Warning: Permanently added '10.128.0.127' (ED25519) to the list of known hosts.
executing program
[ 50.441518][ T3550] loop0: detected capacity change from 0 to 512
[ 50.476868][ T3550] EXT4-fs (loop0): 1 orphan inode deleted
[ 50.482676][ T3550] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 50.493048][ T3550] ext4 filesystem being mounted at /root/file1 supports timestamps until 2038 (0x7fffffff)
[ 50.514335][ T27] audit: type=1800 audit(1695082030.581:2): pid=3550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor200" name="bus" dev="loop0" ino=16 res=0 errno=0
[ 50.535117][ T27] audit: type=1800 audit(1695082030.581:3): pid=3550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor200" name="bus" dev="loop0" ino=16 res=0 errno=0
[ 50.564892][ T3550] ==================================================================
[ 50.572944][ T3550] BUG: KASAN: use-after-free in ext4_find_extent+0xbc4/0xdd0
[ 50.580304][ T3550] Read of size 4 at addr ffff8880719ce89c by task syz-executor200/3550
[ 50.588513][ T3550]
[ 50.590818][ T3550] CPU: 0 PID: 3550 Comm: syz-executor200 Not tainted 6.1.53-syzkaller #0
[ 50.599204][ T3550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 50.609235][ T3550] Call Trace:
[ 50.612493][ T3550]
[ 50.615404][ T3550] dump_stack_lvl+0x1e3/0x2cb
[ 50.620070][ T3550] ? nf_tcp_handle_invalid+0x642/0x642
[ 50.625505][ T3550] ? panic+0x75d/0x75d
[ 50.629555][ T3550] ? _printk+0xd1/0x111
[ 50.633704][ T3550] ? _raw_spin_lock_irqsave+0xac/0x120
[ 50.639145][ T3550] print_report+0x15f/0x4f0
[ 50.643627][ T3550] ? __getblk_gfp+0x50/0xa20
[ 50.648194][ T3550] ? __virt_addr_valid+0x22b/0x2e0
[ 50.653286][ T3550] ? __phys_addr+0xb6/0x170
[ 50.657766][ T3550] ? ext4_find_extent+0xbc4/0xdd0
[ 50.662765][ T3550] kasan_report+0x136/0x160
[ 50.667246][ T3550] ? ext4_find_extent+0xbc4/0xdd0
[ 50.672249][ T3550] ext4_find_extent+0xbc4/0xdd0
[ 50.677080][ T3550] ext4_ext_map_blocks+0x309/0x77c0
[ 50.682269][ T3550] ? mark_lock+0x9a/0x340
[ 50.686593][ T3550] ? ext4_ext_release+0x10/0x10
[ 50.691428][ T3550] ? ext4_es_lookup_extent+0x44a/0xb70
[ 50.696868][ T3550] ext4_map_blocks+0xa3c/0x1ca0
[ 50.701706][ T3550] ? ext4_issue_zeroout+0x250/0x250
[ 50.706887][ T3550] ? create_page_buffers+0x1d2/0x4b0
[ 50.712149][ T3550] ? __rwlock_init+0x140/0x140
[ 50.716892][ T3550] _ext4_get_block+0x23b/0x660
[ 50.721643][ T3550] ? ext4_get_block+0x40/0x40
[ 50.726304][ T3550] ? create_page_buffers+0x24e/0x4b0
[ 50.731569][ T3550] __block_write_begin_int+0x544/0x1a30
[ 50.737101][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 50.742105][ T3550] ? page_zero_new_buffers+0x650/0x650
[ 50.747559][ T3550] block_page_mkwrite+0x2f5/0x610
[ 50.752562][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 50.757567][ T3550] ext4_page_mkwrite+0x3b5/0x10d0
[ 50.762571][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 50.767575][ T3550] ? __lock_acquire+0x1f80/0x1f80
[ 50.772580][ T3550] ? ext4_change_inode_journal_flag+0x6e0/0x6e0
[ 50.778800][ T3550] ? do_raw_spin_lock+0x14a/0x370
[ 50.783805][ T3550] do_page_mkwrite+0x1a1/0x5f0
[ 50.788547][ T3550] wp_page_shared+0x164/0x380
[ 50.793203][ T3550] handle_mm_fault+0x2522/0x5330
[ 50.798124][ T3550] ? numa_migrate_prep+0x250/0x250
[ 50.803217][ T3550] ? lock_mm_and_find_vma+0xae/0x2e0
[ 50.808479][ T3550] exc_page_fault+0x26f/0x660
[ 50.813138][ T3550] asm_exc_page_fault+0x22/0x30
[ 50.817964][ T3550] RIP: 0033:0x7f59b6bdc60e
[ 50.822366][ T3550] Code: 73 00 e9 e3 f7 ff ff 66 c7 04 25 00 01 00 20 2e 00 e9 05 f8 ff ff b8 00 36 00 20 48 8d 35 d2 c3 09 00 b9 25 00 00 00 48 89 c7 48 a5 0f b6 06 88 07 e9 15 f8 ff ff 50 b9 00 36 00 20 ba ac 04
[ 50.841961][ T3550] RSP: 002b:00007ffec645e0f0 EFLAGS: 00010246
[ 50.848009][ T3550] RAX: 0000000020003600 RBX: 0000000000000000 RCX: 0000000000000025
[ 50.855960][ T3550] RDX: 72f620fbd449874d RSI: 00007f59b6c789d8 RDI: 0000000020003600
[ 50.863936][ T3550] RBP: 0000000000000000 R08: 00007ffec645e1e0 R09: 00007ffec645e1e0
[ 50.871887][ T3550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec645e1e0
[ 50.879839][ T3550] R13: 00007ffec645e2c0 R14: 431bde82d7b634db R15: 00007f59b6c5901d
[ 50.887793][ T3550]
[ 50.890790][ T3550]
[ 50.893094][ T3550] The buggy address belongs to the physical page:
[ 50.899475][ T3550] page:ffffea0001c67380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x719ce
[ 50.909613][ T3550] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 50.916707][ T3550] raw: 00fff00000000000 ffffea0001cb7848 ffffea0001c0c308 0000000000000000
[ 50.925292][ T3550] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 50.933849][ T3550] page dumped because: kasan: bad access detected
[ 50.940234][ T3550] page_owner tracks the page as freed
[ 50.945576][ T3550] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3549, tgid 3549 (sshd), ts 50396160614, free_ts 50435179925
[ 50.962564][ T3550] post_alloc_hook+0x18d/0x1b0
[ 50.967303][ T3550] get_page_from_freelist+0x32ed/0x3480
[ 50.972824][ T3550] __alloc_pages+0x28d/0x770
[ 50.977388][ T3550] __folio_alloc+0xf/0x30
[ 50.981691][ T3550] vma_alloc_folio+0x486/0x990
[ 50.986426][ T3550] wp_page_copy+0x292/0x17d0
[ 50.990991][ T3550] handle_mm_fault+0x2522/0x5330
[ 50.995902][ T3550] exc_page_fault+0x26f/0x660
[ 51.000567][ T3550] asm_exc_page_fault+0x22/0x30
[ 51.005401][ T3550] page last free stack trace:
[ 51.010052][ T3550] free_unref_page_prepare+0xf63/0x1120
[ 51.015573][ T3550] free_unref_page_list+0x107/0x810
[ 51.020749][ T3550] release_pages+0x2836/0x2b40
[ 51.025496][ T3550] folio_batch_move_lru+0x5ed/0x720
[ 51.030676][ T3550] lru_add_drain_cpu+0x10a/0x610
[ 51.035595][ T3550] lru_add_drain+0x79/0x140
[ 51.040079][ T3550] unmap_region+0xa2/0x2f0
[ 51.044477][ T3550] do_mas_align_munmap+0xe93/0x15c0
[ 51.049657][ T3550] __se_sys_brk+0x7fe/0xbd0
[ 51.054140][ T3550] do_syscall_64+0x3d/0xb0
[ 51.058532][ T3550] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.064399][ T3550]
[ 51.066701][ T3550] Memory state around the buggy address:
[ 51.072304][ T3550] ffff8880719ce780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.080339][ T3550] ffff8880719ce800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.088376][ T3550] >ffff8880719ce880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.096407][ T3550] ^
[ 51.101227][ T3550] ffff8880719ce900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.109259][ T3550] ffff8880719ce980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 51.117295][ T3550] ==================================================================
[ 51.129672][ T3550] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 51.136870][ T3550] CPU: 1 PID: 3550 Comm: syz-executor200 Not tainted 6.1.53-syzkaller #0
[ 51.145259][ T3550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 51.155290][ T3550] Call Trace:
[ 51.158551][ T3550]
[ 51.161466][ T3550] dump_stack_lvl+0x1e3/0x2cb
[ 51.166125][ T3550] ? nf_tcp_handle_invalid+0x642/0x642
[ 51.171571][ T3550] ? panic+0x75d/0x75d
[ 51.175635][ T3550] ? preempt_schedule_common+0xa6/0xd0
[ 51.181076][ T3550] ? vscnprintf+0x59/0x80
[ 51.185385][ T3550] panic+0x318/0x75d
[ 51.189264][ T3550] ? check_panic_on_warn+0x1d/0xa0
[ 51.194355][ T3550] ? memcpy_page_flushcache+0xfc/0xfc
[ 51.199710][ T3550] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 51.205671][ T3550] ? _raw_spin_unlock+0x40/0x40
[ 51.210524][ T3550] check_panic_on_warn+0x7e/0xa0
[ 51.215448][ T3550] ? ext4_find_extent+0xbc4/0xdd0
[ 51.220453][ T3550] end_report+0x66/0x110
[ 51.224675][ T3550] kasan_report+0x143/0x160
[ 51.229154][ T3550] ? ext4_find_extent+0xbc4/0xdd0
[ 51.234159][ T3550] ext4_find_extent+0xbc4/0xdd0
[ 51.238990][ T3550] ext4_ext_map_blocks+0x309/0x77c0
[ 51.244168][ T3550] ? mark_lock+0x9a/0x340
[ 51.248479][ T3550] ? ext4_ext_release+0x10/0x10
[ 51.253332][ T3550] ? ext4_es_lookup_extent+0x44a/0xb70
[ 51.258773][ T3550] ext4_map_blocks+0xa3c/0x1ca0
[ 51.263614][ T3550] ? ext4_issue_zeroout+0x250/0x250
[ 51.268794][ T3550] ? create_page_buffers+0x1d2/0x4b0
[ 51.274058][ T3550] ? __rwlock_init+0x140/0x140
[ 51.278803][ T3550] _ext4_get_block+0x23b/0x660
[ 51.283558][ T3550] ? ext4_get_block+0x40/0x40
[ 51.288219][ T3550] ? create_page_buffers+0x24e/0x4b0
[ 51.293491][ T3550] __block_write_begin_int+0x544/0x1a30
[ 51.299024][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 51.304040][ T3550] ? page_zero_new_buffers+0x650/0x650
[ 51.309483][ T3550] block_page_mkwrite+0x2f5/0x610
[ 51.314488][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 51.319585][ T3550] ext4_page_mkwrite+0x3b5/0x10d0
[ 51.324598][ T3550] ? ext4_es_is_delayed+0x40/0x40
[ 51.329622][ T3550] ? __lock_acquire+0x1f80/0x1f80
[ 51.334625][ T3550] ? ext4_change_inode_journal_flag+0x6e0/0x6e0
[ 51.340843][ T3550] ? do_raw_spin_lock+0x14a/0x370
[ 51.345851][ T3550] do_page_mkwrite+0x1a1/0x5f0
[ 51.350599][ T3550] wp_page_shared+0x164/0x380
[ 51.355259][ T3550] handle_mm_fault+0x2522/0x5330
[ 51.360182][ T3550] ? numa_migrate_prep+0x250/0x250
[ 51.365281][ T3550] ? lock_mm_and_find_vma+0xae/0x2e0
[ 51.370549][ T3550] exc_page_fault+0x26f/0x660
[ 51.375214][ T3550] asm_exc_page_fault+0x22/0x30
[ 51.380057][ T3550] RIP: 0033:0x7f59b6bdc60e
[ 51.384451][ T3550] Code: 73 00 e9 e3 f7 ff ff 66 c7 04 25 00 01 00 20 2e 00 e9 05 f8 ff ff b8 00 36 00 20 48 8d 35 d2 c3 09 00 b9 25 00 00 00 48 89 c7 48 a5 0f b6 06 88 07 e9 15 f8 ff ff 50 b9 00 36 00 20 ba ac 04
[ 51.404036][ T3550] RSP: 002b:00007ffec645e0f0 EFLAGS: 00010246
[ 51.410081][ T3550] RAX: 0000000020003600 RBX: 0000000000000000 RCX: 0000000000000025
[ 51.418031][ T3550] RDX: 72f620fbd449874d RSI: 00007f59b6c789d8 RDI: 0000000020003600
[ 51.426000][ T3550] RBP: 0000000000000000 R08: 00007ffec645e1e0 R09: 00007ffec645e1e0
[ 51.433951][ T3550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec645e1e0
[ 51.441908][ T3550] R13: 00007ffec645e2c0 R14: 431bde82d7b634db R15: 00007f59b6c5901d
[ 51.449860][ T3550]
[ 51.453098][ T3550] Kernel Offset: disabled
[ 51.457406][ T3550] Rebooting in 86400 seconds..