Warning: Permanently added '10.128.1.234' (ED25519) to the list of known hosts.
2024/08/24 20:25:39 ignoring optional flag "sandboxArg"="0"
2024/08/24 20:25:39 parsed 1 programs
2024/08/24 20:25:39 executed programs: 0
[ 50.809014][ T27] kauditd_printk_skb: 18 callbacks suppressed
[ 50.809021][ T27] audit: type=1400 audit(1724531139.919:94): avc: denied { unlink } for pid=351 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.831498][ T351] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.887007][ T357] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.894080][ T357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.901708][ T357] device bridge_slave_0 entered promiscuous mode
[ 50.901999][ T27] audit: type=1400 audit(1724531140.009:95): avc: denied { read } for pid=80 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 50.908492][ T357] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.936638][ T357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.944168][ T357] device bridge_slave_1 entered promiscuous mode
[ 50.987681][ T357] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.994741][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.001881][ T357] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.008895][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.027399][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.034640][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.041917][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 51.049847][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.058393][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.066535][ T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.073485][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.089699][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.097837][ T313] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.104863][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.112373][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.120199][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.132367][ T357] device veth0_vlan entered promiscuous mode
[ 51.139070][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.146844][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.154403][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.161605][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.172883][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.181584][ T357] device veth1_macvtap entered promiscuous mode
[ 51.193467][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.201945][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.212865][ T27] audit: type=1400 audit(1724531140.319:96): avc: denied { mounton } for pid=357 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 51.243587][ T363] loop0: detected capacity change from 0 to 512
[ 51.250313][ T27] audit: type=1400 audit(1724531140.359:97): avc: denied { mounton } for pid=362 comm="syz-executor.0" path="/root/syzkaller-testdir1819193690/syzkaller.6d4iX3/0/file1" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 51.280458][ T363] EXT4-fs (loop0): 1 orphan inode deleted
[ 51.286086][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 51.295219][ T27] audit: type=1400 audit(1724531140.399:98): avc: denied { mount } for pid=362 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 51.295235][ T363] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/0/file1 supports timestamps until 2038 (0x7fffffff)
[ 51.334591][ T27] audit: type=1400 audit(1724531140.439:99): avc: denied { write } for pid=362 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 51.356826][ T27] audit: type=1400 audit(1724531140.439:100): avc: denied { add_name } for pid=362 comm="syz-executor.0" name="memory.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 51.378738][ T27] audit: type=1400 audit(1724531140.439:101): avc: denied { create } for pid=362 comm="syz-executor.0" name="memory.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 51.400323][ T27] audit: type=1400 audit(1724531140.439:102): avc: denied { read append open } for pid=362 comm="syz-executor.0" path="/root/syzkaller-testdir1819193690/syzkaller.6d4iX3/0/file1/memory.current" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 51.400643][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 51.429834][ T27] audit: type=1400 audit(1724531140.439:103): avc: denied { map } for pid=362 comm="syz-executor.0" path="/root/syzkaller-testdir1819193690/syzkaller.6d4iX3/0/file1/memory.current" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 51.443993][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 51.484100][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 51.484100][ T41]
[ 51.495016][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 51.502423][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 51.511706][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 51.531076][ T370] loop0: detected capacity change from 0 to 512
[ 51.540938][ T370] EXT4-fs (loop0): 1 orphan inode deleted
[ 51.546880][ T370] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 51.556098][ T370] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/1/file1 supports timestamps until 2038 (0x7fffffff)
[ 51.579968][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 51.594844][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 51.607619][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 51.607619][ T41]
[ 51.618364][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 51.624422][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 51.633654][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 51.654602][ T374] loop0: detected capacity change from 0 to 512
[ 51.670538][ T374] EXT4-fs (loop0): 1 orphan inode deleted
[ 51.676742][ T374] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 51.685846][ T374] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/2/file1 supports timestamps until 2038 (0x7fffffff)
[ 51.708848][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 51.723936][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 51.736213][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 51.736213][ T41]
[ 51.747191][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 51.753354][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 51.762373][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 51.781792][ T378] loop0: detected capacity change from 0 to 512
[ 51.800122][ T378] EXT4-fs (loop0): 1 orphan inode deleted
[ 51.805801][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 51.814880][ T378] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/3/file1 supports timestamps until 2038 (0x7fffffff)
[ 51.838101][ T8] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:0: lblock 0 mapped to illegal pblock 41 (length 16)
[ 51.852629][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 51.864908][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 51.864908][ T8]
[ 51.875571][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 51.881478][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 51.890605][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 51.910636][ T382] loop0: detected capacity change from 0 to 512
[ 51.920626][ T382] EXT4-fs (loop0): 1 orphan inode deleted
[ 51.926227][ T382] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 51.934948][ T382] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/4/file1 supports timestamps until 2038 (0x7fffffff)
[ 51.957638][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 51.972238][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 51.984706][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 51.984706][ T41]
[ 51.995502][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 52.001966][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 52.010996][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 52.030076][ T386] loop0: detected capacity change from 0 to 512
[ 52.040362][ T386] EXT4-fs (loop0): 1 orphan inode deleted
[ 52.046122][ T386] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.055102][ T386] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/5/file1 supports timestamps until 2038 (0x7fffffff)
[ 52.078320][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 52.093185][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 52.105348][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 52.105348][ T41]
[ 52.115913][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 52.121745][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 52.131791][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 52.150444][ T391] loop0: detected capacity change from 0 to 512
[ 52.170480][ T391] EXT4-fs (loop0): 1 orphan inode deleted
[ 52.176082][ T391] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.185031][ T391] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/6/file1 supports timestamps until 2038 (0x7fffffff)
[ 52.209356][ T10] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:1: lblock 0 mapped to illegal pblock 41 (length 16)
[ 52.224045][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 52.236209][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 52.236209][ T10]
[ 52.246941][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 52.252800][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 52.262041][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 52.282101][ T395] loop0: detected capacity change from 0 to 512
[ 52.300409][ T395] EXT4-fs (loop0): 1 orphan inode deleted
[ 52.305971][ T395] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.314876][ T395] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/7/file1 supports timestamps until 2038 (0x7fffffff)
[ 52.338247][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 52.352893][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 52.365116][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 52.365116][ T41]
[ 52.375652][ T357] EXT4-fs (loop0): unmounting filesystem.
[ 52.381516][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 52.390684][ T357] EXT4-fs error (device loop0): ext4_quota_off:7053: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 52.409235][ T399] loop0: detected capacity change from 0 to 512
[ 52.420717][ T399] EXT4-fs (loop0): 1 orphan inode deleted
[ 52.426249][ T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 52.435044][ T399] ext4 filesystem being mounted at /root/syzkaller-testdir1819193690/syzkaller.6d4iX3/8/file1 supports timestamps until 2038 (0x7fffffff)
[ 52.460341][ T41] ==================================================================
[ 52.468221][ T41] BUG: KASAN: use-after-free in ext4_find_extent+0xb60/0xd10
[ 52.475529][ T41] Read of size 4 at addr ffff888123b75fb4 by task kworker/u4:2/41
[ 52.483282][ T41]
[ 52.485554][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.1.90-syzkaller #0
[ 52.493429][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 52.503436][ T41] Workqueue: writeback wb_workfn (flush-7:0)
[ 52.509244][ T41] Call Trace:
[ 52.512455][ T41]
[ 52.515223][ T41] dump_stack_lvl+0x105/0x148
[ 52.519753][ T41] ? panic+0x3bb/0x3bb
[ 52.523643][ T41] ? nf_tcp_handle_invalid+0x30b/0x30b
[ 52.529204][ T41] ? _printk+0xca/0x10a
[ 52.533201][ T41] print_report+0x158/0x4e0
[ 52.537831][ T41] ? kasan_addr_to_slab+0xd/0x80
[ 52.542676][ T41] ? ext4_find_extent+0xb60/0xd10
[ 52.547543][ T41] kasan_report+0x13c/0x170
[ 52.552063][ T41] ? ext4_find_extent+0xb60/0xd10
[ 52.556921][ T41] __asan_report_load4_noabort+0x14/0x20
[ 52.562477][ T41] ext4_find_extent+0xb60/0xd10
[ 52.567253][ T41] ext4_ext_map_blocks+0x260/0x64e0
[ 52.572368][ T41] ? uncharge_batch+0x4e0/0x4e0
[ 52.577048][ T41] ? stack_trace_snprint+0xe0/0xe0
[ 52.582081][ T41] ? kasan_set_track+0x60/0x70
[ 52.586690][ T41] ? kasan_set_track+0x4b/0x70
[ 52.591377][ T41] ? kasan_save_alloc_info+0x1f/0x30
[ 52.596621][ T41] ? __kasan_slab_alloc+0x6c/0x80
[ 52.601633][ T41] ? slab_post_alloc_hook+0x59/0x270
[ 52.606759][ T41] ? ext4_ext_release+0x10/0x10
[ 52.611452][ T41] ? do_writepages+0x338/0x5b0
[ 52.616129][ T41] ? __writeback_single_inode+0x73/0x7a0
[ 52.621602][ T41] ? writeback_sb_inodes+0x881/0x1500
[ 52.626800][ T41] ? wb_writeback+0x357/0x810
[ 52.631322][ T41] ? wb_workfn+0x37d/0xdf0
[ 52.635619][ T41] ? process_one_work+0x6de/0xd00
[ 52.640425][ T41] ? worker_thread+0x892/0xf20
[ 52.645025][ T41] ? kthread+0x215/0x270
[ 52.649104][ T41] ? ret_from_fork+0x1f/0x30
[ 52.653623][ T41] ? ext4_es_lookup_extent+0x278/0x730
[ 52.658912][ T41] ext4_map_blocks+0x821/0x1890
[ 52.663612][ T41] ? ext4_issue_zeroout+0x170/0x170
[ 52.668894][ T41] ext4_writepages+0x13f4/0x3120
[ 52.673680][ T41] ? sched_clock+0x9/0x10
[ 52.677878][ T41] ? sched_clock_cpu+0x71/0x270
[ 52.682614][ T41] ? ext4_read_folio+0x180/0x180
[ 52.687608][ T41] ? __kasan_check_write+0x14/0x20
[ 52.692665][ T41] ? __filemap_get_folio+0x35a/0x6a0
[ 52.697969][ T41] do_writepages+0x338/0x5b0
[ 52.702480][ T41] ? __writepage+0xf0/0xf0
[ 52.706733][ T41] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 52.712202][ T41] ? cpudl_cleanup+0x40/0x40
[ 52.716731][ T41] ? update_load_avg+0x513/0x1510
[ 52.721565][ T41] ? __kasan_check_write+0x14/0x20
[ 52.726508][ T41] ? _raw_spin_lock+0xa4/0x1b0
[ 52.731195][ T41] __writeback_single_inode+0x73/0x7a0
[ 52.736499][ T41] ? inode_io_list_move_locked+0x204/0x3c0
[ 52.742221][ T41] writeback_sb_inodes+0x881/0x1500
[ 52.747350][ T41] ? _raw_spin_lock+0xa4/0x1b0
[ 52.751942][ T41] ? queue_io+0x410/0x410
[ 52.756106][ T41] ? __writeback_inodes_wb+0x330/0x330
[ 52.761401][ T41] ? queue_io+0x28a/0x410
[ 52.765565][ T41] ? memset+0x35/0x40
[ 52.769383][ T41] ? blk_start_plug+0x8c/0x120
[ 52.773982][ T41] wb_writeback+0x357/0x810
[ 52.778325][ T41] ? inode_cgwb_move_to_attached+0x480/0x480
[ 52.784137][ T41] ? set_worker_desc+0x11c/0x180
[ 52.788910][ T41] ? cpudl_cleanup+0x40/0x40
[ 52.793336][ T41] ? __kasan_check_write+0x14/0x20
[ 52.798286][ T41] wb_workfn+0x37d/0xdf0
[ 52.802366][ T41] ? inode_wait_for_writeback+0x260/0x260
[ 52.807919][ T41] ? native_set_ldt+0x130/0x130
[ 52.812617][ T41] ? _raw_spin_unlock+0x4c/0x70
[ 52.817291][ T41] ? finish_task_switch+0x14b/0x680
[ 52.822327][ T41] ? __kasan_check_read+0x11/0x20
[ 52.827188][ T41] ? read_word_at_a_time+0x12/0x20
[ 52.832133][ T41] ? strscpy+0x99/0x260
[ 52.836130][ T41] process_one_work+0x6de/0xd00
[ 52.840823][ T41] worker_thread+0x892/0xf20
[ 52.845502][ T41] ? _raw_spin_lock+0x1b0/0x1b0
[ 52.850196][ T41] ? process_one_work+0xd00/0xd00
[ 52.855048][ T41] kthread+0x215/0x270
[ 52.858953][ T41] ? process_one_work+0xd00/0xd00
[ 52.863813][ T41] ? kthread_blkcg+0xa0/0xa0
[ 52.868240][ T41] ret_from_fork+0x1f/0x30
[ 52.872496][ T41]
[ 52.875367][ T41]
[ 52.877553][ T41] The buggy address belongs to the physical page:
[ 52.883874][ T41] page:ffffea00048edd40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x123b75
[ 52.894019][ T41] flags: 0x4000000000000000(zone=1)
[ 52.899054][ T41] raw: 4000000000000000 ffffea00047a8608 ffffea00047a8b08 0000000000000000
[ 52.907542][ T41] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 52.915974][ T41] page dumped because: kasan: bad access detected
[ 52.922234][ T41] page_owner tracks the page as freed
[ 52.927433][ T41] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 390, tgid 390 (syz-executor.0), ts 52147681455, free_ts 52206257691
[ 52.945059][ T41] prep_new_page+0x512/0x5e0
[ 52.949479][ T41] get_page_from_freelist+0x288b/0x2910
[ 52.954866][ T41] __alloc_pages+0x39f/0x780
[ 52.959385][ T41] __folio_alloc+0x15/0x40
[ 52.963632][ T41] wp_page_copy+0x239/0x1270
[ 52.968059][ T41] do_wp_page+0x9ef/0xc80
[ 52.972227][ T41] handle_mm_fault+0xffc/0x2550
[ 52.976907][ T41] exc_page_fault+0x24d/0x700
[ 52.981416][ T41] asm_exc_page_fault+0x27/0x30
[ 52.986102][ T41] page last free stack trace:
[ 52.990617][ T41] free_unref_page_prepare+0x794/0x7a0
[ 52.995911][ T41] free_unref_page_list+0xf1/0x790
[ 53.000859][ T41] release_pages+0xcfc/0xd50
[ 53.005284][ T41] free_pages_and_swap_cache+0x68/0x80
[ 53.010583][ T41] tlb_finish_mmu+0x1ba/0x3b0
[ 53.015091][ T41] exit_mmap+0x38b/0x770
[ 53.019176][ T41] __mmput+0x6b/0x2a0
[ 53.022989][ T41] mmput+0x2a/0xe0
[ 53.026548][ T41] do_exit+0x943/0x2470
[ 53.030549][ T41] do_group_exit+0x1ba/0x290
[ 53.035400][ T41] get_signal+0xf0b/0x1000
[ 53.039749][ T41] arch_do_signal_or_restart+0xb0/0x16f0
[ 53.045295][ T41] exit_to_user_mode_loop+0x74/0xa0
[ 53.050432][ T41] exit_to_user_mode_prepare+0x5a/0xa0
[ 53.055712][ T41] syscall_exit_to_user_mode+0x26/0x130
[ 53.061505][ T41] do_syscall_64+0x47/0xb0
[ 53.065752][ T41]
[ 53.067917][ T41] Memory state around the buggy address:
[ 53.073400][ T41] ffff888123b75e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.081372][ T41] ffff888123b75f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.089360][ T41] >ffff888123b75f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.097370][ T41] ^
[ 53.102830][ T41] ffff888123b76000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.110840][ T41] ffff888123b76080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.118710][ T41] ==================================================================
[ 53.129905][ T41] Disabling lock debugging due to kernel taint
[ 53.136346][ T41] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 53.142126][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Tainted: G B 6.1.90-syzkaller #0
[ 53.151479][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 53.161716][ T41] Workqueue: writeback wb_workfn (flush-7:0)
[ 53.167784][ T41] RIP: 0010:ext4_writepages+0x310e/0x3120
[ 53.173603][ T41] Code: e9 45 89 f0 e8 73 da 06 00 65 ff 0d f4 08 30 7e 49 bf 00 00 00 00 00 fc ff df 0f 85 7e fb ff ff e8 3f 0a 2e ff e9 74 fb ff ff <0f> 0b 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5
[ 53.193129][ T41] RSP: 0018:ffffc900002af060 EFLAGS: 00010246
[ 53.199030][ T41] RAX: 0000000000000000 RBX: 000000000000042b RCX: 1ffff92000055e6a
[ 53.206841][ T41] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
[ 53.214739][ T41] RBP: ffffc900002af450 R08: dffffc0000000000 R09: ffffed10200b23b9
[ 53.222549][ T41] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811986ed90
[ 53.230387][ T41] R13: ffffc900002af320 R14: ffff888100591e00 R15: 0000000000000000
[ 53.238199][ T41] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 53.246942][ T41] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.253471][ T41] CR2: 0000555557138818 CR3: 0000000109641000 CR4: 00000000003506b0
[ 53.261261][ T41] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.269074][ T41] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.277140][ T41] Call Trace:
[ 53.280278][ T41]
[ 53.283043][ T41] ? __die_body+0x62/0xb0
[ 53.287209][ T41] ? die+0x88/0xb0
[ 53.290856][ T41] ? do_trap+0x103/0x330
[ 53.294935][ T41] ? ext4_writepages+0x310e/0x3120
[ 53.299881][ T41] ? handle_invalid_op+0x95/0xc0
[ 53.304932][ T41] ? ext4_writepages+0x310e/0x3120
[ 53.309881][ T41] ? exc_invalid_op+0x2e/0x40
[ 53.314569][ T41] ? asm_exc_invalid_op+0x1b/0x20
[ 53.319451][ T41] ? ext4_writepages+0x310e/0x3120
[ 53.324402][ T41] ? sched_clock+0x9/0x10
[ 53.328566][ T41] ? sched_clock_cpu+0x71/0x270
[ 53.333245][ T41] ? ext4_read_folio+0x180/0x180
[ 53.338028][ T41] ? __kasan_check_write+0x14/0x20
[ 53.342967][ T41] ? __filemap_get_folio+0x35a/0x6a0
[ 53.348184][ T41] do_writepages+0x338/0x5b0
[ 53.352605][ T41] ? __writepage+0xf0/0xf0
[ 53.356938][ T41] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 53.362501][ T41] ? cpudl_cleanup+0x40/0x40
[ 53.367095][ T41] ? update_load_avg+0x513/0x1510
[ 53.371961][ T41] ? __kasan_check_write+0x14/0x20
[ 53.376899][ T41] ? _raw_spin_lock+0xa4/0x1b0
[ 53.381502][ T41] __writeback_single_inode+0x73/0x7a0
[ 53.386791][ T41] ? inode_io_list_move_locked+0x204/0x3c0
[ 53.392475][ T41] writeback_sb_inodes+0x881/0x1500
[ 53.397482][ T41] ? _raw_spin_lock+0xa4/0x1b0
[ 53.402174][ T41] ? queue_io+0x410/0x410
[ 53.406431][ T41] ? __writeback_inodes_wb+0x330/0x330
[ 53.411725][ T41] ? queue_io+0x28a/0x410
[ 53.415875][ T41] ? memset+0x35/0x40
[ 53.419792][ T41] ? blk_start_plug+0x8c/0x120
[ 53.424467][ T41] wb_writeback+0x357/0x810
[ 53.428809][ T41] ? inode_cgwb_move_to_attached+0x480/0x480
[ 53.434620][ T41] ? set_worker_desc+0x11c/0x180
[ 53.439395][ T41] ? cpudl_cleanup+0x40/0x40
[ 53.443822][ T41] ? __kasan_check_write+0x14/0x20
[ 53.448770][ T41] wb_workfn+0x37d/0xdf0
[ 53.452851][ T41] ? inode_wait_for_writeback+0x260/0x260
[ 53.458401][ T41] ? native_set_ldt+0x130/0x130
[ 53.463102][ T41] ? _raw_spin_unlock+0x4c/0x70
[ 53.467776][ T41] ? finish_task_switch+0x14b/0x680
[ 53.472813][ T41] ? __kasan_check_read+0x11/0x20
[ 53.477680][ T41] ? read_word_at_a_time+0x12/0x20
[ 53.482718][ T41] ? strscpy+0x99/0x260
[ 53.486789][ T41] process_one_work+0x6de/0xd00
[ 53.491495][ T41] worker_thread+0x892/0xf20
[ 53.496277][ T41] ? _raw_spin_lock+0x1b0/0x1b0
[ 53.500949][ T41] ? process_one_work+0xd00/0xd00
[ 53.506082][ T41] kthread+0x215/0x270
[ 53.509947][ T41] ? process_one_work+0xd00/0xd00
[ 53.514901][ T41] ? kthread_blkcg+0xa0/0xa0
[ 53.519323][ T41] ret_from_fork+0x1f/0x30
[ 53.523574][ T41]
[ 53.526456][ T41] Modules linked in:
[ 53.530754][ T41] ---[ end trace 0000000000000000 ]---
[ 53.536018][ T41] RIP: 0010:ext4_writepages+0x310e/0x3120
[ 53.542325][ T41] Code: e9 45 89 f0 e8 73 da 06 00 65 ff 0d f4 08 30 7e 49 bf 00 00 00 00 00 fc ff df 0f 85 7e fb ff ff e8 3f 0a 2e ff e9 74 fb ff ff <0f> 0b 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5
[ 53.562023][ T41] RSP: 0018:ffffc900002af060 EFLAGS: 00010246
[ 53.568070][ T41] RAX: 0000000000000000 RBX: 000000000000042b RCX: 1ffff92000055e6a
[ 53.576048][ T41] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
[ 53.584150][ T41] RBP: ffffc900002af450 R08: dffffc0000000000 R09: ffffed10200b23b9
[ 53.592047][ T41] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811986ed90
[ 53.599843][ T41] R13: ffffc900002af320 R14: ffff888100591e00 R15: 0000000000000000
[ 53.607642][ T41] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 53.616566][ T41] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.622983][ T41] CR2: 0000555557138818 CR3: 0000000109641000 CR4: 00000000003506b0
[ 53.631033][ T41] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.638877][ T41] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.647053][ T41] Kernel panic - not syncing: Fatal exception
[ 53.653449][ T41] Kernel Offset: disabled
[ 53.657575][ T41] Rebooting in 86400 seconds..