Warning: Permanently added '10.128.0.57' (ED25519) to the list of known hosts.
executing program
[   44.567311][ T3498] loop0: detected capacity change from 0 to 512
[   44.603606][ T3498] EXT4-fs (loop0): 1 orphan inode deleted
[   44.612126][ T3498] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   44.632273][ T3498] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff)
[   44.665333][   T26] audit: type=1800 audit(1689777967.399:2): pid=3498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor345" name="bus" dev="loop0" ino=16 res=0 errno=0
[   44.698687][   T26] audit: type=1800 audit(1689777967.399:3): pid=3498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor345" name="bus" dev="loop0" ino=16 res=0 errno=0
[   44.768012][  T155] ==================================================================
[   44.780946][  T155] BUG: KASAN: use-after-free in ext4_find_extent+0xbc4/0xdd0
[   44.793778][  T155] Read of size 4 at addr ffff888071d98064 by task kworker/u4:3/155
[   44.807946][  T155] 
[   44.812427][  T155] CPU: 1 PID: 155 Comm: kworker/u4:3 Not tainted 5.15.120-syzkaller #0
[   44.822941][  T155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   44.838400][  T155] Workqueue: writeback wb_workfn (flush-7:0)
[   44.850809][  T155] Call Trace:
[   44.859126][  T155]  <TASK>
[   44.864642][  T155]  dump_stack_lvl+0x1e3/0x2cb
[   44.873259][  T155]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   44.879995][  T155]  ? _printk+0xd1/0x111
[   44.884859][  T155]  ? __wake_up_klogd+0xcc/0x100
[   44.892527][  T155]  ? panic+0x84d/0x84d
[   44.899242][  T155]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   44.905581][  T155]  print_address_description+0x63/0x3b0
[   44.917402][  T155]  ? ext4_find_extent+0xbc4/0xdd0
[   44.928018][  T155]  kasan_report+0x16b/0x1c0
[   44.938669][  T155]  ? ext4_find_extent+0xbc4/0xdd0
[   44.952489][  T155]  ext4_find_extent+0xbc4/0xdd0
[   44.962730][  T155]  ext4_ext_map_blocks+0x2ca/0x7220
[   44.971020][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   44.978715][  T155]  ? ext4_ext_release+0x10/0x10
[   44.985289][  T155]  ? read_lock_is_recursive+0x10/0x10
[   44.993533][  T155]  ? __might_sleep+0xc0/0xc0
[   45.001170][  T155]  ? wb_workfn+0x46c/0x1130
[   45.007285][  T155]  ? __lock_acquire+0x1ff0/0x1ff0
[   45.014995][  T155]  ? ret_from_fork+0x1f/0x30
[   45.022766][  T155]  ? ext4_es_lookup_extent+0x621/0xa40
[   45.030965][  T155]  ext4_map_blocks+0xaad/0x1e30
[   45.037645][  T155]  ? ext4_issue_zeroout+0x250/0x250
[   45.046292][  T155]  ? ext4_inode_journal_mode+0x187/0x460
[   45.052678][  T155]  ext4_writepages+0x160e/0x3d10
[   45.058325][  T155]  ? validate_chain+0x112/0x58b0
[   45.066988][  T155]  ? ext4_readpage+0x300/0x300
[   45.076644][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   45.084970][  T155]  ? mark_lock+0x98/0x340
[   45.091033][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   45.101163][  T155]  ? ext4_readpage+0x300/0x300
[   45.109061][  T155]  do_writepages+0x481/0x730
[   45.117638][  T155]  ? __writepage+0x120/0x120
[   45.125191][  T155]  ? wbc_attach_and_unlock_inode+0x3a4/0x600
[   45.140160][  T155]  ? __lock_acquire+0x1ff0/0x1ff0
[   45.155714][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   45.163254][  T155]  __writeback_single_inode+0x15b/0xe30
[   45.176299][  T155]  writeback_sb_inodes+0xbf0/0x1a50
[   45.183655][  T155]  ? queue_io+0x560/0x560
[   45.189372][  T155]  ? __writeback_inodes_wb+0x400/0x400
[   45.196887][  T155]  ? queue_io+0x3d3/0x560
[   45.202821][  T155]  wb_writeback+0x451/0xc50
[   45.209309][  T155]  ? rcu_lock_release+0x20/0x20
[   45.217849][  T155]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   45.227070][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   45.236770][  T155]  wb_workfn+0x46c/0x1130
[   45.242214][  T155]  ? mark_lock+0x98/0x340
[   45.250808][  T155]  ? inode_wait_for_writeback+0x280/0x280
[   45.260646][  T155]  ? read_lock_is_recursive+0x10/0x10
[   45.269155][  T155]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   45.278829][  T155]  ? print_irqtrace_events+0x210/0x210
[   45.286372][  T155]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   45.293105][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   45.299364][  T155]  process_one_work+0x8a1/0x10c0
[   45.305985][  T155]  ? worker_detach_from_pool+0x260/0x260
[   45.318773][  T155]  ? _raw_spin_lock_irqsave+0x120/0x120
[   45.328919][  T155]  ? kthread_data+0x4e/0xc0
[   45.336076][  T155]  ? wq_worker_running+0x97/0x170
[   45.343521][  T155]  worker_thread+0xaca/0x1280
[   45.349557][  T155]  kthread+0x3f6/0x4f0
[   45.355131][  T155]  ? rcu_lock_release+0x20/0x20
[   45.360542][  T155]  ? kthread_blkcg+0xd0/0xd0
[   45.366463][  T155]  ret_from_fork+0x1f/0x30
[   45.372447][  T155]  </TASK>
[   45.376982][  T155] 
[   45.379730][  T155] The buggy address belongs to the page:
[   45.386537][  T155] page:ffffea0001c76600 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x71d98
[   45.400904][  T155] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   45.408624][  T155] raw: 00fff00000000000 ffffea0001c76648 ffffea0001c765c8 0000000000000000
[   45.418902][  T155] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   45.428285][  T155] page dumped because: kasan: bad access detected
[   45.438006][  T155] page_owner tracks the page as freed
[   45.443908][  T155] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3414, ts 37148103316, free_ts 37183785526
[   45.462171][  T155]  get_page_from_freelist+0x322a/0x33c0
[   45.467882][  T155]  __alloc_pages+0x272/0x700
[   45.473226][  T155]  alloc_pages_vma+0x39a/0x800
[   45.479166][  T155]  handle_mm_fault+0x2f49/0x5950
[   45.484958][  T155]  exc_page_fault+0x271/0x740
[   45.490246][  T155]  asm_exc_page_fault+0x22/0x30
[   45.495565][  T155] page last free stack trace:
[   45.500442][  T155]  free_unref_page_prepare+0xc34/0xcf0
[   45.506000][  T155]  free_unref_page_list+0x1f7/0x8e0
[   45.511648][  T155]  release_pages+0x1bb9/0x1f40
[   45.518590][  T155]  tlb_finish_mmu+0x177/0x320
[   45.523741][  T155]  exit_mmap+0x3cd/0x670
[   45.528671][  T155]  __mmput+0x112/0x3b0
[   45.533233][  T155]  exit_mm+0x688/0x7f0
[   45.537330][  T155]  do_exit+0x626/0x2480
[   45.541663][  T155]  do_group_exit+0x144/0x310
[   45.546640][  T155]  __x64_sys_exit_group+0x3b/0x40
[   45.551751][  T155]  do_syscall_64+0x3d/0xb0
[   45.556179][  T155]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   45.563020][  T155] 
[   45.565374][  T155] Memory state around the buggy address:
[   45.571778][  T155]  ffff888071d97f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.581251][  T155]  ffff888071d97f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.589931][  T155] >ffff888071d98000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.599256][  T155]                                                        ^
[   45.607247][  T155]  ffff888071d98080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.616601][  T155]  ffff888071d98100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.631777][  T155] ==================================================================
[   45.641556][  T155] Disabling lock debugging due to kernel taint
[   45.650363][  T155] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   45.659057][  T155] CPU: 1 PID: 155 Comm: kworker/u4:3 Tainted: G    B             5.15.120-syzkaller #0
[   45.668913][  T155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   45.681328][  T155] Workqueue: writeback wb_workfn (flush-7:0)
[   45.688432][  T155] Call Trace:
[   45.692168][  T155]  <TASK>
[   45.695274][  T155]  dump_stack_lvl+0x1e3/0x2cb
[   45.700603][  T155]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   45.707050][  T155]  ? panic+0x84d/0x84d
[   45.712531][  T155]  ? preempt_schedule_common+0xa6/0xd0
[   45.719139][  T155]  ? preempt_schedule+0xd9/0xe0
[   45.727246][  T155]  panic+0x318/0x84d
[   45.734974][  T155]  ? check_panic_on_warn+0x1d/0xa0
[   45.741317][  T155]  ? fb_is_primary_device+0xcc/0xcc
[   45.748366][  T155]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   45.754879][  T155]  ? _raw_spin_unlock+0x40/0x40
[   45.759847][  T155]  ? print_memory_metadata+0xe2/0x140
[   45.765567][  T155]  check_panic_on_warn+0x7e/0xa0
[   45.773013][  T155]  ? ext4_find_extent+0xbc4/0xdd0
[   45.779382][  T155]  end_report+0x6d/0xf0
[   45.784568][  T155]  kasan_report+0x18e/0x1c0
[   45.790690][  T155]  ? ext4_find_extent+0xbc4/0xdd0
[   45.797679][  T155]  ext4_find_extent+0xbc4/0xdd0
[   45.804324][  T155]  ext4_ext_map_blocks+0x2ca/0x7220
[   45.815886][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   45.824630][  T155]  ? ext4_ext_release+0x10/0x10
[   45.833687][  T155]  ? read_lock_is_recursive+0x10/0x10
[   45.842737][  T155]  ? __might_sleep+0xc0/0xc0
[   45.851112][  T155]  ? wb_workfn+0x46c/0x1130
[   45.860117][  T155]  ? __lock_acquire+0x1ff0/0x1ff0
[   45.878248][  T155]  ? ret_from_fork+0x1f/0x30
[   45.894754][  T155]  ? ext4_es_lookup_extent+0x621/0xa40
[   45.906406][  T155]  ext4_map_blocks+0xaad/0x1e30
[   45.918702][  T155]  ? ext4_issue_zeroout+0x250/0x250
[   45.925639][  T155]  ? ext4_inode_journal_mode+0x187/0x460
[   45.936647][  T155]  ext4_writepages+0x160e/0x3d10
[   45.947421][  T155]  ? validate_chain+0x112/0x58b0
[   45.956427][  T155]  ? ext4_readpage+0x300/0x300
[   45.962651][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   45.967971][  T155]  ? mark_lock+0x98/0x340
[   45.973311][  T155]  ? __lock_acquire+0x1295/0x1ff0
[   45.982320][  T155]  ? ext4_readpage+0x300/0x300
[   45.988809][  T155]  do_writepages+0x481/0x730
[   45.994689][  T155]  ? __writepage+0x120/0x120
[   46.000801][  T155]  ? wbc_attach_and_unlock_inode+0x3a4/0x600
[   46.010355][  T155]  ? __lock_acquire+0x1ff0/0x1ff0
[   46.019900][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   46.032735][  T155]  __writeback_single_inode+0x15b/0xe30
[   46.044715][  T155]  writeback_sb_inodes+0xbf0/0x1a50
[   46.056464][  T155]  ? queue_io+0x560/0x560
[   46.065186][  T155]  ? __writeback_inodes_wb+0x400/0x400
[   46.075952][  T155]  ? queue_io+0x3d3/0x560
[   46.083349][  T155]  wb_writeback+0x451/0xc50
[   46.091283][  T155]  ? rcu_lock_release+0x20/0x20
[   46.100343][  T155]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   46.112017][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   46.131268][  T155]  wb_workfn+0x46c/0x1130
[   46.139349][  T155]  ? mark_lock+0x98/0x340
[   46.147760][  T155]  ? inode_wait_for_writeback+0x280/0x280
[   46.157729][  T155]  ? read_lock_is_recursive+0x10/0x10
[   46.164389][  T155]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   46.175349][  T155]  ? print_irqtrace_events+0x210/0x210
[   46.182034][  T155]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   46.193584][  T155]  ? do_raw_spin_unlock+0x137/0x8b0
[   46.202152][  T155]  process_one_work+0x8a1/0x10c0
[   46.209726][  T155]  ? worker_detach_from_pool+0x260/0x260
[   46.218972][  T155]  ? _raw_spin_lock_irqsave+0x120/0x120
[   46.227941][  T155]  ? kthread_data+0x4e/0xc0
[   46.236201][  T155]  ? wq_worker_running+0x97/0x170
[   46.243922][  T155]  worker_thread+0xaca/0x1280
[   46.249702][  T155]  kthread+0x3f6/0x4f0
[   46.254535][  T155]  ? rcu_lock_release+0x20/0x20
[   46.261064][  T155]  ? kthread_blkcg+0xd0/0xd0
[   46.266628][  T155]  ret_from_fork+0x1f/0x30
[   46.272585][  T155]  </TASK>
[   46.276704][  T155] Kernel Offset: disabled
[   46.281772][  T155] Rebooting in 86400 seconds..