Warning: Permanently added '10.128.0.80' (ED25519) to the list of known hosts. 2025/06/19 01:57:27 ignoring optional flag "sandboxArg"="0" 2025/06/19 01:57:27 ignoring optional flag "type"="gce" 2025/06/19 01:57:28 parsed 1 programs 2025/06/19 01:57:28 executed programs: 0 [ 44.216986][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.224292][ T320] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.231593][ T320] device bridge_slave_0 entered promiscuous mode [ 44.238465][ T320] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.245514][ T320] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.252837][ T320] device bridge_slave_1 entered promiscuous mode [ 44.280616][ T320] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.287702][ T320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.294960][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.301976][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.316749][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.323984][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.331124][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.338830][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.347288][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.355385][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.362408][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.370948][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.379266][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.386291][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.396883][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.405903][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.417621][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.427940][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.435966][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.443524][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.451370][ T320] device veth0_vlan entered promiscuous mode [ 44.460428][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.469260][ T320] device veth1_macvtap entered promiscuous mode [ 44.477721][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.487347][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.511584][ T24] kauditd_printk_skb: 14 callbacks suppressed [ 44.511593][ T24] audit: type=1400 audit(1750298248.410:88): avc: denied { mounton } for pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus" dev="sda1" ino=2034 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 44.523717][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.553666][ T325] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.553739][ T24] audit: type=1400 audit(1750298248.460:89): avc: denied { mount } for pid=324 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.589905][ T24] audit: type=1400 audit(1750298248.480:90): avc: denied { write } for pid=324 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.612085][ T24] audit: type=1400 audit(1750298248.480:91): avc: denied { add_name } for pid=324 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.612334][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.632901][ T24] audit: type=1400 audit(1750298248.480:92): avc: denied { create } for pid=324 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.645881][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 44.665598][ T24] audit: type=1400 audit(1750298248.480:93): avc: denied { read write open } for pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.665611][ T24] audit: type=1400 audit(1750298248.480:94): avc: denied { mounton } for pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.665623][ T24] audit: type=1400 audit(1750298248.480:95): avc: denied { append } for pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.665635][ T24] audit: type=1400 audit(1750298248.480:96): avc: denied { map } for pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir2345232627/syzkaller.y2HLkh/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.665649][ T24] audit: type=1400 audit(1750298248.520:97): avc: denied { unmount } for pid=320 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.812762][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 44.825095][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 44.825095][ T49] [ 44.835023][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.933214][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.942100][ T332] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.974730][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.987823][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.001893][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.014597][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.014597][ T49] [ 45.024686][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.085033][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.094156][ T338] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.124098][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.137390][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.151572][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.164121][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.164121][ T7] [ 45.174000][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.253584][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.262816][ T345] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.296601][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.309611][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.323818][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.336548][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.336548][ T7] [ 45.346463][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.493155][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.502164][ T351] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.536280][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.549344][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.563577][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.576072][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.576072][ T7] [ 45.586135][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 45.733129][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.742078][ T357] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.771283][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 45.784443][ T343] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.798619][ T343] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.811049][ T343] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.811049][ T343] [ 45.820930][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 45.903165][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.912057][ T363] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.944610][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 45.957890][ T343] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.972168][ T343] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.984503][ T343] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.984503][ T343] [ 45.994575][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 46.093369][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.102584][ T369] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.133454][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 46.146505][ T343] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 46.160679][ T343] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 46.173111][ T343] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.173111][ T343] [ 46.183157][ T343] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 46.303208][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.312095][ T375] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.344677][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.357792][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 46.371885][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 46.384282][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.384282][ T7] [ 46.394265][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.493214][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.502335][ T381] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.534706][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.547803][ T7] EXT4-fs error (device loop0): ext4_ext_map_blocks:4177: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 46.561918][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 46.574322][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.574322][ T7] [ 46.584192][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.693192][ T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.702078][ T387] ext4 filesystem being mounted at /root/syzkaller-testdir2345232627/syzkaller.y2HLkh/10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.732166][ T7] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 46.745318][ T7] ================================================================== [ 46.753470][ T7] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 46.760814][ T7] Read of size 4 at addr ffff88811f782078 by task kworker/u4:0/7 [ 46.768504][ T7] [ 46.770811][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.238-syzkaller-1007479-gd76d4cd0623a #0 [ 46.780922][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.790972][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 46.797030][ T7] Call Trace: [ 46.800290][ T7] __dump_stack+0x21/0x24 [ 46.804597][ T7] dump_stack_lvl+0x169/0x1d8 [ 46.809248][ T7] ? show_regs_print_info+0x18/0x18 [ 46.814604][ T7] ? thaw_kernel_threads+0x220/0x220 [ 46.820031][ T7] print_address_description+0x7f/0x2c0 [ 46.825554][ T7] ? ext4_find_extent+0xbeb/0xe20 [ 46.830987][ T7] kasan_report+0xe2/0x130 [ 46.835371][ T7] ? __read_extent_tree_block+0x1e8/0x790 [ 46.841057][ T7] ? ext4_find_extent+0xbeb/0xe20 [ 46.846045][ T7] __asan_report_load4_noabort+0x14/0x20 [ 46.851638][ T7] ext4_find_extent+0xbeb/0xe20 [ 46.856453][ T7] ext4_ext_map_blocks+0x1de/0x5d40 [ 46.861637][ T7] ? __kasan_slab_alloc+0xcf/0xf0 [ 46.866628][ T7] ? __kasan_slab_alloc+0xbd/0xf0 [ 46.871615][ T7] ? slab_post_alloc_hook+0x5d/0x2f0 [ 46.876864][ T7] ? kmem_cache_alloc+0x165/0x2e0 [ 46.881859][ T7] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 46.887194][ T7] ? ext4_writepages+0xebd/0x2e00 [ 46.892185][ T7] ? do_writepages+0x12a/0x270 [ 46.896911][ T7] ? __writeback_single_inode+0xd5/0xa20 [ 46.902513][ T7] ? writeback_sb_inodes+0x860/0x1400 [ 46.907856][ T7] ? worker_thread+0xa6a/0x13b0 [ 46.912699][ T7] ? kthread+0x346/0x3d0 [ 46.917008][ T7] ? ret_from_fork+0x1f/0x30 [ 46.921590][ T7] ? ext4_ext_release+0x10/0x10 [ 46.926418][ T7] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 46.931859][ T7] ext4_map_blocks+0x978/0x1bc0 [ 46.936680][ T7] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 46.941850][ T7] ? ext4_inode_journal_mode+0x19a/0x480 [ 46.947452][ T7] ext4_writepages+0x11d5/0x2e00 [ 46.952362][ T7] ? ext4_readpage+0x220/0x220 [ 46.957096][ T7] ? enqueue_task_fair+0xac3/0x2250 [ 46.962266][ T7] ? ext4_itable_unused_set+0x100/0x100 [ 46.967782][ T7] ? ext4_readpage+0x220/0x220 [ 46.972517][ T7] do_writepages+0x12a/0x270 [ 46.977076][ T7] ? __writepage+0x130/0x130 [ 46.981642][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 46.986289][ T7] ? __kasan_check_write+0x14/0x20 [ 46.991366][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 46.996015][ T7] __writeback_single_inode+0xd5/0xa20 [ 47.001459][ T7] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 47.007418][ T7] ? inode_add_lru+0x12f/0x190 [ 47.012157][ T7] writeback_sb_inodes+0x860/0x1400 [ 47.017423][ T7] ? __kasan_check_write+0x14/0x20 [ 47.022507][ T7] ? queue_io+0x4c0/0x4c0 [ 47.026807][ T7] ? __kasan_check_read+0x11/0x20 [ 47.031801][ T7] ? queue_io+0x385/0x4c0 [ 47.036098][ T7] wb_writeback+0x3e3/0xb90 [ 47.040574][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 47.046264][ T7] ? set_worker_desc+0x155/0x1c0 [ 47.051340][ T7] ? update_load_avg+0x4dc/0x14f0 [ 47.056341][ T7] ? __kasan_check_write+0x14/0x20 [ 47.061462][ T7] wb_workfn+0x38f/0xe20 [ 47.065679][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 47.071372][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 47.076538][ T7] ? finish_task_switch+0x12e/0x5a0 [ 47.081714][ T7] ? switch_mm_irqs_off+0x34d/0x9a0 [ 47.086880][ T7] ? __switch_to_asm+0x34/0x60 [ 47.091614][ T7] ? __schedule+0xb4f/0x1310 [ 47.096173][ T7] ? __kasan_check_read+0x11/0x20 [ 47.101166][ T7] ? read_word_at_a_time+0x12/0x20 [ 47.106244][ T7] ? strscpy+0x9b/0x290 [ 47.110368][ T7] process_one_work+0x6e1/0xba0 [ 47.115191][ T7] worker_thread+0xa6a/0x13b0 [ 47.119845][ T7] kthread+0x346/0x3d0 [ 47.123882][ T7] ? worker_clr_flags+0x190/0x190 [ 47.128873][ T7] ? kthread_blkcg+0xd0/0xd0 [ 47.133437][ T7] ret_from_fork+0x1f/0x30 [ 47.137818][ T7] [ 47.140114][ T7] The buggy address belongs to the page: [ 47.145730][ T7] page:ffffea00047de080 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11f782 [ 47.155929][ T7] flags: 0x4000000000000000() [ 47.160577][ T7] raw: 4000000000000000 ffffea00048517c8 ffffea00047db6c8 0000000000000000 [ 47.169127][ T7] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 47.177675][ T7] page dumped because: kasan: bad access detected [ 47.184064][ T7] page_owner tracks the page as freed [ 47.189407][ T7] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 326, ts 46532742699, free_ts 46533249758 [ 47.205686][ T7] prep_new_page+0x179/0x180 [ 47.210250][ T7] get_page_from_freelist+0x2235/0x23d0 [ 47.215773][ T7] __alloc_pages_nodemask+0x268/0x5f0 [ 47.221111][ T7] handle_pte_fault+0x1719/0x3750 [ 47.226102][ T7] handle_mm_fault+0xf3f/0x16a0 [ 47.230919][ T7] do_user_addr_fault+0x5a2/0xc80 [ 47.235942][ T7] exc_page_fault+0x5a/0xc0 [ 47.240415][ T7] asm_exc_page_fault+0x1e/0x30 [ 47.245264][ T7] page last free stack trace: [ 47.249917][ T7] free_unref_page_prepare+0x2b7/0x2d0 [ 47.255353][ T7] free_unref_page_list+0x12e/0x9b0 [ 47.260607][ T7] release_pages+0xe38/0xe80 [ 47.265164][ T7] free_pages_and_swap_cache+0x86/0xa0 [ 47.270589][ T7] tlb_finish_mmu+0x175/0x300 [ 47.275235][ T7] unmap_region+0x32c/0x380 [ 47.279703][ T7] __do_munmap+0x63c/0x850 [ 47.284087][ T7] __se_sys_munmap+0x127/0x1b0 [ 47.288819][ T7] __x64_sys_munmap+0x5b/0x70 [ 47.293462][ T7] do_syscall_64+0x31/0x40 [ 47.297848][ T7] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.303722][ T7] [ 47.306028][ T7] Memory state around the buggy address: [ 47.311638][ T7] ffff88811f781f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.319675][ T7] ffff88811f781f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.327710][ T7] >ffff88811f782000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.335748][ T7] ^ [ 47.343703][ T7] ffff88811f782080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.351743][ T7] ffff88811f782100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.359784][ T7] ================================================================== [ 47.367819][ T7] Disabling lock debugging due to kernel taint [ 47.375315][ T7] ------------[ cut here ]------------ [ 47.380767][ T7] kernel BUG at fs/ext4/inode.c:2464! [ 47.386331][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 47.392381][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.10.238-syzkaller-1007479-gd76d4cd0623a #0 [ 47.403704][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.413742][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 47.419790][ T7] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 47.425506][ T7] Code: 08 48 89 df e8 a8 27 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 41 07 00 eb 56 e8 27 37 94 ff <0f> 0b e8 20 37 94 ff eb 2f e8 19 37 94 ff eb 64 e8 12 37 94 ff 31 [ 47.445207][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 47.451247][ T7] RAX: ffffffff81cf5ce9 RBX: 0000000000000000 RCX: ffff88810024cf00 [ 47.459212][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.467155][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed1024313b37 [ 47.475097][ T7] R10: ffffed1024313b37 R11: 1ffff11024313b36 R12: dffffc0000000000 [ 47.483054][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 47.490995][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 47.499908][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.506464][ T7] CR2: 00007fc083d57000 CR3: 000000011d861000 CR4: 00000000003506a0 [ 47.514508][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.522463][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.530485][ T7] Call Trace: [ 47.533933][ T7] ? ext4_readpage+0x220/0x220 [ 47.538669][ T7] ? enqueue_task_fair+0xac3/0x2250 [ 47.543850][ T7] ? ext4_itable_unused_set+0x100/0x100 [ 47.549362][ T7] ? ext4_readpage+0x220/0x220 [ 47.554092][ T7] do_writepages+0x12a/0x270 [ 47.558648][ T7] ? __writepage+0x130/0x130 [ 47.563205][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 47.567847][ T7] ? __kasan_check_write+0x14/0x20 [ 47.572925][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 47.577594][ T7] __writeback_single_inode+0xd5/0xa20 [ 47.583020][ T7] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 47.589055][ T7] ? inode_add_lru+0x12f/0x190 [ 47.593787][ T7] writeback_sb_inodes+0x860/0x1400 [ 47.598955][ T7] ? __kasan_check_write+0x14/0x20 [ 47.604030][ T7] ? queue_io+0x4c0/0x4c0 [ 47.608321][ T7] ? __kasan_check_read+0x11/0x20 [ 47.613324][ T7] ? queue_io+0x385/0x4c0 [ 47.617619][ T7] wb_writeback+0x3e3/0xb90 [ 47.622090][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 47.627688][ T7] ? set_worker_desc+0x155/0x1c0 [ 47.632589][ T7] ? update_load_avg+0x4dc/0x14f0 [ 47.637577][ T7] ? __kasan_check_write+0x14/0x20 [ 47.642656][ T7] wb_workfn+0x38f/0xe20 [ 47.646865][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 47.652553][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 47.657730][ T7] ? finish_task_switch+0x12e/0x5a0 [ 47.662892][ T7] ? switch_mm_irqs_off+0x34d/0x9a0 [ 47.668053][ T7] ? __switch_to_asm+0x34/0x60 [ 47.672785][ T7] ? __schedule+0xb4f/0x1310 [ 47.677426][ T7] ? __kasan_check_read+0x11/0x20 [ 47.682415][ T7] ? read_word_at_a_time+0x12/0x20 [ 47.687490][ T7] ? strscpy+0x9b/0x290 [ 47.691608][ T7] process_one_work+0x6e1/0xba0 [ 47.696427][ T7] worker_thread+0xa6a/0x13b0 [ 47.701074][ T7] kthread+0x346/0x3d0 [ 47.705106][ T7] ? worker_clr_flags+0x190/0x190 [ 47.710094][ T7] ? kthread_blkcg+0xd0/0xd0 [ 47.714650][ T7] ret_from_fork+0x1f/0x30 [ 47.719036][ T7] Modules linked in: [ 47.723187][ T7] ---[ end trace 38f738ead3d10af9 ]--- [ 47.728637][ T7] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 47.734371][ T7] Code: 08 48 89 df e8 a8 27 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 41 07 00 eb 56 e8 27 37 94 ff <0f> 0b e8 20 37 94 ff eb 2f e8 19 37 94 ff eb 64 e8 12 37 94 ff 31 [ 47.754064][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 47.760098][ T7] RAX: ffffffff81cf5ce9 RBX: 0000000000000000 RCX: ffff88810024cf00 [ 47.768067][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.776029][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed1024313b37 [ 47.784000][ T7] R10: ffffed1024313b37 R11: 1ffff11024313b36 R12: dffffc0000000000 [ 47.791950][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 47.799949][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 47.808869][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.815524][ T7] CR2: 00007fc083d57000 CR3: 000000011d861000 CR4: 00000000003506a0 [ 47.823487][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.831424][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.839381][ T7] Kernel panic - not syncing: Fatal exception [ 47.845595][ T7] Kernel Offset: disabled [ 47.849895][ T7] Rebooting in 86400 seconds..