Starting sshd: OK syzkaller syzkaller login: [ 4.826914][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 6.337130][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 13.123825][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 13.123835][ T23] audit: type=1400 audit(1679189924.469:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.130264][ T23] audit: type=1400 audit(1679189924.469:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[11266]" dev="pipefs" ino=11266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.153' (ECDSA) to the list of known hosts. executing program [ 22.470862][ T23] audit: type=1400 audit(1679189933.819:73): avc: denied { execmem } for pid=365 comm="syz-executor247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.490355][ T23] audit: type=1400 audit(1679189933.819:74): avc: denied { read write } for pid=365 comm="syz-executor247" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.514828][ T23] audit: type=1400 audit(1679189933.819:75): avc: denied { open } for pid=365 comm="syz-executor247" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.539059][ T23] audit: type=1400 audit(1679189933.819:76): avc: denied { ioctl } for pid=365 comm="syz-executor247" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.548221][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.565027][ T23] audit: type=1400 audit(1679189933.819:77): avc: denied { mounton } for pid=367 comm="syz-executor247" path="/root/syzkaller.nbnjBN/0/bus" dev="sda1" ino=1140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.573908][ T368] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/0/bus supports timestamps until 2038 (0x7fffffff) [ 22.598005][ T23] audit: type=1400 audit(1679189933.929:78): avc: denied { mount } for pid=367 comm="syz-executor247" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.631393][ T23] audit: type=1400 audit(1679189933.969:79): avc: denied { write } for pid=367 comm="syz-executor247" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.653731][ T23] audit: type=1400 audit(1679189933.969:80): avc: denied { add_name } for pid=367 comm="syz-executor247" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.674423][ T23] audit: type=1400 audit(1679189933.969:81): avc: denied { create } for pid=367 comm="syz-executor247" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.674649][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.694846][ T23] audit: type=1400 audit(1679189933.969:82): avc: denied { read write open } for pid=367 comm="syz-executor247" path="/root/syzkaller.nbnjBN/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.709159][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.746675][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.746675][ T9] executing program [ 22.847736][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.856655][ T374] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/1/bus supports timestamps until 2038 (0x7fffffff) [ 22.883581][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.897808][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.910309][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.910309][ T9] executing program [ 23.007710][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.016653][ T380] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/2/bus supports timestamps until 2038 (0x7fffffff) [ 23.043605][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 executing program [ 23.057711][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.070246][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.070246][ T9] [ 23.117632][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.126529][ T386] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/3/bus supports timestamps until 2038 (0x7fffffff) executing program [ 23.168550][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.183478][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.195934][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.195934][ T7] [ 23.258638][ T393] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.267879][ T393] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/4/bus supports timestamps until 2038 (0x7fffffff) executing program [ 23.298152][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.312295][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.324668][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.324668][ T9] [ 23.387726][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.396688][ T399] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/5/bus supports timestamps until 2038 (0x7fffffff) [ 23.423542][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.437686][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.450377][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.450377][ T9] executing program [ 23.577858][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.586920][ T405] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/6/bus supports timestamps until 2038 (0x7fffffff) [ 23.617385][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.631485][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.643881][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.643881][ T9] executing program [ 23.767771][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.776699][ T411] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/7/bus supports timestamps until 2038 (0x7fffffff) [ 23.807351][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.821551][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.833908][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.833908][ T7] executing program [ 23.927854][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.936766][ T417] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/8/bus supports timestamps until 2038 (0x7fffffff) executing program [ 23.966463][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.980847][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.993223][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.993223][ T9] [ 24.047662][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.056597][ T423] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/9/bus supports timestamps until 2038 (0x7fffffff) [ 24.087364][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.101448][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.113825][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.113825][ T9] executing program [ 24.247906][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.256989][ T429] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/10/bus supports timestamps until 2038 (0x7fffffff) [ 24.288422][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.302482][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.314845][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.314845][ T7] executing program [ 24.437765][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.446728][ T435] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/11/bus supports timestamps until 2038 (0x7fffffff) executing program [ 24.527881][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.536948][ T441] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/12/bus supports timestamps until 2038 (0x7fffffff) [ 24.565186][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.579281][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.591642][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.591642][ T7] executing program [ 24.687727][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.696637][ T447] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/13/bus supports timestamps until 2038 (0x7fffffff) [ 24.722282][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 executing program [ 24.736565][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.749151][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.749151][ T7] [ 24.807745][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.816702][ T453] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/14/bus supports timestamps until 2038 (0x7fffffff) executing program [ 24.845622][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.859706][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.872135][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.872135][ T7] [ 24.917727][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.926733][ T459] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/15/bus supports timestamps until 2038 (0x7fffffff) executing program [ 24.997793][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.006728][ T465] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/16/bus supports timestamps until 2038 (0x7fffffff) [ 25.036629][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.050669][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 8 with error 117 [ 25.062930][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.062930][ T7] executing program [ 25.167974][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.177189][ T471] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/17/bus supports timestamps until 2038 (0x7fffffff) [ 25.204929][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.219006][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.231415][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.231415][ T7] executing program [ 25.328065][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.337049][ T477] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/18/bus supports timestamps until 2038 (0x7fffffff) [ 25.365231][ T391] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.379389][ T391] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.391851][ T391] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.391851][ T391] executing program [ 25.467853][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.476756][ T483] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/19/bus supports timestamps until 2038 (0x7fffffff) [ 25.506084][ T391] EXT4-fs error (device loop0): ext4_ext_map_blocks:4115: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.520359][ T391] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.532795][ T391] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.532795][ T391] executing program [ 25.607741][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.616697][ T489] ext4 filesystem being mounted at /root/syzkaller.nbnjBN/20/bus supports timestamps until 2038 (0x7fffffff) [ 25.632787][ T489] EXT4-fs error (device loop0): ext4_ext_remove_space:2942: inode #19: comm syz-executor247: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 1(1) [ 25.665333][ T391] ================================================================== [ 25.673453][ T391] BUG: KASAN: use-after-free in ext4_find_extent+0xba3/0xd80 [ 25.680806][ T391] Read of size 4 at addr ffff88811cb27078 by task kworker/u4:3/391 [ 25.688672][ T391] [ 25.690984][ T391] CPU: 1 PID: 391 Comm: kworker/u4:3 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 25.700934][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 25.710977][ T391] Workqueue: writeback wb_workfn (flush-7:0) [ 25.716936][ T391] Call Trace: [ 25.720203][ T391] dump_stack_lvl+0x1e2/0x24b [ 25.724859][ T391] ? printk+0xcf/0x10f [ 25.728910][ T391] ? bfq_pos_tree_add_move+0x43e/0x43e [ 25.734349][ T391] ? wake_up_klogd+0xb8/0xf0 [ 25.738913][ T391] ? panic+0x7d7/0x7d7 [ 25.742959][ T391] print_address_description+0x81/0x3c0 [ 25.748483][ T391] ? __getblk_gfp+0x3c/0x2a0 [ 25.753055][ T391] kasan_report+0x1a4/0x1f0 [ 25.757547][ T391] ? ext4_find_extent+0xba3/0xd80 [ 25.762564][ T391] ? ext4_find_extent+0xba3/0xd80 [ 25.767570][ T391] __asan_report_load4_noabort+0x14/0x20 [ 25.773185][ T391] ext4_find_extent+0xba3/0xd80 [ 25.778016][ T391] ext4_ext_map_blocks+0x219/0x3a30 [ 25.783194][ T391] ? find_get_pages_range_tag+0x947/0xa10 [ 25.788894][ T391] ? ext4_ext_release+0x10/0x10 [ 25.793721][ T391] ? __kasan_slab_alloc+0xc9/0xe0 [ 25.798729][ T391] ? __kasan_check_write+0x14/0x20 [ 25.803827][ T391] ? __down_write+0x119/0x320 [ 25.808514][ T391] ? ext4_es_lookup_extent+0x3c5/0x9d0 [ 25.813950][ T391] ext4_map_blocks+0xa93/0x1ee0 [ 25.818781][ T391] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 25.824044][ T391] ? ext4_inode_journal_mode+0x1a3/0x470 [ 25.829657][ T391] mpage_map_one_extent+0x1bd/0x680 [ 25.834833][ T391] ext4_writepages+0x15e9/0x3710 [ 25.839748][ T391] ? __find_get_block+0x9fa/0xbb0 [ 25.844751][ T391] ? ext4_readpage+0x220/0x220 [ 25.849492][ T391] ? __getblk_gfp+0x3c/0x2a0 [ 25.854058][ T391] ? __ext4_get_inode_loc+0x44c/0xd20 [ 25.859408][ T391] ? enqueue_task_fair+0x363/0x11c0 [ 25.864593][ T391] ? __kasan_check_write+0x14/0x20 [ 25.869680][ T391] ? __brelse+0x5a/0xa0 [ 25.873815][ T391] ? ext4_readpage+0x220/0x220 [ 25.878558][ T391] do_writepages+0x13a/0x280 [ 25.883130][ T391] ? ext4_iget_extra_inode+0x230/0x230 [ 25.888569][ T391] ? __writepage+0x130/0x130 [ 25.893165][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 25.897910][ T391] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 25.903261][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 25.908005][ T391] ? __kasan_check_write+0x14/0x20 [ 25.913094][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 25.918032][ T391] ? __kasan_check_write+0x14/0x20 [ 25.923163][ T391] __writeback_single_inode+0xb8/0x6e0 [ 25.928650][ T391] writeback_sb_inodes+0x999/0x1700 [ 25.933832][ T391] ? queue_io+0x500/0x500 [ 25.938146][ T391] ? writeback_sb_inodes+0x1700/0x1700 [ 25.943586][ T391] ? queue_io+0x3c7/0x500 [ 25.947898][ T391] wb_writeback+0x42f/0xc20 [ 25.952420][ T391] ? wb_io_lists_depopulated+0x180/0x180 [ 25.958033][ T391] ? widen_string+0x41/0x3a0 [ 25.962619][ T391] ? __kasan_check_write+0x14/0x20 [ 25.967712][ T391] wb_do_writeback+0x222/0xbd0 [ 25.972456][ T391] ? wb_workfn+0x3f0/0x3f0 [ 25.976857][ T391] ? compat_start_thread+0x80/0x80 [ 25.982080][ T391] ? set_worker_desc+0x158/0x1c0 [ 25.987011][ T391] ? work_busy+0x250/0x250 [ 25.991408][ T391] ? finish_task_switch+0x130/0x580 [ 25.996610][ T391] ? __switch_to_asm+0x34/0x60 [ 26.001377][ T391] ? kthread_data+0x52/0xc0 [ 26.005864][ T391] wb_workfn+0xf8/0x3f0 [ 26.010011][ T391] process_one_work+0x726/0xc10 [ 26.014840][ T391] worker_thread+0xb27/0x1550 [ 26.019499][ T391] ? __kthread_parkme+0xba/0x1d0 [ 26.024416][ T391] kthread+0x349/0x3d0 [ 26.028496][ T391] ? worker_clr_flags+0x180/0x180 [ 26.033499][ T391] ? kthread_blkcg+0xd0/0xd0 [ 26.038186][ T391] ret_from_fork+0x1f/0x30 [ 26.042576][ T391] [ 26.044895][ T391] The buggy address belongs to the page: [ 26.050536][ T391] page:ffffea000472c9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11cb27 [ 26.060779][ T391] flags: 0x8000000000000000() [ 26.065446][ T391] raw: 8000000000000000 ffffea0004700bc8 ffffea00046efb48 0000000000000000 [ 26.074013][ T391] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 26.082659][ T391] page dumped because: kasan: bad access detected [ 26.089053][ T391] page_owner tracks the page as freed [ 26.094412][ T391] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 483, ts 25457699083, free_ts 25587682001 [ 26.109086][ T391] get_page_from_freelist+0x755/0x810 [ 26.114437][ T391] __alloc_pages_nodemask+0x3b6/0x890 [ 26.119794][ T391] shmem_alloc_and_acct_page+0x899/0xbf0 [ 26.125408][ T391] shmem_getpage_gfp+0x8d4/0x25e0 [ 26.130411][ T391] shmem_write_begin+0xc8/0x1b0 [ 26.135302][ T391] generic_perform_write+0x309/0x5b0 [ 26.140567][ T391] __generic_file_write_iter+0x23c/0x560 [ 26.146299][ T391] generic_file_write_iter+0xaf/0x1c0 [ 26.151652][ T391] vfs_write+0xc4a/0xf80 [ 26.155902][ T391] ksys_write+0x198/0x2c0 [ 26.160212][ T391] __x64_sys_write+0x7b/0x90 [ 26.164784][ T391] do_syscall_64+0x34/0x70 [ 26.169181][ T391] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 26.175133][ T391] page last free stack trace: [ 26.179793][ T391] free_pcp_prepare+0x18c/0x1c0 [ 26.184625][ T391] free_unref_page_list+0x11d/0x660 [ 26.189800][ T391] release_pages+0xc24/0xc60 [ 26.194368][ T391] __pagevec_release+0x81/0xf0 [ 26.199112][ T391] shmem_undo_range+0x7ac/0x18d0 [ 26.204048][ T391] shmem_evict_inode+0x228/0xa20 [ 26.208963][ T391] evict+0x2a3/0x6c0 [ 26.212867][ T391] iput+0x61f/0x7d0 [ 26.216674][ T391] dentry_unlink_inode+0x2df/0x3d0 [ 26.221771][ T391] __dentry_kill+0x3e2/0x5d0 [ 26.226338][ T391] dentry_kill+0xc0/0x2a0 [ 26.230643][ T391] dput+0x175/0x320 [ 26.234452][ T391] __fput+0x540/0x7c0 [ 26.238417][ T391] ____fput+0x15/0x20 [ 26.242380][ T391] task_work_run+0x147/0x1b0 [ 26.246943][ T391] exit_to_user_mode_loop+0xc8/0xe0 [ 26.252112][ T391] [ 26.254416][ T391] Memory state around the buggy address: [ 26.260110][ T391] ffff88811cb26f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.268149][ T391] ffff88811cb26f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.276216][ T391] >ffff88811cb27000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.284256][ T391] ^ [ 26.292256][ T391] ffff88811cb27080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.300298][ T391] ffff88811cb27100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.308338][ T391] ================================================================== [ 26.316374][ T391] Disabling lock debugging due to kernel taint [ 26.322857][ T391] ------------[ cut here ]------------ [ 26.328491][ T391] kernel BUG at fs/ext4/inode.c:2453! [ 26.333847][ T391] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 26.339917][ T391] CPU: 1 PID: 391 Comm: kworker/u4:3 Tainted: G B 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 26.351357][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 26.361488][ T391] Workqueue: writeback wb_workfn (flush-7:0) [ 26.367659][ T391] RIP: 0010:mpage_map_one_extent+0x5df/0x680 [ 26.373618][ T391] Code: f6 48 0f a3 05 62 7b c1 04 0f 92 c3 40 0f 92 c6 31 ff e8 b4 a3 8f ff 84 db 75 11 e8 9b a0 8f ff e9 74 fa ff ff e8 91 a0 8f ff <0f> 0b 65 ff 05 64 ec 24 7e 48 c7 c0 68 cf 9c 86 48 c1 e8 03 42 80 [ 26.393207][ T391] RSP: 0018:ffffc9000095f068 EFLAGS: 00010293 [ 26.399253][ T391] RAX: ffffffff81dd811f RBX: 0000000000000000 RCX: ffff888106582780 [ 26.407207][ T391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.415256][ T391] RBP: ffffc9000095f0b0 R08: ffffffff81dd7fa8 R09: ffffed10234ef843 [ 26.423213][ T391] R10: ffffed10234ef843 R11: 1ffff110234ef842 R12: 0000000000000000 [ 26.431164][ T391] R13: ffffc9000095f3b4 R14: 0000000000000000 R15: 1ffff9200012be77 [ 26.439150][ T391] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.448097][ T391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.454662][ T391] CR2: 00000000200090bf CR3: 000000000620f000 CR4: 00000000003506a0 [ 26.462620][ T391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.470577][ T391] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.478535][ T391] Call Trace: [ 26.481833][ T391] ext4_writepages+0x15e9/0x3710 [ 26.486757][ T391] ? __find_get_block+0x9fa/0xbb0 [ 26.491888][ T391] ? ext4_readpage+0x220/0x220 [ 26.496631][ T391] ? __getblk_gfp+0x3c/0x2a0 [ 26.501202][ T391] ? __ext4_get_inode_loc+0x44c/0xd20 [ 26.506556][ T391] ? enqueue_task_fair+0x363/0x11c0 [ 26.512101][ T391] ? __kasan_check_write+0x14/0x20 [ 26.517227][ T391] ? __brelse+0x5a/0xa0 [ 26.521367][ T391] ? ext4_readpage+0x220/0x220 [ 26.526114][ T391] do_writepages+0x13a/0x280 [ 26.530704][ T391] ? ext4_iget_extra_inode+0x230/0x230 [ 26.536152][ T391] ? __writepage+0x130/0x130 [ 26.540726][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 26.545469][ T391] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 26.550839][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 26.555599][ T391] ? __kasan_check_write+0x14/0x20 [ 26.560691][ T391] ? _raw_spin_lock+0xa3/0x1b0 [ 26.565563][ T391] ? __kasan_check_write+0x14/0x20 [ 26.570667][ T391] __writeback_single_inode+0xb8/0x6e0 [ 26.576115][ T391] writeback_sb_inodes+0x999/0x1700 [ 26.581381][ T391] ? queue_io+0x500/0x500 [ 26.585690][ T391] ? writeback_sb_inodes+0x1700/0x1700 [ 26.591129][ T391] ? queue_io+0x3c7/0x500 [ 26.595458][ T391] wb_writeback+0x42f/0xc20 [ 26.600036][ T391] ? wb_io_lists_depopulated+0x180/0x180 [ 26.605687][ T391] ? widen_string+0x41/0x3a0 [ 26.610283][ T391] ? __kasan_check_write+0x14/0x20 [ 26.615373][ T391] wb_do_writeback+0x222/0xbd0 [ 26.620114][ T391] ? wb_workfn+0x3f0/0x3f0 [ 26.624516][ T391] ? compat_start_thread+0x80/0x80 [ 26.629605][ T391] ? set_worker_desc+0x158/0x1c0 [ 26.634520][ T391] ? work_busy+0x250/0x250 [ 26.638918][ T391] ? finish_task_switch+0x130/0x580 [ 26.644090][ T391] ? __switch_to_asm+0x34/0x60 [ 26.648831][ T391] ? kthread_data+0x52/0xc0 [ 26.653312][ T391] wb_workfn+0xf8/0x3f0 [ 26.657449][ T391] process_one_work+0x726/0xc10 [ 26.662280][ T391] worker_thread+0xb27/0x1550 [ 26.666940][ T391] ? __kthread_parkme+0xba/0x1d0 [ 26.671867][ T391] kthread+0x349/0x3d0 [ 26.675918][ T391] ? worker_clr_flags+0x180/0x180 [ 26.680927][ T391] ? kthread_blkcg+0xd0/0xd0 [ 26.685498][ T391] ret_from_fork+0x1f/0x30 [ 26.689889][ T391] Modules linked in: [ 26.693861][ T391] ---[ end trace 86d91fab0311305b ]--- [ 26.699474][ T391] RIP: 0010:mpage_map_one_extent+0x5df/0x680 [ 26.705435][ T391] Code: f6 48 0f a3 05 62 7b c1 04 0f 92 c3 40 0f 92 c6 31 ff e8 b4 a3 8f ff 84 db 75 11 e8 9b a0 8f ff e9 74 fa ff ff e8 91 a0 8f ff <0f> 0b 65 ff 05 64 ec 24 7e 48 c7 c0 68 cf 9c 86 48 c1 e8 03 42 80 [ 26.725094][ T391] RSP: 0018:ffffc9000095f068 EFLAGS: 00010293 [ 26.731175][ T391] RAX: ffffffff81dd811f RBX: 0000000000000000 RCX: ffff888106582780 [ 26.739163][ T391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.747146][ T391] RBP: ffffc9000095f0b0 R08: ffffffff81dd7fa8 R09: ffffed10234ef843 [ 26.755134][ T391] R10: ffffed10234ef843 R11: 1ffff110234ef842 R12: 0000000000000000 [ 26.763118][ T391] R13: ffffc9000095f3b4 R14: 0000000000000000 R15: 1ffff9200012be77 [ 26.771108][ T391] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.780053][ T391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.786628][ T391] CR2: 00000000200090bf CR3: 000000000620f000 CR4: 00000000003506a0 [ 26.794632][ T391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.802617][ T391] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.810612][ T391] Kernel panic - not syncing: Fatal exception [ 26.816852][ T391] Kernel Offset: disabled [ 26.821171][ T391] Rebooting in 86400 seconds..