Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts. 2025/07/13 07:35:48 ignoring optional flag "sandboxArg"="0" 2025/07/13 07:35:49 parsed 1 programs [ 83.266147][ T3455] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/07/13 07:35:59 executed programs: 0 [ 91.516063][ T3890] loop4: detected capacity change from 0 to 1024 [ 91.535713][ T3890] ======================================================= [ 91.535713][ T3890] WARNING: The mand mount option has been deprecated and [ 91.535713][ T3890] and is ignored by this kernel. Remove the mand [ 91.535713][ T3890] option from the mount to silence this warning. [ 91.535713][ T3890] ======================================================= [ 91.615966][ T3890] EXT4-fs: Ignoring removed oldalloc option [ 91.621947][ T3890] EXT4-fs: Ignoring removed orlov option [ 91.687691][ T3890] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 91.743579][ T3890] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.849406][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.948213][ T3916] loop4: detected capacity change from 0 to 1024 [ 91.963575][ T3916] EXT4-fs: Ignoring removed oldalloc option [ 91.969775][ T3916] EXT4-fs: Ignoring removed orlov option [ 91.984576][ T3916] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 92.049111][ T3916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.270922][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.433874][ T3943] loop4: detected capacity change from 0 to 1024 [ 92.482549][ T3943] EXT4-fs: Ignoring removed oldalloc option [ 92.507735][ T3943] EXT4-fs: Ignoring removed orlov option [ 92.524754][ T3943] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 92.584963][ T3943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.745438][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.921042][ T3974] loop4: detected capacity change from 0 to 1024 [ 92.956272][ T3974] EXT4-fs: Ignoring removed oldalloc option [ 92.962248][ T3974] EXT4-fs: Ignoring removed orlov option [ 92.999072][ T3974] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 93.043153][ T3974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.220464][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.356920][ T4011] loop4: detected capacity change from 0 to 1024 [ 93.402430][ T4011] EXT4-fs: Ignoring removed oldalloc option [ 93.438752][ T4011] EXT4-fs: Ignoring removed orlov option [ 93.461772][ T4011] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 93.497745][ T4011] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.624358][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.759571][ T4044] loop4: detected capacity change from 0 to 1024 [ 93.845344][ T4044] EXT4-fs: Ignoring removed oldalloc option [ 93.853572][ T4044] EXT4-fs: Ignoring removed orlov option [ 93.887157][ T4044] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 93.946531][ T4044] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.117314][ T3490] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.200870][ T4077] loop4: detected capacity change from 0 to 1024 [ 94.268114][ T4077] EXT4-fs: Ignoring removed oldalloc option [ 94.299737][ T4077] EXT4-fs: Ignoring removed orlov option [ 94.319007][ T4077] EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled [ 94.374098][ T4077] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.515572][ T4077] ================================================================== [ 94.523781][ T4077] BUG: KASAN: slab-use-after-free in ext4_find_extent+0xad0/0xc50 [ 94.531617][ T4077] Read of size 4 at addr ffff888072f8d20c by task syz.4.26/4077 [ 94.539274][ T4077] [ 94.541729][ T4077] CPU: 1 UID: 0 PID: 4077 Comm: syz.4.26 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 94.541746][ T4077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.541759][ T4077] Call Trace: [ 94.541767][ T4077] [ 94.541771][ T4077] dump_stack_lvl+0xf4/0x170 [ 94.541783][ T4077] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.541791][ T4077] ? rcu_is_watching+0x1f/0xa0 [ 94.541800][ T4077] ? __virt_addr_valid+0x176/0x2b0 [ 94.541807][ T4077] ? lock_release+0x42/0x2f0 [ 94.541815][ T4077] ? lock_acquire+0x69/0x210 [ 94.541823][ T4077] ? __virt_addr_valid+0x262/0x2b0 [ 94.541829][ T4077] print_report+0xca/0x230 [ 94.541838][ T4077] ? ext4_find_extent+0xad0/0xc50 [ 94.541845][ T4077] kasan_report+0x118/0x150 [ 94.541855][ T4077] ? ext4_find_extent+0xad0/0xc50 [ 94.541862][ T4077] ext4_find_extent+0xad0/0xc50 [ 94.541871][ T4077] ext4_ext_map_blocks+0x214/0x5810 [ 94.541882][ T4077] ? is_module_text_address+0x1d/0x150 [ 94.541891][ T4077] ? is_module_text_address+0x1d/0x150 [ 94.541898][ T4077] ? is_module_text_address+0x1d/0x150 [ 94.541906][ T4077] ? __kernel_text_address+0xd/0x40 [ 94.541916][ T4077] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 94.541922][ T4077] ? arch_stack_walk+0xfc/0x150 [ 94.541935][ T4077] ? stack_depot_save_flags+0x43/0x760 [ 94.541945][ T4077] ext4_map_query_blocks+0x10f/0x7c0 [ 94.541955][ T4077] ? __pfx_ext4_map_query_blocks+0x10/0x10 [ 94.541964][ T4077] ext4_map_blocks+0x400/0x1420 [ 94.541975][ T4077] ? __pfx_ext4_map_blocks+0x10/0x10 [ 94.541988][ T4077] _ext4_get_block+0x19f/0x3d0 [ 94.541996][ T4077] ? __pfx__ext4_get_block+0x10/0x10 [ 94.542006][ T4077] ext4_get_block_unwritten+0x17/0xa0 [ 94.542014][ T4077] ext4_block_write_begin+0x4a1/0xcd0 [ 94.542025][ T4077] ? __pfx_ext4_get_block_unwritten+0x10/0x10 [ 94.542033][ T4077] ? __pfx_ext4_block_write_begin+0x10/0x10 [ 94.542042][ T4077] ext4_write_begin+0x83a/0x1220 [ 94.542056][ T4077] ? __pfx_ext4_write_begin+0x10/0x10 [ 94.542063][ T4077] ? ext4_write_end+0x71c/0x930 [ 94.542070][ T4077] ext4_da_write_begin+0x41f/0x9a0 [ 94.542081][ T4077] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 94.542088][ T4077] ? balance_dirty_pages_ratelimited_flags+0x4d4/0x900 [ 94.542099][ T4077] generic_perform_write+0x299/0x670 [ 94.542110][ T4077] ? __pfx_generic_perform_write+0x10/0x10 [ 94.542118][ T4077] ? ext4_write_checks+0x1cc/0x220 [ 94.542127][ T4077] ext4_buffered_write_iter+0xaf/0x2c0 [ 94.542136][ T4077] ext4_file_write_iter+0xf40/0x1620 [ 94.542146][ T4077] ? try_to_wake_up+0x82d/0x12d0 [ 94.542156][ T4077] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 94.542167][ T4077] vfs_write+0x839/0xac0 [ 94.542177][ T4077] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 94.542185][ T4077] ? __pfx_vfs_write+0x10/0x10 [ 94.542193][ T4077] ? __fget_files+0x2e/0x2a0 [ 94.542202][ T4077] ? __fget_files+0x23d/0x2a0 [ 94.542210][ T4077] ? __fget_files+0x2e/0x2a0 [ 94.542225][ T4077] __x64_sys_pwrite64+0x139/0x1c0 [ 94.542233][ T4077] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 94.542242][ T4077] ? switch_fpu_return+0xe6/0x180 [ 94.542249][ T4077] do_syscall_64+0x8f/0x250 [ 94.542258][ T4077] ? fpregs_assert_state_consistent+0x48/0x60 [ 94.542264][ T4077] ? clear_bhb_loop+0x40/0x90 [ 94.542272][ T4077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.542279][ T4077] RIP: 0033:0x7fc53cd8e969 [ 94.542292][ T4077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.542302][ T4077] RSP: 002b:00007fc53dc06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 94.542314][ T4077] RAX: ffffffffffffffda RBX: 00007fc53cfb5fa0 RCX: 00007fc53cd8e969 [ 94.542320][ T4077] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004 [ 94.542325][ T4077] RBP: 00007fc53ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 94.542330][ T4077] R10: 000000000000fecc R11: 0000000000000246 R12: 0000000000000000 [ 94.542334][ T4077] R13: 0000000000000000 R14: 00007fc53cfb5fa0 R15: 00007fff902ed5e8 [ 94.542343][ T4077] [ 94.542346][ T4077] [ 94.938297][ T4077] Allocated by task 3948: [ 94.942644][ T4077] kasan_save_track+0x3e/0x80 [ 94.947340][ T4077] __kasan_slab_alloc+0x6c/0x80 [ 94.952292][ T4077] kmem_cache_alloc_noprof+0x1b1/0x400 [ 94.957761][ T4077] vm_area_alloc+0x1f/0x130 [ 94.962281][ T4077] mmap_region+0xdc1/0x1b50 [ 94.966807][ T4077] do_mmap+0x95c/0xc60 [ 94.970890][ T4077] vm_mmap_pgoff+0x21d/0x3f0 [ 94.975502][ T4077] ksys_mmap_pgoff+0x2be/0x3f0 [ 94.980290][ T4077] do_syscall_64+0x8f/0x250 [ 94.984803][ T4077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.990716][ T4077] [ 94.993063][ T4077] Freed by task 3953: [ 94.997055][ T4077] kasan_save_track+0x3e/0x80 [ 95.001756][ T4077] kasan_save_free_info+0x46/0x50 [ 95.006882][ T4077] __kasan_slab_free+0x62/0x70 [ 95.011658][ T4077] slab_free_after_rcu_debug+0x131/0x290 [ 95.017302][ T4077] rcu_core+0xbee/0x1530 [ 95.021651][ T4077] handle_softirqs+0x1ab/0x520 [ 95.026428][ T4077] __irq_exit_rcu+0x52/0x140 [ 95.031030][ T4077] sysvec_apic_timer_interrupt+0x92/0xb0 [ 95.036683][ T4077] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 95.042680][ T4077] [ 95.045045][ T4077] Last potentially related work creation: [ 95.050866][ T4077] kasan_save_stack+0x3e/0x60 [ 95.055566][ T4077] kasan_record_aux_stack+0xbd/0xd0 [ 95.060807][ T4077] kmem_cache_free+0x2b5/0x460 [ 95.065599][ T4077] exit_mmap+0x430/0x850 [ 95.069967][ T4077] __mmput+0x9c/0x320 [ 95.073975][ T4077] exit_mm+0x11b/0x1b0 [ 95.078064][ T4077] do_exit+0x506/0x1d40 [ 95.082245][ T4077] do_group_exit+0x1b1/0x280 [ 95.086848][ T4077] __x64_sys_exit_group+0x3f/0x40 [ 95.091974][ T4077] x64_sys_call+0x21ba/0x21c0 [ 95.096668][ T4077] do_syscall_64+0x8f/0x250 [ 95.101184][ T4077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.107099][ T4077] [ 95.109436][ T4077] The buggy address belongs to the object at ffff888072f8d140 [ 95.109436][ T4077] which belongs to the cache vm_area_struct of size 256 [ 95.123767][ T4077] The buggy address is located 204 bytes inside of [ 95.123767][ T4077] freed 256-byte region [ffff888072f8d140, ffff888072f8d240) [ 95.137581][ T4077] [ 95.139919][ T4077] The buggy address belongs to the physical page: [ 95.146352][ T4077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72f8d [ 95.155144][ T4077] memcg:ffff88807356d101 [ 95.159483][ T4077] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 95.167059][ T4077] page_type: f5(slab) [ 95.171067][ T4077] raw: 00fff00000000000 ffff88801069eb40 ffffea000047c5c0 dead000000000005 [ 95.179661][ T4077] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff88807356d101 [ 95.188254][ T4077] page dumped because: kasan: bad access detected [ 95.194693][ T4077] page_owner tracks the page as allocated [ 95.200424][ T4077] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3527, tgid 3527 (modprobe), ts 85724057847, free_ts 85535482640 [ 95.219445][ T4077] post_alloc_hook+0x168/0x1a0 [ 95.224316][ T4077] get_page_from_freelist+0x2945/0x2a20 [ 95.229895][ T4077] __alloc_frozen_pages_noprof+0x26b/0x460 [ 95.235741][ T4077] alloc_pages_mpol+0x150/0x320 [ 95.240605][ T4077] allocate_slab+0x8a/0x350 [ 95.245124][ T4077] ___slab_alloc+0x9dc/0x10e0 [ 95.249817][ T4077] kmem_cache_alloc_noprof+0x26e/0x400 [ 95.255296][ T4077] vm_area_dup+0x22/0x4b0 [ 95.259641][ T4077] __split_vma+0x101/0x7f0 [ 95.264158][ T4077] vma_modify+0x1399/0x19b0 [ 95.268678][ T4077] vma_modify_flags+0x1c2/0x210 [ 95.273539][ T4077] mprotect_fixup+0x2c4/0x790 [ 95.278313][ T4077] do_mprotect_pkey+0x5d8/0x900 [ 95.283176][ T4077] __x64_sys_mprotect+0x7b/0x90 [ 95.288136][ T4077] do_syscall_64+0x8f/0x250 [ 95.292924][ T4077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.298827][ T4077] page last free pid 23 tgid 23 stack trace: [ 95.304842][ T4077] __free_frozen_pages+0xc5a/0xe40 [ 95.310054][ T4077] __tlb_remove_table+0x1c3/0x2a0 [ 95.315193][ T4077] tlb_remove_table_rcu+0x6e/0xd0 [ 95.320232][ T4077] rcu_core+0xbee/0x1530 [ 95.324576][ T4077] handle_softirqs+0x1ab/0x520 [ 95.329350][ T4077] run_ksoftirqd+0x28/0x40 [ 95.333789][ T4077] smpboot_thread_fn+0x3f4/0x7d0 [ 95.338836][ T4077] kthread+0x59b/0x690 [ 95.342923][ T4077] ret_from_fork+0x136/0x2d0 [ 95.347511][ T4077] ret_from_fork_asm+0x1a/0x30 [ 95.352351][ T4077] [ 95.354666][ T4077] Memory state around the buggy address: [ 95.360287][ T4077] ffff888072f8d100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 95.368349][ T4077] ffff888072f8d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.376488][ T4077] >ffff888072f8d200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.384633][ T4077] ^ [ 95.388949][ T4077] ffff888072f8d280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.397090][ T4077] ffff888072f8d300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.405145][ T4077] ================================================================== [ 95.433901][ T4077] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 95.444335][ T4077] Kernel Offset: disabled [ 95.448669][ T4077] Rebooting in 86400 seconds..