Warning: Permanently added '10.128.0.114' (ED25519) to the list of known hosts. executing program [ 39.445382][ T6440] loop0: detected capacity change from 0 to 1024 [ 39.447716][ T6440] ======================================================= [ 39.447716][ T6440] WARNING: The mand mount option has been deprecated and [ 39.447716][ T6440] and is ignored by this kernel. Remove the mand [ 39.447716][ T6440] option from the mount to silence this warning. [ 39.447716][ T6440] ======================================================= [ 39.483002][ T6440] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.505706][ T6440] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4115: comm syz-executor307: Allocating blocks 497-513 which overlap fs metadata [ 39.511097][ T6440] EXT4-fs (loop0): pa 000000006c4ad6df: logic 128, phys. 385, len 8 [ 39.513072][ T6440] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5366: group 0, free 0, pa_free 1 [ 39.522061][ T286] ================================================================== [ 39.523874][ T286] BUG: KASAN: use-after-free in ext4_find_extent+0x94c/0xb0c [ 39.525519][ T286] Read of size 4 at addr ffff0000e0763038 by task kworker/u8:4/286 [ 39.527234][ T286] [ 39.527717][ T286] CPU: 1 UID: 0 PID: 286 Comm: kworker/u8:4 Not tainted 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 39.527731][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 39.527740][ T286] Workqueue: writeback wb_workfn (flush-7:0) [ 39.527758][ T286] Call trace: [ 39.527761][ T286] show_stack+0x2c/0x3c (C) [ 39.527778][ T286] dump_stack_lvl+0xe4/0x150 [ 39.527792][ T286] print_report+0x198/0x538 [ 39.527804][ T286] kasan_report+0xd8/0x138 [ 39.527815][ T286] __asan_report_load4_noabort+0x20/0x2c [ 39.527828][ T286] ext4_find_extent+0x94c/0xb0c [ 39.527841][ T286] ext4_ext_map_blocks+0x2b0/0x6600 [ 39.527855][ T286] ext4_map_blocks+0x710/0x15d0 [ 39.527870][ T286] ext4_do_writepages+0x195c/0x318c [ 39.527883][ T286] ext4_writepages+0x198/0x308 [ 39.527896][ T286] do_writepages+0x304/0x7d0 [ 39.527909][ T286] __writeback_single_inode+0x15c/0x15a4 [ 39.527922][ T286] writeback_sb_inodes+0x650/0x1088 [ 39.527934][ T286] wb_writeback+0x3e0/0xe9c [ 39.527945][ T286] wb_workfn+0x38c/0x1048 [ 39.527956][ T286] process_one_work+0x810/0x1638 [ 39.527968][ T286] worker_thread+0x97c/0xeec [ 39.527980][ T286] kthread+0x65c/0x7b0 [ 39.527991][ T286] ret_from_fork+0x10/0x20 [ 39.528003][ T286] [ 39.555098][ T286] The buggy address belongs to the physical page: [ 39.556689][ T286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120763 [ 39.558885][ T286] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 39.560578][ T286] raw: 05ffc00000000000 fffffdffc381d908 fffffdffc381d888 0000000000000000 [ 39.562589][ T286] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 39.564546][ T286] page dumped because: kasan: bad access detected [ 39.566072][ T286] [ 39.566603][ T286] Memory state around the buggy address: [ 39.567954][ T286] ffff0000e0762f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.569782][ T286] ffff0000e0762f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.571631][ T286] >ffff0000e0763000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.573469][ T286] ^ [ 39.574807][ T286] ffff0000e0763080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.576690][ T286] ffff0000e0763100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.578575][ T286] ================================================================== [ 39.580617][ T286] Disabling lock debugging due to kernel taint [ 39.584604][ T6440] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.