------------[ cut here ]------------ kernel BUG at arch/x86/mm/physaddr.c:27! EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors proc: unrecognized mount option "appraise" or missing value invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 13685 Comm: blkid Not tainted 4.14.160-syzkaller #0 proc: unrecognized mount option "appraise" or missing value Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888091f363c0 task.stack: ffff888045f38000 RIP: 0010:__phys_addr+0x87/0xe0 arch/x86/mm/physaddr.c:27 RSP: 0018:ffff888045f3f798 EFLAGS: 00010297 RAX: ffff888091f363c0 RBX: 0808080808080808 RCX: 1ffff110123e6d8c RDX: 0000000000000000 RSI: 0808080808080808 RDI: 0808080808080808 RBP: ffff888045f3f7b0 R08: ffff888091f363c0 R09: ffff888091f36c60 R10: 0000000000000000 R11: 0000000000000000 R12: 08087f8808080808 R13: 0808080888080808 R14: ffff888045f3f800 R15: 0000000000000000 FS: 00007f448392e7a0(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff8a952918 CR3: 000000007b924000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:600 [inline] qlink_to_cache mm/kasan/quarantine.c:127 [inline] qlist_free_all+0xc7/0x150 mm/kasan/quarantine.c:163 quarantine_reduce+0x147/0x180 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa0/0xf0 mm/kasan/kasan.c:536 kasan_slab_alloc+0xf/0x20 mm/kasan/kasan.c:489 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x11b/0x780 mm/slab.c:3550 ptlock_alloc mm/memory.c:4741 [inline] ptlock_init include/linux/mm.h:1752 [inline] pgtable_pmd_page_ctor include/linux/mm.h:1844 [inline] pmd_alloc_one arch/x86/include/asm/pgalloc.h:105 [inline] __pmd_alloc+0xbd/0x410 mm/memory.c:4229 pmd_alloc include/linux/mm.h:1702 [inline] alloc_new_pmd mm/mremap.c:75 [inline] move_page_tables+0xffc/0x1740 mm/mremap.c:223 shift_arg_pages+0x1a6/0x460 fs/exec.c:647 setup_arg_pages+0x5b2/0x740 fs/exec.c:759 load_elf_binary+0xa68/0x4d60 fs/binfmt_elf.c:873 search_binary_handler fs/exec.c:1638 [inline] search_binary_handler+0x149/0x6f0 fs/exec.c:1616 exec_binprm fs/exec.c:1680 [inline] do_execveat_common.isra.0+0x1000/0x1dd0 fs/exec.c:1802 do_execve fs/exec.c:1847 [inline] SYSC_execve fs/exec.c:1928 [inline] SyS_execve+0x39/0x50 fs/exec.c:1923 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f4483012207 RSP: 002b:00007ffdb45be598 EFLAGS: 00000202 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f4483012207 RDX: 00000000024bbe90 RSI: 00007ffdb45be690 RDI: 00007ffdb45bf6a0 RBP: 0000000000625500 R08: 0000000000003464 R09: 0000000000003464 R10: 0000000000000000 R11: 0000000000000202 R12: 00000000024bbe90 R13: 0000000000000007 R14: 0000000002472030 R15: 0000000000000005 Code: 04 84 d2 75 28 0f b6 0d d1 41 87 07 4c 89 e0 48 d3 e8 48 85 c0 75 0f e8 a8 61 32 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 99 61 32 00 <0f> 0b 48 c7 c7 89 2f b2 88 e8 ab ee 5c 00 eb ca e8 84 61 32 00 RIP: __phys_addr+0x87/0xe0 arch/x86/mm/physaddr.c:27 RSP: ffff888045f3f798 ------------[ cut here ]------------ kernel BUG at arch/x86/mm/physaddr.c:27! EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock invalid opcode: 0000 [#2] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 3610 Comm: udevd Tainted: G D 4.14.160-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809677e6c0 task.stack: ffff888096780000 RIP: 0010:__phys_addr+0x87/0xe0 arch/x86/mm/physaddr.c:27 RSP: 0018:ffff888096787bd0 EFLAGS: 00010297 kobject: 'loop1' (ffff88808e5c0dc8): kobject_add_internal: parent: 'ext4', set: 'ext4' RAX: ffff88809677e6c0 RBX: 0808080808080808 RCX: 1ffffffff1066fb0 RDX: 0000000000000000 RSI: 0808080808080808 RDI: 0808080808080808 RBP: ffff888096787be8 R08: ffff88809677e6c0 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88809677e6c0 R12: 08087f8808080808 R13: 0808080888080808 R14: ffff888096787c38 R15: 0000000000000000 FS: 00007f448392e7a0(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e929000 CR3: 00000000966d7000 CR4: 00000000001426f0 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:600 [inline] qlink_to_cache mm/kasan/quarantine.c:127 [inline] qlist_free_all+0xc7/0x150 mm/kasan/quarantine.c:163 quarantine_reduce+0x147/0x180 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa0/0xf0 mm/kasan/kasan.c:536 kasan_slab_alloc+0xf/0x20 mm/kasan/kasan.c:489 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc_trace+0x13b/0x790 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] kernfs_iop_get_link fs/kernfs/symlink.c:127 [inline] kernfs_iop_get_link+0x6a/0x650 fs/kernfs/symlink.c:118 generic_readlink fs/namei.c:4727 [inline] vfs_readlink+0x1ac/0x410 fs/namei.c:4762 audit: type=1804 audit(1577325651.483:145): pid=13698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir249924112/syzkaller.NZ54Wt/19/bus" dev="sda1" ino=16657 res=1 SYSC_readlinkat fs/stat.c:406 [inline] SyS_readlinkat fs/stat.c:382 [inline] SYSC_readlink fs/stat.c:421 [inline] SyS_readlink+0x218/0x290 fs/stat.c:418 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f4483037577 RSP: 002b:00007ffdb45c4088 EFLAGS: 00000246 ORIG_RAX: 0000000000000059 RAX: ffffffffffffffda RBX: 0000000002472030 RCX: 00007f4483037577 RDX: 0000000000000400 RSI: 00007ffdb45c4090 RDI: 00007ffdb45c4570 RBP: 00007ffdb45c4dd0 R08: 00007ffdb45c4dd0 R09: 00007f448308bde0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb45c4570 audit: type=1804 audit(1577325651.483:146): pid=13698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir249924112/syzkaller.NZ54Wt/19/bus" dev="sda1" ino=16657 res=1 R13: 0000000000000400 R14: 00000000024c6100 R15: 0000000002472030 Code: 04 84 d2 75 28 0f b6 0d d1 41 87 07 4c 89 e0 48 d3 e8 48 85 c0 75 0f e8 a8 61 32 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 99 61 32 00 <0f> 0b 48 c7 c7 89 2f b2 88 e8 ab ee 5c 00 eb ca e8 84 61 32 00 RIP: __phys_addr+0x87/0xe0 arch/x86/mm/physaddr.c:27 RSP: ffff888096787bd0 ---[ end trace d7390c370cfc5df7 ]---