x7a2/0x1a50 fs/ext4/inode.c:657 ext4_getblk+0xad/0x4f0 fs/ext4/inode.c:993 ext4_bread+0x7c/0x210 fs/ext4/inode.c:1043 ext4_quota_write+0x205/0x530 fs/ext4/super.c:6008 write_blk+0x10a/0x200 fs/quota/quota_tree.c:72 put_free_dqblk fs/quota/quota_tree.c:122 [inline] remove_tree+0xae6/0x1490 fs/quota/quota_tree.c:505 remove_tree+0x278/0x1490 fs/quota/quota_tree.c:494 remove_tree+0x278/0x1490 fs/quota/quota_tree.c:494 remove_tree+0x278/0x1490 fs/quota/quota_tree.c:494 qtree_delete_dquot fs/quota/quota_tree.c:527 [inline] qtree_release_dquot fs/quota/quota_tree.c:673 [inline] qtree_release_dquot+0x195/0x1d0 fs/quota/quota_tree.c:669 v2_release_dquot+0xce/0x120 fs/quota/quota_v2.c:375 dquot_release+0x1be/0x390 fs/quota/dquot.c:497 ext4_release_dquot+0x1de/0x290 fs/ext4/super.c:5685 dqput.part.0+0x1a3/0x830 fs/quota/dquot.c:794 dqput fs/quota/dquot.c:752 [inline] dqput_all fs/quota/dquot.c:391 [inline] __dquot_drop+0x19c/0x270 fs/quota/dquot.c:1568 dquot_drop fs/quota/dquot.c:1593 [inline] dquot_drop+0x14b/0x1a0 fs/quota/dquot.c:1571 ext4_clear_inode+0x31/0x1d0 fs/ext4/super.c:1178 ext4_evict_inode+0x25b/0x17b0 fs/ext4/inode.c:357 evict+0x2ed/0x760 fs/inode.c:559 dispose_list+0x124/0x1f0 fs/inode.c:594 evict_inodes+0x341/0x430 fs/inode.c:644 generic_shutdown_super+0xb3/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath+0x3f0/0x4a0 arch/x86/entry/common.c:271 ret_from_fork+0x15/0x30 arch/x86/entry/entry_64.S:407 RIP: 0033:0x7f021f1f70c9 Code: Bad RIP value. RSP: 002b:00007f0215388118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: 0000000000000000 RBX: 00007f021f317050 RCX: 00007f021f1f70c9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f021f252ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe2822859f R14: 00007f0215388300 R15: 0000000000022000 Modules linked in: ---[ end trace 28688bfbf7b297b5 ]--- RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2870 [inline] RIP: 0010:ext4_mb_find_by_goal+0x924/0x1340 fs/ext4/mballoc.c:1825 Code: ff 48 c7 c2 c0 7b 7a 88 be a5 02 00 00 48 c7 c7 80 7b 7a 88 c6 05 96 66 2b 09 01 e8 da 0d 10 06 e9 b1 f9 ff ff e8 8c 5d 7f ff <0f> 0b e8 85 5d 7f ff 49 8d bc 24 30 04 00 00 4d 63 ef 48 b8 00 00 RSP: 0018:ffff8880340966d0 EFLAGS: 00010293 RAX: ffff888032cca4c0 RBX: ffff88808dedacc0 RCX: ffffffff81e31ffa RDX: 0000000000000000 RSI: ffffffff81e327e4 RDI: 0000000000000004 RBP: ffff8880340967c8 R08: 0000000000000000 R09: 000000000000002e R10: 0000000000000004 R11: 0000000000000000 R12: ffff88809e552800 R13: 000000000000002e R14: ffff88803347c7c0 R15: ffff88803347ce40 FS: 00007f0215388700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f021f1f709f CR3: 00000000a96a2000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400