Warning: Permanently added '10.128.1.89' (ED25519) to the list of known hosts. 2025/07/22 07:04:02 ignoring optional flag "sandboxArg"="0" 2025/07/22 07:04:02 ignoring optional flag "type"="gce" 2025/07/22 07:04:02 parsed 1 programs [ 37.919281][ T24] kauditd_printk_skb: 16 callbacks suppressed [ 37.919293][ T24] audit: type=1400 audit(1753167842.680:90): avc: denied { unlink } for pid=413 comm="syz-executor" name="swap-file" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 37.988590][ T413] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 38.032444][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.039529][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.047021][ T419] device bridge_slave_0 entered promiscuous mode [ 38.053888][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.061209][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.068702][ T419] device bridge_slave_1 entered promiscuous mode [ 38.098735][ T419] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.105906][ T419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.113280][ T419] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.120420][ T419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.136796][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.144022][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.151452][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.158867][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.167690][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.175889][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.182927][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.191397][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.199685][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.206720][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.218178][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.227156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.240264][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.251276][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.259505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.267091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.274989][ T419] device veth0_vlan entered promiscuous mode [ 38.284927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.294158][ T419] device veth1_macvtap entered promiscuous mode [ 38.302828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.312703][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2025/07/22 07:04:03 executed programs: 0 [ 38.791409][ T465] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.798541][ T465] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.805797][ T465] device bridge_slave_0 entered promiscuous mode [ 38.812633][ T465] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.819718][ T465] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.827296][ T465] device bridge_slave_1 entered promiscuous mode [ 38.858118][ T465] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.865368][ T465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.872676][ T465] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.879809][ T465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.894870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.902647][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.910143][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.919107][ T112] device bridge_slave_1 left promiscuous mode [ 38.925308][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.933063][ T112] device bridge_slave_0 left promiscuous mode [ 38.939384][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.947308][ T112] device veth1_macvtap left promiscuous mode [ 38.953377][ T112] device veth0_vlan left promiscuous mode [ 39.040387][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.048812][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.057037][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.064060][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.072966][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.081314][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.089953][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.096994][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.108143][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.116351][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.125220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.133371][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.145650][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.154283][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.164972][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.172894][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.181268][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.188787][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.197015][ T465] device veth0_vlan entered promiscuous mode [ 39.205623][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.213782][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.223220][ T465] device veth1_macvtap entered promiscuous mode [ 39.231664][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.239496][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.248284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.259325][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.267725][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.317146][ T470] ====================================================== [ 39.317146][ T470] WARNING: the mand mount option is being deprecated and [ 39.317146][ T470] will be removed in v5.15! [ 39.317146][ T470] ====================================================== [ 39.317181][ T24] audit: type=1400 audit(1753167844.080:91): avc: denied { mounton } for pid=469 comm="syz-executor.0" path="/root/syzkaller-testdir3530718518/syzkaller.UYcjZ2/0/file1" dev="sda1" ino=2035 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.408572][ T470] EXT4-fs (loop0): 1 orphan inode deleted [ 39.414316][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 39.433801][ T24] audit: type=1400 audit(1753167844.200:92): avc: denied { mount } for pid=469 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 39.433827][ T470] ext4 filesystem being mounted at /root/syzkaller-testdir3530718518/syzkaller.UYcjZ2/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.473017][ T24] audit: type=1400 audit(1753167844.230:93): avc: denied { write } for pid=469 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 39.481190][ T474] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 39.506921][ T24] audit: type=1400 audit(1753167844.230:94): avc: denied { add_name } for pid=469 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 39.506937][ T24] audit: type=1400 audit(1753167844.230:95): avc: denied { create } for pid=469 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.506953][ T24] audit: type=1400 audit(1753167844.230:96): avc: denied { write open } for pid=469 comm="syz-executor.0" path="/root/syzkaller-testdir3530718518/syzkaller.UYcjZ2/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.506968][ T24] audit: type=1400 audit(1753167844.230:97): avc: denied { read } for pid=469 comm="syz-executor.0" name="bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.506986][ T24] audit: type=1400 audit(1753167844.240:98): avc: denied { mounton } for pid=469 comm="syz-executor.0" path="/root/syzkaller-testdir3530718518/syzkaller.UYcjZ2/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.624936][ T474] EXT4-fs (loop0): Remounting filesystem read-only [ 39.631740][ T474] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 39.644964][ T474] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 39.654584][ T474] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 39.669837][ T465] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 39.673379][ T24] audit: type=1400 audit(1753167844.430:99): avc: denied { unmount } for pid=465 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 39.874611][ T476] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.881822][ T476] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.889436][ T476] device bridge_slave_0 entered promiscuous mode [ 39.902292][ T476] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.909354][ T476] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.916748][ T476] device bridge_slave_1 entered promiscuous mode [ 39.945698][ T476] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.952917][ T476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.960338][ T476] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.967376][ T476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.987862][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.995572][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.003851][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.012905][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.021442][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.028648][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.041584][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.050033][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.058392][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.066013][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.083365][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.091510][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.100383][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.108565][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.124517][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.133056][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.144076][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.151933][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.160179][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.167994][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.176054][ T476] device veth0_vlan entered promiscuous mode [ 40.190372][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.199142][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.208591][ T476] device veth1_macvtap entered promiscuous mode [ 40.218025][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 40.225720][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.233968][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.243557][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.252001][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.308270][ T481] EXT4-fs (loop0): 1 orphan inode deleted [ 40.314079][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 40.333022][ T481] ext4 filesystem being mounted at /root/syzkaller-testdir2130188716/syzkaller.ogcOuR/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.357018][ T485] EXT4-fs error (device loop0): ext4_free_blocks:5685: comm syz-executor.0: Freeing blocks not in datazone - block = 41, count = 1 [ 40.370769][ T485] EXT4-fs (loop0): Remounting filesystem read-only [ 40.377478][ T485] ================================================================== [ 40.385659][ T485] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x258d/0x4920 [ 40.393539][ T485] Read of size 18446744073709551604 at addr ffff8881201ef018 by task syz-executor.0/485 [ 40.403573][ T485] [ 40.406076][ T485] CPU: 1 PID: 485 Comm: syz-executor.0 Not tainted 5.10.240-syzkaller-1008073-gad9a98ef27a4 #0 [ 40.416477][ T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.426517][ T485] Call Trace: [ 40.429900][ T485] __dump_stack+0x21/0x24 [ 40.434224][ T485] dump_stack_lvl+0x169/0x1d8 [ 40.438892][ T485] ? show_regs_print_info+0x18/0x18 [ 40.444077][ T485] ? thaw_kernel_threads+0x220/0x220 [ 40.449349][ T485] print_address_description+0x7f/0x2c0 [ 40.454880][ T485] ? ext4_ext_remove_space+0x258d/0x4920 [ 40.460502][ T485] kasan_report+0xe2/0x130 [ 40.464998][ T485] ? ext4_ext_remove_space+0x258d/0x4920 [ 40.470616][ T485] ? ext4_ext_remove_space+0x258d/0x4920 [ 40.476234][ T485] kasan_check_range+0x280/0x290 [ 40.481338][ T485] memmove+0x2d/0x70 [ 40.485310][ T485] ext4_ext_remove_space+0x258d/0x4920 [ 40.490757][ T485] ? __kasan_slab_free+0x11/0x20 [ 40.495689][ T485] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 40.501661][ T485] ? ext4_es_remove_extent+0x1d9/0x330 [ 40.507108][ T485] ext4_punch_hole+0x6f8/0xad0 [ 40.511861][ T485] ext4_fallocate+0x271/0x1a70 [ 40.516619][ T485] ? selinux_file_permission+0x2a5/0x510 [ 40.522241][ T485] ? preempt_count_add+0x90/0x1b0 [ 40.527258][ T485] vfs_fallocate+0x4b4/0x590 [ 40.531837][ T485] __x64_sys_fallocate+0xc0/0x110 [ 40.536861][ T485] do_syscall_64+0x31/0x40 [ 40.541278][ T485] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.547341][ T485] RIP: 0033:0x7fa4a1482f69 [ 40.551935][ T485] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 40.571792][ T485] RSP: 002b:00007fa4a0fe40c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 40.580383][ T485] RAX: ffffffffffffffda RBX: 00007fa4a15ba050 RCX: 00007fa4a1482f69 [ 40.588438][ T485] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 40.596401][ T485] RBP: 00007fa4a14e06fe R08: 0000000000000000 R09: 0000000000000000 [ 40.604446][ T485] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000 [ 40.612403][ T485] R13: 000000000000000b R14: 00007fa4a15ba050 R15: 00007fffac393a48 [ 40.620366][ T485] [ 40.622678][ T485] The buggy address belongs to the page: [ 40.628304][ T485] page:ffffea0004807bc0 refcount:2 mapcount:0 mapping:ffff888109390290 index:0x27 pfn:0x1201ef [ 40.638611][ T485] aops:def_blk_aops ino:0 [ 40.642927][ T485] flags: 0x4000000000002036(referenced|uptodate|lru|active|private) [ 40.650977][ T485] raw: 4000000000002036 ffffea000480a848 ffff8881061af030 ffff888109390290 [ 40.659638][ T485] raw: 0000000000000027 ffff88810cf7e1f8 00000002ffffffff ffff888105780000 [ 40.668203][ T485] page dumped because: kasan: bad access detected [ 40.674691][ T485] page->mem_cgroup:ffff888105780000 [ 40.679985][ T485] page_owner tracks the page as allocated [ 40.685877][ T485] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 481, ts 40355673857, free_ts 40308247613 [ 40.702869][ T485] prep_new_page+0x179/0x180 [ 40.707459][ T485] get_page_from_freelist+0x2235/0x23d0 [ 40.713077][ T485] __alloc_pages_nodemask+0x268/0x5f0 [ 40.718436][ T485] pagecache_get_page+0x642/0x930 [ 40.723450][ T485] __getblk_gfp+0x212/0x780 [ 40.727937][ T485] ext4_ext_insert_extent+0x1084/0x4530 [ 40.733469][ T485] ext4_split_extent_at+0x79f/0xe90 [ 40.738663][ T485] ext4_split_extent+0x1d7/0x4e0 [ 40.743592][ T485] ext4_ext_map_blocks+0x1b3b/0x5d40 [ 40.748866][ T485] ext4_map_blocks+0x978/0x1bc0 [ 40.753704][ T485] _ext4_get_block+0x1bb/0x4b0 [ 40.758459][ T485] ext4_get_block_unwritten+0x2a/0x40 [ 40.763826][ T485] ext4_block_write_begin+0x567/0x1330 [ 40.769276][ T485] ext4_write_begin+0x651/0x1550 [ 40.774220][ T485] ext4_da_write_begin+0x455/0xe80 [ 40.779422][ T485] generic_perform_write+0x2be/0x510 [ 40.784701][ T485] page last free stack trace: [ 40.789724][ T485] free_unref_page_prepare+0x2b7/0x2d0 [ 40.795170][ T485] free_unref_page_list+0x12e/0x9b0 [ 40.800356][ T485] release_pages+0xe38/0xe80 [ 40.804960][ T485] free_pages_and_swap_cache+0x86/0xa0 [ 40.810515][ T485] tlb_finish_mmu+0x175/0x300 [ 40.815214][ T485] unmap_region+0x32c/0x380 [ 40.819720][ T485] __do_munmap+0x63c/0x850 [ 40.824131][ T485] __se_sys_munmap+0x127/0x1b0 [ 40.828888][ T485] __x64_sys_munmap+0x5b/0x70 [ 40.833646][ T485] do_syscall_64+0x31/0x40 [ 40.838197][ T485] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.844085][ T485] [ 40.846412][ T485] Memory state around the buggy address: [ 40.852050][ T485] ffff8881201eef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.860117][ T485] ffff8881201eef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.868359][ T485] >ffff8881201ef000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.876583][ T485] ^ [ 40.881422][ T485] ffff8881201ef080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.889557][ T485] ffff8881201ef100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.897601][ T485] ================================================================== [ 40.905733][ T485] Disabling lock debugging due to kernel taint [ 40.914432][ T485] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 40.928350][ T485] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 40.938476][ T485] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #16: comm syz-executor.0: mark_inode_dirty error [ 40.951051][ T485] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 40.964772][ T485] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 40.974670][ T485] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 40.989646][ T476] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 41.188558][ T509] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.195599][ T509] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.202972][ T509] device bridge_slave_0 entered promiscuous mode [ 41.209709][ T509] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.216891][ T509] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.224313][ T509] device bridge_slave_1 entered promiscuous mode [ 41.258744][ T509] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.265781][ T509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.273146][ T509] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.280184][ T509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.295968][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.303798][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.311492][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.322259][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.330578][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.337610][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.346726][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.355000][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.362227][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.374778][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.383917][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.397469][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.409821][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.418099][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.425513][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.433890][ T509] device veth0_vlan entered promiscuous mode [ 41.443303][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.453367][ T509] device veth1_macvtap entered promiscuous mode [ 41.462209][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.472341][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.507858][ T515] EXT4-fs (loop0): 1 orphan inode deleted [ 41.513671][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 41.532939][ T515] ext4 filesystem being mounted at /root/syzkaller-testdir2463824826/syzkaller.4Jv7qD/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.554784][ T519] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 41.567596][ T519] EXT4-fs (loop0): Remounting filesystem read-only [ 41.574377][ T519] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 41.588154][ T519] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 41.597830][ T519] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 41.612781][ T509] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 41.752543][ T112] device bridge_slave_1 left promiscuous mode [ 41.758773][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.766174][ T112] device bridge_slave_0 left promiscuous mode [ 41.772291][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.780459][ T112] device veth1_macvtap left promiscuous mode [ 41.786515][ T112] device veth0_vlan left promiscuous mode [ 41.911502][ T522] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.918757][ T522] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.926001][ T522] device bridge_slave_0 entered promiscuous mode [ 41.933801][ T522] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.941198][ T522] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.948803][ T522] device bridge_slave_1 entered promiscuous mode [ 41.982317][ T522] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.989633][ T522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.997118][ T522] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.004237][ T522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.020869][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.028625][ T513] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.035768][ T513] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.045259][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.053930][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.061013][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.069889][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.078325][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.086720][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.093813][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.104134][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.112424][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.121991][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.130239][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.145755][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.156170][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.167266][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.175150][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.183248][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.190990][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.199424][ T522] device veth0_vlan entered promiscuous mode [ 42.209732][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.217914][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.227040][ T522] device veth1_macvtap entered promiscuous mode [ 42.235472][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.243578][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.252516][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.262207][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.270614][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.367966][ T527] EXT4-fs (loop0): 1 orphan inode deleted [ 42.373795][ T527] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 42.392744][ T527] ext4 filesystem being mounted at /root/syzkaller-testdir3892192628/syzkaller.19XGhb/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.414309][ T531] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 42.426814][ T531] EXT4-fs (loop0): Remounting filesystem read-only [ 42.433361][ T531] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 42.446842][ T531] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 42.456995][ T531] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 42.472700][ T522] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 42.708636][ T533] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.715768][ T533] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.723324][ T533] device bridge_slave_0 entered promiscuous mode [ 42.730186][ T533] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.737536][ T533] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.744942][ T533] device bridge_slave_1 entered promiscuous mode [ 42.778897][ T533] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.785931][ T533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.793223][ T533] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.800257][ T533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.816672][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.824200][ T513] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.831673][ T513] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.842658][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.851404][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.858618][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.867701][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.875936][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.883089][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.894757][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.906427][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.920651][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.929484][ T112] device bridge_slave_1 left promiscuous mode [ 42.935672][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.943254][ T112] device bridge_slave_0 left promiscuous mode [ 42.949494][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.957504][ T112] device bridge_slave_1 left promiscuous mode [ 42.963859][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.971347][ T112] device bridge_slave_0 left promiscuous mode [ 42.977643][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.985295][ T112] device veth1_macvtap left promiscuous mode [ 42.991813][ T112] device veth0_vlan left promiscuous mode [ 42.997843][ T112] device veth1_macvtap left promiscuous mode [ 43.003837][ T112] device veth0_vlan left promiscuous mode [ 43.141436][ T533] device veth0_vlan entered promiscuous mode [ 43.148416][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.156453][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.163860][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.175920][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.184224][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.193254][ T533] device veth1_macvtap entered promiscuous mode [ 43.201881][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.209554][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.217967][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.227620][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.235951][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.318460][ T538] EXT4-fs (loop0): 1 orphan inode deleted [ 43.324220][ T538] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 43.343353][ T538] ext4 filesystem being mounted at /root/syzkaller-testdir2862672047/syzkaller.jCNEnI/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.364914][ T542] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 43.377406][ T542] EXT4-fs (loop0): Remounting filesystem read-only [ 43.383911][ T542] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 43.397065][ T542] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 43.406733][ T542] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 43.421804][ T533] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 43.618766][ T544] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.625808][ T544] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.633344][ T544] device bridge_slave_0 entered promiscuous mode [ 43.640743][ T544] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.647893][ T544] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.655180][ T544] device bridge_slave_1 entered promiscuous mode [ 43.686912][ T544] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.694038][ T544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.701431][ T544] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.708456][ T544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.729724][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.737507][ T513] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.744839][ T513] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.753427][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.761741][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.768865][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.779924][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.788419][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.795485][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.809595][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.818542][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.831536][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.842280][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.851069][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.858804][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.867590][ T544] device veth0_vlan entered promiscuous mode [ 43.879658][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.888656][ T544] device veth1_macvtap entered promiscuous mode [ 43.897857][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.909977][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.948850][ T549] EXT4-fs (loop0): 1 orphan inode deleted [ 43.954613][ T549] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 43.973704][ T549] ext4 filesystem being mounted at /root/syzkaller-testdir3679409302/syzkaller.ulhnB1/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.997297][ T553] EXT4-fs error (device loop0): ext4_ext_remove_space:2841: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 44.009823][ T553] EXT4-fs (loop0): Remounting filesystem read-only [ 44.016617][ T553] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 44.030180][ T553] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem 2025/07/22 07:04:08 executed programs: 16 [ 44.040295][ T553] EXT4-fs error (device loop0): ext4_punch_hole:4230: inode #16: comm syz-executor.0: mark_inode_dirty error [ 44.058439][ T544] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1) [ 44.265383][ T112] device bridge_slave_1 left promiscuous mode [ 44.271737][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.279322][ T112] device bridge_slave_0 left promiscuous mode [ 44.285482][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.293394][ T112] device bridge_slave_1 left promiscuous mode [ 44.299583][ T112] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.307082][ T112] device bridge_slave_0 left promiscuous mode [ 44.313180][ T112] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.321178][ T112] device veth1_macvtap left promiscuous mode [ 44.327287][ T112] device veth0_vlan left promiscuous mode [ 44.333188][ T112] device veth1_macvtap left promiscuous mode [ 44.339247][ T112] device veth0_vlan left promiscuous mode [ 44.492743][ T555] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.499927][ T555] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.507713][ T555] device bridge_slave_0 entered promiscuous mode [ 44.514997][ T555] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.522073][ T555] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.529425][ T555] device bridge_slave_1 entered promiscuous mode [ 44.560055][ T555] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.567263][ T555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.574603][ T555] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.581835][ T555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.598978][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.607228][ T513] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.614549][ T513] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.623479][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.631736][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.638809][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.647719][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.655884][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.663043][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.674462][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.683757][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.697292][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.708288][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.716578][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.723902][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.732088][ T555] device veth0_vlan entered promiscuous mode [ 44.741976][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.751338][ T555] device veth1_macvtap entered promiscuous mode [ 44.760326][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.770019][ T513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.839110][ T560] EXT4-fs (loop0): 1 orphan inode deleted [ 44.844932][ T560] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 44.864182][ T560] ext4 filesystem being mounted at /root/syzkaller-testdir2905021948/syzkaller.5uOmTq/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.885519][ T564] EXT4-fs error (device loop0): ext4_free_blocks:5685: comm syz-executor.0: Freeing blocks not in datazone - block = 41, count = 1 [ 44.899649][ T564] EXT4-fs (loop0): Remounting filesystem read-only [ 44.926154][ C1] general protection fault, probably for non-canonical address 0x22633d48ffff90ed: 0000 [#1] PREEMPT SMP KASAN [ 44.938350][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.10.240-syzkaller-1008073-gad9a98ef27a4 #0 [ 44.949547][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.959632][ C1] RIP: 0010:_raw_spin_lock_irqsave+0xb9/0x110 [ 44.965695][ C1] Code: 44 24 20 00 00 00 00 48 89 df be 04 00 00 00 e8 ad 51 27 fd 4c 89 ff be 04 00 00 00 e8 a0 51 27 fd 8b 44 24 20 b9 01 00 00 00 0f b1 0b 75 3b 48 c7 04 24 0e 36 e0 45 4b c7 04 2c 00 00 00 00 [ 44.985301][ C1] RSP: 0018:ffffc90000170b20 EFLAGS: 00010097 [ 44.991370][ C1] RAX: 0000000000000000 RBX: 22633d48ffff90ed RCX: 0000000000000001 [ 44.999426][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000170b40 [ 45.007450][ C1] RBP: ffffc90000170bd0 R08: 0000000000000004 R09: 0000000000000003 [ 45.015564][ C1] R10: fffff5200002e168 R11: 1ffff9200002e168 R12: 1ffff9200002e164 [ 45.023698][ C1] R13: dffffc0000000000 R14: 0000000000000802 R15: ffffc90000170b40 [ 45.031845][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 45.040961][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.047552][ C1] CR2: 00000000fffffffe CR3: 000000010d272000 CR4: 00000000003506a0 [ 45.055659][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.063903][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.071853][ C1] Call Trace: [ 45.075114][ C1] [ 45.078133][ C1] ? _raw_spin_lock+0xe0/0xe0 [ 45.082788][ C1] ? enqueue_task+0x176/0xff0 [ 45.087444][ C1] try_to_wake_up+0x53/0xd70 [ 45.092181][ C1] ? __kasan_check_write+0x14/0x20 [ 45.097268][ C1] wake_up_process+0x10/0x20 [ 45.101851][ C1] insert_work+0x282/0x310 [ 45.106277][ C1] __queue_work+0x923/0xca0 [ 45.110845][ C1] delayed_work_timer_fn+0x61/0x80 [ 45.115934][ C1] ? queue_work_node+0x190/0x190 [ 45.120944][ C1] call_timer_fn+0x38/0x290 [ 45.125423][ C1] ? queue_work_node+0x190/0x190 [ 45.130338][ C1] __run_timers+0x667/0x9a0 [ 45.134820][ C1] ? calc_index+0x200/0x200 [ 45.139322][ C1] ? sched_clock_cpu+0x1b/0x3d0 [ 45.144349][ C1] run_timer_softirq+0x6a/0xf0 [ 45.149107][ C1] __do_softirq+0x255/0x563 [ 45.153589][ C1] asm_call_irq_on_stack+0xf/0x20 [ 45.158674][ C1] [ 45.161594][ C1] do_softirq_own_stack+0x60/0x80 [ 45.166613][ C1] __irq_exit_rcu+0x128/0x150 [ 45.171301][ C1] irq_exit_rcu+0x9/0x10 [ 45.175523][ C1] sysvec_apic_timer_interrupt+0xbf/0xe0 [ 45.181129][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 45.187099][ C1] RIP: 0010:default_idle+0x12/0x20 [ 45.192194][ C1] Code: 48 8b 7c 24 10 e8 be 29 00 00 e9 71 ff ff ff e8 94 ff fa ff 00 00 cc cc 55 48 89 e5 0f 1f 44 00 00 0f 00 2d 20 bf 4e 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 48 89 e5 41 57 41 56 [ 45.212055][ C1] RSP: 0018:ffffc90000107d98 EFLAGS: 00000246 [ 45.218114][ C1] RAX: ffff8881f7100000 RBX: ffff888100290000 RCX: 000000000000b1fa [ 45.226075][ C1] RDX: 0000000000000001 RSI: ffffffff85201d20 RDI: ffffffff85201ce0 [ 45.234168][ C1] RBP: ffffc90000107d98 R08: dffffc0000000000 R09: ffffed103ee2ae7b [ 45.242240][ C1] R10: ffffed103ee2ae7b R11: 1ffff1103ee2ae7a R12: 0000000000000001 [ 45.250275][ C1] R13: 1ffff11020052000 R14: 0000000000000000 R15: dffffc0000000000 [ 45.258243][ C1] arch_cpu_idle+0xa/0x10 [ 45.262552][ C1] default_idle_call+0x71/0x1d0 [ 45.267379][ C1] do_idle+0x1df/0x530 [ 45.271425][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 45.276598][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 45.282381][ C1] cpu_startup_entry+0x18/0x20 [ 45.287120][ C1] start_secondary+0x2e9/0x3a0 [ 45.292004][ C1] secondary_startup_64_no_verify+0xad/0xbb [ 45.298002][ C1] Modules linked in: [ 45.301921][ C1] ---[ end trace 734ff0fbfbdeed4f ]--- [ 45.301964][ C0] general protection fault, probably for non-canonical address 0xe000010c0000001a: 0000 [#2] PREEMPT SMP KASAN [ 45.307390][ C1] RIP: 0010:_raw_spin_lock_irqsave+0xb9/0x110 [ 45.319107][ C0] KASAN: probably user-memory-access in range [0x00002860000000d0-0x00002860000000d7] [ 45.325154][ C1] Code: 44 24 20 00 00 00 00 48 89 df be 04 00 00 00 e8 ad 51 27 fd 4c 89 ff be 04 00 00 00 e8 a0 51 27 fd 8b 44 24 20 b9 01 00 00 00 0f b1 0b 75 3b 48 c7 04 24 0e 36 e0 45 4b c7 04 2c 00 00 00 00 [ 45.334808][ C0] CPU: 0 PID: 564 Comm: syz-executor.0 Tainted: G B D 5.10.240-syzkaller-1008073-gad9a98ef27a4 #0 [ 45.354396][ C1] RSP: 0018:ffffc90000170b20 EFLAGS: 00010097 [ 45.366078][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.366088][ C1] [ 45.372144][ C0] RIP: 0010:__stack_depot_save+0x1c8/0x4c0 [ 45.382293][ C1] RAX: 0000000000000000 RBX: 22633d48ffff90ed RCX: 0000000000000001 [ 45.384721][ C0] Code: 41 29 f5 4c 8b 3d 30 b4 79 04 45 89 ee 41 81 e6 ff 0f 00 00 4b 8b 1c f7 48 85 db 74 59 44 89 e6 eb 08 48 8b 1b 48 85 db 74 4c <44> 39 6b 08 75 f2 44 39 63 0c 75 ec 45 31 c0 4e 8b 0c c7 4e 3b 4c [ 45.390517][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000170b40 [ 45.398651][ C0] RSP: 0018:ffffc900000076f8 EFLAGS: 00010282 [ 45.418327][ C1] RBP: ffffc90000170bd0 R08: 0000000000000004 R09: 0000000000000003 [ 45.426570][ C0] [ 45.432645][ C1] R10: fffff5200002e168 R11: 1ffff9200002e168 R12: 1ffff9200002e164 [ 45.440694][ C0] RAX: 0000000000000000 RBX: e000010c0000001a RCX: 0000000000000001 [ 45.443013][ C1] R13: dffffc0000000000 R14: 0000000000000802 R15: ffffc90000170b40 [ 45.450975][ C0] RDX: 0000000000000a20 RSI: 000000000000000b RDI: ffffc90000007760 [ 45.459031][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 45.467165][ C0] RBP: ffffc90000007750 R08: 00000000bd5d4965 R09: 00000000e8bc8c6c [ 45.475125][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.484035][ C0] R10: 0000000000000001 R11: 00000000d71524d7 R12: 000000000000000b [ 45.484042][ C0] R13: 00000000639878ba R14: 00000000000008ba R15: ffff8881f7340000 [ 45.484056][ C0] FS: 00007f817afa66c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 45.492022][ C1] CR2: 00000000fffffffe CR3: 000000010d272000 CR4: 00000000003506a0 [ 45.498584][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.506540][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.514500][ C0] CR2: 00007f946e079000 CR3: 00000001081b8000 CR4: 00000000003506b0 [ 45.523497][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.531562][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.538240][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 45.546376][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.585400][ C0] Call Trace: [ 45.588674][ C0] [ 45.591533][ C0] ? slab_post_alloc_hook+0x7d/0x2f0 [ 45.596809][ C0] __kasan_slab_alloc+0xcf/0xf0 [ 45.601736][ C0] ? __kasan_slab_alloc+0xbd/0xf0 [ 45.606752][ C0] ? slab_post_alloc_hook+0x5d/0x2f0 [ 45.612067][ C0] ? kmem_cache_alloc+0x165/0x2e0 [ 45.617090][ C0] ? dst_alloc+0x176/0x4f0 [ 45.621552][ C0] ? icmp6_dst_alloc+0xf5/0x560 [ 45.626487][ C0] ? mld_sendpack+0x4b0/0xa80 [ 45.631157][ C0] ? mld_ifc_timer_expire+0x84a/0xc50 [ 45.636526][ C0] ? call_timer_fn+0x38/0x290 [ 45.641193][ C0] ? __run_timers+0x639/0x9a0 [ 45.645946][ C0] ? run_timer_softirq+0x6a/0xf0 [ 45.650902][ C0] ? __do_softirq+0x255/0x563 [ 45.655656][ C0] ? asm_call_irq_on_stack+0xf/0x20 [ 45.660846][ C0] ? do_softirq_own_stack+0x60/0x80 [ 45.666131][ C0] ? __irq_exit_rcu+0x128/0x150 [ 45.671157][ C0] ? irq_exit_rcu+0x9/0x10 [ 45.675654][ C0] ? sysvec_apic_timer_interrupt+0xbf/0xe0 [ 45.681535][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 45.687689][ C0] ? __memmove+0x19c/0x1a0 [ 45.692100][ C0] ? ext4_ext_remove_space+0x258d/0x4920 [ 45.697812][ C0] ? ext4_punch_hole+0x6f8/0xad0 [ 45.702737][ C0] ? ext4_fallocate+0x271/0x1a70 [ 45.707756][ C0] ? vfs_fallocate+0x4b4/0x590 [ 45.712512][ C0] ? __x64_sys_fallocate+0xc0/0x110 [ 45.717698][ C0] ? do_syscall_64+0x31/0x40 [ 45.722403][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.728557][ C0] slab_post_alloc_hook+0x5d/0x2f0 [ 45.733665][ C0] ? dst_alloc+0x176/0x4f0 [ 45.738156][ C0] ? dst_alloc+0x176/0x4f0 [ 45.742572][ C0] kmem_cache_alloc+0x165/0x2e0 [ 45.747638][ C0] ? dst_alloc+0x176/0x4f0 [ 45.752159][ C0] dst_alloc+0x176/0x4f0 [ 45.756400][ C0] icmp6_dst_alloc+0xf5/0x560 [ 45.761072][ C0] ? security_sk_classify_flow+0x7b/0x90 [ 45.766695][ C0] ? icmpv6_flow_init+0xd2/0x130 [ 45.771710][ C0] mld_sendpack+0x4b0/0xa80 [ 45.776378][ C0] ? add_grec+0x1100/0x1100 [ 45.780960][ C0] ? add_grec+0x11a/0x1100 [ 45.785570][ C0] mld_ifc_timer_expire+0x84a/0xc50 [ 45.790773][ C0] ? _raw_spin_lock+0x8e/0xe0 [ 45.795442][ C0] ? _raw_spin_trylock_bh+0x130/0x130 [ 45.800818][ C0] ? mld_gq_timer_expire+0xe0/0xe0 [ 45.805923][ C0] call_timer_fn+0x38/0x290 [ 45.810417][ C0] ? mld_gq_timer_expire+0xe0/0xe0 [ 45.815520][ C0] __run_timers+0x639/0x9a0 [ 45.820017][ C0] ? calc_index+0x200/0x200 [ 45.824799][ C0] ? sched_clock_cpu+0x1b/0x3d0 [ 45.829786][ C0] run_timer_softirq+0x6a/0xf0 [ 45.834568][ C0] __do_softirq+0x255/0x563 [ 45.839080][ C0] asm_call_irq_on_stack+0xf/0x20 [ 45.844112][ C0] [ 45.847050][ C0] do_softirq_own_stack+0x60/0x80 [ 45.852067][ C0] __irq_exit_rcu+0x128/0x150 [ 45.856823][ C0] irq_exit_rcu+0x9/0x10 [ 45.861209][ C0] sysvec_apic_timer_interrupt+0xbf/0xe0 [ 45.867212][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 45.873357][ C0] RIP: 0010:__memmove+0x19c/0x1a0 [ 45.878555][ C0] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 00 eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 [ 45.898239][ C0] RSP: 0018:ffffc9000489fa40 EFLAGS: 00010286 [ 45.904307][ C0] RAX: ffff8881200d800c RBX: fffffffffffffff4 RCX: fffffffffde098a8 [ 45.912286][ C0] RDX: fffffffffffffff4 RSI: ffff8881222ce764 RDI: ffff8881222ce758 [ 45.920251][ C0] RBP: ffffc9000489fa70 R08: ffff8881200d8000 R09: ffffed103ee0a5f8 [ 45.928228][ C0] R10: ffffed103ee0a5f8 R11: 1ffff1103ee0a5f7 R12: 0000000000000000 [ 45.936462][ C0] R13: ffffffff81c8b9ed R14: ffff8881200d8018 R15: ffff8881200d800c [ 45.944447][ C0] ? ext4_ext_remove_space+0x258d/0x4920 [ 45.950095][ C0] ? memmove+0x56/0x70 [ 45.954248][ C0] ext4_ext_remove_space+0x258d/0x4920 [ 45.959699][ C0] ? __kasan_slab_free+0x11/0x20 [ 45.964646][ C0] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 45.970798][ C0] ? ext4_es_remove_extent+0x1d9/0x330 [ 45.976269][ C0] ext4_punch_hole+0x6f8/0xad0 [ 45.981085][ C0] ext4_fallocate+0x271/0x1a70 [ 45.985948][ C0] ? selinux_file_permission+0x2a5/0x510 [ 45.991572][ C0] ? preempt_count_add+0x90/0x1b0 [ 45.996685][ C0] vfs_fallocate+0x4b4/0x590 [ 46.001270][ C0] __x64_sys_fallocate+0xc0/0x110 [ 46.006380][ C0] do_syscall_64+0x31/0x40 [ 46.010796][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.016768][ C0] RIP: 0033:0x7f817b444f69 [ 46.021289][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.041014][ C0] RSP: 002b:00007f817afa60c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 46.049519][ C0] RAX: ffffffffffffffda RBX: 00007f817b57c050 RCX: 00007f817b444f69 [ 46.057483][ C0] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 46.065449][ C0] RBP: 00007f817b4a26fe R08: 0000000000000000 R09: 0000000000000000 [ 46.073877][ C0] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000 [ 46.081838][ C0] R13: 000000000000000b R14: 00007f817b57c050 R15: 00007ffd52463458 [ 46.089983][ C0] Modules linked in: [ 46.094138][ C1] Kernel Offset: disabled [ 46.098460][ C1] Rebooting in 86400 seconds..