Warning: Permanently added '10.128.0.25' (ED25519) to the list of known hosts. 2024/08/19 19:00:52 ignoring optional flag "sandboxArg"="0" 2024/08/19 19:00:52 parsed 1 programs 2024/08/19 19:00:52 executed programs: 0 [ 46.798933][ T24] kauditd_printk_skb: 14 callbacks suppressed [ 46.798947][ T24] audit: type=1400 audit(1724094052.510:90): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.869619][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.876863][ T346] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.884213][ T346] device bridge_slave_0 entered promiscuous mode [ 46.891140][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.898040][ T346] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.905173][ T346] device bridge_slave_1 entered promiscuous mode [ 46.941027][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.948122][ T346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.955406][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.962351][ T346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.979545][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.986617][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.994587][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.002205][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.010682][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.018706][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.025755][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.034486][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.042535][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.049354][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.068335][ T346] device veth0_vlan entered promiscuous mode [ 47.075585][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.083967][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.092199][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.099513][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.107082][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.114940][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.127401][ T346] device veth1_macvtap entered promiscuous mode [ 47.134560][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.148670][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.157608][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.170065][ T24] audit: type=1400 audit(1724094052.880:91): avc: denied { mounton } for pid=346 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 47.206578][ T24] audit: type=1400 audit(1724094052.920:92): avc: denied { mounton } for pid=350 comm="syz-executor.0" path="/root/syzkaller-testdir2190771910/syzkaller.Hhna3L/0/bus" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 47.243725][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.253019][ T351] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/0/bus supports timestamps until 2038 (0x7fffffff) [ 47.261941][ T24] audit: type=1400 audit(1724094052.970:93): avc: denied { mount } for pid=350 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 47.290645][ T24] audit: type=1400 audit(1724094052.980:94): avc: denied { write } for pid=350 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 47.313234][ T24] audit: type=1400 audit(1724094052.980:95): avc: denied { add_name } for pid=350 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 47.334204][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.334493][ T24] audit: type=1400 audit(1724094052.980:96): avc: denied { create } for pid=350 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.347978][ T110] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.368023][ T24] audit: type=1400 audit(1724094052.980:97): avc: denied { read write open } for pid=350 comm="syz-executor.0" path="/root/syzkaller-testdir2190771910/syzkaller.Hhna3L/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.383291][ T110] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.410822][ T24] audit: type=1400 audit(1724094052.980:98): avc: denied { mounton } for pid=350 comm="syz-executor.0" path="/root/syzkaller-testdir2190771910/syzkaller.Hhna3L/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.423056][ T110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.423056][ T110] [ 47.449815][ T24] audit: type=1400 audit(1724094052.980:99): avc: denied { append } for pid=350 comm="syz-executor.0" path="/root/syzkaller-testdir2190771910/syzkaller.Hhna3L/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.460541][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.563583][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.572731][ T359] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/1/bus supports timestamps until 2038 (0x7fffffff) [ 47.609850][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.623068][ T110] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.637414][ T110] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.650253][ T110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.650253][ T110] [ 47.660359][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.763269][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.772829][ T365] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/2/bus supports timestamps until 2038 (0x7fffffff) [ 47.810302][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.823358][ T110] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 47.837676][ T110] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 47.850465][ T110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 47.850465][ T110] [ 47.860617][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 47.953171][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.962026][ T371] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/3/bus supports timestamps until 2038 (0x7fffffff) [ 47.998170][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.011072][ T110] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.025209][ T110] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.037732][ T110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.037732][ T110] [ 48.047564][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.153242][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.162380][ T377] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/4/bus supports timestamps until 2038 (0x7fffffff) [ 48.206701][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.220278][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.233260][ T110] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5869: Corrupt filesystem [ 48.243586][ T110] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #19: comm kworker/u4:2: mark_inode_dirty error [ 48.255212][ T110] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 3 with error 117 [ 48.267600][ T110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.267600][ T110] [ 48.277383][ T110] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 48.363267][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.372047][ T384] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/5/bus supports timestamps until 2038 (0x7fffffff) [ 48.407941][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 48.421021][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.435478][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.447765][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.447765][ T9] [ 48.457996][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 48.564908][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.573746][ T390] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/6/bus supports timestamps until 2038 (0x7fffffff) [ 48.610675][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 48.623808][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4155: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 48.637960][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 48.650191][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 48.650191][ T9] [ 48.660285][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 48.753053][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.762156][ T396] ext4 filesystem being mounted at /root/syzkaller-testdir2190771910/syzkaller.Hhna3L/7/bus supports timestamps until 2038 (0x7fffffff) [ 48.782583][ T396] EXT4-fs error (device loop0): ext4_map_blocks:710: inode #19: block 225: comm syz-executor.0: lblock 17 mapped to illegal pblock 225 (length 1) [ 48.797672][ T396] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 48.810790][ T396] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5869: Corrupt filesystem [ 48.820386][ T396] EXT4-fs error (device loop0): ext4_ext_truncate:4426: inode #19: comm syz-executor.0: mark_inode_dirty error [ 48.832584][ T396] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 48.845889][ T396] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5869: Corrupt filesystem [ 48.855941][ T396] EXT4-fs error (device loop0): ext4_truncate:4361: inode #19: comm syz-executor.0: mark_inode_dirty error [ 48.870215][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 48.883292][ T9] ================================================================== [ 48.891417][ T9] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0 [ 48.898778][ T9] Read of size 4 at addr ffff88811eae8058 by task kworker/u4:1/9 [ 48.906405][ T9] [ 48.908670][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.223-syzkaller-1003215-g0890c03b8b7d #0 [ 48.918583][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 48.928879][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 48.935391][ T9] Call Trace: [ 48.938499][ T9] dump_stack_lvl+0x1e2/0x24b [ 48.943433][ T9] ? bfq_pos_tree_add_move+0x43b/0x43b [ 48.948806][ T9] ? panic+0x812/0x812 [ 48.952702][ T9] ? __getblk_gfp+0x3d/0x7e0 [ 48.957126][ T9] print_address_description+0x81/0x3b0 [ 48.962609][ T9] kasan_report+0x179/0x1c0 [ 48.967016][ T9] ? ext4_find_extent+0xbab/0xdb0 [ 48.971902][ T9] ? ext4_find_extent+0xbab/0xdb0 [ 48.976743][ T9] __asan_report_load4_noabort+0x14/0x20 [ 48.982203][ T9] ext4_find_extent+0xbab/0xdb0 [ 48.987187][ T9] ext4_ext_map_blocks+0x26a/0x6ee0 [ 48.992202][ T9] ? ret_from_fork+0x1f/0x30 [ 48.996650][ T9] ? stack_trace_save+0x113/0x1c0 [ 49.001572][ T9] ? stack_trace_snprint+0xf0/0xf0 [ 49.006706][ T9] ? ext4_ext_release+0x10/0x10 [ 49.011575][ T9] ? slab_post_alloc_hook+0x61/0x2f0 [ 49.016787][ T9] ? kmem_cache_alloc+0x168/0x2e0 [ 49.021924][ T9] ? ext4_alloc_io_end_vec+0x2a/0x170 [ 49.027217][ T9] ? ext4_writepages+0x122f/0x3c00 [ 49.032147][ T9] ? do_writepages+0x12e/0x270 [ 49.036757][ T9] ? __writeback_single_inode+0xd7/0xac0 [ 49.042213][ T9] ? writeback_sb_inodes+0x99c/0x16b0 [ 49.047442][ T9] ? wb_writeback+0x404/0xc60 [ 49.051947][ T9] ? wb_workfn+0x3d9/0x1110 [ 49.056273][ T9] ? process_one_work+0x6dc/0xbd0 [ 49.061219][ T9] ? worker_thread+0xaea/0x1510 [ 49.066002][ T9] ? kthread+0x34b/0x3d0 [ 49.070071][ T9] ? ret_from_fork+0x1f/0x30 [ 49.074508][ T9] ? _raw_read_unlock+0x25/0x40 [ 49.079535][ T9] ? ext4_es_lookup_extent+0x33b/0x940 [ 49.085988][ T9] ext4_map_blocks+0xa65/0x1d10 [ 49.090932][ T9] ? ext4_issue_zeroout+0x1b0/0x1b0 [ 49.096071][ T9] ? ext4_inode_journal_mode+0x1a5/0x470 [ 49.102033][ T9] ext4_writepages+0x148b/0x3c00 [ 49.107665][ T9] ? __ext4_error+0x203/0x420 [ 49.112661][ T9] ? ext4_readpage+0x230/0x230 [ 49.117342][ T9] ? psi_task_change+0x1e6/0x360 [ 49.122124][ T9] ? ext4_get_group_desc+0x260/0x2b0 [ 49.127322][ T9] ? __ext4_get_inode_loc+0x59c/0xbf0 [ 49.132693][ T9] ? check_preempt_curr+0xd6/0x1b0 [ 49.137653][ T9] ? ext4_readpage+0x230/0x230 [ 49.142338][ T9] do_writepages+0x12e/0x270 [ 49.147099][ T9] ? __writepage+0x130/0x130 [ 49.151593][ T9] ? __kasan_check_write+0x14/0x20 [ 49.156740][ T9] ? __kasan_check_write+0x14/0x20 [ 49.161678][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 49.166314][ T9] __writeback_single_inode+0xd7/0xac0 [ 49.171900][ T9] ? inode_add_lru+0x130/0x190 [ 49.176718][ T9] writeback_sb_inodes+0x99c/0x16b0 [ 49.181831][ T9] ? queue_io+0x520/0x520 [ 49.185988][ T9] ? writeback_sb_inodes+0x16b0/0x16b0 [ 49.191904][ T9] ? queue_io+0x3d3/0x520 [ 49.196249][ T9] wb_writeback+0x404/0xc60 [ 49.200851][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 49.206330][ T9] ? set_worker_desc+0x158/0x1c0 [ 49.211166][ T9] ? __kasan_check_write+0x14/0x20 [ 49.216381][ T9] wb_workfn+0x3d9/0x1110 [ 49.220697][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 49.226446][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 49.231547][ T9] ? finish_task_switch+0x130/0x5a0 [ 49.236878][ T9] ? __switch_to_asm+0x34/0x60 [ 49.241687][ T9] ? __kasan_check_read+0x11/0x20 [ 49.246510][ T9] ? read_word_at_a_time+0x12/0x20 [ 49.251544][ T9] ? strscpy+0x9c/0x260 [ 49.255529][ T9] process_one_work+0x6dc/0xbd0 [ 49.260293][ T9] worker_thread+0xaea/0x1510 [ 49.264847][ T9] kthread+0x34b/0x3d0 [ 49.268710][ T9] ? worker_clr_flags+0x180/0x180 [ 49.273695][ T9] ? kthread_blkcg+0xd0/0xd0 [ 49.278132][ T9] ret_from_fork+0x1f/0x30 [ 49.282498][ T9] [ 49.284657][ T9] The buggy address belongs to the page: [ 49.290244][ T9] page:ffffea00047aba00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11eae8 [ 49.300794][ T9] flags: 0x4000000000000000() [ 49.305615][ T9] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 49.314053][ T9] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 49.322938][ T9] page dumped because: kasan: bad access detected [ 49.329481][ T9] page_owner tracks the page as freed [ 49.334643][ T9] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 365, ts 47745678748, free_ts 47934538944 [ 49.349002][ T9] prep_new_page+0x166/0x180 [ 49.353555][ T9] get_page_from_freelist+0x2d8c/0x2f30 [ 49.359001][ T9] __alloc_pages_nodemask+0x435/0xaf0 [ 49.364308][ T9] shmem_alloc_page+0x257/0x420 [ 49.368979][ T9] shmem_alloc_and_acct_page+0x395/0x8e0 [ 49.374573][ T9] shmem_getpage_gfp+0x891/0x2480 [ 49.379424][ T9] shmem_write_begin+0xca/0x1b0 [ 49.384295][ T9] generic_perform_write+0x2cd/0x570 [ 49.389402][ T9] __generic_file_write_iter+0x23c/0x560 [ 49.394870][ T9] generic_file_write_iter+0xaf/0x1c0 [ 49.400162][ T9] vfs_write+0xb4c/0xe70 [ 49.404261][ T9] ksys_write+0x199/0x2c0 [ 49.408421][ T9] __x64_sys_write+0x7b/0x90 [ 49.413031][ T9] do_syscall_64+0x34/0x70 [ 49.417277][ T9] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.423000][ T9] page last free stack trace: [ 49.427553][ T9] free_unref_page_prepare+0x2ae/0x2d0 [ 49.433147][ T9] free_unref_page_list+0x122/0xb20 [ 49.438279][ T9] release_pages+0xea0/0xef0 [ 49.442929][ T9] __pagevec_release+0x84/0x100 [ 49.447599][ T9] shmem_undo_range+0x7d1/0x1a60 [ 49.452832][ T9] shmem_evict_inode+0x215/0x9d0 [ 49.457791][ T9] evict+0x2a3/0x6c0 [ 49.461617][ T9] iput+0x632/0x7e0 [ 49.465308][ T9] dentry_unlink_inode+0x2ea/0x3d0 [ 49.470384][ T9] __dentry_kill+0x447/0x650 [ 49.474801][ T9] dentry_kill+0xc0/0x2a0 [ 49.479644][ T9] dput+0x40/0x80 [ 49.483374][ T9] __fput+0x52e/0x7b0 [ 49.487706][ T9] ____fput+0x15/0x20 [ 49.491747][ T9] task_work_run+0x129/0x190 [ 49.496273][ T9] exit_to_user_mode_loop+0xbf/0xd0 [ 49.501291][ T9] [ 49.503485][ T9] Memory state around the buggy address: [ 49.509349][ T9] ffff88811eae7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.517461][ T9] ffff88811eae7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.525432][ T9] >ffff88811eae8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.533527][ T9] ^ [ 49.540286][ T9] ffff88811eae8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.548515][ T9] ffff88811eae8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.556491][ T9] ================================================================== [ 49.564389][ T9] Disabling lock debugging due to kernel taint [ 49.576357][ T9] ------------[ cut here ]------------ [ 49.581966][ T9] kernel BUG at fs/ext4/inode.c:2435! [ 49.587173][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 49.593264][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Tainted: G B 5.10.223-syzkaller-1003215-g0890c03b8b7d #0 [ 49.604599][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.614860][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 49.620674][ T9] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 49.626560][ T9] Code: 00 74 08 48 89 df e8 6b e1 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 b3 d8 07 00 eb 5d e8 ec 49 8c ff <0f> 0b e8 e5 49 8c ff eb 3b e8 de 49 8c ff eb 77 e8 d7 49 8c ff 31 [ 49.646656][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 49.652659][ T9] RAX: ffffffff81de5f14 RBX: dffffc0000000000 RCX: ffff8881002562c0 [ 49.660644][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.669146][ T9] RBP: ffffc90000097490 R08: ffffffff81de3b19 R09: ffffed10239c760c [ 49.677026][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000973b0 [ 49.685114][ T9] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.692996][ T9] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 [ 49.701758][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.708234][ T9] CR2: 000055555565e818 CR3: 000000000600f000 CR4: 00000000003506b0 [ 49.716334][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.724125][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.732107][ T9] Call Trace: [ 49.735507][ T9] ? __die_body+0x62/0xb0 [ 49.739673][ T9] ? die+0x88/0xb0 [ 49.743314][ T9] ? do_trap+0x1a4/0x310 [ 49.747494][ T9] ? ext4_writepages+0x3b44/0x3c00 [ 49.752719][ T9] ? handle_invalid_op+0x95/0xc0 [ 49.757479][ T9] ? ext4_writepages+0x3b44/0x3c00 [ 49.762540][ T9] ? exc_invalid_op+0x32/0x50 [ 49.767199][ T9] ? asm_exc_invalid_op+0x12/0x20 [ 49.772323][ T9] ? ext4_writepages+0x1749/0x3c00 [ 49.777253][ T9] ? ext4_writepages+0x3b44/0x3c00 [ 49.782474][ T9] ? ext4_writepages+0x3b44/0x3c00 [ 49.787423][ T9] ? __ext4_error+0x203/0x420 [ 49.791922][ T9] ? ext4_readpage+0x230/0x230 [ 49.796706][ T9] ? psi_task_change+0x1e6/0x360 [ 49.801689][ T9] ? ext4_get_group_desc+0x260/0x2b0 [ 49.806805][ T9] ? __ext4_get_inode_loc+0x59c/0xbf0 [ 49.812399][ T9] ? check_preempt_curr+0xd6/0x1b0 [ 49.817425][ T9] ? ext4_readpage+0x230/0x230 [ 49.822027][ T9] do_writepages+0x12e/0x270 [ 49.826562][ T9] ? __writepage+0x130/0x130 [ 49.831092][ T9] ? __kasan_check_write+0x14/0x20 [ 49.836090][ T9] ? __kasan_check_write+0x14/0x20 [ 49.841078][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 49.845683][ T9] __writeback_single_inode+0xd7/0xac0 [ 49.850963][ T9] ? inode_add_lru+0x130/0x190 [ 49.855646][ T9] writeback_sb_inodes+0x99c/0x16b0 [ 49.860677][ T9] ? queue_io+0x520/0x520 [ 49.864842][ T9] ? writeback_sb_inodes+0x16b0/0x16b0 [ 49.870137][ T9] ? queue_io+0x3d3/0x520 [ 49.874389][ T9] wb_writeback+0x404/0xc60 [ 49.878847][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 49.884324][ T9] ? set_worker_desc+0x158/0x1c0 [ 49.889090][ T9] ? __kasan_check_write+0x14/0x20 [ 49.894047][ T9] wb_workfn+0x3d9/0x1110 [ 49.898394][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 49.904043][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 49.909143][ T9] ? finish_task_switch+0x130/0x5a0 [ 49.914351][ T9] ? __switch_to_asm+0x34/0x60 [ 49.918949][ T9] ? __kasan_check_read+0x11/0x20 [ 49.923923][ T9] ? read_word_at_a_time+0x12/0x20 [ 49.928839][ T9] ? strscpy+0x9c/0x260 [ 49.932835][ T9] process_one_work+0x6dc/0xbd0 [ 49.937626][ T9] worker_thread+0xaea/0x1510 [ 49.942140][ T9] kthread+0x34b/0x3d0 [ 49.946328][ T9] ? worker_clr_flags+0x180/0x180 [ 49.951319][ T9] ? kthread_blkcg+0xd0/0xd0 [ 49.955747][ T9] ret_from_fork+0x1f/0x30 [ 49.960083][ T9] Modules linked in: [ 49.964287][ T9] ---[ end trace 2d6f7455d6b28153 ]--- [ 49.969566][ T9] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 49.975225][ T9] Code: 00 74 08 48 89 df e8 6b e1 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 b3 d8 07 00 eb 5d e8 ec 49 8c ff <0f> 0b e8 e5 49 8c ff eb 3b e8 de 49 8c ff eb 77 e8 d7 49 8c ff 31 [ 49.994664][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 50.001286][ T9] RAX: ffffffff81de5f14 RBX: dffffc0000000000 RCX: ffff8881002562c0 [ 50.009140][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 50.016930][ T9] RBP: ffffc90000097490 R08: ffffffff81de3b19 R09: ffffed10239c760c [ 50.024833][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000973b0 [ 50.032638][ T9] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 50.040432][ T9] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 [ 50.049412][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.055934][ T9] CR2: 000055555565e818 CR3: 000000000600f000 CR4: 00000000003506b0 [ 50.063875][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.071752][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.079726][ T9] Kernel panic - not syncing: Fatal exception [ 50.085975][ T9] Kernel Offset: disabled [ 50.090106][ T9] Rebooting in 86400 seconds..