Warning: Permanently added '10.128.1.44' (ED25519) to the list of known hosts. 2025/10/23 15:56:01 ignoring optional flag "type"="gce" 2025/10/23 15:56:01 parsed 1 programs 2025/10/23 15:56:01 executed programs: 0 [ 43.751767][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.759246][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.767739][ T321] device bridge_slave_0 entered promiscuous mode [ 43.775848][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.783333][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.791530][ T321] device bridge_slave_1 entered promiscuous mode [ 43.828885][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.836624][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.844452][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.851611][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.869844][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.877659][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.885847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.893779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.903401][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.912296][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.942412][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.951363][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.960209][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.967981][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.980160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.994065][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.005587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.017876][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.027229][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.035781][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.045555][ T321] device veth0_vlan entered promiscuous mode [ 44.056006][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.065708][ T321] device veth1_macvtap entered promiscuous mode [ 44.075618][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.085525][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.114493][ T24] kauditd_printk_skb: 14 callbacks suppressed [ 44.114507][ T24] audit: type=1400 audit(1761234962.020:88): avc: denied { mounton } for pid=325 comm="syz-executor.0" path="/root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus" dev="sda1" ino=2034 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 44.156425][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.169366][ T326] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.169378][ T24] audit: type=1400 audit(1761234962.090:89): avc: denied { mount } for pid=325 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.213731][ T24] audit: type=1400 audit(1761234962.130:90): avc: denied { write } for pid=325 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.237948][ T24] audit: type=1400 audit(1761234962.130:91): avc: denied { add_name } for pid=325 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.259528][ T24] audit: type=1400 audit(1761234962.130:92): avc: denied { create } for pid=325 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.281828][ T24] audit: type=1400 audit(1761234962.130:93): avc: denied { read write open } for pid=325 comm="syz-executor.0" path="/root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.314833][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.314876][ T24] audit: type=1400 audit(1761234962.130:94): avc: denied { mounton } for pid=325 comm="syz-executor.0" path="/root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.329276][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 44.358112][ T24] audit: type=1400 audit(1761234962.130:95): avc: denied { append } for pid=325 comm="syz-executor.0" path="/root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.358130][ T24] audit: type=1400 audit(1761234962.130:96): avc: denied { map } for pid=325 comm="syz-executor.0" path="/root/syzkaller-testdir3497566363/syzkaller.603QoW/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.358146][ T24] audit: type=1400 audit(1761234962.190:97): avc: denied { unmount } for pid=321 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.457006][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 44.470366][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 44.470366][ T49] [ 44.480815][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.595926][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.605943][ T333] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.647583][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.662047][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 44.677940][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 44.691356][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 44.691356][ T49] [ 44.702279][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.795896][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.805687][ T340] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.845157][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 44.859323][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 44.874081][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 44.887417][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 44.887417][ T49] [ 44.900323][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.045771][ T346] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.056393][ T346] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.095599][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.108987][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.124957][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.138331][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.138331][ T49] [ 45.149027][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.235766][ T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.245139][ T352] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.288401][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.303599][ T49] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.320636][ T49] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.334168][ T49] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.334168][ T49] [ 45.344362][ T49] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 45.477249][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.487351][ T358] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.528550][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.543286][ T9] EXT4-fs error (device loop0): ext4_ext_map_blocks:4178: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 45.559069][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 45.572524][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.572524][ T9] [ 45.584613][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.675836][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.685299][ T364] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.735765][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.750652][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.764777][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 45.774495][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #19: comm kworker/u4:1: mark_inode_dirty error [ 45.788368][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 2 with error 117 [ 45.803350][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 45.803350][ T9] [ 45.814269][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.916118][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.925710][ T370] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.981227][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 45.996513][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.010239][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 46.021221][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #19: comm kworker/u4:1: mark_inode_dirty error [ 46.034785][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 4 with error 117 [ 46.048483][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.048483][ T9] [ 46.059255][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.135840][ T376] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.145807][ T376] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.190357][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.206095][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.220423][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 46.230552][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #19: comm kworker/u4:1: mark_inode_dirty error [ 46.243257][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 2 with error 117 [ 46.256551][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.256551][ T9] [ 46.267182][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.356100][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.365956][ T382] ext4 filesystem being mounted at /root/syzkaller-testdir3497566363/syzkaller.603QoW/9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.391654][ T382] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #19: block 225: comm syz-executor.0: lblock 17 mapped to illegal pblock 225 (length 1) [ 46.409908][ T382] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 46.424305][ T382] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 46.435311][ T382] EXT4-fs error (device loop0): ext4_ext_truncate:4450: inode #19: comm syz-executor.0: mark_inode_dirty error [ 46.448292][ T382] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 46.462620][ T382] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5933: Corrupt filesystem [ 46.473688][ T382] EXT4-fs error (device loop0): ext4_truncate:4390: inode #19: comm syz-executor.0: mark_inode_dirty error [ 46.498151][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 46.511930][ T9] ================================================================== [ 46.520934][ T9] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 46.529264][ T9] Read of size 4 at addr ffff888121307058 by task kworker/u4:1/9 [ 46.537818][ T9] [ 46.540175][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 46.547925][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 46.558613][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 46.565185][ T9] Call Trace: [ 46.568871][ T9] __dump_stack+0x21/0x24 [ 46.574102][ T9] dump_stack_lvl+0x169/0x1d8 [ 46.579844][ T9] ? show_regs_print_info+0x18/0x18 [ 46.585413][ T9] ? thaw_kernel_threads+0x220/0x220 [ 46.591259][ T9] print_address_description+0x7f/0x2c0 [ 46.597905][ T9] ? ext4_find_extent+0xbeb/0xe20 [ 46.603994][ T9] kasan_report+0xe2/0x130 [ 46.608954][ T9] ? __read_extent_tree_block+0x1e8/0x790 [ 46.615684][ T9] ? ext4_find_extent+0xbeb/0xe20 [ 46.621360][ T9] __asan_report_load4_noabort+0x14/0x20 [ 46.627361][ T9] ext4_find_extent+0xbeb/0xe20 [ 46.632952][ T9] ext4_ext_map_blocks+0x1de/0x5d40 [ 46.638506][ T9] ? __kasan_slab_alloc+0xcf/0xf0 [ 46.644199][ T9] ? __kasan_slab_alloc+0xbd/0xf0 [ 46.649919][ T9] ? slab_post_alloc_hook+0x5d/0x2f0 [ 46.655767][ T9] ? kmem_cache_alloc+0x165/0x2e0 [ 46.661394][ T9] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 46.667289][ T9] ? ext4_writepages+0xebd/0x2e00 [ 46.672339][ T9] ? do_writepages+0x12a/0x270 [ 46.677742][ T9] ? __writeback_single_inode+0xd5/0xa20 [ 46.684126][ T9] ? writeback_sb_inodes+0x860/0x1400 [ 46.689859][ T9] ? worker_thread+0xa6a/0x13b0 [ 46.695153][ T9] ? kthread+0x346/0x3d0 [ 46.699956][ T9] ? ret_from_fork+0x1f/0x30 [ 46.704568][ T9] ? ext4_ext_release+0x10/0x10 [ 46.709548][ T9] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 46.715207][ T9] ext4_map_blocks+0x978/0x1bc0 [ 46.720868][ T9] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 46.726334][ T9] ? ext4_inode_journal_mode+0x19a/0x480 [ 46.732229][ T9] ext4_writepages+0x11d5/0x2e00 [ 46.737774][ T9] ? ext4_readpage+0x220/0x220 [ 46.742704][ T9] ? enqueue_task_fair+0xac3/0x2250 [ 46.747952][ T9] ? ext4_itable_unused_set+0x100/0x100 [ 46.753661][ T9] ? ext4_readpage+0x220/0x220 [ 46.758510][ T9] do_writepages+0x12a/0x270 [ 46.763393][ T9] ? __writepage+0x130/0x130 [ 46.768097][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 46.773133][ T9] ? __kasan_check_write+0x14/0x20 [ 46.778395][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 46.783167][ T9] __writeback_single_inode+0xd5/0xa20 [ 46.789015][ T9] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 46.795681][ T9] ? inode_add_lru+0x12f/0x190 [ 46.800720][ T9] writeback_sb_inodes+0x860/0x1400 [ 46.806408][ T9] ? __kasan_check_write+0x14/0x20 [ 46.811831][ T9] ? queue_io+0x4c0/0x4c0 [ 46.816432][ T9] ? __kasan_check_read+0x11/0x20 [ 46.821831][ T9] ? queue_io+0x385/0x4c0 [ 46.827133][ T9] wb_writeback+0x3e3/0xb90 [ 46.832354][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 46.838916][ T9] ? set_worker_desc+0x155/0x1c0 [ 46.844076][ T9] ? __kasan_check_write+0x14/0x20 [ 46.849408][ T9] wb_workfn+0x38f/0xe20 [ 46.854081][ T9] ? inode_wait_for_writeback+0x200/0x200 [ 46.859888][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 46.865262][ T9] ? finish_task_switch+0x12e/0x5a0 [ 46.870642][ T9] ? switch_mm_irqs_off+0x763/0x9a0 [ 46.877263][ T9] ? __switch_to_asm+0x34/0x60 [ 46.882652][ T9] ? __schedule+0xb4f/0x1310 [ 46.887459][ T9] ? __kasan_check_read+0x11/0x20 [ 46.893356][ T9] ? read_word_at_a_time+0x12/0x20 [ 46.898734][ T9] ? strscpy+0x9b/0x290 [ 46.903098][ T9] process_one_work+0x6e1/0xba0 [ 46.908211][ T9] worker_thread+0xa6a/0x13b0 [ 46.912974][ T9] kthread+0x346/0x3d0 [ 46.917216][ T9] ? worker_clr_flags+0x190/0x190 [ 46.922715][ T9] ? kthread_blkcg+0xd0/0xd0 [ 46.927779][ T9] ret_from_fork+0x1f/0x30 [ 46.932194][ T9] [ 46.934610][ T9] The buggy address belongs to the page: [ 46.940535][ T9] page:ffffea000484c1c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121307 [ 46.950859][ T9] flags: 0x4000000000000000() [ 46.955849][ T9] raw: 4000000000000000 ffffea0004847b48 ffffea000484b248 0000000000000000 [ 46.964780][ T9] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.974045][ T9] page dumped because: kasan: bad access detected [ 46.980862][ T9] page_owner tracks the page as freed [ 46.987150][ T9] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 327, ts 46165184121, free_ts 46165849923 [ 47.005598][ T9] prep_new_page+0x179/0x180 [ 47.010362][ T9] get_page_from_freelist+0x2235/0x23d0 [ 47.016454][ T9] __alloc_pages_nodemask+0x268/0x5f0 [ 47.022531][ T9] handle_pte_fault+0x1719/0x3750 [ 47.028312][ T9] handle_mm_fault+0xf3f/0x16a0 [ 47.033436][ T9] do_user_addr_fault+0x5a2/0xc80 [ 47.039022][ T9] exc_page_fault+0x5a/0xc0 [ 47.043874][ T9] asm_exc_page_fault+0x1e/0x30 [ 47.049631][ T9] page last free stack trace: [ 47.054376][ T9] free_unref_page_prepare+0x2b7/0x2d0 [ 47.060368][ T9] free_unref_page_list+0x12e/0x9b0 [ 47.066339][ T9] release_pages+0xe38/0xe80 [ 47.071477][ T9] free_pages_and_swap_cache+0x86/0xa0 [ 47.077938][ T9] tlb_finish_mmu+0x175/0x300 [ 47.082794][ T9] unmap_region+0x32c/0x380 [ 47.087396][ T9] __do_munmap+0x63c/0x850 [ 47.091986][ T9] __se_sys_munmap+0x127/0x1b0 [ 47.096782][ T9] __x64_sys_munmap+0x5b/0x70 [ 47.101976][ T9] do_syscall_64+0x31/0x40 [ 47.106732][ T9] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.112798][ T9] [ 47.115124][ T9] Memory state around the buggy address: [ 47.121187][ T9] ffff888121306f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.129853][ T9] ffff888121306f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.139366][ T9] >ffff888121307000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.147879][ T9] ^ [ 47.155515][ T9] ffff888121307080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.163603][ T9] ffff888121307100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.171846][ T9] ================================================================== [ 47.180338][ T9] Disabling lock debugging due to kernel taint [ 47.187559][ T9] ------------[ cut here ]------------ [ 47.193490][ T9] kernel BUG at fs/ext4/inode.c:2464! [ 47.199256][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 47.205460][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Tainted: G B syzkaller #0 [ 47.214223][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 47.224914][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 47.231031][ T9] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 47.237176][ T9] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 c7 26 94 ff <0f> 0b e8 c0 26 94 ff eb 2f e8 b9 26 94 ff eb 64 e8 b2 26 94 ff 31 [ 47.257695][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 47.264153][ T9] RAX: ffffffff81cf7ed9 RBX: 0000000000000000 RCX: ffff888100248000 [ 47.272461][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.280964][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed1024298843 [ 47.289837][ T9] R10: ffffed1024298843 R11: 1ffff11024298842 R12: dffffc0000000000 [ 47.298559][ T9] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 47.307585][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 47.317688][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.324997][ T9] CR2: 000055557b621818 CR3: 000000000620f000 CR4: 00000000003506b0 [ 47.333513][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.342039][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.350199][ T9] Call Trace: [ 47.353699][ T9] ? ext4_readpage+0x220/0x220 [ 47.358484][ T9] ? enqueue_task_fair+0xac3/0x2250 [ 47.363886][ T9] ? ext4_itable_unused_set+0x100/0x100 [ 47.369616][ T9] ? ext4_readpage+0x220/0x220 [ 47.374483][ T9] do_writepages+0x12a/0x270 [ 47.379070][ T9] ? __writepage+0x130/0x130 [ 47.383913][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 47.388937][ T9] ? __kasan_check_write+0x14/0x20 [ 47.394628][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 47.399684][ T9] __writeback_single_inode+0xd5/0xa20 [ 47.405891][ T9] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 47.412370][ T9] ? inode_add_lru+0x12f/0x190 [ 47.417474][ T9] writeback_sb_inodes+0x860/0x1400 [ 47.423576][ T9] ? __kasan_check_write+0x14/0x20 [ 47.429194][ T9] ? queue_io+0x4c0/0x4c0 [ 47.434569][ T9] ? __kasan_check_read+0x11/0x20 [ 47.439879][ T9] ? queue_io+0x385/0x4c0 [ 47.444202][ T9] wb_writeback+0x3e3/0xb90 [ 47.448714][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 47.455134][ T9] ? set_worker_desc+0x155/0x1c0 [ 47.460731][ T9] ? __kasan_check_write+0x14/0x20 [ 47.466024][ T9] wb_workfn+0x38f/0xe20 [ 47.470355][ T9] ? inode_wait_for_writeback+0x200/0x200 [ 47.476832][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 47.482157][ T9] ? finish_task_switch+0x12e/0x5a0 [ 47.487366][ T9] ? switch_mm_irqs_off+0x763/0x9a0 [ 47.492895][ T9] ? __switch_to_asm+0x34/0x60 [ 47.497667][ T9] ? __schedule+0xb4f/0x1310 [ 47.502266][ T9] ? __kasan_check_read+0x11/0x20 [ 47.507806][ T9] ? read_word_at_a_time+0x12/0x20 [ 47.513242][ T9] ? strscpy+0x9b/0x290 [ 47.517864][ T9] process_one_work+0x6e1/0xba0 [ 47.523765][ T9] worker_thread+0xa6a/0x13b0 [ 47.528564][ T9] kthread+0x346/0x3d0 [ 47.532958][ T9] ? worker_clr_flags+0x190/0x190 [ 47.538969][ T9] ? kthread_blkcg+0xd0/0xd0 [ 47.544334][ T9] ret_from_fork+0x1f/0x30 [ 47.549859][ T9] Modules linked in: [ 47.554276][ T9] ---[ end trace 57c72d7c7cb7821a ]--- [ 47.560471][ T9] RIP: 0010:ext4_writepages+0x2d49/0x2e00 [ 47.566655][ T9] Code: 08 48 89 df e8 a8 16 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 42 07 00 eb 56 e8 c7 26 94 ff <0f> 0b e8 c0 26 94 ff eb 2f e8 b9 26 94 ff eb 64 e8 b2 26 94 ff 31 [ 47.589027][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 47.596540][ T9] RAX: ffffffff81cf7ed9 RBX: 0000000000000000 RCX: ffff888100248000 [ 47.604924][ T9] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 47.613296][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed1024298843 [ 47.621660][ T9] R10: ffffed1024298843 R11: 1ffff11024298842 R12: dffffc0000000000 [ 47.631374][ T9] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b [ 47.642813][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 47.653695][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.660954][ T9] CR2: 000055557b621818 CR3: 000000000620f000 CR4: 00000000003506b0 [ 47.669229][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.678637][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.687642][ T9] Kernel panic - not syncing: Fatal exception [ 47.694542][ T9] Kernel Offset: disabled [ 47.699076][ T9] Rebooting in 86400 seconds..