program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000080)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0040ce91bae94d6591ac6d0100000000000000b5384050da"], 0x1, 0xd99, &(0x7f0000000e80)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240), 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="2b735d77dff255d15bb7d9c11c74207a1de98e39b2a671595de8d51e46bf2ddf745ece3635d113c129fa1e719af5da2f2e06c0c5549e832700026c83a88eeeb2a6c6efe9172b01cbb9d132e73ecd7da7fd2fab28b740b9b656eb6c3ab845e1711986551fa54469d727f455aba923807f8c7b07fd4c1acc3649b05ce7c46dbc431915eb67473c7bbcf503cc02f404c6a72b4732de3ff1174877ef994e4eb78f24fe12b51ee4168158ca64b5418190699d63b1f4"], 0x8) io_uring_setup(0x5451, &(0x7f0000000180)={0x0, 0x4b1f, 0x800, 0x2, 0x309}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xfecc) iopl(0x5) setxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8, 0x2) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000001040)=ANY=[], 0x841, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$FUSE_WRITE(r5, &(0x7f00000000c0)={0x18}, 0xfffffdef) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}}, 0x4000000) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0xd}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}}, 0x20004000) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000180)={'tunl0\x00', r9, 0x0, 0x8, 0x2, 0x6, {{0x5, 0x4, 0x2, 0x2f, 0x14, 0x68, 0x0, 0xdc, 0x2d, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x26}}}}}) [ 85.049555][ T4672] Bluetooth: hci0: command tx timeout [ 85.115886][ T5334] loop0: detected capacity change from 0 to 1024 [ 85.130415][ T5334] ======================================================= [ 85.130415][ T5334] WARNING: The mand mount option has been deprecated and [ 85.130415][ T5334] and is ignored by this kernel. Remove the mand [ 85.130415][ T5334] option from the mount to silence this warning. [ 85.130415][ T5334] ======================================================= [ 85.170302][ T5334] EXT4-fs: Ignoring removed oldalloc option [ 85.173048][ T5334] EXT4-fs: Ignoring removed orlov option [ 85.186218][ T5334] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 85.217168][ T5334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.422181][ T5334] ================================================================== [ 85.425549][ T5334] BUG: KASAN: use-after-free in ext4_find_extent+0xae6/0xcc0 [ 85.428696][ T5334] Read of size 4 at addr ffff888052a412e4 by task syz.0.0/5334 [ 85.431892][ T5334] [ 85.432932][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.432947][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.432954][ T5334] Call Trace: [ 85.432960][ T5334] [ 85.432966][ T5334] dump_stack_lvl+0x189/0x250 [ 85.432986][ T5334] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.433002][ T5334] ? rcu_is_watching+0x15/0xb0 [ 85.433016][ T5334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.433028][ T5334] ? rcu_is_watching+0x15/0xb0 [ 85.433040][ T5334] ? lock_release+0x4b/0x3e0 [ 85.433050][ T5334] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 85.433108][ T5334] ? __virt_addr_valid+0x1c8/0x5c0 [ 85.433124][ T5334] ? __virt_addr_valid+0x4a5/0x5c0 [ 85.433157][ T5334] print_report+0xca/0x240 [ 85.433172][ T5334] ? ext4_find_extent+0xae6/0xcc0 [ 85.433182][ T5334] kasan_report+0x118/0x150 [ 85.433199][ T5334] ? ext4_find_extent+0xae6/0xcc0 [ 85.433212][ T5334] ext4_find_extent+0xae6/0xcc0 [ 85.433224][ T5334] ext4_ext_map_blocks+0x288/0x6ac0 [ 85.433241][ T5334] ? __lock_acquire+0xab9/0xd20 [ 85.433255][ T5334] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 85.433271][ T5334] ? ext4_es_lookup_extent+0x622/0xa70 [ 85.433286][ T5334] ext4_map_blocks+0x860/0x1740 [ 85.433311][ T5334] ? __pfx_ext4_map_blocks+0x10/0x10 [ 85.433326][ T5334] ? __pfx_hlock_conflict+0x10/0x10 [ 85.433340][ T5334] ? check_path+0x21/0x40 [ 85.433356][ T5334] _ext4_get_block+0x200/0x4c0 [ 85.433371][ T5334] ? __pfx__ext4_get_block+0x10/0x10 [ 85.433388][ T5334] ext4_get_block_unwritten+0x2e/0x100 [ 85.433404][ T5334] ext4_block_write_begin+0x993/0x1710 [ 85.433422][ T5334] ? __pfx_ext4_get_block_unwritten+0x10/0x10 [ 85.433434][ T5334] ? __pfx_ext4_block_write_begin+0x10/0x10 [ 85.433449][ T5334] ? folio_mapping+0x16f/0x1f0 [ 85.433459][ T5334] ? ext4_inode_journal_mode+0x18c/0x480 [ 85.433476][ T5334] ext4_write_begin+0xc04/0x19a0 [ 85.433495][ T5334] ? __pfx_ext4_write_begin+0x10/0x10 [ 85.433509][ T5334] ext4_da_write_begin+0x445/0xda0 [ 85.433552][ T5334] ? __pfx___might_resched+0x10/0x10 [ 85.433566][ T5334] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 85.433582][ T5334] generic_perform_write+0x2c5/0x900 [ 85.433599][ T5334] ? __pfx_generic_perform_write+0x10/0x10 [ 85.433609][ T5334] ? file_modified_flags+0x4bb/0x560 [ 85.433623][ T5334] ? ext4_write_checks+0x24b/0x2c0 [ 85.433639][ T5334] ext4_buffered_write_iter+0xce/0x3a0 [ 85.433654][ T5334] ext4_file_write_iter+0x298/0x1bc0 [ 85.433673][ T5334] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.433692][ T5334] vfs_write+0x5c9/0xb30 [ 85.433707][ T5334] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.433722][ T5334] ? __pfx_vfs_write+0x10/0x10 [ 85.433736][ T5334] ? __fget_files+0x2a/0x420 [ 85.433752][ T5334] ksys_write+0x145/0x250 [ 85.433765][ T5334] ? __pfx_ksys_write+0x10/0x10 [ 85.433778][ T5334] ? do_syscall_64+0xbe/0xfa0 [ 85.433794][ T5334] do_syscall_64+0xfa/0xfa0 [ 85.433808][ T5334] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.433821][ T5334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.433831][ T5334] ? clear_bhb_loop+0x60/0xb0 [ 85.433843][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.433853][ T5334] RIP: 0033:0x7f16edd8f7c9 [ 85.433865][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.433874][ T5334] RSP: 002b:00007f16eeb40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.433886][ T5334] RAX: ffffffffffffffda RBX: 00007f16edfe5fa0 RCX: 00007f16edd8f7c9 [ 85.433895][ T5334] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 000000000000000a [ 85.433902][ T5334] RBP: 00007f16ede13f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.433909][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.433916][ T5334] R13: 00007f16edfe6038 R14: 00007f16edfe5fa0 R15: 00007ffe7cc33e78 [ 85.433929][ T5334] [ 85.433934][ T5334] [ 85.596952][ T5334] The buggy address belongs to the physical page: [ 85.599765][ T5334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52a41 [ 85.603550][ T5334] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 85.606693][ T5334] raw: 04fff00000000000 ffffea00014a9088 ffffea00014a9008 0000000000000000 [ 85.610369][ T5334] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 85.614110][ T5334] page dumped because: kasan: bad access detected [ 85.616811][ T5334] page_owner info is not present (never set?) [ 85.619481][ T5334] [ 85.620591][ T5334] Memory state around the buggy address: [ 85.623080][ T5334] ffff888052a41180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.626553][ T5334] ffff888052a41200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.629995][ T5334] >ffff888052a41280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.633480][ T5334] ^ [ 85.636613][ T5334] ffff888052a41300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.639948][ T5334] ffff888052a41380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 85.643258][ T5334] ================================================================== [ 85.659448][ T5335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.672824][ T5334] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.675862][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.679423][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.683577][ T5334] Call Trace: [ 85.684953][ T5334] [ 85.686285][ T5334] dump_stack_lvl+0x99/0x250 [ 85.688320][ T5334] ? __asan_memcpy+0x40/0x70 [ 85.690412][ T5334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.692711][ T5334] ? __pfx__printk+0x10/0x10 [ 85.694705][ T5334] vpanic+0x237/0x6d0 [ 85.696408][ T5334] ? __pfx_vpanic+0x10/0x10 [ 85.698368][ T5334] ? preempt_schedule+0xae/0xc0 [ 85.700529][ T5334] ? __pfx_preempt_schedule+0x10/0x10 [ 85.702935][ T5334] panic+0xb9/0xc0 [ 85.704592][ T5334] ? __pfx_panic+0x10/0x10 [ 85.706414][ T5334] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 85.708751][ T5334] ? is_module_address+0x17/0xf0 [ 85.710770][ T5334] ? ext4_find_extent+0xae6/0xcc0 [ 85.712769][ T5334] check_panic_on_warn+0x89/0xb0 [ 85.714777][ T5334] ? ext4_find_extent+0xae6/0xcc0 [ 85.717016][ T5334] end_report+0x78/0x160 [ 85.718865][ T5334] kasan_report+0x129/0x150 [ 85.720856][ T5334] ? ext4_find_extent+0xae6/0xcc0 [ 85.723031][ T5334] ext4_find_extent+0xae6/0xcc0 [ 85.725082][ T5334] ext4_ext_map_blocks+0x288/0x6ac0 [ 85.727289][ T5334] ? __lock_acquire+0xab9/0xd20 [ 85.729335][ T5334] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 85.731745][ T5334] ? ext4_es_lookup_extent+0x622/0xa70 [ 85.734199][ T5334] ext4_map_blocks+0x860/0x1740 [ 85.736376][ T5334] ? __pfx_ext4_map_blocks+0x10/0x10 [ 85.738716][ T5334] ? __pfx_hlock_conflict+0x10/0x10 [ 85.740992][ T5334] ? check_path+0x21/0x40 [ 85.742936][ T5334] _ext4_get_block+0x200/0x4c0 [ 85.745060][ T5334] ? __pfx__ext4_get_block+0x10/0x10 [ 85.747398][ T5334] ext4_get_block_unwritten+0x2e/0x100 [ 85.749872][ T5334] ext4_block_write_begin+0x993/0x1710 [ 85.752277][ T5334] ? __pfx_ext4_get_block_unwritten+0x10/0x10 [ 85.754888][ T5334] ? __pfx_ext4_block_write_begin+0x10/0x10 [ 85.757366][ T5334] ? folio_mapping+0x16f/0x1f0 [ 85.759471][ T5334] ? ext4_inode_journal_mode+0x18c/0x480 [ 85.761863][ T5334] ext4_write_begin+0xc04/0x19a0 [ 85.763905][ T5334] ? __pfx_ext4_write_begin+0x10/0x10 [ 85.766211][ T5334] ext4_da_write_begin+0x445/0xda0 [ 85.768387][ T5334] ? __pfx___might_resched+0x10/0x10 [ 85.770686][ T5334] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 85.773043][ T5334] generic_perform_write+0x2c5/0x900 [ 85.775330][ T5334] ? __pfx_generic_perform_write+0x10/0x10 [ 85.777925][ T5334] ? file_modified_flags+0x4bb/0x560 [ 85.780257][ T5334] ? ext4_write_checks+0x24b/0x2c0 [ 85.782449][ T5334] ext4_buffered_write_iter+0xce/0x3a0 [ 85.784761][ T5334] ext4_file_write_iter+0x298/0x1bc0 [ 85.787042][ T5334] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.789544][ T5334] vfs_write+0x5c9/0xb30 [ 85.791340][ T5334] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 85.793617][ T5334] ? __pfx_vfs_write+0x10/0x10 [ 85.795564][ T5334] ? __fget_files+0x2a/0x420 [ 85.797551][ T5334] ksys_write+0x145/0x250 [ 85.799440][ T5334] ? __pfx_ksys_write+0x10/0x10 [ 85.801573][ T5334] ? do_syscall_64+0xbe/0xfa0 [ 85.803644][ T5334] do_syscall_64+0xfa/0xfa0 [ 85.805713][ T5334] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.807912][ T5334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.810625][ T5334] ? clear_bhb_loop+0x60/0xb0 [ 85.812678][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.815270][ T5334] RIP: 0033:0x7f16edd8f7c9 [ 85.817188][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.825547][ T5334] RSP: 002b:00007f16eeb40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.829034][ T5334] RAX: ffffffffffffffda RBX: 00007f16edfe5fa0 RCX: 00007f16edd8f7c9 [ 85.832460][ T5334] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 000000000000000a [ 85.835929][ T5334] RBP: 00007f16ede13f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.839351][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.842741][ T5334] R13: 00007f16edfe6038 R14: 00007f16edfe5fa0 R15: 00007ffe7cc33e78 [ 85.846111][ T5334] [ 85.847813][ T5334] Kernel Offset: disabled [ 85.849806][ T5334] Rebooting in 86400 seconds..