Warning: Permanently added '10.128.1.233' (ED25519) to the list of known hosts. 2025/10/02 21:00:19 ignoring optional flag "type"="gce" 2025/10/02 21:00:20 parsed 1 programs 2025/10/02 21:00:20 executed programs: 0 [ 40.321257][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.328351][ T322] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.335706][ T322] device bridge_slave_0 entered promiscuous mode [ 40.342377][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.349538][ T322] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.356798][ T322] device bridge_slave_1 entered promiscuous mode [ 40.385127][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.392183][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.399445][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.406471][ T322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.421531][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.428802][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.436179][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.443559][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.452136][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.460279][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.467312][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.475700][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.484036][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.491054][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.501564][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.510924][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.522330][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.533107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.541383][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.548922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.557212][ T322] device veth0_vlan entered promiscuous mode [ 40.566269][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.575059][ T322] device veth1_macvtap entered promiscuous mode [ 40.583395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.593123][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.618811][ T24] kauditd_printk_skb: 14 callbacks suppressed [ 40.618822][ T24] audit: type=1400 audit(1759438820.440:88): avc: denied { mounton } for pid=326 comm="syz-executor.0" path="/root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus" dev="sda1" ino=2034 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.655052][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 40.664259][ T327] ext4 filesystem being mounted at /root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.664266][ T24] audit: type=1400 audit(1759438820.490:89): avc: denied { mount } for pid=326 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.701522][ T24] audit: type=1400 audit(1759438820.530:90): avc: denied { write } for pid=326 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 40.724095][ T24] audit: type=1400 audit(1759438820.530:91): avc: denied { add_name } for pid=326 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 40.744842][ T24] audit: type=1400 audit(1759438820.530:92): avc: denied { create } for pid=326 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.765553][ T24] audit: type=1400 audit(1759438820.550:93): avc: denied { read write open } for pid=326 comm="syz-executor.0" path="/root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.793968][ T24] audit: type=1400 audit(1759438820.550:94): avc: denied { mounton } for pid=326 comm="syz-executor.0" path="/root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.794035][ T112] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 40.821484][ T24] audit: type=1400 audit(1759438820.550:95): avc: denied { append } for pid=326 comm="syz-executor.0" path="/root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.834868][ T112] ================================================================== [ 40.862417][ T24] audit: type=1400 audit(1759438820.550:96): avc: denied { map } for pid=326 comm="syz-executor.0" path="/root/syzkaller-testdir3808859286/syzkaller.nJP9VM/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.870496][ T112] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 40.870505][ T112] Read of size 4 at addr ffff888120eb4058 by task kworker/u4:2/112 [ 40.870507][ T112] [ 40.870520][ T112] CPU: 0 PID: 112 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 40.870533][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 40.898748][ T24] audit: type=1400 audit(1759438820.590:97): avc: denied { unmount } for pid=322 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.905902][ T112] Workqueue: writeback wb_workfn (flush-7:0) [ 40.905920][ T112] Call Trace: [ 40.905934][ T112] __dump_stack+0x21/0x24 [ 40.905942][ T112] dump_stack_lvl+0x169/0x1d8 [ 40.905951][ T112] ? show_regs_print_info+0x18/0x18 [ 40.905960][ T112] ? thaw_kernel_threads+0x220/0x220 [ 40.905968][ T112] print_address_description+0x7f/0x2c0 [ 40.905976][ T112] ? ext4_find_extent+0xbeb/0xe20 [ 40.905984][ T112] kasan_report+0xe2/0x130 [ 40.905992][ T112] ? __read_extent_tree_block+0x1e8/0x790 [ 40.906000][ T112] ? ext4_find_extent+0xbeb/0xe20 [ 40.906016][ T112] __asan_report_load4_noabort+0x14/0x20 [ 41.012981][ T112] ext4_find_extent+0xbeb/0xe20 [ 41.017809][ T112] ext4_ext_map_blocks+0x1de/0x5d40 [ 41.022981][ T112] ? __stack_depot_save+0x479/0x4c0 [ 41.028153][ T112] ? __kasan_slab_alloc+0xcf/0xf0 [ 41.033150][ T112] ? __kasan_slab_alloc+0xbd/0xf0 [ 41.038236][ T112] ? slab_post_alloc_hook+0x5d/0x2f0 [ 41.043507][ T112] ? kmem_cache_alloc+0x165/0x2e0 [ 41.048526][ T112] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 41.053885][ T112] ? ext4_writepages+0xebd/0x2e00 [ 41.058888][ T112] ? do_writepages+0x12a/0x270 [ 41.063627][ T112] ? __writeback_single_inode+0xd5/0xa20 [ 41.069246][ T112] ? writeback_sb_inodes+0x860/0x1400 [ 41.074592][ T112] ? worker_thread+0xa6a/0x13b0 [ 41.079422][ T112] ? kthread+0x346/0x3d0 [ 41.083660][ T112] ? ret_from_fork+0x1f/0x30 [ 41.088235][ T112] ? ext4_ext_release+0x10/0x10 [ 41.093067][ T112] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 41.098502][ T112] ext4_map_blocks+0x978/0x1bc0 [ 41.103329][ T112] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 41.108509][ T112] ? ext4_inode_journal_mode+0x19a/0x480 [ 41.114137][ T112] ext4_writepages+0x11d5/0x2e00 [ 41.119057][ T112] ? ext4_readpage+0x220/0x220 [ 41.123830][ T112] ? ext4_itable_unused_set+0x100/0x100 [ 41.129357][ T112] ? __local_bh_enable_ip+0x53/0x80 [ 41.134530][ T112] ? local_bh_enable+0x1f/0x30 [ 41.139275][ T112] ? __dev_queue_xmit+0x15a0/0x2540 [ 41.144460][ T112] ? ext4_readpage+0x220/0x220 [ 41.149297][ T112] do_writepages+0x12a/0x270 [ 41.153859][ T112] ? __writepage+0x130/0x130 [ 41.158422][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 41.163073][ T112] ? __kasan_check_write+0x14/0x20 [ 41.168159][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 41.172810][ T112] __writeback_single_inode+0xd5/0xa20 [ 41.178243][ T112] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 41.184199][ T112] ? inode_add_lru+0x12f/0x190 [ 41.188938][ T112] writeback_sb_inodes+0x860/0x1400 [ 41.194111][ T112] ? queue_io+0x4c0/0x4c0 [ 41.198418][ T112] ? __kasan_check_read+0x11/0x20 [ 41.203412][ T112] ? queue_io+0x385/0x4c0 [ 41.207722][ T112] wb_writeback+0x3e3/0xb90 [ 41.212214][ T112] ? wb_io_lists_depopulated+0x180/0x180 [ 41.217822][ T112] ? set_worker_desc+0x155/0x1c0 [ 41.222754][ T112] ? update_load_avg+0x4dc/0x14f0 [ 41.227753][ T112] ? __kasan_check_write+0x14/0x20 [ 41.232839][ T112] wb_workfn+0x38f/0xe20 [ 41.237058][ T112] ? inode_wait_for_writeback+0x200/0x200 [ 41.242749][ T112] ? _raw_spin_unlock_irq+0x4e/0x70 [ 41.247920][ T112] ? finish_task_switch+0x12e/0x5a0 [ 41.253090][ T112] ? switch_mm_irqs_off+0x763/0x9a0 [ 41.258259][ T112] ? __switch_to_asm+0x34/0x60 [ 41.262997][ T112] ? __schedule+0xb4f/0x1310 [ 41.267558][ T112] ? __kasan_check_read+0x11/0x20 [ 41.272554][ T112] ? read_word_at_a_time+0x12/0x20 [ 41.277637][ T112] ? strscpy+0x9b/0x290 [ 41.281764][ T112] process_one_work+0x6e1/0xba0 [ 41.286588][ T112] worker_thread+0xa6a/0x13b0 [ 41.291238][ T112] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 41.296673][ T112] ? __kasan_check_read+0x11/0x20 [ 41.301700][ T112] kthread+0x346/0x3d0 [ 41.305741][ T112] ? worker_clr_flags+0x190/0x190 [ 41.310735][ T112] ? kthread_blkcg+0xd0/0xd0 [ 41.315296][ T112] ret_from_fork+0x1f/0x30 [ 41.319686][ T112] [ 41.321986][ T112] The buggy address belongs to the page: [ 41.327601][ T112] page:ffffea000483ad00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x120eb4 [ 41.337815][ T112] flags: 0x4000000000000000() [ 41.342468][ T112] raw: 4000000000000000 ffffea0004833b08 ffffea000483b008 0000000000000000 [ 41.351024][ T112] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 41.359575][ T112] page dumped because: kasan: bad access detected [ 41.365965][ T112] page_owner tracks the page as freed [ 41.371316][ T112] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 328, ts 40746551230, free_ts 40747126205 [ 41.387600][ T112] prep_new_page+0x179/0x180 [ 41.392172][ T112] get_page_from_freelist+0x2235/0x23d0 [ 41.397709][ T112] __alloc_pages_nodemask+0x268/0x5f0 [ 41.403150][ T112] handle_pte_fault+0x1719/0x3750 [ 41.408186][ T112] handle_mm_fault+0xf3f/0x16a0 [ 41.413009][ T112] do_user_addr_fault+0x5a2/0xc80 [ 41.418006][ T112] exc_page_fault+0x5a/0xc0 [ 41.422481][ T112] asm_exc_page_fault+0x1e/0x30 [ 41.427300][ T112] page last free stack trace: [ 41.431955][ T112] free_unref_page_prepare+0x2b7/0x2d0 [ 41.437386][ T112] free_unref_page_list+0x12e/0x9b0 [ 41.442555][ T112] release_pages+0xe38/0xe80 [ 41.447203][ T112] free_pages_and_swap_cache+0x86/0xa0 [ 41.452634][ T112] tlb_finish_mmu+0x175/0x300 [ 41.457281][ T112] unmap_region+0x32c/0x380 [ 41.461758][ T112] __do_munmap+0x63c/0x850 [ 41.466149][ T112] __se_sys_munmap+0x127/0x1b0 [ 41.470886][ T112] __x64_sys_munmap+0x5b/0x70 [ 41.475533][ T112] do_syscall_64+0x31/0x40 [ 41.479927][ T112] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.485786][ T112] [ 41.488083][ T112] Memory state around the buggy address: [ 41.493686][ T112] ffff888120eb3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.501716][ T112] ffff888120eb3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.509755][ T112] >ffff888120eb4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.517787][ T112] ^ [ 41.524704][ T112] ffff888120eb4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.532771][ T112] ffff888120eb4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.540986][ T112] ================================================================== [ 41.549022][ T112] Disabling lock debugging due to kernel taint [ 41.557601][ T112] ------------[ cut here ]------------ [ 41.563333][ T112] kernel BUG at fs/ext4/inode.c:2464! [ 41.569010][ T112] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 41.575065][ T112] CPU: 1 PID: 112 Comm: kworker/u4:2 Tainted: G B syzkaller #0 [ 41.583881][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 41.593917][ T112] Workqueue: writeback wb_workfn (flush-7:0) [ 41.599892][ T112] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 41.605631][ T112] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 e7 26 94 ff <0f> 0b e8 e0 26 94 ff eb 2f e8 d9 26 94 ff eb 64 e8 d2 26 94 ff 31 [ 41.625217][ T112] RSP: 0018:ffffc90000967180 EFLAGS: 00010293 [ 41.631255][ T112] RAX: ffffffff81cf7f29 RBX: 0000000000000000 RCX: ffff88810db9e2c0 [ 41.639198][ T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.647143][ T112] RBP: ffffc900009674f0 R08: dffffc0000000000 R09: ffffed10238c5492 [ 41.655085][ T112] R10: ffffed10238c5492 R11: 1ffff110238c5491 R12: dffffc0000000000 [ 41.663042][ T112] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 41.670983][ T112] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 41.679973][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.686532][ T112] CR2: 00007f78b1831000 CR3: 000000010d055000 CR4: 00000000003506a0 [ 41.694477][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.702421][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.710450][ T112] Call Trace: [ 41.713731][ T112] ? ext4_readpage+0x220/0x220 [ 41.718469][ T112] ? ext4_itable_unused_set+0x100/0x100 [ 41.723989][ T112] ? __local_bh_enable_ip+0x53/0x80 [ 41.729153][ T112] ? local_bh_enable+0x1f/0x30 [ 41.733902][ T112] ? __dev_queue_xmit+0x15a0/0x2540 [ 41.739157][ T112] ? ext4_readpage+0x220/0x220 [ 41.743908][ T112] do_writepages+0x12a/0x270 [ 41.748464][ T112] ? __writepage+0x130/0x130 [ 41.753025][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 41.757683][ T112] ? __kasan_check_write+0x14/0x20 [ 41.762800][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 41.767444][ T112] __writeback_single_inode+0xd5/0xa20 [ 41.772897][ T112] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 41.779065][ T112] ? inode_add_lru+0x12f/0x190 [ 41.783812][ T112] writeback_sb_inodes+0x860/0x1400 [ 41.788987][ T112] ? queue_io+0x4c0/0x4c0 [ 41.793416][ T112] ? __kasan_check_read+0x11/0x20 [ 41.798421][ T112] ? queue_io+0x385/0x4c0 [ 41.802724][ T112] wb_writeback+0x3e3/0xb90 [ 41.807203][ T112] ? wb_io_lists_depopulated+0x180/0x180 [ 41.812806][ T112] ? set_worker_desc+0x155/0x1c0 [ 41.817715][ T112] ? update_load_avg+0x4dc/0x14f0 [ 41.822710][ T112] ? __kasan_check_write+0x14/0x20 [ 41.827792][ T112] wb_workfn+0x38f/0xe20 [ 41.832018][ T112] ? inode_wait_for_writeback+0x200/0x200 [ 41.837707][ T112] ? _raw_spin_unlock_irq+0x4e/0x70 [ 41.842872][ T112] ? finish_task_switch+0x12e/0x5a0 [ 41.848035][ T112] ? switch_mm_irqs_off+0x763/0x9a0 [ 41.853218][ T112] ? __switch_to_asm+0x34/0x60 [ 41.857955][ T112] ? __schedule+0xb4f/0x1310 [ 41.862512][ T112] ? __kasan_check_read+0x11/0x20 [ 41.867507][ T112] ? read_word_at_a_time+0x12/0x20 [ 41.872766][ T112] ? strscpy+0x9b/0x290 [ 41.876911][ T112] process_one_work+0x6e1/0xba0 [ 41.881733][ T112] worker_thread+0xa6a/0x13b0 [ 41.886377][ T112] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 41.891819][ T112] ? __kasan_check_read+0x11/0x20 [ 41.896826][ T112] kthread+0x346/0x3d0 [ 41.900897][ T112] ? worker_clr_flags+0x190/0x190 [ 41.905903][ T112] ? kthread_blkcg+0xd0/0xd0 [ 41.910475][ T112] ret_from_fork+0x1f/0x30 [ 41.914860][ T112] Modules linked in: [ 41.920255][ T112] ---[ end trace 60f4cbbb8542c734 ]--- [ 41.925747][ T112] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 41.931439][ T112] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 e7 26 94 ff <0f> 0b e8 e0 26 94 ff eb 2f e8 d9 26 94 ff eb 64 e8 d2 26 94 ff 31 [ 41.951071][ T112] RSP: 0018:ffffc90000967180 EFLAGS: 00010293 [ 41.957141][ T112] RAX: ffffffff81cf7f29 RBX: 0000000000000000 RCX: ffff88810db9e2c0 [ 41.965231][ T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.973186][ T112] RBP: ffffc900009674f0 R08: dffffc0000000000 R09: ffffed10238c5492 [ 41.981169][ T112] R10: ffffed10238c5492 R11: 1ffff110238c5491 R12: dffffc0000000000 [ 41.989143][ T112] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 41.997284][ T112] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 42.006271][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.012841][ T112] CR2: 000055559259b818 CR3: 000000010d055000 CR4: 00000000003506b0 [ 42.020844][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.028899][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.036898][ T112] Kernel panic - not syncing: Fatal exception [ 42.043182][ T112] Kernel Offset: disabled [ 42.047489][ T112] Rebooting in 86400 seconds..