Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts.
2025/11/07 17:03:40 parsed 1 programs
[ 49.246216][ T28] audit: type=1400 audit(1762535021.155:106): avc: denied { unlink } for pid=399 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 49.297926][ T399] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.308218][ T28] audit: type=1401 audit(1762535022.215:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 50.353995][ T437] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.361084][ T437] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.368692][ T437] device bridge_slave_0 entered promiscuous mode
[ 50.376713][ T437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.383784][ T437] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.391466][ T437] device bridge_slave_1 entered promiscuous mode
[ 50.429593][ T437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.436854][ T437] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.444192][ T437] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.451255][ T437] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.469918][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.477593][ T361] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.484806][ T361] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.493943][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.502392][ T361] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.509486][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.518161][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.526575][ T361] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.533674][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.546432][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.555465][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.568762][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 50.580367][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 50.588807][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 50.596522][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 50.605142][ T437] device veth0_vlan entered promiscuous mode
[ 50.615225][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 50.625343][ T437] device veth1_macvtap entered promiscuous mode
[ 50.634446][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 50.644200][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/11/07 17:03:42 executed programs: 0
[ 50.959777][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.968723][ T470] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.976387][ T470] device bridge_slave_0 entered promiscuous mode
[ 50.987437][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.994470][ T470] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.002072][ T470] device bridge_slave_1 entered promiscuous mode
[ 51.044976][ T470] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.052731][ T470] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.060346][ T470] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.067939][ T470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.085075][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.093612][ T361] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.101471][ T361] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.117667][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.126911][ T361] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.134206][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.143643][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.153830][ T361] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.161430][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.173035][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.188292][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.201838][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.214586][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.223305][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.231077][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.244295][ T470] device veth0_vlan entered promiscuous mode
[ 51.253777][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.263073][ T470] device veth1_macvtap entered promiscuous mode
[ 51.272293][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.282586][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.310369][ T481] loop2: detected capacity change from 0 to 1024
[ 51.317331][ T481] =======================================================
[ 51.317331][ T481] WARNING: The mand mount option has been deprecated and
[ 51.317331][ T481] and is ignored by this kernel. Remove the mand
[ 51.317331][ T481] option from the mount to silence this warning.
[ 51.317331][ T481] =======================================================
[ 51.354166][ T481] EXT4-fs: Ignoring removed bh option
[ 51.360066][ T481] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 51.377602][ T481] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 51.386905][ T28] audit: type=1400 audit(1762535023.295:108): avc: denied { mount } for pid=480 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 51.396045][ T481] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.17: Allocating blocks 497-513 which overlap fs metadata
[ 51.410228][ T28] audit: type=1400 audit(1762535023.295:109): avc: denied { write } for pid=480 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 51.446576][ T28] audit: type=1400 audit(1762535023.295:110): avc: denied { add_name } for pid=480 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 51.462144][ T485] EXT4-fs (loop2): pa ffff888123ef5f18: logic 64, phys. 193, len 20
[ 51.467966][ T28] audit: type=1400 audit(1762535023.295:111): avc: denied { create } for pid=480 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 51.476009][ T485] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0,
[ 51.496279][ T28] audit: type=1400 audit(1762535023.295:112): avc: denied { read write } for pid=480 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 51.496287][ T485] free 0, pa_free 1
[ 51.504823][ T28] audit: type=1400 audit(1762535023.295:113): avc: denied { open } for pid=480 comm="syz.2.17" path="/0/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 51.555161][ T28] audit: type=1400 audit(1762535023.365:114): avc: denied { setattr } for pid=480 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 51.579166][ T361] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 51.592370][ T361] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 51.592370][ T361]
[ 51.604066][ T470] EXT4-fs (loop2): unmounting filesystem.
[ 51.625806][ T487] loop2: detected capacity change from 0 to 1024
[ 51.633009][ T487] EXT4-fs: Ignoring removed bh option
[ 51.639212][ T487] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 51.657520][ T487] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 51.674985][ T487] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.18: Allocating blocks 497-513 which overlap fs metadata
[ 51.689950][ T487] EXT4-fs (loop2): pa ffff88810f94b9d8: logic 64, phys. 193, len 20
[ 51.698155][ T487] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 51.709961][ T321] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 51.722410][ T321] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 51.722410][ T321]
[ 51.734111][ T470] EXT4-fs (loop2): unmounting filesystem.
[ 51.753662][ T491] loop2: detected capacity change from 0 to 1024
[ 51.764074][ T491] EXT4-fs: Ignoring removed bh option
[ 51.770719][ T491] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 51.787048][ T491] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 51.804723][ T491] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.19: Allocating blocks 497-513 which overlap fs metadata
[ 51.819546][ T491] EXT4-fs (loop2): pa ffff888123f17690: logic 64, phys. 193, len 20
[ 51.827608][ T491] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 51.839797][ T321] ==================================================================
[ 51.848496][ T321] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[ 51.856146][ T321] Read of size 4 at addr ffff88812e352c94 by task kworker/u4:3/321
[ 51.864212][ T321]
[ 51.866528][ T321] CPU: 1 PID: 321 Comm: kworker/u4:3 Not tainted syzkaller #0
[ 51.874002][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 51.884147][ T321] Workqueue: writeback wb_workfn (flush-7:2)
[ 51.890173][ T321] Call Trace:
[ 51.893455][ T321]
[ 51.896387][ T321] __dump_stack+0x21/0x24
[ 51.900795][ T321] dump_stack_lvl+0xee/0x150
[ 51.905472][ T321] ? __cfi_dump_stack_lvl+0x8/0x8
[ 51.910610][ T321] ? ext4_find_extent+0xbeb/0xe20
[ 51.915684][ T321] print_address_description+0x71/0x200
[ 51.921416][ T321] print_report+0x4a/0x60
[ 51.925991][ T321] kasan_report+0x122/0x150
[ 51.930488][ T321] ? ext4_find_extent+0xbeb/0xe20
[ 51.935503][ T321] __asan_report_load4_noabort+0x14/0x20
[ 51.941145][ T321] ext4_find_extent+0xbeb/0xe20
[ 51.946063][ T321] ext4_ext_map_blocks+0x1da/0x6080
[ 51.951387][ T321] ? kasan_set_track+0x60/0x70
[ 51.956266][ T321] ? kasan_set_track+0x4b/0x70
[ 51.961065][ T321] ? kasan_save_alloc_info+0x25/0x30
[ 51.966361][ T321] ? __kasan_slab_alloc+0x72/0x80
[ 51.971394][ T321] ? slab_post_alloc_hook+0x4f/0x2d0
[ 51.976778][ T321] ? kmem_cache_alloc+0x16e/0x330
[ 51.981817][ T321] ? ext4_alloc_io_end_vec+0x2a/0x160
[ 51.987642][ T321] ? ext4_writepages+0xf42/0x3020
[ 51.992677][ T321] ? do_writepages+0x3a9/0x5e0
[ 51.997671][ T321] ? __writeback_single_inode+0xc6/0xad0
[ 52.003820][ T321] ? writeback_sb_inodes+0x9b8/0x1550
[ 52.009445][ T321] ? wb_writeback+0x3f1/0x980
[ 52.014659][ T321] ? wb_workfn+0x350/0xda0
[ 52.019345][ T321] ? process_one_work+0x71f/0xc40
[ 52.024441][ T321] ? worker_thread+0xa29/0x11f0
[ 52.029542][ T321] ? kthread+0x281/0x320
[ 52.034073][ T321] ? __cfi_ext4_ext_map_blocks+0x10/0x10
[ 52.039962][ T321] ? ext4_es_lookup_extent+0x54c/0x900
[ 52.045614][ T321] ext4_map_blocks+0x9cb/0x1b60
[ 52.050738][ T321] ? __cfi_ext4_map_blocks+0x10/0x10
[ 52.056277][ T321] ? ext4_inode_journal_mode+0x19a/0x480
[ 52.062106][ T321] ext4_writepages+0x1260/0x3020
[ 52.067142][ T321] ? xas_load+0x39e/0x3b0
[ 52.072012][ T321] ? __cfi_ext4_writepages+0x10/0x10
[ 52.077369][ T321] ? __kasan_check_write+0x14/0x20
[ 52.082752][ T321] ? __filemap_get_folio+0x81c/0x980
[ 52.088037][ T321] ? __kasan_check_read+0x11/0x20
[ 52.093068][ T321] ? folio_mark_accessed+0x1b8/0x4d0
[ 52.098693][ T321] ? memcpy+0x56/0x70
[ 52.102832][ T321] ? __cfi_ext4_writepages+0x10/0x10
[ 52.108203][ T321] do_writepages+0x3a9/0x5e0
[ 52.114182][ T321] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 52.120196][ T321] ? __cfi_do_writepages+0x10/0x10
[ 52.125402][ T321] ? __kasan_check_write+0x14/0x20
[ 52.130521][ T321] ? _raw_spin_lock+0x8e/0xe0
[ 52.135378][ T321] __writeback_single_inode+0xc6/0xad0
[ 52.140833][ T321] ? inode_io_list_move_locked+0x366/0x3d0
[ 52.146719][ T321] writeback_sb_inodes+0x9b8/0x1550
[ 52.152080][ T321] ? check_preempt_wakeup+0x7fd/0xbc0
[ 52.157685][ T321] ? queue_io+0x4c0/0x4c0
[ 52.162092][ T321] ? __kasan_check_read+0x11/0x20
[ 52.167110][ T321] ? queue_io+0x382/0x4c0
[ 52.171540][ T321] wb_writeback+0x3f1/0x980
[ 52.176131][ T321] ? inode_cgwb_move_to_attached+0x3e0/0x3e0
[ 52.182277][ T321] ? set_worker_desc+0x155/0x1c0
[ 52.187489][ T321] ? update_load_avg+0x4c2/0x13f0
[ 52.192545][ T321] ? __kasan_check_write+0x14/0x20
[ 52.197815][ T321] ? __this_cpu_preempt_check+0x13/0x20
[ 52.203691][ T321] wb_workfn+0x350/0xda0
[ 52.208206][ T321] ? __cfi_wb_workfn+0x10/0x10
[ 52.213849][ T321] ? kthread_data+0x50/0xc0
[ 52.218372][ T321] ? _raw_spin_unlock+0x4c/0x70
[ 52.223224][ T321] ? finish_task_switch+0x16b/0x7b0
[ 52.228505][ T321] ? __switch_to_asm+0x3a/0x60
[ 52.233460][ T321] ? __schedule+0xb8f/0x14e0
[ 52.238052][ T321] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 52.243624][ T321] process_one_work+0x71f/0xc40
[ 52.248463][ T321] worker_thread+0xa29/0x11f0
[ 52.253125][ T321] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 52.258947][ T321] ? __kthread_parkme+0x142/0x180
[ 52.264062][ T321] kthread+0x281/0x320
[ 52.268313][ T321] ? __cfi_worker_thread+0x10/0x10
[ 52.273727][ T321] ? __cfi_kthread+0x10/0x10
[ 52.278664][ T321] ret_from_fork+0x1f/0x30
[ 52.283083][ T321]
[ 52.286090][ T321]
[ 52.288504][ T321] Allocated by task 487:
[ 52.293171][ T321] kasan_set_track+0x4b/0x70
[ 52.297765][ T321] kasan_save_alloc_info+0x25/0x30
[ 52.302885][ T321] __kasan_kmalloc+0x95/0xb0
[ 52.307484][ T321] __kmalloc+0xb1/0x1e0
[ 52.311653][ T321] ext4_find_extent+0x36b/0xe20
[ 52.316672][ T321] ext4_ext_map_blocks+0x1da/0x6080
[ 52.321870][ T321] ext4_map_blocks+0x9cb/0x1b60
[ 52.326717][ T321] _ext4_get_block+0x1da/0x4e0
[ 52.331472][ T321] ext4_get_block_unwritten+0x2e/0x100
[ 52.337003][ T321] ext4_block_write_begin+0x56e/0x1270
[ 52.342460][ T321] ext4_write_begin+0x5ee/0xf70
[ 52.347703][ T321] ext4_da_write_begin+0x3e1/0x8b0
[ 52.352996][ T321] generic_perform_write+0x2f6/0x6d0
[ 52.358378][ T321] ext4_buffered_write_iter+0x36f/0x660
[ 52.364185][ T321] ext4_file_write_iter+0x18f/0x13d0
[ 52.369585][ T321] vfs_write+0x5db/0xca0
[ 52.374187][ T321] __x64_sys_pwrite64+0x191/0x220
[ 52.379381][ T321] x64_sys_call+0x36/0x9a0
[ 52.383798][ T321] do_syscall_64+0x4c/0xa0
[ 52.388674][ T321] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 52.394638][ T321]
[ 52.397106][ T321] Freed by task 487:
[ 52.401012][ T321] kasan_set_track+0x4b/0x70
[ 52.406130][ T321] kasan_save_free_info+0x31/0x50
[ 52.411433][ T321] ____kasan_slab_free+0x132/0x180
[ 52.416624][ T321] __kasan_slab_free+0x11/0x20
[ 52.421393][ T321] slab_free_freelist_hook+0xc2/0x190
[ 52.426871][ T321] __kmem_cache_free+0xb7/0x1b0
[ 52.431891][ T321] kfree+0x6f/0xf0
[ 52.435599][ T321] ext4_ext_map_blocks+0x2024/0x6080
[ 52.440982][ T321] ext4_map_blocks+0x9cb/0x1b60
[ 52.445842][ T321] _ext4_get_block+0x1da/0x4e0
[ 52.450871][ T321] ext4_get_block_unwritten+0x2e/0x100
[ 52.457144][ T321] ext4_block_write_begin+0x56e/0x1270
[ 52.462810][ T321] ext4_write_begin+0x5ee/0xf70
[ 52.467927][ T321] ext4_da_write_begin+0x3e1/0x8b0
[ 52.473222][ T321] generic_perform_write+0x2f6/0x6d0
[ 52.478781][ T321] ext4_buffered_write_iter+0x36f/0x660
[ 52.484323][ T321] ext4_file_write_iter+0x18f/0x13d0
[ 52.490036][ T321] vfs_write+0x5db/0xca0
[ 52.494540][ T321] __x64_sys_pwrite64+0x191/0x220
[ 52.499786][ T321] x64_sys_call+0x36/0x9a0
[ 52.504212][ T321] do_syscall_64+0x4c/0xa0
[ 52.508630][ T321] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 52.514978][ T321]
[ 52.517401][ T321] The buggy address belongs to the object at ffff88812e352c00
[ 52.517401][ T321] which belongs to the cache kmalloc-192 of size 192
[ 52.532071][ T321] The buggy address is located 148 bytes inside of
[ 52.532071][ T321] 192-byte region [ffff88812e352c00, ffff88812e352cc0)
[ 52.547166][ T321]
[ 52.549493][ T321] The buggy address belongs to the physical page:
[ 52.556193][ T321] page:ffffea0004b8d480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12e352
[ 52.566945][ T321] flags: 0x4000000000000200(slab|zone=1)
[ 52.573305][ T321] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042c00
[ 52.582153][ T321] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 52.591070][ T321] page dumped because: kasan: bad access detected
[ 52.597574][ T321] page_owner tracks the page as allocated
[ 52.603661][ T321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 487, tgid 486 (syz.2.18), ts 51672636107, free_ts 50333159378
[ 52.623366][ T321] post_alloc_hook+0x1f5/0x210
[ 52.628249][ T321] prep_new_page+0x1c/0x110
[ 52.633037][ T321] get_page_from_freelist+0x2c7b/0x2cf0
[ 52.638679][ T321] __alloc_pages+0x1c3/0x450
[ 52.643359][ T321] alloc_slab_page+0x6e/0xf0
[ 52.648033][ T321] new_slab+0x98/0x3d0
[ 52.652207][ T321] ___slab_alloc+0x6bd/0xb20
[ 52.656963][ T321] __slab_alloc+0x5e/0xa0
[ 52.661283][ T321] __kmem_cache_alloc_node+0x203/0x2c0
[ 52.666743][ T321] __kmalloc+0xa1/0x1e0
[ 52.670912][ T321] ext4_find_extent+0x36b/0xe20
[ 52.675860][ T321] ext4_ext_map_blocks+0x1da/0x6080
[ 52.681094][ T321] ext4_map_blocks+0x9cb/0x1b60
[ 52.685953][ T321] _ext4_get_block+0x1da/0x4e0
[ 52.690867][ T321] ext4_get_block_unwritten+0x2e/0x100
[ 52.696333][ T321] ext4_block_write_begin+0x56e/0x1270
[ 52.701810][ T321] page last free stack trace:
[ 52.706816][ T321] free_unref_page_prepare+0x742/0x750
[ 52.712277][ T321] free_unref_page+0x8f/0x530
[ 52.717129][ T321] __free_pages+0x67/0x100
[ 52.721769][ T321] __vunmap+0x9af/0xb70
[ 52.726124][ T321] vfree+0x61/0x90
[ 52.729862][ T321] kcov_close+0x2b/0x50
[ 52.734396][ T321] __fput+0x1fc/0x8f0
[ 52.738850][ T321] ____fput+0x15/0x20
[ 52.743083][ T321] task_work_run+0x1db/0x240
[ 52.747759][ T321] do_exit+0xa25/0x2650
[ 52.751917][ T321] do_group_exit+0x210/0x2d0
[ 52.756688][ T321] get_signal+0x13b5/0x1520
[ 52.761209][ T321] arch_do_signal_or_restart+0xb0/0x1030
[ 52.767093][ T321] exit_to_user_mode_loop+0x7a/0xb0
[ 52.772289][ T321] exit_to_user_mode_prepare+0x87/0xd0
[ 52.778083][ T321] syscall_exit_to_user_mode+0x1a/0x30
[ 52.784000][ T321]
[ 52.786410][ T321] Memory state around the buggy address:
[ 52.792036][ T321] ffff88812e352b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 52.800274][ T321] ffff88812e352c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.808588][ T321] >ffff88812e352c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 52.816760][ T321] ^
[ 52.821340][ T321] ffff88812e352d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.830253][ T321] ffff88812e352d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 52.838574][ T321] ==================================================================
[ 52.850023][ T321] Disabling lock debugging due to kernel taint
[ 52.853219][ T28] audit: type=1400 audit(1762535024.755:115): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 52.856318][ T321] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 52.891867][ T321] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 52.891867][ T321]
[ 52.907220][ T470] EXT4-fs (loop2): unmounting filesystem.
[ 52.938293][ T496] loop2: detected capacity change from 0 to 1024
[ 52.945411][ T496] EXT4-fs: Ignoring removed bh option
[ 52.953149][ T496] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 52.977183][ T496] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 52.994863][ T496] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.20: Allocating blocks 497-513 which overlap fs metadata
[ 53.010269][ T496] EXT4-fs (loop2): pa ffff888123f17738: logic 64, phys. 193, len 20
[ 53.018710][ T496] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 53.031705][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 37 with max blocks 3 with error 117
[ 53.044513][ T8] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 53.044513][ T8]
[ 53.055374][ T8] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4872: inode #15: block 36: len 1: ext4_ext_map_blocks returned -117
[ 53.070722][ T470] EXT4-fs (loop2): unmounting filesystem.
[ 53.077910][ T498] ext4-rsv-conver (498) used greatest stack depth: 8 bytes left
[ 53.085869][ T498] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[ 53.088911][ T470] general protection fault, probably for non-canonical address 0x89aaefd71ea851c1: 0000 [#1] PREEMPT SMP KASAN
[ 53.088935][ T470] CPU: 1 PID: 470 Comm: syz-executor Tainted: G B syzkaller #0
[ 53.088952][ T470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 53.088962][ T470] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 53.088993][ T470] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 53.089007][ T470] RSP: 0018:ffffc900009d78b0 EFLAGS: 00010282
[ 53.089023][ T470] RAX: 0000000000000008 RBX: bca30dca9f20ae46 RCX: c151a81ed7efaa89
[ 53.089035][ T470] RDX: 0000000000010769 RSI: 0000000000000010 RDI: 89aaefd71ea851b9
[ 53.089045][ T470] RBP: ffffc900009d78f8 R08: dffffc0000000000 R09: ffffed1023160a01
[ 53.089057][ T470] R10: 0000000000000000 R11: 1ffff11023160a00 R12: 0000000000000010
[ 53.089067][ T470] R13: ffffffff82346963 R14: 0000000000000dc0 R15: ffff8881001ea780
[ 53.089078][ T470] FS: 000055557c3e0500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 53.089092][ T470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.089104][ T470] CR2: 000055557c4034e8 CR3: 000000012d0d5000 CR4: 00000000003506a0
[ 53.089118][ T470] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.089127][ T470] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.089137][ T470] Call Trace:
[ 53.089142][ T470]
[ 53.089147][ T470] ? security_file_alloc+0x33/0x130
[ 53.089169][ T470] security_file_alloc+0x33/0x130
[ 53.089186][ T470] __alloc_file+0xb5/0x2a0
[ 53.089204][ T470] alloc_empty_file+0x97/0x180
[ 53.089221][ T470] path_openat+0xf4/0x2f50
[ 53.089238][ T470] ? kasan_set_track+0x4b/0x70
[ 53.089254][ T470] ? kasan_save_alloc_info+0x25/0x30
[ 53.089275][ T470] ? __kasan_slab_alloc+0x72/0x80
[ 53.089292][ T470] ? kmem_cache_alloc+0x16e/0x330
[ 53.089310][ T470] ? getname_flags+0xb9/0x500
[ 53.089322][ T470] ? getname+0x19/0x20
[ 53.089334][ T470] ? do_sys_openat2+0xcb/0x7e0
[ 53.089353][ T470] ? __x64_sys_openat+0x136/0x160
[ 53.089370][ T470] ? x64_sys_call+0x783/0x9a0
[ 53.089389][ T470] ? do_syscall_64+0x4c/0xa0
[ 53.089405][ T470] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 53.089427][ T470] ? do_filp_open+0x3c0/0x3c0
[ 53.089445][ T470] do_filp_open+0x1c1/0x3c0
[ 53.089461][ T470] ? __cfi_do_filp_open+0x10/0x10
[ 53.089494][ T470] ? alloc_fd+0x4e6/0x590
[ 53.089509][ T470] do_sys_openat2+0x185/0x7e0
[ 53.089526][ T470] ? slab_free_freelist_hook+0xc2/0x190
[ 53.089546][ T470] ? do_sys_open+0xe0/0xe0
[ 53.089563][ T470] ? kmem_cache_free+0x12d/0x300
[ 53.089583][ T470] __x64_sys_openat+0x136/0x160
[ 53.089602][ T470] x64_sys_call+0x783/0x9a0
[ 53.089618][ T470] do_syscall_64+0x4c/0xa0
[ 53.089633][ T470] ? clear_bhb_loop+0x30/0x80
[ 53.089651][ T470] ? clear_bhb_loop+0x30/0x80
[ 53.089669][ T470] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 53.089688][ T470] RIP: 0033:0x7fa6ad38d791
[ 53.089705][ T470] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d da ad 22 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 53.089717][ T470] RSP: 002b:00007ffcebb6b400 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 53.089733][ T470] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa6ad38d791
[ 53.089744][ T470] RDX: 0000000000000002 RSI: 00007ffcebb6b510 RDI: 00000000ffffff9c
[ 53.089754][ T470] RBP: 00007ffcebb6b510 R08: 000000000000000a R09: 00007ffcebb6b1c7
[ 53.089764][ T470] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
[ 53.089774][ T470] R13: 00000000000927c0 R14: 000000000000cefd R15: 00007ffcebb6b510
[ 53.089793][ T470]
[ 53.089798][ T470] Modules linked in:
[ 53.089806][ T470] ---[ end trace 0000000000000000 ]---
[ 53.089812][ T470] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 53.089831][ T470] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 53.089843][ T470] RSP: 0018:ffffc900009d78b0 EFLAGS: 00010282
[ 53.089855][ T470] RAX: 0000000000000008 RBX: bca30dca9f20ae46 RCX: c151a81ed7efaa89
[ 53.089866][ T470] RDX: 0000000000010769 RSI: 0000000000000010 RDI: 89aaefd71ea851b9
[ 53.089876][ T470] RBP: ffffc900009d78f8 R08: dffffc0000000000 R09: ffffed1023160a01
[ 53.089887][ T470] R10: 0000000000000000 R11: 1ffff11023160a00 R12: 0000000000000010
[ 53.089898][ T470] R13: ffffffff82346963 R14: 0000000000000dc0 R15: ffff8881001ea780
[ 53.089909][ T470] FS: 000055557c3e0500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 53.089922][ T470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.089934][ T470] CR2: 000055557c4034e8 CR3: 000000012d0d5000 CR4: 00000000003506a0
[ 53.089947][ T470] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.089956][ T470] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.723452][ T498] Shutting down cpus with NMI
[ 54.728524][ T498] Kernel Offset: disabled
[ 54.732838][ T498] Rebooting in 86400 seconds..