./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4200477070

<...>
DUID 00:04:76:8b:f6:84:a4:3b:36:39:6c:68:e7:10:38:dd:b7:2c
forked to background, child pid 4645
[   31.953250][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.968764][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.99' (ECDSA) to the list of known hosts.
execve("./syz-executor4200477070", ["./syz-executor4200477070"], 0x7ffeb52336d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556693000
brk(0x555556693c40)                     = 0x555556693c40
arch_prctl(ARCH_SET_FS, 0x555556693300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4200477070", 4096) = 28
brk(0x5555566b4c40)                     = 0x5555566b4c40
brk(0x5555566b5000)                     = 0x5555566b5000
mprotect(0x7f4b7a9e1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4b72527000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
munmap(0x7f4b72527000, 1048576)         = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
creat("./file1", 000)                   = 4
syzkaller login: [   51.554281][ T5067] loop0: detected capacity change from 0 to 2048
[   51.585708][ T5067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.
[   51.613574][ T5067] ==================================================================
[   51.621663][ T5067] BUG: KASAN: use-after-free in ext4_find_extent+0x76e/0xd90
[   51.629041][ T5067] Read of size 4 at addr ffff888073644750 by task syz-executor420/5067
[   51.637277][ T5067] 
[   51.639614][ T5067] CPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0
[   51.648279][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.658340][ T5067] Call Trace:
[   51.661619][ T5067]  <TASK>
[   51.664542][ T5067]  dump_stack_lvl+0x1b1/0x290
[   51.669674][ T5067]  ? nf_tcp_handle_invalid+0x630/0x630
[   51.675130][ T5067]  ? __wake_up_klogd+0xcd/0x100
[   51.679981][ T5067]  ? panic+0x710/0x710
[   51.684040][ T5067]  ? _printk+0xc0/0x100
[   51.688195][ T5067]  ? _raw_spin_lock_irqsave+0x8e/0x100
[   51.693653][ T5067]  print_address_description+0x74/0x340
[   51.699202][ T5067]  print_report+0x107/0x1f0
[   51.703703][ T5067]  ? __virt_addr_valid+0x21b/0x2d0
[   51.708809][ T5067]  ? __phys_addr+0xb5/0x160
[   51.713306][ T5067]  ? ext4_find_extent+0x76e/0xd90
[   51.718336][ T5067]  kasan_report+0xcd/0x100
[   51.722750][ T5067]  ? ext4_find_extent+0x76e/0xd90
[   51.727772][ T5067]  ext4_find_extent+0x76e/0xd90
[   51.732626][ T5067]  ext4_clu_mapped+0x117/0x970
[   51.737402][ T5067]  ? ext4_es_lookup_extent+0x36c/0x720
[   51.742878][ T5067]  ? __down_read_common+0x156/0x2a0
[   51.748080][ T5067]  ext4_da_get_block_prep+0x9e8/0x13c0
[   51.753548][ T5067]  ? trace_ext4_da_release_space+0x2f0/0x2f0
[   51.759534][ T5067]  ? __lock_acquire+0x1f60/0x1f60
[   51.764574][ T5067]  ? folio_attach_private+0xd9/0x200
[   51.769859][ T5067]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.775054][ T5067]  ? xas_load+0x135/0x150
[   51.779377][ T5067]  ext4_block_write_begin+0x6a8/0x2290
[   51.784838][ T5067]  ? trace_ext4_da_release_space+0x2f0/0x2f0
[   51.790828][ T5067]  ? trace_ext4_write_begin+0x300/0x300
[   51.796366][ T5067]  ? PageHeadHuge+0x8a/0x1d0
[   51.800948][ T5067]  ext4_da_write_begin+0x539/0x760
[   51.806060][ T5067]  ? ext4_dirty_folio+0x340/0x340
[   51.811081][ T5067]  ? fault_in_iov_iter_readable+0xe6/0x2a0
[   51.816905][ T5067]  generic_perform_write+0x2e4/0x5e0
[   51.822191][ T5067]  ? ext4_da_write_begin+0x760/0x760
[   51.827555][ T5067]  ? generic_file_direct_write+0x610/0x610
[   51.833444][ T5067]  ? down_read_killable+0x80/0x80
[   51.838465][ T5067]  ? ext4_write_checks+0x254/0x2c0
[   51.843569][ T5067]  ext4_buffered_write_iter+0x122/0x3a0
[   51.849114][ T5067]  ext4_file_write_iter+0x1d0/0x18f0
[   51.854403][ T5067]  ? read_lock_is_recursive+0x10/0x10
[   51.859780][ T5067]  ? ext4_file_read_iter+0x660/0x660
[   51.865142][ T5067]  ? apparmor_file_permission+0x2da/0x310
[   51.870861][ T5067]  vfs_write+0x7dc/0xc50
[   51.875104][ T5067]  ? file_end_write+0x230/0x230
[   51.879949][ T5067]  ? ptrace_stop+0x74d/0x970
[   51.884537][ T5067]  ? _raw_spin_unlock_irq+0x2a/0x40
[   51.889821][ T5067]  ? __fdget_pos+0x252/0x2e0
[   51.894405][ T5067]  ksys_write+0x177/0x2a0
[   51.898820][ T5067]  ? __ia32_sys_read+0x80/0x80
[   51.903581][ T5067]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   51.909555][ T5067]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   51.915527][ T5067]  do_syscall_64+0x3d/0xb0
[   51.919941][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.925862][ T5067] RIP: 0033:0x7f4b7a9737b9
[   51.930267][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.949870][ T5067] RSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   51.958380][ T5067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9
[   51.966342][ T5067] RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004
[   51.974301][ T5067] RBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000
[   51.982260][ T5067] R10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0
[   51.990220][ T5067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   51.998189][ T5067]  </TASK>
[   52.001195][ T5067] 
[   52.003506][ T5067] The buggy address belongs to the physical page:
[   52.009905][ T5067] page:ffffea0001cd9100 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x73644
[   52.020042][ T5067] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   52.027143][ T5067] raw: 00fff00000000000 ffffea0001cd9148 ffffea0001cd90c8 0000000000000000
[   52.035713][ T5067] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   52.044286][ T5067] page dumped because: kasan: bad access detected
[   52.050683][ T5067] page_owner tracks the page as freed
[   52.056123][ T5067] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 12379768059, free_ts 13547634018
[   52.071041][ T5067]  split_map_pages+0x25b/0x540
[   52.075802][ T5067]  isolate_freepages_range+0x4ac/0x510
[   52.081253][ T5067]  alloc_contig_range+0x6a9/0x980
[   52.086273][ T5067]  alloc_contig_pages+0x3c8/0x4e0
[   52.091287][ T5067]  debug_vm_pgtable_alloc_huge_page+0xcd/0x120
[   52.097433][ T5067]  init_args+0xa3a/0xdc0
[   52.101688][ T5067]  debug_vm_pgtable+0x9a/0x4a0
[   52.106446][ T5067]  do_one_initcall+0x1d1/0x410
[   52.111201][ T5067]  do_initcall_level+0x168/0x220
[   52.116133][ T5067]  do_initcalls+0x43/0x90
[   52.120457][ T5067]  kernel_init_freeable+0x428/0x5e0
[   52.125644][ T5067]  kernel_init+0x19/0x2b0
[   52.129963][ T5067]  ret_from_fork+0x1f/0x30
[   52.134390][ T5067] page last free stack trace:
[   52.139058][ T5067]  free_pcp_prepare+0x751/0x780
[   52.143919][ T5067]  free_unref_page+0x19/0x4c0
[   52.148602][ T5067]  free_contig_range+0xa3/0x160
[   52.153463][ T5067]  destroy_args+0xfe/0x940
[   52.157981][ T5067]  debug_vm_pgtable+0x43d/0x4a0
[   52.162840][ T5067]  do_one_initcall+0x1d1/0x410
[   52.167605][ T5067]  do_initcall_level+0x168/0x220
[   52.172549][ T5067]  do_initcalls+0x43/0x90
[   52.176882][ T5067]  kernel_init_freeable+0x428/0x5e0
[   52.182080][ T5067]  kernel_init+0x19/0x2b0
[   52.186428][ T5067]  ret_from_fork+0x1f/0x30
[   52.190844][ T5067] 
[   52.193160][ T5067] Memory state around the buggy address:
[   52.198778][ T5067]  ffff888073644600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.206828][ T5067]  ffff888073644680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.214965][ T5067] >ffff888073644700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.223008][ T5067]                                                  ^
[   52.229666][ T5067]  ffff888073644780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.237718][ T5067]  ffff888073644800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.245850][ T5067] ==================================================================
[   52.259657][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   52.266875][ T5067] CPU: 0 PID: 5067 Comm: syz-executor420 Not tainted 6.2.0-rc1-syzkaller #0
[   52.275540][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.285587][ T5067] Call Trace:
[   52.288859][ T5067]  <TASK>
[   52.291779][ T5067]  dump_stack_lvl+0x1b1/0x290
[   52.296459][ T5067]  ? nf_tcp_handle_invalid+0x630/0x630
[   52.301915][ T5067]  ? panic+0x710/0x710
[   52.305974][ T5067]  ? lock_release+0x81/0x820
[   52.310563][ T5067]  ? vscnprintf+0x59/0x80
[   52.314893][ T5067]  panic+0x2d6/0x710
[   52.318778][ T5067]  ? check_panic_on_warn+0x1d/0xa0
[   52.323897][ T5067]  ? memcpy_page_flushcache+0x100/0x100
[   52.329446][ T5067]  ? _raw_spin_unlock_irqrestore+0x110/0x120
[   52.335431][ T5067]  ? _raw_spin_unlock+0x40/0x40
[   52.340286][ T5067]  ? print_report+0x1b4/0x1f0
[   52.344966][ T5067]  check_panic_on_warn+0x80/0xa0
[   52.349902][ T5067]  ? ext4_find_extent+0x76e/0xd90
[   52.354925][ T5067]  end_report+0x47/0x90
[   52.359077][ T5067]  kasan_report+0xda/0x100
[   52.363500][ T5067]  ? ext4_find_extent+0x76e/0xd90
[   52.368525][ T5067]  ext4_find_extent+0x76e/0xd90
[   52.373380][ T5067]  ext4_clu_mapped+0x117/0x970
[   52.378135][ T5067]  ? ext4_es_lookup_extent+0x36c/0x720
[   52.383590][ T5067]  ? __down_read_common+0x156/0x2a0
[   52.388894][ T5067]  ext4_da_get_block_prep+0x9e8/0x13c0
[   52.394355][ T5067]  ? trace_ext4_da_release_space+0x2f0/0x2f0
[   52.400332][ T5067]  ? __lock_acquire+0x1f60/0x1f60
[   52.405350][ T5067]  ? folio_attach_private+0xd9/0x200
[   52.410634][ T5067]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.415856][ T5067]  ? xas_load+0x135/0x150
[   52.420180][ T5067]  ext4_block_write_begin+0x6a8/0x2290
[   52.425638][ T5067]  ? trace_ext4_da_release_space+0x2f0/0x2f0
[   52.432076][ T5067]  ? trace_ext4_write_begin+0x300/0x300
[   52.437615][ T5067]  ? PageHeadHuge+0x8a/0x1d0
[   52.442217][ T5067]  ext4_da_write_begin+0x539/0x760
[   52.447326][ T5067]  ? ext4_dirty_folio+0x340/0x340
[   52.452344][ T5067]  ? fault_in_iov_iter_readable+0xe6/0x2a0
[   52.458155][ T5067]  generic_perform_write+0x2e4/0x5e0
[   52.463439][ T5067]  ? ext4_da_write_begin+0x760/0x760
[   52.468724][ T5067]  ? generic_file_direct_write+0x610/0x610
[   52.474524][ T5067]  ? down_read_killable+0x80/0x80
[   52.479558][ T5067]  ? ext4_write_checks+0x254/0x2c0
[   52.484680][ T5067]  ext4_buffered_write_iter+0x122/0x3a0
[   52.490224][ T5067]  ext4_file_write_iter+0x1d0/0x18f0
[   52.496480][ T5067]  ? read_lock_is_recursive+0x10/0x10
[   52.501858][ T5067]  ? ext4_file_read_iter+0x660/0x660
[   52.507137][ T5067]  ? apparmor_file_permission+0x2da/0x310
[   52.512866][ T5067]  vfs_write+0x7dc/0xc50
[   52.517199][ T5067]  ? file_end_write+0x230/0x230
[   52.522134][ T5067]  ? ptrace_stop+0x74d/0x970
[   52.526731][ T5067]  ? _raw_spin_unlock_irq+0x2a/0x40
[   52.532097][ T5067]  ? __fdget_pos+0x252/0x2e0
[   52.536685][ T5067]  ksys_write+0x177/0x2a0
[   52.541019][ T5067]  ? __ia32_sys_read+0x80/0x80
[   52.545774][ T5067]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   52.551744][ T5067]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   52.557717][ T5067]  do_syscall_64+0x3d/0xb0
[   52.562130][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.568014][ T5067] RIP: 0033:0x7f4b7a9737b9
[   52.572417][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.592025][ T5067] RSP: 002b:00007ffc5cac3668 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   52.600464][ T5067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b7a9737b9
[   52.608434][ T5067] RDX: 00000000175d9003 RSI: 0000000020000200 RDI: 0000000000000004
[   52.616600][ T5067] RBP: 00007f4b7a933050 R08: 0000000000000000 R09: 0000000000000000
[   52.624650][ T5067] R10: 000000000000079f R11: 0000000000000246 R12: 00007f4b7a9330e0
[   52.632609][ T5067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.640577][ T5067]  </TASK>
[   52.643847][ T5067] Kernel Offset: disabled
[   52.648161][ T5067] Rebooting in 86400 seconds..