Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. 2025/10/02 21:12:17 parsed 1 programs [ 42.479810][ T24] kauditd_printk_skb: 30 callbacks suppressed [ 42.479820][ T24] audit: type=1400 audit(1759439538.530:104): avc: denied { unlink } for pid=403 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 42.511957][ T403] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 43.173860][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.180923][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.188139][ T428] device bridge_slave_0 entered promiscuous mode [ 43.195122][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.202172][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.209408][ T428] device bridge_slave_1 entered promiscuous mode [ 43.235313][ T428] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.242351][ T428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.249549][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.256566][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.271012][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.278478][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.285749][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.295167][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.303403][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.310467][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.319072][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.327323][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.334363][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.345267][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.354101][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.366728][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.377051][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.385047][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.392479][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.410650][ T428] device veth0_vlan entered promiscuous mode [ 43.421295][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.431702][ T428] device veth1_macvtap entered promiscuous mode [ 43.445990][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.458179][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.486912][ T24] audit: type=1400 audit(1759439539.540:105): avc: denied { create } for pid=436 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 43.688859][ T24] audit: type=1401 audit(1759439539.740:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/10/02 21:12:19 executed programs: 0 [ 43.826504][ T24] audit: type=1400 audit(1759439539.880:107): avc: denied { write } for pid=394 comm="syz-execprog" path="pipe:[15802]" dev="pipefs" ino=15802 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 43.859343][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.866745][ T464] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.874458][ T464] device bridge_slave_0 entered promiscuous mode [ 43.881386][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.888400][ T464] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.895791][ T464] device bridge_slave_1 entered promiscuous mode [ 43.926628][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.933682][ T464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.940929][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.947953][ T464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.962511][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.970067][ T432] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.977173][ T432] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.988617][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.996808][ T432] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.003854][ T432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.012606][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.020788][ T432] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.027815][ T432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.041233][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.050188][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.063470][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.076139][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.084159][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.091806][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.099593][ T464] device veth0_vlan entered promiscuous mode [ 44.108540][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.120910][ T464] device veth1_macvtap entered promiscuous mode [ 44.129173][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.138583][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.191263][ T469] ====================================================== [ 44.191263][ T469] WARNING: the mand mount option is being deprecated and [ 44.191263][ T469] will be removed in v5.15! [ 44.191263][ T469] ====================================================== [ 44.248445][ T469] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 44.258130][ T469] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 44.270692][ T469] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 44.280521][ T469] EXT4-fs error (device loop2): ext4_orphan_get:1395: inode #16: comm syz.2.16: iget: bogus i_mode (5) [ 44.291785][ T469] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.16: couldn't read orphan inode 16 (err -117) [ 44.303656][ T469] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,jqfmt=vfsold,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,data_err=ignore,init_itable,errors=continue,,errors=continue [ 44.325313][ T50] device bridge_slave_1 left promiscuous mode [ 44.331563][ T24] audit: type=1400 audit(1759439540.380:108): avc: denied { mount } for pid=468 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.332277][ T464] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1) [ 44.358585][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.371074][ T24] audit: type=1400 audit(1759439540.380:109): avc: denied { write } for pid=468 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.395661][ T464] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 44.395685][ T24] audit: type=1400 audit(1759439540.380:110): avc: denied { add_name } for pid=468 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.405403][ T464] EXT4-fs error (device loop2): ext4_dirty_inode:6143: inode #2: comm syz-executor: mark_inode_dirty error [ 44.426179][ T24] audit: type=1400 audit(1759439540.380:111): avc: denied { create } for pid=468 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.456937][ T50] device bridge_slave_0 left promiscuous mode [ 44.456956][ T24] audit: type=1400 audit(1759439540.380:112): avc: denied { read write open } for pid=468 comm="syz.2.16" path="/0/bus/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.463276][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.485925][ T24] audit: type=1400 audit(1759439540.380:113): avc: denied { map } for pid=468 comm="syz.2.16" path="/0/bus/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.493312][ T49] ================================================================== [ 44.522834][ T49] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 44.530285][ T49] Read of size 4 at addr ffff888122f25650 by task kworker/u4:2/49 [ 44.538054][ T49] [ 44.540368][ T49] CPU: 0 PID: 49 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 44.547723][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 44.557758][ T49] Workqueue: writeback wb_workfn (flush-7:2) [ 44.563725][ T49] Call Trace: [ 44.566994][ T49] __dump_stack+0x21/0x24 [ 44.571293][ T49] dump_stack_lvl+0x169/0x1d8 [ 44.575964][ T49] ? show_regs_print_info+0x18/0x18 [ 44.581132][ T49] ? thaw_kernel_threads+0x220/0x220 [ 44.586407][ T49] print_address_description+0x7f/0x2c0 [ 44.591921][ T49] ? ext4_find_extent+0xbeb/0xe20 [ 44.596912][ T49] kasan_report+0xe2/0x130 [ 44.601294][ T49] ? __read_extent_tree_block+0x1e8/0x790 [ 44.606979][ T49] ? ext4_find_extent+0xbeb/0xe20 [ 44.611969][ T49] __asan_report_load4_noabort+0x14/0x20 [ 44.617569][ T49] ext4_find_extent+0xbeb/0xe20 [ 44.622386][ T49] ext4_ext_map_blocks+0x1de/0x5d40 [ 44.627551][ T49] ? __stack_depot_save+0x479/0x4c0 [ 44.632740][ T49] ? __kasan_slab_alloc+0xcf/0xf0 [ 44.637737][ T49] ? __kasan_slab_alloc+0xbd/0xf0 [ 44.642734][ T49] ? slab_post_alloc_hook+0x5d/0x2f0 [ 44.648015][ T49] ? kmem_cache_alloc+0x165/0x2e0 [ 44.653010][ T49] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 44.658348][ T49] ? ext4_writepages+0xebd/0x2e00 [ 44.663341][ T49] ? do_writepages+0x12a/0x270 [ 44.668073][ T49] ? __writeback_single_inode+0xd5/0xa20 [ 44.673670][ T49] ? writeback_sb_inodes+0x860/0x1400 [ 44.679006][ T49] ? worker_thread+0xa6a/0x13b0 [ 44.683823][ T49] ? kthread+0x346/0x3d0 [ 44.688031][ T49] ? ret_from_fork+0x1f/0x30 [ 44.692586][ T49] ? ext4_ext_release+0x10/0x10 [ 44.697403][ T49] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 44.702830][ T49] ext4_map_blocks+0x978/0x1bc0 [ 44.707649][ T49] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 44.712828][ T49] ? ext4_inode_journal_mode+0x19a/0x480 [ 44.718427][ T49] ext4_writepages+0x11d5/0x2e00 [ 44.723335][ T49] ? ext4_readpage+0x220/0x220 [ 44.728070][ T49] ? update_load_avg+0x4dc/0x14f0 [ 44.733063][ T49] ? ext4_readpage+0x220/0x220 [ 44.737813][ T49] do_writepages+0x12a/0x270 [ 44.742367][ T49] ? __writepage+0x130/0x130 [ 44.746927][ T49] ? __switch_to+0x50f/0xfc0 [ 44.751494][ T49] ? __kasan_check_write+0x14/0x20 [ 44.756572][ T49] ? _raw_spin_lock+0x8e/0xe0 [ 44.761301][ T49] ? __kasan_check_write+0x14/0x20 [ 44.766377][ T49] ? _raw_spin_lock+0x8e/0xe0 [ 44.771026][ T49] __writeback_single_inode+0xd5/0xa20 [ 44.776455][ T49] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 44.782404][ T49] writeback_sb_inodes+0x860/0x1400 [ 44.787570][ T49] ? smp_call_function_single+0x470/0x470 [ 44.793280][ T49] ? queue_io+0x4c0/0x4c0 [ 44.797598][ T49] ? __kasan_check_read+0x11/0x20 [ 44.802587][ T49] ? queue_io+0x385/0x4c0 [ 44.806903][ T49] wb_writeback+0x3e3/0xb90 [ 44.811377][ T49] ? wb_io_lists_depopulated+0x180/0x180 [ 44.816979][ T49] ? set_worker_desc+0x155/0x1c0 [ 44.821883][ T49] ? update_load_avg+0x4dc/0x14f0 [ 44.826875][ T49] ? __kasan_check_write+0x14/0x20 [ 44.831980][ T49] wb_workfn+0x38f/0xe20 [ 44.836194][ T49] ? inode_wait_for_writeback+0x200/0x200 [ 44.841880][ T49] ? _raw_spin_unlock_irq+0x4e/0x70 [ 44.847042][ T49] ? finish_task_switch+0x12e/0x5a0 [ 44.852208][ T49] ? __switch_to_asm+0x34/0x60 [ 44.856938][ T49] ? __schedule+0xb4f/0x1310 [ 44.861494][ T49] ? __kasan_check_read+0x11/0x20 [ 44.866486][ T49] ? read_word_at_a_time+0x12/0x20 [ 44.871594][ T49] ? strscpy+0x9b/0x290 [ 44.875747][ T49] process_one_work+0x6e1/0xba0 [ 44.880564][ T49] worker_thread+0xa6a/0x13b0 [ 44.885218][ T49] kthread+0x346/0x3d0 [ 44.889251][ T49] ? worker_clr_flags+0x190/0x190 [ 44.894259][ T49] ? kthread_blkcg+0xd0/0xd0 [ 44.898818][ T49] ret_from_fork+0x1f/0x30 [ 44.903197][ T49] [ 44.905492][ T49] The buggy address belongs to the page: [ 44.911106][ T49] page:ffffea00048bc940 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x122f25 [ 44.921306][ T49] flags: 0x4000000000000000() [ 44.925971][ T49] raw: 4000000000000000 ffffea00048bc988 ffffea00048bc908 0000000000000000 [ 44.934525][ T49] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 44.943075][ T49] page dumped because: kasan: bad access detected [ 44.949460][ T49] page_owner tracks the page as freed [ 44.954804][ T49] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 403, ts 42322216689, free_ts 42834776679 [ 44.971089][ T49] prep_new_page+0x179/0x180 [ 44.975648][ T49] get_page_from_freelist+0x2235/0x23d0 [ 44.981160][ T49] __alloc_pages_nodemask+0x268/0x5f0 [ 44.986497][ T49] handle_pte_fault+0x1719/0x3750 [ 44.991485][ T49] handle_mm_fault+0xf3f/0x16a0 [ 44.996300][ T49] do_user_addr_fault+0x5a2/0xc80 [ 45.001291][ T49] exc_page_fault+0x5a/0xc0 [ 45.005763][ T49] asm_exc_page_fault+0x1e/0x30 [ 45.010660][ T49] page last free stack trace: [ 45.015324][ T49] free_unref_page_prepare+0x2b7/0x2d0 [ 45.020761][ T49] free_unref_page_list+0x12e/0x9b0 [ 45.025931][ T49] release_pages+0xe38/0xe80 [ 45.030491][ T49] free_pages_and_swap_cache+0x86/0xa0 [ 45.035933][ T49] tlb_finish_mmu+0x175/0x300 [ 45.040580][ T49] unmap_region+0x32c/0x380 [ 45.045047][ T49] __do_munmap+0x63c/0x850 [ 45.049428][ T49] __se_sys_munmap+0x127/0x1b0 [ 45.054175][ T49] __x64_sys_munmap+0x5b/0x70 [ 45.058818][ T49] do_syscall_64+0x31/0x40 [ 45.063220][ T49] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.069074][ T49] [ 45.071371][ T49] Memory state around the buggy address: [ 45.076981][ T49] ffff888122f25500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.085012][ T49] ffff888122f25580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.093128][ T49] >ffff888122f25600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.101160][ T49] ^ [ 45.107797][ T49] ffff888122f25680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.115836][ T49] ffff888122f25700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.123871][ T49] ================================================================== [ 45.131917][ T49] Disabling lock debugging due to kernel taint [ 45.139138][ T49] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 45.151432][ T49] EXT4-fs (loop2): This should not happen!! Data will be lost [ 45.151432][ T49] [ 45.151458][ T50] device veth1_macvtap left promiscuous mode [ 45.161179][ T49] EXT4-fs (loop2): Total free blocks count 0 [ 45.167264][ T50] device veth0_vlan left promiscuous mode [ 45.173027][ T49] EXT4-fs (loop2): Free/Dirty block details [ 45.184708][ T49] EXT4-fs (loop2): free_blocks=0 [ 45.189650][ T49] EXT4-fs (loop2): dirty_blocks=0 [ 45.194779][ T49] EXT4-fs (loop2): Block reservation details [ 45.200785][ T49] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 45.206958][ T49] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 16 with max blocks 3 with error 28 [ 45.219348][ T49] EXT4-fs (loop2): This should not happen!! Data will be lost [ 45.219348][ T49] [ 45.232053][ T464] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 45.241619][ T464] EXT4-fs error (device loop2): ext4_quota_off:6545: inode #3: comm syz-executor: mark_inode_dirty error [ 45.413490][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.420729][ T475] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.427968][ T475] device bridge_slave_0 entered promiscuous mode [ 45.434956][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.442204][ T475] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.449430][ T475] device bridge_slave_1 entered promiscuous mode [ 45.475676][ T475] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.482823][ T475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.490075][ T475] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.497101][ T475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.512029][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.519685][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.527507][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.535869][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.544048][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.551068][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.559386][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.567843][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.574992][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.589476][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.597466][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.607999][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.619988][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.628177][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.635784][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.645623][ T475] device veth0_vlan entered promiscuous mode [ 45.654501][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.663322][ T475] device veth1_macvtap entered promiscuous mode [ 45.673829][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.683342][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.711130][ T490] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 45.720687][ T490] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 45.740619][ T490] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 45.750212][ T490] EXT4-fs error (device loop3): ext4_orphan_get:1395: inode #16: comm syz.3.19: iget: bogus i_mode (5) [ 45.761466][ T490] EXT4-fs error (device loop3): ext4_orphan_get:1400: comm syz.3.19: couldn't read orphan inode 16 (err -117) [ 45.773378][ T490] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc,jqfmt=vfsold,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,data_err=ignore,init_itable,errors=continue,,errors=continue [ 45.800827][ T475] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1) [ 45.815812][ T475] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 45.825683][ T475] EXT4-fs error (device loop3): ext4_dirty_inode:6143: inode #2: comm syz-executor: mark_inode_dirty error [ 45.837436][ T49] ------------[ cut here ]------------ [ 45.843065][ T49] kernel BUG at fs/ext4/inode.c:2464! [ 45.848443][ T49] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 45.854509][ T49] CPU: 0 PID: 49 Comm: kworker/u4:2 Tainted: G B syzkaller #0 [ 45.863233][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 45.873265][ T49] Workqueue: writeback wb_workfn (flush-7:3) [ 45.879225][ T49] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 45.884921][ T49] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 e7 26 94 ff <0f> 0b e8 e0 26 94 ff eb 2f e8 d9 26 94 ff eb 64 e8 d2 26 94 ff 31 [ 45.904501][ T49] RSP: 0018:ffffc900009e7180 EFLAGS: 00010293 [ 45.910538][ T49] RAX: ffffffff81cf7f29 RBX: 0000000000000000 RCX: ffff888101ff2780 [ 45.918480][ T49] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 45.926424][ T49] RBP: ffffc900009e74f0 R08: dffffc0000000000 R09: ffffed1024bfdee8 [ 45.934384][ T49] R10: ffffed1024bfdee8 R11: 1ffff11024bfdee7 R12: dffffc0000000000 [ 45.942362][ T49] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 45.950317][ T49] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 45.959333][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.966063][ T49] CR2: 00007f8624e10710 CR3: 000000010ca21000 CR4: 00000000003506b0 [ 45.974020][ T49] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.981989][ T49] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.989939][ T49] Call Trace: [ 45.993216][ T49] ? debug_smp_processor_id+0x17/0x20 [ 45.998577][ T49] ? ext4_readpage+0x220/0x220 [ 46.003324][ T49] ? enqueue_task_fair+0xac3/0x2250 [ 46.008499][ T49] ? ext4_readpage+0x220/0x220 [ 46.013334][ T49] do_writepages+0x12a/0x270 [ 46.017899][ T49] ? __writepage+0x130/0x130 [ 46.022476][ T49] ? update_rq_clock+0xcb/0x660 [ 46.027453][ T49] ? __kasan_check_write+0x14/0x20 [ 46.032564][ T49] ? _raw_spin_lock+0x8e/0xe0 [ 46.037258][ T49] ? __kasan_check_write+0x14/0x20 [ 46.042360][ T49] ? _raw_spin_lock+0x8e/0xe0 [ 46.047020][ T49] __writeback_single_inode+0xd5/0xa20 [ 46.052465][ T49] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 46.058419][ T49] writeback_sb_inodes+0x860/0x1400 [ 46.063598][ T49] ? queue_io+0x4c0/0x4c0 [ 46.067902][ T49] ? __kasan_check_read+0x11/0x20 [ 46.072907][ T49] ? queue_io+0x385/0x4c0 [ 46.077221][ T49] wb_writeback+0x3e3/0xb90 [ 46.081723][ T49] ? wb_io_lists_depopulated+0x180/0x180 [ 46.087332][ T49] ? set_worker_desc+0x155/0x1c0 [ 46.092244][ T49] ? sched_clock_cpu+0x1b/0x3d0 [ 46.097064][ T49] ? __kasan_check_write+0x14/0x20 [ 46.102154][ T49] wb_workfn+0x38f/0xe20 [ 46.106368][ T49] ? inode_wait_for_writeback+0x200/0x200 [ 46.112057][ T49] ? _raw_spin_unlock_irq+0x4e/0x70 [ 46.117221][ T49] ? finish_task_switch+0x12e/0x5a0 [ 46.122391][ T49] ? switch_mm_irqs_off+0x763/0x9a0 [ 46.127569][ T49] ? __switch_to_asm+0x34/0x60 [ 46.132314][ T49] ? __schedule+0xb4f/0x1310 [ 46.136893][ T49] ? __kasan_check_read+0x11/0x20 [ 46.141889][ T49] ? read_word_at_a_time+0x12/0x20 [ 46.146972][ T49] ? strscpy+0x9b/0x290 [ 46.151099][ T49] process_one_work+0x6e1/0xba0 [ 46.155919][ T49] worker_thread+0xa6a/0x13b0 [ 46.160568][ T49] kthread+0x346/0x3d0 [ 46.164604][ T49] ? worker_clr_flags+0x190/0x190 [ 46.169604][ T49] ? kthread_blkcg+0xd0/0xd0 [ 46.174195][ T49] ret_from_fork+0x1f/0x30 [ 46.178597][ T49] Modules linked in: [ 46.184479][ T49] ---[ end trace b7a22a42830ffc4e ]--- [ 46.190058][ T49] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 46.195785][ T49] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 e7 26 94 ff <0f> 0b e8 e0 26 94 ff eb 2f e8 d9 26 94 ff eb 64 e8 d2 26 94 ff 31 [ 46.215409][ T49] RSP: 0018:ffffc900009e7180 EFLAGS: 00010293 [ 46.221485][ T49] RAX: ffffffff81cf7f29 RBX: 0000000000000000 RCX: ffff888101ff2780 [ 46.229450][ T49] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 46.237604][ T49] RBP: ffffc900009e74f0 R08: dffffc0000000000 R09: ffffed1024bfdee8 [ 46.245676][ T49] R10: ffffed1024bfdee8 R11: 1ffff11024bfdee7 R12: dffffc0000000000 [ 46.253731][ T49] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 46.261744][ T49] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 46.270881][ T49] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.277486][ T49] CR2: 000000c00558c000 CR3: 0000000111753000 CR4: 00000000003506b0 [ 46.285840][ T49] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.293867][ T49] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.301860][ T49] Kernel panic - not syncing: Fatal exception [ 46.308133][ T49] Kernel Offset: disabled [ 46.312463][ T49] Rebooting in 86400 seconds..