ci2 starts bisection 2023-07-31 02:16:24.515781388 +0000 UTC m=+37767.433499087
bisecting fixing commit since 19c0ed55a470d1cd766484abab04871b648560fb
building syzkaller on f3921d4d63f97d1f1fb49a69ea85744bb7ef184b
ensuring issue is reproducible on original commit 19c0ed55a470d1cd766484abab04871b648560fb

testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fc2d84415b9fd13432ac97280f8c90125b8273a3e55d3ca15e4c9b51e1bb9c3f
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: kernel BUG in ext4_writepages
run #7: crashed: kernel BUG in ext4_writepages
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: kernel BUG in ext4_writepages
run #13: crashed: kernel BUG in ext4_writepages
run #14: crashed: KASAN: use-after-free Read in ext4_find_extent
run #15: crashed: KASAN: use-after-free Read in ext4_find_extent
run #16: crashed: kernel BUG in ext4_writepages
run #17: crashed: kernel BUG in ext4_writepages
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
run #20: crashed: KASAN: use-after-free Read in ext4_find_extent
run #21: crashed: KASAN: use-after-free Read in ext4_find_extent
run #22: crashed: KASAN: use-after-free Read in ext4_find_extent
run #23: crashed: KASAN: use-after-free Read in ext4_find_extent
run #24: crashed: kernel BUG in ext4_writepages
run #25: crashed: kernel BUG in ext4_writepages
run #26: crashed: KASAN: use-after-free Read in ext4_find_extent
run #27: crashed: KASAN: use-after-free Read in ext4_find_extent
run #28: crashed: KASAN: use-after-free Read in ext4_find_extent
run #29: crashed: KASAN: use-after-free Read in ext4_find_extent
run #30: crashed: KASAN: use-after-free Read in ext4_find_extent
run #31: crashed: KASAN: use-after-free Read in ext4_find_extent
run #32: crashed: KASAN: use-after-free Read in ext4_find_extent
run #33: crashed: KASAN: use-after-free Read in ext4_find_extent
run #34: crashed: KASAN: use-after-free Read in ext4_find_extent
run #35: crashed: KASAN: use-after-free Read in ext4_find_extent
run #36: crashed: KASAN: use-after-free Read in ext4_find_extent
run #37: crashed: KASAN: use-after-free Read in ext4_find_extent
run #38: crashed: KASAN: use-after-free Read in ext4_find_extent
run #39: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c98b0f3a7c2a89898813fdeff155a45c1488f48c8e7055d29516992f32f1bd7f
run #0: crashed: invalid opcode in ext4_writepages
run #1: crashed: invalid opcode in ext4_writepages
run #2: crashed: invalid opcode in ext4_writepages
run #3: crashed: invalid opcode in ext4_writepages
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: use-after-free Read in ext4_find_extent
run #14: crashed: invalid opcode in ext4_writepages
run #15: crashed: invalid opcode in ext4_writepages
run #16: crashed: invalid opcode in ext4_writepages
run #17: crashed: invalid opcode in ext4_writepages
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
kconfig minimization: base=4920 full=6166 leaves diff=244
split chunks (needed=false): <244>
split chunk #0 of len 244 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bec1fabddc837908165910461bd5562a0bf2194e20d32012aaf7abdedb9dd95d
run #0: crashed: invalid opcode in ext4_writepages
run #1: crashed: invalid opcode in ext4_writepages
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: invalid opcode in ext4_writepages
run #9: crashed: invalid opcode in ext4_writepages
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: use-after-free Read in ext4_find_extent
run #14: crashed: invalid opcode in ext4_writepages
run #15: crashed: invalid opcode in ext4_writepages
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b4f56dd2a8787df9ff6413ec491964b853e987c2dd8c8af1ef8bff7318caa959
run #0: crashed: invalid opcode in ext4_writepages
run #1: crashed: invalid opcode in ext4_writepages
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: use-after-free Read in ext4_find_extent
run #14: crashed: KASAN: use-after-free Read in ext4_find_extent
run #15: crashed: KASAN: use-after-free Read in ext4_find_extent
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: invalid opcode in ext4_writepages
run #19: crashed: invalid opcode in ext4_writepages
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4f35b69bbcb58d4e036622c7e3a0528030931fbfd22b19719684626c9a75130c
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: invalid opcode in ext4_writepages
run #5: crashed: invalid opcode in ext4_writepages
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: use-after-free Read in ext4_find_extent
run #14: crashed: KASAN: use-after-free Read in ext4_find_extent
run #15: crashed: KASAN: use-after-free Read in ext4_find_extent
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: invalid opcode in ext4_writepages
run #19: crashed: invalid opcode in ext4_writepages
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 297ad2e41a6e28789db5d1a59ccf6649fa0b285ae4a2e2a95e86ed71ec650175
run #0: crashed: invalid opcode in ext4_writepages
run #1: crashed: invalid opcode in ext4_writepages
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: use-after-free Read in ext4_find_extent
run #14: crashed: invalid opcode in ext4_writepages
run #15: crashed: invalid opcode in ext4_writepages
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 19c0ed55a470d1cd766484abab04871b648560fb: net/socket.c:1172: undefined reference to `wext_handle_ioctl'
net/socket.c:3366: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD 748fd0d9ca0facefe5ec81770f620981fe280489
testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 28679b73d190a45d42dccf73d197dc602b1c550edd7cf7bf8aff371a351433af
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: invalid opcode in ext4_writepages
run #9: crashed: invalid opcode in ext4_writepages
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: invalid opcode in ext4_writepages
run #13: crashed: invalid opcode in ext4_writepages
run #14: crashed: invalid opcode in ext4_writepages
run #15: crashed: invalid opcode in ext4_writepages
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN UNKNOWN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 55m20.974951249s (build: 33m31.157354297s, test: 19m6.447897362s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Merge 26a0ba5d1654 ("Input: drv260x - sleep between polling GO bit") into android13-5.15-lts
crash: KASAN: use-after-free Read in ext4_find_extent
==================================================================
BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:827 [inline]
BUG: KASAN: use-after-free in ext4_find_extent+0xb6a/0xc30 fs/ext4/extents.c:946
Read of size 4 at addr ffff88811b602038 by task kworker/u4:2/112

CPU: 1 PID: 112 Comm: kworker/u4:2 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x38/0x49 lib/dump_stack.c:106
 print_address_description.constprop.0+0x24/0x160 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:427 [inline]
 kasan_report.cold+0x82/0xdb mm/kasan/report.c:444
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
 ext4_ext_binsearch fs/ext4/extents.c:827 [inline]
 ext4_find_extent+0xb6a/0xc30 fs/ext4/extents.c:946
 ext4_ext_map_blocks+0x18f/0x5100 fs/ext4/extents.c:4103
 ext4_map_blocks+0x593/0x1470 fs/ext4/inode.c:646
 mpage_map_one_extent fs/ext4/inode.c:2419 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2472 [inline]
 ext4_writepages+0x135a/0x2a80 fs/ext4/inode.c:2840
 do_writepages+0x18c/0x770 mm/page-writeback.c:2366
 __writeback_single_inode+0x6e/0x730 fs/fs-writeback.c:1625
 writeback_sb_inodes+0x4ab/0xe20 fs/fs-writeback.c:1908
 wb_writeback+0x20c/0x6b0 fs/fs-writeback.c:2082
 wb_do_writeback fs/fs-writeback.c:2225 [inline]
 wb_workfn+0x247/0xe20 fs/fs-writeback.c:2266
 process_one_work+0x62c/0xec0 kernel/workqueue.c:2314
 worker_thread+0x48e/0xdb0 kernel/workqueue.c:2461
 kthread+0x324/0x3e0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>

The buggy address belongs to the page:
page:ffffea00046d8080 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11b602
flags: 0x4000000000000000(zone=1)
raw: 4000000000000000 ffffea00046d3a08 ffffea00046d7fc8 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 281, ts 21769619094, free_ts 22955375370
 set_page_owner include/linux/page_owner.h:33 [inline]
 post_alloc_hook mm/page_alloc.c:2600 [inline]
 prep_new_page mm/page_alloc.c:2606 [inline]
 get_page_from_freelist+0x1ff4/0x2df0 mm/page_alloc.c:4474
 __alloc_pages+0x217/0x2330 mm/page_alloc.c:5765
 __alloc_pages_node include/linux/gfp.h:591 [inline]
 alloc_pages_node include/linux/gfp.h:605 [inline]
 alloc_pages include/linux/gfp.h:618 [inline]
 wp_page_copy+0x168/0x16f0 mm/memory.c:3185
 do_wp_page+0x1fe/0x11f0 mm/memory.c:3525
 handle_pte_fault+0xa7c/0x2180 mm/memory.c:4858
 __handle_mm_fault+0x4aa/0x1380 mm/memory.c:4989
 do_handle_mm_fault+0x33b/0x690 mm/memory.c:5240
 do_user_addr_fault+0x73d/0x1160 arch/x86/mm/fault.c:1365
 handle_page_fault arch/x86/mm/fault.c:1549 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1605
 asm_exc_page_fault+0x27/0x30 arch/x86/include/asm/idtentry.h:568
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:26 [inline]
 free_pages_prepare mm/page_alloc.c:1467 [inline]
 free_pcp_prepare+0x1b6/0x4c0 mm/page_alloc.c:1539
 free_unref_page_prepare mm/page_alloc.c:3523 [inline]
 free_unref_page_list+0x1e3/0xcd0 mm/page_alloc.c:3660
 release_pages+0x37f/0xff0 mm/swap.c:1009
 free_pages_and_swap_cache+0x5d/0x80 mm/swap_state.c:320
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
 tlb_flush_mmu+0xbe/0x590 mm/mmu_gather.c:247
 zap_pte_range mm/memory.c:1504 [inline]
 zap_pmd_range mm/memory.c:1553 [inline]
 zap_pud_range mm/memory.c:1582 [inline]
 zap_p4d_range mm/memory.c:1603 [inline]
 unmap_page_range+0x1075/0x1a80 mm/memory.c:1624
 unmap_single_vma mm/memory.c:1669 [inline]
 unmap_vmas+0x1dc/0x3a0 mm/memory.c:1701
 exit_mmap+0x203/0x710 mm/mmap.c:3209
 __mmput+0x70/0x3a0 kernel/fork.c:1171
 mmput kernel/fork.c:1194 [inline]
 mmput+0x35/0xf0 kernel/fork.c:1188
 exit_mm kernel/exit.c:551 [inline]
 do_exit+0x87b/0x2400 kernel/exit.c:862
 do_group_exit+0xe6/0x290 kernel/exit.c:997
 __do_sys_exit_group kernel/exit.c:1008 [inline]
 __se_sys_exit_group kernel/exit.c:1006 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1006
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Memory state around the buggy address:
 ffff88811b601f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88811b601f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88811b602000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                        ^
 ffff88811b602080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88811b602100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 112 Comm: kworker/u4:2 Tainted: G    B             5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:mpage_map_one_extent fs/ext4/inode.c:2431 [inline]
RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2472 [inline]
RIP: 0010:ext4_writepages+0x1f2f/0x2a80 fs/ext4/inode.c:2840
Code: ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 84 ca ee ff ff 48 8b bd f0 fd ff ff e8 86 e0 d0 ff e9 b9 ee ff ff <0f> 0b 8b 85 1c fd ff ff 31 db 89 85 c8 fd ff ff e9 70 fb ff ff 89
RSP: 0018:ffffc90000697450 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff0b1fa9c
RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
RBP: ffffc900006977a0 R08: 0000000000000001 R09: ffff888115c06a4f
R10: ffffed1022b80d49 R11: 0000000000000000 R12: ffff888115c06a88
R13: dffffc0000000000 R14: ffffc90000697778 R15: ffff888115c06ab0
FS:  0000000000000000(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c001148000 CR3: 000000010bb3a000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_writepages+0x18c/0x770 mm/page-writeback.c:2366
 __writeback_single_inode+0x6e/0x730 fs/fs-writeback.c:1625
 writeback_sb_inodes+0x4ab/0xe20 fs/fs-writeback.c:1908
 wb_writeback+0x20c/0x6b0 fs/fs-writeback.c:2082
 wb_do_writeback fs/fs-writeback.c:2225 [inline]
 wb_workfn+0x247/0xe20 fs/fs-writeback.c:2266
 process_one_work+0x62c/0xec0 kernel/workqueue.c:2314
 worker_thread+0x48e/0xdb0 kernel/workqueue.c:2461
 kthread+0x324/0x3e0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
Modules linked in:
---[ end trace 9c0f8b2277d6f54e ]---
RIP: 0010:mpage_map_one_extent fs/ext4/inode.c:2431 [inline]
RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2472 [inline]
RIP: 0010:ext4_writepages+0x1f2f/0x2a80 fs/ext4/inode.c:2840
Code: ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 84 ca ee ff ff 48 8b bd f0 fd ff ff e8 86 e0 d0 ff e9 b9 ee ff ff <0f> 0b 8b 85 1c fd ff ff 31 db 89 85 c8 fd ff ff e9 70 fb ff ff 89
RSP: 0018:ffffc90000697450 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff0b1fa9c
RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
RBP: ffffc900006977a0 R08: 0000000000000001 R09: ffff888115c06a4f
R10: ffffed1022b80d49 R11: 0000000000000000 R12: ffff888115c06a88
R13: dffffc0000000000 R14: ffffc90000697778 R15: ffff888115c06ab0
FS:  0000000000000000(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c001148000 CR3: 000000010bb3a000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400