Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts.
executing program
[  104.831456][ T3500] loop0: detected capacity change from 0 to 512
[  104.859083][ T3500] EXT4-fs (loop0): 1 orphan inode deleted
[  104.864975][ T3500] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x000000000000c202,usrquota,. Quota mode: writeback.
[  104.887468][ T3500] ext4 filesystem being mounted at /root/syzkaller.5YOb4T/0/file1 supports timestamps until 2038 (0x7fffffff)
[  104.904327][   T25] audit: type=1800 audit(1692074992.891:2): pid=3500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor373" name="bus" dev="loop0" ino=16 res=0 errno=0
[  104.925053][   T25] audit: type=1800 audit(1692074992.891:3): pid=3500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor373" name="bus" dev="loop0" ino=16 res=0 errno=0
[  104.955840][ T3500] EXT4-fs error (device loop0): ext4_map_blocks:715: inode #16: block 3: comm syz-executor373: lblock 3 mapped to illegal pblock 3 (length 1)
[  104.971857][ T3500] EXT4-fs (loop0): Remounting filesystem read-only
[  104.979233][ T3500] EXT4-fs error (device loop0): ext4_remount:5846: comm syz-executor373: Abort forced by user
executing program
[  105.086835][ T3504] loop0: detected capacity change from 0 to 512
[  105.107598][ T3504] EXT4-fs (loop0): 1 orphan inode deleted
[  105.113445][ T3504] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,grpquota,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x000000000000c202,usrquota,. Quota mode: writeback.
[  105.136048][ T3504] ext4 filesystem being mounted at /root/syzkaller.5YOb4T/1/file1 supports timestamps until 2038 (0x7fffffff)
[  105.149879][   T25] audit: type=1800 audit(1692074993.141:4): pid=3504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor373" name="bus" dev="loop0" ino=16 res=0 errno=0
[  105.174844][   T25] audit: type=1800 audit(1692074993.141:5): pid=3504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor373" name="bus" dev="loop0" ino=16 res=0 errno=0
[  105.203493][ T3504] ==================================================================
[  105.211863][ T3504] BUG: KASAN: use-after-free in ext4_find_extent+0xbc4/0xdd0
[  105.219259][ T3504] Read of size 4 at addr ffff8880727dd070 by task syz-executor373/3504
[  105.227631][ T3504] 
[  105.229959][ T3504] CPU: 0 PID: 3504 Comm: syz-executor373 Not tainted 5.15.126-syzkaller #0
[  105.238534][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  105.248669][ T3504] Call Trace:
[  105.252164][ T3504]  <TASK>
[  105.255090][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[  105.259768][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  105.265394][ T3504]  ? _printk+0xd1/0x111
[  105.269548][ T3504]  ? __wake_up_klogd+0xcc/0x100
[  105.274391][ T3504]  ? panic+0x84d/0x84d
[  105.278456][ T3504]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  105.283939][ T3504]  print_address_description+0x63/0x3b0
[  105.289484][ T3504]  ? ext4_find_extent+0xbc4/0xdd0
[  105.294522][ T3504]  kasan_report+0x16b/0x1c0
[  105.299020][ T3504]  ? ext4_find_extent+0xbc4/0xdd0
[  105.304041][ T3504]  ext4_find_extent+0xbc4/0xdd0
[  105.308901][ T3504]  ext4_ext_map_blocks+0x2ca/0x7220
[  105.314096][ T3504]  ? __lock_acquire+0x1295/0x1ff0
[  105.319302][ T3504]  ? ext4_ext_release+0x10/0x10
[  105.324147][ T3504]  ? read_lock_is_recursive+0x10/0x10
[  105.329955][ T3504]  ? __might_sleep+0xc0/0xc0
[  105.334627][ T3504]  ? alloc_buffer_head+0x20/0xf0
[  105.339656][ T3504]  ? __lock_acquire+0x1ff0/0x1ff0
[  105.344676][ T3504]  ? __block_write_begin_int+0x24c/0x1650
[  105.350412][ T3504]  ? ext4_page_mkwrite+0x3e9/0x1290
[  105.355607][ T3504]  ? wp_page_shared+0x179/0x690
[  105.360803][ T3504]  ? exc_page_fault+0x271/0x740
[  105.365743][ T3504]  ? ext4_es_lookup_extent+0x621/0xa40
[  105.371286][ T3504]  ext4_map_blocks+0xaad/0x1e00
[  105.376237][ T3504]  ? ext4_issue_zeroout+0x250/0x250
[  105.381451][ T3504]  ? create_page_buffers+0x1d4/0x330
[  105.386734][ T3504]  _ext4_get_block+0x23b/0x660
[  105.391543][ T3504]  ? ext4_get_block+0x40/0x40
[  105.396218][ T3504]  ? create_page_buffers+0x24b/0x330
[  105.401503][ T3504]  __block_write_begin_int+0x60b/0x1650
[  105.407075][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  105.412186][ T3504]  ? page_zero_new_buffers+0x510/0x510
[  105.417653][ T3504]  ? __might_sleep+0xc0/0xc0
[  105.422262][ T3504]  ? file_update_time+0x34e/0x460
[  105.427390][ T3504]  ? ext4_journal_check_start+0x17b/0x240
[  105.433126][ T3504]  block_page_mkwrite+0x210/0x280
[  105.438258][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  105.443355][ T3504]  ext4_page_mkwrite+0x3e9/0x1290
[  105.448730][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  105.453768][ T3504]  ? wp_page_shared+0x171/0x690
[  105.458740][ T3504]  ? ext4_change_inode_journal_flag+0x6e0/0x6e0
[  105.464993][ T3504]  ? do_raw_spin_lock+0x14a/0x370
[  105.470027][ T3504]  do_page_mkwrite+0x1a9/0x440
[  105.474791][ T3504]  wp_page_shared+0x179/0x690
[  105.479469][ T3504]  handle_mm_fault+0x2a3d/0x5950
[  105.485395][ T3504]  ? numa_migrate_prep+0x1a0/0x1a0
[  105.491258][ T3504]  ? vmacache_find+0x23c/0x590
[  105.496354][ T3504]  exc_page_fault+0x271/0x740
[  105.501070][ T3504]  asm_exc_page_fault+0x22/0x30
[  105.505936][ T3504] RIP: 0033:0x7f2ceee8337e
[  105.510349][ T3504] Code: 73 00 e9 e3 f7 ff ff 66 c7 04 25 00 01 00 20 2e 00 e9 05 f8 ff ff b8 00 36 00 20 48 8d 35 42 d4 09 00 b9 25 00 00 00 48 89 c7 <f3> 48 a5 0f b6 06 88 07 e9 15 f8 ff ff 50 b9 00 36 00 20 ba ac 04
[  105.530514][ T3504] RSP: 002b:00007ffd2c3749d0 EFLAGS: 00010246
[  105.536946][ T3504] RAX: 0000000020003600 RBX: 0000000000000003 RCX: 0000000000000025
[  105.545212][ T3504] RDX: fa2d854d309f2dfe RSI: 00007f2ceef207b8 RDI: 0000000020003600
[  105.553231][ T3504] RBP: 0000000000000000 R08: 00007ffd2c3749fc R09: 00007ffd2c3749fc
[  105.561202][ T3504] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2c3749fc
[  105.569179][ T3504] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffd2c374a30
[  105.577156][ T3504]  </TASK>
[  105.580178][ T3504] 
[  105.582510][ T3504] The buggy address belongs to the page:
[  105.588434][ T3504] page:ffffea0001c9f740 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x727dd
[  105.599431][ T3504] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  105.606892][ T3504] raw: 00fff00000000000 ffffea0001c9f788 ffffea0001c9f708 0000000000000000
[  105.615730][ T3504] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  105.624442][ T3504] page dumped because: kasan: bad access detected
[  105.630853][ T3504] page_owner tracks the page as freed
[  105.636414][ T3504] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3494, ts 99120544234, free_ts 99146070093
[  105.651961][ T3504]  get_page_from_freelist+0x322a/0x33c0
[  105.657518][ T3504]  __alloc_pages+0x272/0x700
[  105.662103][ T3504]  alloc_pages_vma+0x39a/0x800
[  105.666953][ T3504]  handle_mm_fault+0x2f49/0x5950
[  105.671940][ T3504]  exc_page_fault+0x271/0x740
[  105.676631][ T3504]  asm_exc_page_fault+0x22/0x30
[  105.681491][ T3504] page last free stack trace:
[  105.686190][ T3504]  free_unref_page_prepare+0xc34/0xcf0
[  105.691647][ T3504]  free_unref_page_list+0x1f7/0x8e0
[  105.696853][ T3504]  release_pages+0x1bb9/0x1f40
[  105.701629][ T3504]  tlb_finish_mmu+0x177/0x320
[  105.706306][ T3504]  exit_mmap+0x3cd/0x670
[  105.710557][ T3504]  __mmput+0x112/0x3b0
[  105.714619][ T3504]  exit_mm+0x688/0x7f0
[  105.718701][ T3504]  do_exit+0x626/0x2480
[  105.722937][ T3504]  do_group_exit+0x144/0x310
[  105.727531][ T3504]  __x64_sys_exit_group+0x3b/0x40
[  105.732558][ T3504]  do_syscall_64+0x3d/0xb0
[  105.736983][ T3504]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  105.742924][ T3504] 
[  105.745246][ T3504] Memory state around the buggy address:
[  105.751216][ T3504]  ffff8880727dcf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.759371][ T3504]  ffff8880727dcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.767598][ T3504] >ffff8880727dd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.775643][ T3504]                                                              ^
[  105.783347][ T3504]  ffff8880727dd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.791405][ T3504]  ffff8880727dd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  105.799479][ T3504] ==================================================================
[  105.807700][ T3504] Disabling lock debugging due to kernel taint
[  105.818392][ T3504] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  105.825724][ T3504] CPU: 1 PID: 3504 Comm: syz-executor373 Tainted: G    B             5.15.126-syzkaller #0
[  105.835697][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  105.845834][ T3504] Call Trace:
[  105.849110][ T3504]  <TASK>
[  105.852034][ T3504]  dump_stack_lvl+0x1e3/0x2cb
[  105.856708][ T3504]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[  105.862337][ T3504]  ? panic+0x84d/0x84d
[  105.866400][ T3504]  ? preempt_schedule_common+0xa6/0xd0
[  105.871853][ T3504]  ? preempt_schedule+0xd9/0xe0
[  105.876698][ T3504]  panic+0x318/0x84d
[  105.880595][ T3504]  ? check_panic_on_warn+0x1d/0xa0
[  105.885726][ T3504]  ? fb_is_primary_device+0xcc/0xcc
[  105.891008][ T3504]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  105.897009][ T3504]  ? _raw_spin_unlock+0x40/0x40
[  105.901993][ T3504]  ? print_memory_metadata+0xe2/0x140
[  105.907370][ T3504]  check_panic_on_warn+0x7e/0xa0
[  105.912304][ T3504]  ? ext4_find_extent+0xbc4/0xdd0
[  105.917417][ T3504]  end_report+0x6d/0xf0
[  105.921587][ T3504]  kasan_report+0x18e/0x1c0
[  105.926098][ T3504]  ? ext4_find_extent+0xbc4/0xdd0
[  105.931133][ T3504]  ext4_find_extent+0xbc4/0xdd0
[  105.936026][ T3504]  ext4_ext_map_blocks+0x2ca/0x7220
[  105.941239][ T3504]  ? __lock_acquire+0x1295/0x1ff0
[  105.946285][ T3504]  ? ext4_ext_release+0x10/0x10
[  105.951142][ T3504]  ? read_lock_is_recursive+0x10/0x10
[  105.956526][ T3504]  ? __might_sleep+0xc0/0xc0
[  105.961228][ T3504]  ? alloc_buffer_head+0x20/0xf0
[  105.966248][ T3504]  ? __lock_acquire+0x1ff0/0x1ff0
[  105.971356][ T3504]  ? __block_write_begin_int+0x24c/0x1650
[  105.977072][ T3504]  ? ext4_page_mkwrite+0x3e9/0x1290
[  105.982264][ T3504]  ? wp_page_shared+0x179/0x690
[  105.987123][ T3504]  ? exc_page_fault+0x271/0x740
[  105.991969][ T3504]  ? ext4_es_lookup_extent+0x621/0xa40
[  105.997440][ T3504]  ext4_map_blocks+0xaad/0x1e00
[  106.002297][ T3504]  ? ext4_issue_zeroout+0x250/0x250
[  106.007512][ T3504]  ? create_page_buffers+0x1d4/0x330
[  106.012826][ T3504]  _ext4_get_block+0x23b/0x660
[  106.017728][ T3504]  ? ext4_get_block+0x40/0x40
[  106.022410][ T3504]  ? create_page_buffers+0x24b/0x330
[  106.027700][ T3504]  __block_write_begin_int+0x60b/0x1650
[  106.033365][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  106.038419][ T3504]  ? page_zero_new_buffers+0x510/0x510
[  106.043871][ T3504]  ? __might_sleep+0xc0/0xc0
[  106.048453][ T3504]  ? file_update_time+0x34e/0x460
[  106.053482][ T3504]  ? ext4_journal_check_start+0x17b/0x240
[  106.059198][ T3504]  block_page_mkwrite+0x210/0x280
[  106.064216][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  106.069253][ T3504]  ext4_page_mkwrite+0x3e9/0x1290
[  106.074288][ T3504]  ? ext4_es_is_delayed+0x40/0x40
[  106.079318][ T3504]  ? wp_page_shared+0x171/0x690
[  106.084263][ T3504]  ? ext4_change_inode_journal_flag+0x6e0/0x6e0
[  106.090521][ T3504]  ? do_raw_spin_lock+0x14a/0x370
[  106.095546][ T3504]  do_page_mkwrite+0x1a9/0x440
[  106.100435][ T3504]  wp_page_shared+0x179/0x690
[  106.105121][ T3504]  handle_mm_fault+0x2a3d/0x5950
[  106.110079][ T3504]  ? numa_migrate_prep+0x1a0/0x1a0
[  106.115195][ T3504]  ? vmacache_find+0x23c/0x590
[  106.119971][ T3504]  exc_page_fault+0x271/0x740
[  106.124665][ T3504]  asm_exc_page_fault+0x22/0x30
[  106.129520][ T3504] RIP: 0033:0x7f2ceee8337e
[  106.134017][ T3504] Code: 73 00 e9 e3 f7 ff ff 66 c7 04 25 00 01 00 20 2e 00 e9 05 f8 ff ff b8 00 36 00 20 48 8d 35 42 d4 09 00 b9 25 00 00 00 48 89 c7 <f3> 48 a5 0f b6 06 88 07 e9 15 f8 ff ff 50 b9 00 36 00 20 ba ac 04
[  106.153621][ T3504] RSP: 002b:00007ffd2c3749d0 EFLAGS: 00010246
[  106.159693][ T3504] RAX: 0000000020003600 RBX: 0000000000000003 RCX: 0000000000000025
[  106.167662][ T3504] RDX: fa2d854d309f2dfe RSI: 00007f2ceef207b8 RDI: 0000000020003600
[  106.175716][ T3504] RBP: 0000000000000000 R08: 00007ffd2c3749fc R09: 00007ffd2c3749fc
[  106.183683][ T3504] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2c3749fc
[  106.191650][ T3504] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffd2c374a30
[  106.199623][ T3504]  </TASK>
[  106.202716][ T3504] Kernel Offset: disabled
[  106.207047][ T3504] Rebooting in 86400 seconds..