ci starts bisection 2024-04-30 09:25:48.451430989 +0000 UTC m=+95439.590985248 bisecting cause commit starting from b947cc5bf6d793101135265352e205aeb30b54f0 building syzkaller on 27e33c581cd83538f39e159d6c7a5bdfba01f917 ensuring issue is reproducible on original commit b947cc5bf6d793101135265352e205aeb30b54f0 testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6dc04c069317a04fec7f9a502220cf09b55be022aca5bc83e663023438d74f45 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f6aa34907ea5c842e2543a824de66eb9dbf64b4f3990c966df683699f9fca81e all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3971 full=8000 leaves diff=2012 split chunks (needed=false): <2012> split chunk #0 of len 2012 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2e2931f400cc8afcbafbe31f8d2c93d37efe94703ed5038a178ce7a9bf3648d3 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 296062208e48edddb7404543cab5de2a532f27c3dacfb3317c9252e3c1e0c1da all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7f5432dc6c02d9774fb68667c804e39a493b2e4df7869b49d6f7977a115fed87 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f7d97523f52ccec1a1fad17dd832721559251cd9b65c4cf0df6a5800f8cf8e59 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit b947cc5bf6d793101135265352e205aeb30b54f0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 180de8756a62f48ef51144426435eedc63e5e5d80ac7eb51b9e91e2f76014068 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] the chunk can be dropped disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e79a73c3296d2b0645a00a9bfb4f4941651ffd4f2fbfb7a9467215cee611b8f9 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9151c918b53d9074795a2ea425f1aecb6ce98d9dbe454913f5bcdfaec129ebdc all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d74e7413ce33ae89a751ea24193735757aacbc68a3aef0c207bb2d16d1b8eae all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ea69381eb1779a3f8915a66f6804299fa262fceaf0121b89b50ee3b24f69bc4 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4f55f44910210e8f18be6007320bb7490cc03190e3663fe3959f6c87772044e1 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b249bb8079d1845d697583142f1073ae4796a720613f24a3909f2e05249c18c7 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 30c8211e14c43ea766f15db194061a3c9a54e075ab7db89ad82dd4c37f57e80e all runs: OK false negative chance: 0.000 # git bisect start 4fe89d07dcc2804c8b562f6c7896a45643d34b2f 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 16503 revisions left to test after this (roughly 14 steps) [0fac198def2b41138850867b6aa92044c76ff802] Merge tag 'fs.idmapped.overlay.acl.v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 0fac198def2b41138850867b6aa92044c76ff802 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb3b67cb228d016152d53476c1cb66632a7a35bc17058c6456d81fe2959b67fb all runs: OK false negative chance: 0.000 # git bisect good 0fac198def2b41138850867b6aa92044c76ff802 Bisecting: 8189 revisions left to test after this (roughly 13 steps) [723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cc13493e21cb0b6df9b1c96597172d613c1c3f582bc7f2f1b6739b7a7a3d1540 all runs: OK false negative chance: 0.000 # git bisect good 723c188d5cd42a07344f997b0b7e1d83b4173c8d Bisecting: 4099 revisions left to test after this (roughly 12 steps) [83ee9f23763a432a4077bf20624ee35de87bce99] powerpc/kexec: Fix build failure from uninitialised variable testing commit 83ee9f23763a432a4077bf20624ee35de87bce99 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5331043cbea839dc237376b8885edf349836baf2e003e017153f9dd1450807cc all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] # git bisect bad 83ee9f23763a432a4077bf20624ee35de87bce99 Bisecting: 2036 revisions left to test after this (roughly 11 steps) [965a9d75e3d250088a269e0c903e86fe775b48c6] Merge tag 'trace-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 965a9d75e3d250088a269e0c903e86fe775b48c6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a8de886616f71e0aca22cbce9f032d610ee8aa27da421522a7245d3f06230c66 all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] # git bisect bad 965a9d75e3d250088a269e0c903e86fe775b48c6 Bisecting: 1028 revisions left to test after this (roughly 10 steps) [37644cac6e8297d0908aef054caabb439c467c7d] Merge tag 'gpio-updates-for-v6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux testing commit 37644cac6e8297d0908aef054caabb439c467c7d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5146dde498c650fbe768fe945eb718a0d3d535412a44f863e0da8dee1dac7869 all runs: OK false negative chance: 0.000 # git bisect good 37644cac6e8297d0908aef054caabb439c467c7d Bisecting: 597 revisions left to test after this (roughly 9 steps) [328141e51e6fc79d21168bfd4e356dddc2ec7491] Merge tag 'mmc-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 328141e51e6fc79d21168bfd4e356dddc2ec7491 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a617761d50b3224e2fbfdd1eae9946dbdc2b4ea23c28d0b897f317d59f0f863e all runs: OK false negative chance: 0.000 # git bisect good 328141e51e6fc79d21168bfd4e356dddc2ec7491 Bisecting: 297 revisions left to test after this (roughly 8 steps) [e495274793ea602415d050452088a496abcd9e6c] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit e495274793ea602415d050452088a496abcd9e6c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0cf3f1b08244afc8c314f9ee31392f07559ec65543c3536f3fa46164ce994e2d all runs: OK false negative chance: 0.000 # git bisect good e495274793ea602415d050452088a496abcd9e6c Bisecting: 160 revisions left to test after this (roughly 7 steps) [fa9db655d0e112c108fe838809608caf759bdf5e] Merge tag 'for-5.20/block-2022-08-04' of git://git.kernel.dk/linux-block testing commit fa9db655d0e112c108fe838809608caf759bdf5e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a1cfbf6d9a59d79dde0a5b07fcf5d01028c6a078c7ea550ff270e0c488563bbe all runs: OK false negative chance: 0.000 # git bisect good fa9db655d0e112c108fe838809608caf759bdf5e Bisecting: 94 revisions left to test after this (roughly 6 steps) [5e9466a5d0604e20082d828008047b3165592caf] xfs: delete extra space and tab in blank line testing commit 5e9466a5d0604e20082d828008047b3165592caf gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 106820a65d6e884d888944424f0e55e114e3c1fd9a6baddc5e3babd0974f2440 all runs: OK false negative chance: 0.000 # git bisect good 5e9466a5d0604e20082d828008047b3165592caf Bisecting: 47 revisions left to test after this (roughly 6 steps) [95522f0b18a059afa5aca036aa454c98beb553b5] scripts/tracing: Fix typo 'the the' in comment testing commit 95522f0b18a059afa5aca036aa454c98beb553b5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 29a23543be47882aa840fca1d6dcaf716143069e06deeb98dc6970949ab79c6f all runs: OK false negative chance: 0.000 # git bisect good 95522f0b18a059afa5aca036aa454c98beb553b5 Bisecting: 23 revisions left to test after this (roughly 5 steps) [3dc96bba65f53daa217f0a8f43edad145286a8f5] mbcache: add functions to delete entry if unused testing commit 3dc96bba65f53daa217f0a8f43edad145286a8f5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cf37358054160bd67fd68975b2300a5aa74826520a7a7f15d0ffc2c00c64c92f all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] # git bisect bad 3dc96bba65f53daa217f0a8f43edad145286a8f5 Bisecting: 11 revisions left to test after this (roughly 4 steps) [67d7d8ad99beccd9fe92d585b87f1760dc9018e3] ext4: fix use-after-free in ext4_xattr_set_entry testing commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d77ddf536e7879606a92ba3e42d26016130acc7a1fe1077b6d26b02d2611ad6c all runs: crashed: WARNING in mb_cache_destroy representative crash: WARNING in mb_cache_destroy, types: [WARNING] # git bisect bad 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 Bisecting: 5 revisions left to test after this (roughly 3 steps) [cb3b3bf22cf33707d684e74207908ba0ef3b6467] jbd2: rename jbd_debug() to jbd2_debug() testing commit cb3b3bf22cf33707d684e74207908ba0ef3b6467 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c0bfbec44206768e0d90660d4486e03a1b3cb21cb03a36e2fa3808c4e46a90b1 all runs: OK false negative chance: 0.000 # git bisect good cb3b3bf22cf33707d684e74207908ba0ef3b6467 Bisecting: 2 revisions left to test after this (roughly 2 steps) [a89573ce4ad32f19f43ec669771726817e185be0] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() testing commit a89573ce4ad32f19f43ec669771726817e185be0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5b790c52df583682b6b2f567b1382ac7771d7ba0737bffd13df3a068e79f65f2 all runs: OK false negative chance: 0.000 # git bisect good a89573ce4ad32f19f43ec669771726817e185be0 Bisecting: 0 revisions left to test after this (roughly 1 step) [179b14152dcb6a24c3415200603aebca70ff13af] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h testing commit 179b14152dcb6a24c3415200603aebca70ff13af gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d7041d3df1cb1696f66d685490e7c573108b891ae8a876299add6516fa18c2e all runs: OK false negative chance: 0.000 # git bisect good 179b14152dcb6a24c3415200603aebca70ff13af 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 is the first bad commit commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 Author: Baokun Li Date: Thu Jun 16 10:13:56 2022 +0800 ext4: fix use-after-free in ext4_xattr_set_entry Hulk Robot reported a issue: ================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x18ab/0x3500 Write of size 4105 at addr ffff8881675ef5f4 by task syz-executor.0/7092 CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.19.90-dirty #17 Call Trace: [...] memcpy+0x34/0x50 mm/kasan/kasan.c:303 ext4_xattr_set_entry+0x18ab/0x3500 fs/ext4/xattr.c:1747 ext4_xattr_ibody_inline_set+0x86/0x2a0 fs/ext4/xattr.c:2205 ext4_xattr_set_handle+0x940/0x1300 fs/ext4/xattr.c:2386 ext4_xattr_set+0x1da/0x300 fs/ext4/xattr.c:2498 __vfs_setxattr+0x112/0x170 fs/xattr.c:149 __vfs_setxattr_noperm+0x11b/0x2a0 fs/xattr.c:180 __vfs_setxattr_locked+0x17b/0x250 fs/xattr.c:238 vfs_setxattr+0xed/0x270 fs/xattr.c:255 setxattr+0x235/0x330 fs/xattr.c:520 path_setxattr+0x176/0x190 fs/xattr.c:539 __do_sys_lsetxattr fs/xattr.c:561 [inline] __se_sys_lsetxattr fs/xattr.c:557 [inline] __x64_sys_lsetxattr+0xc2/0x160 fs/xattr.c:557 do_syscall_64+0xdf/0x530 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x459fe9 RSP: 002b:00007fa5e54b4c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd RAX: ffffffffffffffda RBX: 000000000051bf60 RCX: 0000000000459fe9 RDX: 00000000200003c0 RSI: 0000000020000180 RDI: 0000000020000140 RBP: 000000000051bf60 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000001009 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc73c93fc0 R14: 000000000051bf60 R15: 00007fa5e54b4d80 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_xattr_set ext4_xattr_set_handle ext4_xattr_ibody_find >> s->end < s->base >> no EXT4_STATE_XATTR >> xattr_check_inode is not executed ext4_xattr_ibody_set ext4_xattr_set_entry >> size_t min_offs = s->end - s->base >> UAF in memcpy we can easily reproduce this problem with the following commands: mkfs.ext4 -F /dev/sda mount -o debug_want_extra_isize=128 /dev/sda /mnt touch /mnt/file setfattr -n user.cat -v `seq -s z 4096|tr -d '[:digit:]'` /mnt/file In ext4_xattr_ibody_find, we have the following assignment logic: header = IHDR(inode, raw_inode) = raw_inode + EXT4_GOOD_OLD_INODE_SIZE + i_extra_isize is->s.base = IFIRST(header) = header + sizeof(struct ext4_xattr_ibody_header) is->s.end = raw_inode + s_inode_size In ext4_xattr_set_entry min_offs = s->end - s->base = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) last = s->first free = min_offs - ((void *)last - s->base) - sizeof(__u32) = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) - sizeof(__u32) In the calculation formula, all values except s_inode_size and i_extra_size are fixed values. When i_extra_size is the maximum value s_inode_size - EXT4_GOOD_OLD_INODE_SIZE, min_offs is -4 and free is -8. The value overflows. As a result, the preceding issue is triggered when memcpy is executed. Therefore, when finding xattr or setting xattr, check whether there is space for storing xattr in the inode to resolve this issue. Cc: stable@kernel.org Reported-by: Hulk Robot Signed-off-by: Baokun Li Reviewed-by: Ritesh Harjani (IBM) Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20220616021358.2504451-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o fs/ext4/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: d77ddf536e7879606a92ba3e42d26016130acc7a1fe1077b6d26b02d2611ad6c parent signature: 3d7041d3df1cb1696f66d685490e7c573108b891ae8a876299add6516fa18c2e revisions tested: 29, total time: 5h37m31.286581164s (build: 2h42m50.979057061s, test: 2h38m10.091344352s) first bad commit: 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 ext4: fix use-after-free in ext4_xattr_set_entry recipients (to): ["jack@suse.cz" "libaokun1@huawei.com" "ritesh.list@gmail.com" "tytso@mit.edu"] recipients (cc): [] crash: WARNING in mb_cache_destroy EXT4-fs warning (device loop0): ext4_evict_inode:297: xattr delete (err -12) EXT4-fs (loop0): unmounting filesystem. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1063 at fs/mbcache.c:409 mb_cache_destroy+0xda/0x110 fs/mbcache.c:409 Modules linked in: CPU: 0 PID: 1063 Comm: syz-executor.0 Not tainted 5.19.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:mb_cache_destroy+0xda/0x110 fs/mbcache.c:409 Code: 89 6b 08 8b 43 20 83 f8 01 75 1e f0 ff 4b 20 0f 85 77 ff ff ff 48 8b 3d 3c 9d 54 02 48 89 de e8 0c 8c f4 ff e9 63 ff ff ff 90 <0f> 0b 90 f0 ff 4b 20 74 e2 e9 54 ff ff ff 49 8b 3e e8 80 bf f4 ff RSP: 0018:ffffc90000a27dc0 EFLAGS: 00010202 RAX: 0000000000000002 RBX: ffff8881005a5000 RCX: ffff88810e7dd558 RDX: ffff8881005a5000 RSI: ffff8881005a5000 RDI: ffff8881005a5000 RBP: ffff88810e7dd558 R08: ffff8881002bfc78 R09: 00000000820001f4 R10: 0000000000000000 R11: ffffffff8105cf30 R12: dead000000000100 R13: dead000000000122 R14: ffff88810e7dd500 R15: ffff88810e7dd558 FS: 000055555624e480(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ac2f39440 CR3: 000000010caf8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ext4_put_super+0x2fa/0x430 fs/ext4/super.c:1294 generic_shutdown_super+0x73/0x130 fs/super.c:462 kill_block_super+0x20/0x50 fs/super.c:1394 deactivate_locked_super+0x2f/0x90 fs/super.c:332 cleanup_mnt+0xfd/0x150 fs/namespace.c:1186 task_work_run+0x66/0xa0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xa4/0xb0 kernel/entry/common.c:169 exit_to_user_mode_prepare+0x64/0xe0 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x2c/0x1f0 kernel/entry/common.c:294 do_syscall_64+0x55/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f5e7dbd41d7 Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffec497f458 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f5e7dbd41d7 RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007ffec4980600 RBP: 00007f5e7dc1e3b9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000100 R11: 0000000000000202 R12: 00007ffec4980600 R13: 00007f5e7dc1e3b9 R14: 000055555624e430 R15: 0000000000000006