ext4_ext_remove_space+0x3211/0x42f0 [ 470.783493][T15465] ? __es_remove_extent+0xdbe/0x1780 [ 470.783533][T15465] ? ext4_es_remove_extent+0x218/0x420 [ 470.783549][T15465] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 470.783571][T15465] ? ext4_es_remove_extent+0x263/0x420 [ 470.783590][T15465] ext4_ext_truncate+0x17e/0x300 [ 470.783615][T15465] ext4_truncate+0xb4f/0x12e0 [ 470.783634][T15465] ? down_write+0x162/0x1f0 [ 470.783651][T15465] ? __pfx_ext4_truncate+0x10/0x10 [ 470.783668][T15465] ? __ext4_journal_stop+0x34/0x1a0 [ 470.783689][T15465] ext4_write_end+0x76e/0x9f0 [ 470.783715][T15465] ext4_da_write_end+0x84/0xcf0 [ 470.783742][T15465] generic_perform_write+0x62a/0x900 [ 470.783765][T15465] ? __pfx_generic_perform_write+0x10/0x10 [ 470.783781][T15465] ? file_modified_flags+0x4bb/0x560 [ 470.783805][T15465] ? ext4_write_checks+0x24b/0x2c0 [ 470.783823][T15465] ext4_buffered_write_iter+0xce/0x3a0 [ 470.783844][T15465] ext4_file_write_iter+0x298/0x1bc0 [ 470.783871][T15465] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 470.783894][T15465] vfs_write+0x5c9/0xb30 [ 470.783912][T15465] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 470.783930][T15465] ? __pfx_vfs_write+0x10/0x10 [ 470.783954][T15465] ? __fget_files+0x2a/0x420 [ 470.783976][T15465] __x64_sys_pwrite64+0x193/0x220 [ 470.783994][T15465] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 470.784013][T15465] ? do_syscall_64+0xbe/0xfa0 [ 470.784037][T15465] do_syscall_64+0xfa/0xfa0 [ 470.784059][T15465] ? lockdep_hardirqs_on+0x9c/0x150 [ 470.784082][T15465] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.784098][T15465] ? clear_bhb_loop+0x60/0xb0 [ 470.784117][T15465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.784138][T15465] RIP: 0033:0x7fd18e38e929 [ 470.784158][T15465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.784173][T15465] RSP: 002b:00007fd18f1a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 470.784199][T15465] RAX: ffffffffffffffda RBX: 00007fd18e5b5fa0 RCX: 00007fd18e38e929 [ 470.784212][T15465] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004 [ 470.784224][T15465] RBP: 00007fd18e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 470.784235][T15465] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 470.784246][T15465] R13: 0000000000000000 R14: 00007fd18e5b5fa0 R15: 00007ffe86830148 [ 470.784266][T15465] [ 470.784273][T15465] [ 471.093215][T15465] The buggy address belongs to the physical page: [ 471.099641][T15465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xc004090 pfn:0x6ecb8 [ 471.109006][T15465] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 471.116161][T15465] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 471.124928][T15465] raw: 000000000c004090 0000000000000000 00000000ffffffff 0000000000000000 [ 471.133497][T15465] page dumped because: kasan: bad access detected [ 471.139905][T15465] page_owner tracks the page as freed [ 471.145256][T15465] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 6153, tgid 6149 (syz-execprog), ts 116617492752, free_ts 470674009144 [ 471.164169][T15465] post_alloc_hook+0x234/0x290 [ 471.168936][T15465] get_page_from_freelist+0x2356/0x2430 [ 471.174478][T15465] __alloc_frozen_pages_noprof+0x181/0x370 [ 471.180369][T15465] alloc_pages_mpol+0x232/0x4a0 [ 471.185225][T15465] vma_alloc_folio_noprof+0xe4/0x200 [ 471.190502][T15465] folio_prealloc+0x30/0x180 [ 471.195088][T15465] __handle_mm_fault+0x2a8b/0x5400 [ 471.200227][T15465] handle_mm_fault+0x2d5/0x7f0 [ 471.204978][T15465] do_user_addr_fault+0xa7c/0x1380 [ 471.210084][T15465] exc_page_fault+0x82/0x100 [ 471.214919][T15465] asm_exc_page_fault+0x26/0x30 [ 471.219882][T15465] page last free pid 6154 tgid 6149 stack trace: [ 471.226223][T15465] free_unref_folios+0xe5d/0x15f0 [ 471.231233][T15465] folios_put_refs+0x584/0x670 [ 471.235981][T15465] free_pages_and_swap_cache+0x277/0x520 [ 471.241692][T15465] tlb_flush_mmu+0x3a0/0x680 [ 471.246265][T15465] unmap_page_range+0x3b37/0x4370 [ 471.251360][T15465] unmap_vmas+0x399/0x580 [ 471.255792][T15465] exit_mmap+0x240/0xb40 [ 471.260039][T15465] __mmput+0x118/0x420 [ 471.264198][T15465] exit_mm+0x1da/0x2c0 [ 471.268265][T15465] do_exit+0x648/0x2300 [ 471.272407][T15465] do_group_exit+0x21c/0x2d0 [ 471.276986][T15465] get_signal+0x125d/0x1310 [ 471.281469][T15465] arch_do_signal_or_restart+0xa0/0x790 [ 471.287005][T15465] exit_to_user_mode_loop+0x72/0x130 [ 471.292278][T15465] do_syscall_64+0x2bd/0xfa0 [ 471.296949][T15465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.303016][T15465] [ 471.305337][T15465] Memory state around the buggy address: [ 471.310951][T15465] ffff88806ecb8b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 471.318996][T15465] ffff88806ecb8b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 471.327045][T15465] >ffff88806ecb8c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 471.335102][T15465] ^ [ 471.339929][T15465] ffff88806ecb8c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 471.348141][T15465] ffff88806ecb8d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 471.356361][T15465] ================================================================== [ 471.372241][T15465] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 471.379566][T15465] CPU: 1 UID: 0 PID: 15465 Comm: syz.0.2193 Not tainted syzkaller #0 PREEMPT(full) [ 471.388970][T15465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 471.399090][T15465] Call Trace: [ 471.402377][T15465] [ 471.405344][T15465] dump_stack_lvl+0x99/0x250 [ 471.409945][T15465] ? __asan_memcpy+0x40/0x70 [ 471.414584][T15465] ? __pfx_dump_stack_lvl+0x10/0x10 [ 471.419806][T15465] ? __pfx__printk+0x10/0x10 [ 471.424422][T15465] vpanic+0x237/0x6d0 [ 471.428406][T15465] ? __pfx_vpanic+0x10/0x10 [ 471.433012][T15465] ? preempt_schedule+0xae/0xc0 [ 471.437869][T15465] ? __pfx_preempt_schedule+0x10/0x10 [ 471.443237][T15465] panic+0xb9/0xc0 [ 471.446987][T15465] ? __pfx_panic+0x10/0x10 [ 471.451478][T15465] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 471.457360][T15465] ? ext4_ext_remove_space+0x3211/0x42f0 [ 471.462994][T15465] check_panic_on_warn+0x89/0xb0 [ 471.467947][T15465] ? ext4_ext_remove_space+0x3211/0x42f0 [ 471.473587][T15465] end_report+0x78/0x160 [ 471.477823][T15465] kasan_report+0x129/0x150 [ 471.482322][T15465] ? ext4_ext_remove_space+0x3211/0x42f0 [ 471.487958][T15465] ext4_ext_remove_space+0x3211/0x42f0 [ 471.493509][T15465] ? __es_remove_extent+0xdbe/0x1780 [ 471.498814][T15465] ? ext4_es_remove_extent+0x218/0x420 [ 471.504280][T15465] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 471.510254][T15465] ? ext4_es_remove_extent+0x263/0x420 [ 471.515708][T15465] ext4_ext_truncate+0x17e/0x300 [ 471.520726][T15465] ext4_truncate+0xb4f/0x12e0 [ 471.525483][T15465] ? down_write+0x162/0x1f0 [ 471.529979][T15465] ? __pfx_ext4_truncate+0x10/0x10 [ 471.535093][T15465] ? __ext4_journal_stop+0x34/0x1a0 [ 471.540544][T15465] ext4_write_end+0x76e/0x9f0 [ 471.545301][T15465] ext4_da_write_end+0x84/0xcf0 [ 471.550159][T15465] generic_perform_write+0x62a/0x900 [ 471.555471][T15465] ? __pfx_generic_perform_write+0x10/0x10 [ 471.561281][T15465] ? file_modified_flags+0x4bb/0x560 [ 471.566567][T15465] ? ext4_write_checks+0x24b/0x2c0 [ 471.571701][T15465] ext4_buffered_write_iter+0xce/0x3a0 [ 471.577147][T15465] ext4_file_write_iter+0x298/0x1bc0 [ 471.582431][T15465] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 471.588147][T15465] vfs_write+0x5c9/0xb30 [ 471.592375][T15465] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 471.598081][T15465] ? __pfx_vfs_write+0x10/0x10 [ 471.602880][T15465] ? __fget_files+0x2a/0x420 [ 471.607579][T15465] __x64_sys_pwrite64+0x193/0x220 [ 471.612607][T15465] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 471.618228][T15465] ? do_syscall_64+0xbe/0xfa0 [ 471.622897][T15465] do_syscall_64+0xfa/0xfa0 [ 471.627409][T15465] ? lockdep_hardirqs_on+0x9c/0x150 [ 471.632626][T15465] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.638697][T15465] ? clear_bhb_loop+0x60/0xb0 [ 471.643363][T15465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.649242][T15465] RIP: 0033:0x7fd18e38e929 [ 471.653681][T15465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.673284][T15465] RSP: 002b:00007fd18f1a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 471.681929][T15465] RAX: ffffffffffffffda RBX: 00007fd18e5b5fa0 RCX: 00007fd18e38e929 [ 471.689900][T15465] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000004 [ 471.697882][T15465] RBP: 00007fd18e410b39 R08: 0000000000000000 R09: 0000000000000000 [ 471.705844][T15465] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 471.713809][T15465] R13: 0000000000000000 R14: 00007fd18e5b5fa0 R15: 00007ffe86830148 [ 471.721867][T15465] [ 471.725475][T15465] Kernel Offset: disabled [ 471.729859][T15465] Rebooting in 86400 seconds..