Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. 2024/11/07 13:53:45 ignoring optional flag "sandboxArg"="0" 2024/11/07 13:53:45 ignoring optional flag "type"="gce" 2024/11/07 13:53:45 parsed 1 programs 2024/11/07 13:53:45 executed programs: 0 [ 46.796171][ T24] kauditd_printk_skb: 14 callbacks suppressed [ 46.796184][ T24] audit: type=1400 audit(1730987625.350:90): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.850268][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.857130][ T346] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.864465][ T346] device bridge_slave_0 entered promiscuous mode [ 46.871119][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.877944][ T346] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.885393][ T346] device bridge_slave_1 entered promiscuous mode [ 46.920060][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.926925][ T346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.934029][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.940905][ T346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.957572][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.964630][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.972368][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.979651][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.988744][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.996929][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.003769][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.012074][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.020037][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.026899][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.037694][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.046593][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.059475][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.070157][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.078566][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.086038][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.094020][ T346] device veth0_vlan entered promiscuous mode [ 47.103545][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.112335][ T346] device veth1_macvtap entered promiscuous mode [ 47.121454][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.131155][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.145249][ T24] audit: type=1400 audit(1730987625.700:91): avc: denied { mounton } for pid=346 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=509 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 47.177018][ T24] audit: type=1400 audit(1730987625.730:92): avc: denied { mounton } for pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir693159646/syzkaller.zk3dtB/0/bus" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 47.212402][ T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.221284][ T24] audit: type=1400 audit(1730987625.780:93): avc: denied { mount } for pid=351 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 47.221305][ T352] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/0/bus supports timestamps until 2038 (0x7fffffff) [ 47.262289][ T24] audit: type=1400 audit(1730987625.810:94): avc: denied { write } for pid=351 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 47.284371][ T24] audit: type=1400 audit(1730987625.810:95): avc: denied { add_name } for pid=351 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 47.305183][ T24] audit: type=1400 audit(1730987625.810:96): avc: denied { create } for pid=351 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.325851][ T24] audit: type=1400 audit(1730987625.810:97): avc: denied { read write open } for pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir693159646/syzkaller.zk3dtB/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.354160][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.354317][ T24] audit: type=1400 audit(1730987625.810:98): avc: denied { mounton } for pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir693159646/syzkaller.zk3dtB/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.368074][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.407789][ T24] audit: type=1400 audit(1730987625.810:99): avc: denied { append } for pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir693159646/syzkaller.zk3dtB/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.408299][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.448315][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.448315][ T7] [ 47.458140][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.532166][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.541000][ T358] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/1/bus supports timestamps until 2038 (0x7fffffff) [ 47.576940][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.589952][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.604146][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.616313][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.616313][ T7] [ 47.626186][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.722094][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.731166][ T365] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/2/bus supports timestamps until 2038 (0x7fffffff) [ 47.767308][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.780323][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.794475][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.807094][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.807094][ T7] [ 47.817086][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.901917][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.910718][ T371] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/3/bus supports timestamps until 2038 (0x7fffffff) [ 47.945010][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 47.957935][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.971956][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.984344][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.984344][ T7] [ 47.994210][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.093783][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.102721][ T377] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/4/bus supports timestamps until 2038 (0x7fffffff) [ 48.138832][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.152242][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.166521][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.179085][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.179085][ T49] [ 48.189575][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.283409][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.292172][ T384] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/5/bus supports timestamps until 2038 (0x7fffffff) [ 48.327459][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.340347][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.354401][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.367081][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.367081][ T7] [ 48.377107][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.454647][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.463569][ T390] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/6/bus supports timestamps until 2038 (0x7fffffff) [ 48.499040][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.512114][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.526213][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.538505][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.538505][ T7] [ 48.548594][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.632443][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.641375][ T397] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/7/bus supports timestamps until 2038 (0x7fffffff) [ 48.677136][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.690249][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4156: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.704256][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.716580][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.716580][ T7] [ 48.726433][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.804717][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.813596][ T404] ext4 filesystem being mounted at /root/syzkaller-testdir693159646/syzkaller.zk3dtB/8/bus supports timestamps until 2038 (0x7fffffff) [ 48.848623][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4437: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 48.861518][ T7] ================================================================== [ 48.869417][ T7] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0 [ 48.876589][ T7] Read of size 4 at addr ffff88811f7d6078 by task kworker/u4:0/7 [ 48.884219][ T7] [ 48.886398][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.226-syzkaller-1003431-ge5e5644ea27f #0 [ 48.896203][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 48.906285][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 48.912264][ T7] Call Trace: [ 48.915509][ T7] dump_stack_lvl+0x1e2/0x24b [ 48.919983][ T7] ? bfq_pos_tree_add_move+0x43b/0x43b [ 48.925281][ T7] ? panic+0x812/0x812 [ 48.929185][ T7] ? __getblk_gfp+0x3d/0x7e0 [ 48.933613][ T7] print_address_description+0x81/0x3b0 [ 48.938990][ T7] kasan_report+0x179/0x1c0 [ 48.943343][ T7] ? ext4_find_extent+0xbab/0xdb0 [ 48.948194][ T7] ? ext4_find_extent+0xbab/0xdb0 [ 48.953058][ T7] __asan_report_load4_noabort+0x14/0x20 [ 48.958521][ T7] ext4_find_extent+0xbab/0xdb0 [ 48.963210][ T7] ext4_ext_map_blocks+0x26a/0x6ee0 [ 48.968242][ T7] ? ret_from_fork+0x1f/0x30 [ 48.972689][ T7] ? stack_trace_save+0x113/0x1c0 [ 48.977531][ T7] ? stack_trace_snprint+0xf0/0xf0 [ 48.982478][ T7] ? ext4_ext_release+0x10/0x10 [ 48.987167][ T7] ? slab_post_alloc_hook+0x61/0x2f0 [ 48.992293][ T7] ? kmem_cache_alloc+0x168/0x2e0 [ 48.997143][ T7] ? ext4_alloc_io_end_vec+0x2a/0x170 [ 49.002441][ T7] ? ext4_writepages+0x122f/0x3c00 [ 49.007383][ T7] ? do_writepages+0x12e/0x270 [ 49.011985][ T7] ? __writeback_single_inode+0xd7/0xac0 [ 49.017455][ T7] ? writeback_sb_inodes+0x99c/0x16b0 [ 49.022668][ T7] ? wb_writeback+0x404/0xc60 [ 49.027177][ T7] ? wb_workfn+0x3d9/0x1110 [ 49.031605][ T7] ? process_one_work+0x6dc/0xbd0 [ 49.036461][ T7] ? worker_thread+0xaea/0x1510 [ 49.041243][ T7] ? kthread+0x34b/0x3d0 [ 49.045339][ T7] ? ret_from_fork+0x1f/0x30 [ 49.049752][ T7] ? _raw_read_unlock+0x25/0x40 [ 49.054626][ T7] ? ext4_es_lookup_extent+0x33b/0x940 [ 49.059909][ T7] ext4_map_blocks+0xa65/0x1d10 [ 49.064586][ T7] ? ext4_issue_zeroout+0x1b0/0x1b0 [ 49.069641][ T7] ? ext4_inode_journal_mode+0x1a5/0x470 [ 49.075088][ T7] ext4_writepages+0x148b/0x3c00 [ 49.079861][ T7] ? __ext4_error+0x203/0x420 [ 49.084374][ T7] ? ext4_readpage+0x230/0x230 [ 49.088973][ T7] ? psi_task_change+0x1e6/0x360 [ 49.093755][ T7] ? ext4_get_group_desc+0x260/0x2b0 [ 49.098867][ T7] ? __ext4_get_inode_loc+0x59c/0xbf0 [ 49.104076][ T7] ? ext4_readpage+0x230/0x230 [ 49.108675][ T7] do_writepages+0x12e/0x270 [ 49.113101][ T7] ? __writepage+0x130/0x130 [ 49.117526][ T7] ? __kasan_check_write+0x14/0x20 [ 49.122474][ T7] ? __kasan_check_write+0x14/0x20 [ 49.127423][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 49.132111][ T7] __writeback_single_inode+0xd7/0xac0 [ 49.137404][ T7] ? inode_add_lru+0x130/0x190 [ 49.142001][ T7] writeback_sb_inodes+0x99c/0x16b0 [ 49.147055][ T7] ? queue_io+0x520/0x520 [ 49.151208][ T7] ? writeback_sb_inodes+0x16b0/0x16b0 [ 49.156582][ T7] ? queue_io+0x3d3/0x520 [ 49.160751][ T7] wb_writeback+0x404/0xc60 [ 49.165094][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 49.170559][ T7] ? set_worker_desc+0x158/0x1c0 [ 49.175332][ T7] ? update_load_avg+0x541/0x1690 [ 49.180201][ T7] ? __kasan_check_write+0x14/0x20 [ 49.185140][ T7] wb_workfn+0x3d9/0x1110 [ 49.189321][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 49.194871][ T7] ? find_next_bit+0x7f/0x100 [ 49.199374][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 49.204409][ T7] ? finish_task_switch+0x130/0x5a0 [ 49.209441][ T7] ? __switch_to_asm+0x34/0x60 [ 49.214043][ T7] ? __kasan_check_read+0x11/0x20 [ 49.218908][ T7] ? read_word_at_a_time+0x12/0x20 [ 49.223848][ T7] ? strscpy+0x9c/0x260 [ 49.227843][ T7] process_one_work+0x6dc/0xbd0 [ 49.232530][ T7] worker_thread+0xaea/0x1510 [ 49.237045][ T7] kthread+0x34b/0x3d0 [ 49.240982][ T7] ? worker_clr_flags+0x180/0x180 [ 49.245811][ T7] ? kthread_blkcg+0xd0/0xd0 [ 49.250241][ T7] ret_from_fork+0x1f/0x30 [ 49.254580][ T7] [ 49.256745][ T7] The buggy address belongs to the page: [ 49.262235][ T7] page:ffffea00047df580 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11f7d6 [ 49.272292][ T7] flags: 0x4000000000000000() [ 49.276889][ T7] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 49.285307][ T7] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 49.293888][ T7] page dumped because: kasan: bad access detected [ 49.300147][ T7] page_owner tracks the page as freed [ 49.305449][ T7] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 290, ts 28130017571, free_ts 29187873303 [ 49.321681][ T7] prep_new_page+0x166/0x180 [ 49.326106][ T7] get_page_from_freelist+0x2d8c/0x2f30 [ 49.331473][ T7] __alloc_pages_nodemask+0x435/0xaf0 [ 49.336699][ T7] handle_pte_fault+0x1782/0x3e30 [ 49.341543][ T7] __handle_speculative_fault+0x1370/0x1e90 [ 49.347281][ T7] exc_page_fault+0x234/0x5b0 [ 49.351780][ T7] asm_exc_page_fault+0x1e/0x30 [ 49.356489][ T7] page last free stack trace: [ 49.360990][ T7] free_unref_page_prepare+0x2ae/0x2d0 [ 49.366304][ T7] free_unref_page_list+0x122/0xb20 [ 49.371312][ T7] release_pages+0xea0/0xef0 [ 49.375743][ T7] free_pages_and_swap_cache+0x8a/0xa0 [ 49.381040][ T7] tlb_flush_mmu+0xd0/0x180 [ 49.385372][ T7] unmap_page_range+0x1f34/0x23b0 [ 49.390230][ T7] unmap_vmas+0x37f/0x4f0 [ 49.394398][ T7] exit_mmap+0x2f2/0x5c0 [ 49.398478][ T7] __mmput+0x95/0x2d0 [ 49.402489][ T7] mmput+0x59/0x170 [ 49.406148][ T7] do_exit+0xbda/0x2a50 [ 49.410160][ T7] do_group_exit+0x141/0x310 [ 49.414586][ T7] get_signal+0x10a0/0x1410 [ 49.418899][ T7] arch_do_signal_or_restart+0xbd/0x17c0 [ 49.424486][ T7] exit_to_user_mode_loop+0x9b/0xd0 [ 49.429518][ T7] syscall_exit_to_user_mode+0xa2/0x1a0 [ 49.435152][ T7] [ 49.437286][ T7] Memory state around the buggy address: [ 49.442935][ T7] ffff88811f7d5f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.450837][ T7] ffff88811f7d5f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.458732][ T7] >ffff88811f7d6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.466844][ T7] ^ [ 49.474643][ T7] ffff88811f7d6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.482665][ T7] ffff88811f7d6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.490531][ T7] ================================================================== [ 49.498418][ T7] Disabling lock debugging due to kernel taint [ 49.507447][ T7] ------------[ cut here ]------------ [ 49.512748][ T7] kernel BUG at fs/ext4/inode.c:2463! [ 49.517955][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 49.523833][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.10.226-syzkaller-1003431-ge5e5644ea27f #0 [ 49.535025][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 49.545220][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 49.551012][ T7] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 49.556633][ T7] Code: 00 74 08 48 89 df e8 eb d1 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 c3 dc 07 00 eb 5d e8 ec 37 8c ff <0f> 0b e8 e5 37 8c ff eb 3b e8 de 37 8c ff eb 77 e8 d7 37 8c ff 31 [ 49.576004][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 49.582108][ T7] RAX: ffffffff81de7504 RBX: dffffc0000000000 RCX: ffff888100253b40 [ 49.589938][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.597725][ T7] RBP: ffffc90000077490 R08: ffffffff81de5109 R09: ffffed1024100d6e [ 49.605545][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000773b0 [ 49.613347][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.621160][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 49.629924][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.636353][ T7] CR2: 00007ffffe074ca8 CR3: 000000010f08d000 CR4: 00000000003506a0 [ 49.644159][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.651971][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.659778][ T7] Call Trace: [ 49.662932][ T7] ? __die_body+0x62/0xb0 [ 49.667247][ T7] ? die+0x88/0xb0 [ 49.670805][ T7] ? do_trap+0x1a4/0x310 [ 49.674912][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 49.679831][ T7] ? handle_invalid_op+0x95/0xc0 [ 49.684607][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 49.689562][ T7] ? exc_invalid_op+0x32/0x50 [ 49.694080][ T7] ? asm_exc_invalid_op+0x12/0x20 [ 49.699048][ T7] ? ext4_writepages+0x1749/0x3c00 [ 49.703984][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 49.708936][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 49.713891][ T7] ? __ext4_error+0x203/0x420 [ 49.718394][ T7] ? ext4_readpage+0x230/0x230 [ 49.722991][ T7] ? psi_task_change+0x1e6/0x360 [ 49.727994][ T7] ? ext4_get_group_desc+0x260/0x2b0 [ 49.733195][ T7] ? __ext4_get_inode_loc+0x59c/0xbf0 [ 49.738388][ T7] ? ext4_readpage+0x230/0x230 [ 49.742983][ T7] do_writepages+0x12e/0x270 [ 49.747414][ T7] ? __writepage+0x130/0x130 [ 49.751838][ T7] ? __kasan_check_write+0x14/0x20 [ 49.756877][ T7] ? __kasan_check_write+0x14/0x20 [ 49.761907][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 49.766504][ T7] __writeback_single_inode+0xd7/0xac0 [ 49.771806][ T7] ? inode_add_lru+0x130/0x190 [ 49.776397][ T7] writeback_sb_inodes+0x99c/0x16b0 [ 49.781524][ T7] ? queue_io+0x520/0x520 [ 49.785785][ T7] ? writeback_sb_inodes+0x16b0/0x16b0 [ 49.791075][ T7] ? queue_io+0x3d3/0x520 [ 49.795364][ T7] wb_writeback+0x404/0xc60 [ 49.799809][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 49.805264][ T7] ? set_worker_desc+0x158/0x1c0 [ 49.810143][ T7] ? update_load_avg+0x541/0x1690 [ 49.814995][ T7] ? __kasan_check_write+0x14/0x20 [ 49.819936][ T7] wb_workfn+0x3d9/0x1110 [ 49.824185][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 49.829650][ T7] ? find_next_bit+0x7f/0x100 [ 49.834162][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 49.839225][ T7] ? finish_task_switch+0x130/0x5a0 [ 49.844235][ T7] ? __switch_to_asm+0x34/0x60 [ 49.848832][ T7] ? __kasan_check_read+0x11/0x20 [ 49.853688][ T7] ? read_word_at_a_time+0x12/0x20 [ 49.858635][ T7] ? strscpy+0x9c/0x260 [ 49.862628][ T7] process_one_work+0x6dc/0xbd0 [ 49.867314][ T7] worker_thread+0xaea/0x1510 [ 49.871833][ T7] kthread+0x34b/0x3d0 [ 49.875732][ T7] ? worker_clr_flags+0x180/0x180 [ 49.880593][ T7] ? kthread_blkcg+0xd0/0xd0 [ 49.885023][ T7] ret_from_fork+0x1f/0x30 [ 49.889270][ T7] Modules linked in: [ 49.893282][ T7] ---[ end trace 7961ed6249d15a24 ]--- [ 49.898786][ T7] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 49.904587][ T7] Code: 00 74 08 48 89 df e8 eb d1 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 c3 dc 07 00 eb 5d e8 ec 37 8c ff <0f> 0b e8 e5 37 8c ff eb 3b e8 de 37 8c ff eb 77 e8 d7 37 8c ff 31 [ 49.924289][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 49.930159][ T7] RAX: ffffffff81de7504 RBX: dffffc0000000000 RCX: ffff888100253b40 [ 49.938144][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.946060][ T7] RBP: ffffc90000077490 R08: ffffffff81de5109 R09: ffffed1024100d6e [ 49.953976][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000773b0 [ 49.961762][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.969559][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 49.978357][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.984768][ T7] CR2: 00007ffffe074ca8 CR3: 000000011ecbc000 CR4: 00000000003506a0 [ 49.992695][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.000571][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.008401][ T7] Kernel panic - not syncing: Fatal exception [ 50.014541][ T7] Kernel Offset: disabled [ 50.018681][ T7] Rebooting in 86400 seconds..