Warning: Permanently added '10.128.0.96' (ED25519) to the list of known hosts. 2026/02/03 05:54:02 parsed 1 programs [ 24.793662][ T24] audit: type=1400 audit(1770098042.229:64): avc: denied { node_bind } for pid=275 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 24.816337][ T24] audit: type=1400 audit(1770098042.229:65): avc: denied { create } for pid=275 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 24.837795][ T24] audit: type=1400 audit(1770098042.229:66): avc: denied { module_request } for pid=275 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 25.418872][ T24] audit: type=1400 audit(1770098042.859:67): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.419962][ T281] cgroup: Unknown subsys name 'net' [ 25.443895][ T24] audit: type=1400 audit(1770098042.859:68): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.473687][ T24] audit: type=1400 audit(1770098042.889:69): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.473903][ T281] cgroup: Unknown subsys name 'devices' [ 25.678772][ T281] cgroup: Unknown subsys name 'hugetlb' [ 25.684774][ T281] cgroup: Unknown subsys name 'rlimit' [ 25.857643][ T24] audit: type=1400 audit(1770098043.299:70): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.881168][ T24] audit: type=1400 audit(1770098043.299:71): avc: denied { create } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.886586][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.902769][ T24] audit: type=1400 audit(1770098043.299:72): avc: denied { write } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.933223][ T24] audit: type=1400 audit(1770098043.299:73): avc: denied { read } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.965752][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.353404][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 26.364454][ T287] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 26.498410][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.506486][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.515006][ T296] device bridge_slave_0 entered promiscuous mode [ 26.523537][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.532137][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.540181][ T296] device bridge_slave_1 entered promiscuous mode [ 26.571138][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.578708][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.586604][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.593650][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.609993][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.617789][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.625466][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.633533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.643426][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.652085][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.659375][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.669454][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.678390][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.685728][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.697005][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.707850][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.721794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.733210][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.741443][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.749856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.759348][ T296] device veth0_vlan entered promiscuous mode [ 26.769613][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.778939][ T296] device veth1_macvtap entered promiscuous mode [ 26.788284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.798610][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2026/02/03 05:54:04 executed programs: 0 [ 27.425246][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.433107][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.441473][ T350] device bridge_slave_0 entered promiscuous mode [ 27.451010][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.458335][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.465596][ T350] device bridge_slave_1 entered promiscuous mode [ 27.501648][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.509442][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.517896][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.525228][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.542915][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.551200][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.559674][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.571506][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.580112][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.588603][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.595786][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.607138][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.615464][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.624544][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.632542][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.641422][ T7] device bridge_slave_1 left promiscuous mode [ 27.648587][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.656316][ T7] device bridge_slave_0 left promiscuous mode [ 27.662586][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.670846][ T7] device veth1_macvtap left promiscuous mode [ 27.677523][ T7] device veth0_vlan left promiscuous mode [ 27.772590][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.781020][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.790377][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.798830][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.812225][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.820960][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.832156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.841013][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.849878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.857952][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.866290][ T350] device veth0_vlan entered promiscuous mode [ 27.875797][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.884304][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.893775][ T350] device veth1_macvtap entered promiscuous mode [ 27.903301][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.911287][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.920396][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.929782][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.939157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.978549][ T354] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 27.987924][ T354] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.021863][ T297] EXT4-fs error (device loop2): ext4_map_blocks:740: inode #18: block 281474976710655: comm kworker/u4:3: lblock 0 mapped to illegal pblock 281474976710655 (length 16) [ 28.040372][ T297] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 16 with error 117 [ 28.053431][ T297] EXT4-fs (loop2): This should not happen!! Data will be lost [ 28.053431][ T297] [ 28.063863][ T297] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:3: Invalid inode table block 16740231806456662231 in block_group 0 [ 28.158328][ T370] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 28.167990][ T370] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.196496][ T297] ================================================================== [ 28.204688][ T297] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 28.212480][ T297] Read of size 4 at addr ffff88812bc96f50 by task kworker/u4:3/297 [ 28.220691][ T297] [ 28.223006][ T297] CPU: 1 PID: 297 Comm: kworker/u4:3 Not tainted syzkaller #0 [ 28.231040][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 28.241621][ T297] Workqueue: writeback wb_workfn (flush-7:2) [ 28.248124][ T297] Call Trace: [ 28.251572][ T297] __dump_stack+0x21/0x24 [ 28.255980][ T297] dump_stack_lvl+0x1a7/0x208 [ 28.260981][ T297] ? show_regs_print_info+0x18/0x18 [ 28.267136][ T297] ? thaw_kernel_threads+0x220/0x220 [ 28.272578][ T297] print_address_description+0x7f/0x2c0 [ 28.278382][ T297] ? ext4_find_extent+0xbeb/0xe20 [ 28.283685][ T297] kasan_report+0xe2/0x130 [ 28.288166][ T297] ? __read_extent_tree_block+0x1e8/0x790 [ 28.293859][ T297] ? ext4_find_extent+0xbeb/0xe20 [ 28.299160][ T297] __asan_report_load4_noabort+0x14/0x20 [ 28.305733][ T297] ext4_find_extent+0xbeb/0xe20 [ 28.310743][ T297] ext4_ext_map_blocks+0x20b/0x5dd0 [ 28.316098][ T297] ? __kasan_slab_alloc+0xcf/0xf0 [ 28.321365][ T297] ? __kasan_slab_alloc+0xbd/0xf0 [ 28.326851][ T297] ? slab_post_alloc_hook+0x5d/0x2f0 [ 28.332373][ T297] ? kmem_cache_alloc+0x162/0x2d0 [ 28.337384][ T297] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 28.342743][ T297] ? ext4_writepages+0x1057/0x2eb0 [ 28.348020][ T297] ? do_writepages+0x128/0x280 [ 28.353330][ T297] ? __writeback_single_inode+0xd5/0xa20 [ 28.359277][ T297] ? writeback_sb_inodes+0x8ca/0x1480 [ 28.364739][ T297] ? worker_thread+0xa6a/0x13c0 [ 28.369774][ T297] ? kthread+0x346/0x3d0 [ 28.374001][ T297] ? ret_from_fork+0x1f/0x30 [ 28.378683][ T297] ? ext4_ext_release+0x10/0x10 [ 28.383702][ T297] ? ext4_es_lookup_extent+0x54c/0x900 [ 28.389404][ T297] ext4_map_blocks+0x985/0x1bd0 [ 28.394515][ T297] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 28.399866][ T297] ? ext4_inode_journal_mode+0x19a/0x480 [ 28.405703][ T297] ext4_writepages+0x136a/0x2eb0 [ 28.411413][ T297] ? ext4_readpage+0x220/0x220 [ 28.416245][ T297] ? enqueue_task_fair+0xaf6/0x2250 [ 28.421592][ T297] ? sched_group_set_shares+0x490/0x490 [ 28.427460][ T297] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 28.433628][ T297] ? ext4_readpage+0x220/0x220 [ 28.438856][ T297] do_writepages+0x128/0x280 [ 28.443701][ T297] ? __writepage+0x130/0x130 [ 28.448276][ T297] ? __kasan_check_write+0x14/0x20 [ 28.453477][ T297] ? __kasan_check_write+0x14/0x20 [ 28.459263][ T297] ? _raw_spin_lock+0x94/0xf0 [ 28.464023][ T297] __writeback_single_inode+0xd5/0xa20 [ 28.469461][ T297] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 28.475801][ T297] writeback_sb_inodes+0x8ca/0x1480 [ 28.481072][ T297] ? __kasan_check_write+0x14/0x20 [ 28.486422][ T297] ? queue_io+0x4c0/0x4c0 [ 28.491388][ T297] ? __kasan_check_read+0x11/0x20 [ 28.496724][ T297] ? queue_io+0x385/0x4c0 [ 28.501378][ T297] wb_writeback+0x403/0xbe0 [ 28.505880][ T297] ? wb_io_lists_depopulated+0x180/0x180 [ 28.511675][ T297] ? set_worker_desc+0x1ba/0x1f0 [ 28.516683][ T297] ? update_load_avg+0x4dc/0x14f0 [ 28.522387][ T297] ? __kasan_check_write+0x14/0x20 [ 28.527879][ T297] wb_workfn+0x3ac/0xf30 [ 28.532558][ T297] ? inode_wait_for_writeback+0x220/0x220 [ 28.538842][ T297] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.544834][ T297] ? finish_task_switch+0x12e/0x5a0 [ 28.550530][ T297] ? switch_mm_irqs_off+0x34d/0x990 [ 28.556094][ T297] ? __switch_to_asm+0x34/0x60 [ 28.561100][ T297] ? __kasan_check_read+0x11/0x20 [ 28.566206][ T297] ? read_word_at_a_time+0x12/0x20 [ 28.571603][ T297] ? strscpy+0x9b/0x290 [ 28.576195][ T297] process_one_work+0x6e1/0xba0 [ 28.581292][ T297] worker_thread+0xa6a/0x13c0 [ 28.586211][ T297] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 28.591907][ T297] ? __kasan_check_read+0x11/0x20 [ 28.597089][ T297] kthread+0x346/0x3d0 [ 28.601140][ T297] ? worker_clr_flags+0x190/0x190 [ 28.606496][ T297] ? kthread_blkcg+0xd0/0xd0 [ 28.611358][ T297] ret_from_fork+0x1f/0x30 [ 28.615951][ T297] [ 28.618438][ T297] The buggy address belongs to the page: [ 28.624053][ T297] page:ffffea0004af2580 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12bc96 [ 28.635105][ T297] flags: 0x4000000000000000() [ 28.640121][ T297] raw: 4000000000000000 ffffea0004af25c8 ffffea0004af2548 0000000000000000 [ 28.648861][ T297] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 28.657691][ T297] page dumped because: kasan: bad access detected [ 28.664352][ T297] page_owner tracks the page as freed [ 28.669908][ T297] page last allocated via order 0, migratetype Movable, gfp_mask 0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), pid 354, ts 28001022734, free_ts 28084250954 [ 28.685775][ T297] prep_new_page+0x179/0x180 [ 28.690603][ T297] get_page_from_freelist+0x223b/0x23d0 [ 28.696292][ T297] __alloc_pages_nodemask+0x290/0x620 [ 28.701761][ T297] pagecache_get_page+0x63e/0x930 [ 28.707212][ T297] grab_cache_page_write_begin+0x59/0xb0 [ 28.712990][ T297] ext4_write_begin+0x2a8/0x1690 [ 28.717900][ T297] ext4_da_write_begin+0x478/0xf10 [ 28.723547][ T297] generic_perform_write+0x2ce/0x540 [ 28.729071][ T297] ext4_buffered_write_iter+0x4b8/0x640 [ 28.734870][ T297] ext4_file_write_iter+0x53f/0x1980 [ 28.741537][ T297] vfs_write+0x758/0xdc0 [ 28.745856][ T297] ksys_write+0x149/0x250 [ 28.750363][ T297] __x64_sys_write+0x7b/0x90 [ 28.755114][ T297] do_syscall_64+0x31/0x40 [ 28.760065][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.766076][ T297] page last free stack trace: [ 28.771100][ T297] free_unref_page_prepare+0x2b7/0x2d0 [ 28.776713][ T297] free_unref_page_list+0x129/0x9c0 [ 28.782171][ T297] release_pages+0xe52/0xea0 [ 28.786734][ T297] __pagevec_release+0x71/0xe0 [ 28.791646][ T297] truncate_inode_pages_range+0x819/0x16d0 [ 28.797600][ T297] truncate_inode_pages_final+0xc0/0xd0 [ 28.803567][ T297] ext4_evict_inode+0x640/0x1770 [ 28.808718][ T297] evict+0x4ae/0x930 [ 28.812764][ T297] evict_inodes+0x5dc/0x650 [ 28.817331][ T297] generic_shutdown_super+0x96/0x320 [ 28.822681][ T297] kill_block_super+0x7f/0xf0 [ 28.827429][ T297] deactivate_locked_super+0xa0/0x100 [ 28.833161][ T297] deactivate_super+0xaf/0xe0 [ 28.838093][ T297] cleanup_mnt+0x45b/0x510 [ 28.843281][ T297] __cleanup_mnt+0x19/0x20 [ 28.847852][ T297] task_work_run+0x127/0x190 [ 28.852759][ T297] [ 28.855073][ T297] Memory state around the buggy address: [ 28.860850][ T297] ffff88812bc96e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.869500][ T297] ffff88812bc96e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.877627][ T297] >ffff88812bc96f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.886046][ T297] ^ [ 28.892867][ T297] ffff88812bc96f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.901238][ T297] ffff88812bc97000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.909788][ T297] ================================================================== [ 28.918165][ T297] Disabling lock debugging due to kernel taint [ 28.926862][ T297] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:3: Invalid inode table block 18310078930516251043 in block_group 0 [ 29.089100][ T374] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 29.098636][ T374] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.126712][ T49] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:2: Invalid inode table block 16509881045324128655 in block_group 0 [ 29.354933][ T378] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 29.364942][ T378] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.395570][ T49] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:2: Invalid inode table block 1399513068577849688 in block_group 0 [ 29.578164][ T382] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 29.588288][ T382] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.620413][ T297] EXT4-fs error (device loop2): __ext4_get_inode_loc:4444: comm kworker/u4:3: Invalid inode table block 16651951035986877644 in block_group 0 [ 29.858564][ T386] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 29.868905][ T386] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.897536][ T7] ------------[ cut here ]------------ [ 29.903465][ T7] kernel BUG at fs/ext4/extents.c:3181! [ 29.909385][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 29.915800][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B syzkaller #0 [ 29.924733][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 29.935225][ T7] Workqueue: writeback wb_workfn (flush-7:2) [ 29.941291][ T7] RIP: 0010:ext4_split_extent_at+0xe65/0xe90 [ 29.947433][ T7] Code: b1 cf d2 ff e9 f1 fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c fe fb ff ff 48 89 df e8 75 cf d2 ff e9 f1 fb ff ff e8 0b 52 98 ff <0f> 0b e8 04 52 98 ff 0f 0b e8 fd 51 98 ff 0f 0b e8 f6 51 98 ff 0f [ 29.967544][ T7] RSP: 0018:ffffc90000076b20 EFLAGS: 00010293 [ 29.973781][ T7] RAX: ffffffff81cc63c5 RBX: 1ffff11024c49a47 RCX: ffff88810024bb40 [ 29.982256][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.990471][ T7] RBP: ffffc90000076c98 R08: 0000000000000010 R09: 000000000000043b [ 29.998637][ T7] R10: dffffc0000000000 R11: ffffed102246948a R12: 0000000000000010 [ 30.006774][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.015361][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.025105][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.031978][ T7] CR2: 00007f9d782e4000 CR3: 000000012811b000 CR4: 00000000003506b0 [ 30.040230][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.048533][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.057118][ T7] Call Trace: [ 30.060488][ T7] ? ext4_ext_try_to_merge_right+0x820/0x820 [ 30.066799][ T7] ext4_split_extent+0x363/0x4c0 [ 30.071894][ T7] ext4_ext_map_blocks+0x1084/0x5dd0 [ 30.077334][ T7] ? __kasan_slab_alloc+0xcf/0xf0 [ 30.082528][ T7] ? __kasan_slab_alloc+0xbd/0xf0 [ 30.087976][ T7] ? slab_post_alloc_hook+0x5d/0x2f0 [ 30.093580][ T7] ? kmem_cache_alloc+0x162/0x2d0 [ 30.098872][ T7] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 30.104508][ T7] ? ext4_writepages+0x1057/0x2eb0 [ 30.109963][ T7] ? do_writepages+0x128/0x280 [ 30.114889][ T7] ? __writeback_single_inode+0xd5/0xa20 [ 30.121211][ T7] ? writeback_sb_inodes+0x8ca/0x1480 [ 30.126769][ T7] ? worker_thread+0xa6a/0x13c0 [ 30.131768][ T7] ? kthread+0x346/0x3d0 [ 30.135999][ T7] ? ret_from_fork+0x1f/0x30 [ 30.140844][ T7] ? ext4_ext_release+0x10/0x10 [ 30.146250][ T7] ? ext4_es_lookup_extent+0x54c/0x900 [ 30.152223][ T7] ext4_map_blocks+0x985/0x1bd0 [ 30.157228][ T7] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 30.162734][ T7] ? ext4_inode_journal_mode+0x19a/0x480 [ 30.168439][ T7] ext4_writepages+0x136a/0x2eb0 [ 30.173365][ T7] ? ext4_readpage+0x220/0x220 [ 30.178395][ T7] ? enqueue_task_fair+0xaf6/0x2250 [ 30.183769][ T7] ? sched_group_set_shares+0x490/0x490 [ 30.189942][ T7] ? ext4_readpage+0x220/0x220 [ 30.195217][ T7] do_writepages+0x128/0x280 [ 30.199958][ T7] ? sched_clock+0x3a/0x40 [ 30.204702][ T7] ? __writepage+0x130/0x130 [ 30.209360][ T7] ? __kasan_check_write+0x14/0x20 [ 30.214977][ T7] ? __kasan_check_write+0x14/0x20 [ 30.220064][ T7] ? _raw_spin_lock+0x94/0xf0 [ 30.224734][ T7] __writeback_single_inode+0xd5/0xa20 [ 30.230183][ T7] ? wbc_attach_and_unlock_inode+0x171/0x590 [ 30.236322][ T7] writeback_sb_inodes+0x8ca/0x1480 [ 30.242091][ T7] ? queue_io+0x4c0/0x4c0 [ 30.246757][ T7] ? __kasan_check_read+0x11/0x20 [ 30.252136][ T7] ? queue_io+0x385/0x4c0 [ 30.256437][ T7] wb_writeback+0x403/0xbe0 [ 30.261186][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 30.267686][ T7] ? set_worker_desc+0x1ba/0x1f0 [ 30.273062][ T7] ? __kasan_check_write+0x14/0x20 [ 30.278520][ T7] wb_workfn+0x3ac/0xf30 [ 30.283272][ T7] ? inode_wait_for_writeback+0x220/0x220 [ 30.289537][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.294804][ T7] ? finish_task_switch+0x12e/0x5a0 [ 30.300189][ T7] ? switch_mm_irqs_off+0x75f/0x990 [ 30.305570][ T7] ? __switch_to_asm+0x34/0x60 [ 30.310598][ T7] ? __kasan_check_read+0x11/0x20 [ 30.315605][ T7] ? read_word_at_a_time+0x12/0x20 [ 30.320693][ T7] ? strscpy+0x9b/0x290 [ 30.325276][ T7] process_one_work+0x6e1/0xba0 [ 30.330310][ T7] worker_thread+0xa6a/0x13c0 [ 30.335142][ T7] kthread+0x346/0x3d0 [ 30.339374][ T7] ? worker_clr_flags+0x190/0x190 [ 30.344996][ T7] ? kthread_blkcg+0xd0/0xd0 [ 30.349657][ T7] ret_from_fork+0x1f/0x30 [ 30.354241][ T7] Modules linked in: [ 30.361053][ T7] ---[ end trace 549ce374c1978765 ]--- [ 30.366909][ T7] RIP: 0010:ext4_split_extent_at+0xe65/0xe90 [ 30.373709][ T7] Code: b1 cf d2 ff e9 f1 fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c fe fb ff ff 48 89 df e8 75 cf d2 ff e9 f1 fb ff ff e8 0b 52 98 ff <0f> 0b e8 04 52 98 ff 0f 0b e8 fd 51 98 ff 0f 0b e8 f6 51 98 ff 0f [ 30.394485][ T7] RSP: 0018:ffffc90000076b20 EFLAGS: 00010293 [ 30.400741][ T7] RAX: ffffffff81cc63c5 RBX: 1ffff11024c49a47 RCX: ffff88810024bb40 [ 30.409241][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.418237][ T7] RBP: ffffc90000076c98 R08: 0000000000000010 R09: 000000000000043b [ 30.426413][ T7] R10: dffffc0000000000 R11: ffffed102246948a R12: 0000000000000010 [ 30.434573][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.443091][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 30.452385][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.459323][ T7] CR2: 00007f9d782e5000 CR3: 000000000640f000 CR4: 00000000003506a0 [ 30.467470][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.475600][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.484039][ T7] Kernel panic - not syncing: Fatal exception [ 30.491241][ T7] Kernel Offset: disabled [ 30.495813][ T7] Rebooting in 86400 seconds..