program: bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x19, 0x4, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x19, 0x4, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000050000001800018014b0020073797a5f74756e000000000000f900000800050000000000140003801000038040fc01800800010031dd0000"], 0x48}}, 0x0) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000050000001800018014b0020073797a5f74756e000000000000f900000800050000000000140003801000038040fc01800800010031dd0000"], 0x48}}, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) write$9p(0xffffffffffffffff, &(0x7f0000000380)="e9", 0x1) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) (async) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000200), 0x201, 0x0) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async) r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noauto_da_alloc}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x559, &(0x7f00000005c0)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfITW+6dknarMuWznw+cMs5uTc595t7v6fn5N6QAAbWePanEPFyRHyTRByKiCRfNxz5yvG17VYfXJvJliTq9U//ShrbZfXmazWfdyCvvBQRv30VcaLQ2m51eWW+VC6ni3l9orZweaK6vHLy4kJpLp1LL01NT59+e3rqvXff6Vmsb5z75/tP7nx4+utjq9/9cu/wrSTOxMF83cY4nsD1jZXxGM/fk5E488iGkz1obDdJ+r0D7MhQnucjkfUBh2Ioz3rg/+/LiKgDAyqR/zCgmuOA5ty+R/Pg58b9D9YmQK3xD699NhJ7G3Oj/avJpplRNt8d60H7WRu//nn7VrZE7z6HANjW9RsRcWp4uLX/S/L+b+dOdbHNo23o/+DZuZONf95sN/4prI9/os3450Cb3N2J7fO/cK8HzXSUjf/eb45/N330vX7Ramwor73QGPONJBcultOsb3sxIo7HyJ6svtX1nNOrd+ud1m0c/2VLth/NsWC+H/eG92x+zmypVtpZtK3u34h4pe34N1k//kmb45+9H+e6bONoevu1Tuu2j//pqv8U8Xrb+c/DK1rJ1tcnJxrnw0TzrGj1982jv3dqv9/xZ8d//9bxjyUbr9dWH7+NH/f+m3Zatyn+6P78H00+a5RH88eulmq1xcmI0eTj1senHj63WW9un8V//NjW/V+7839fRHzeZfw3j/z8alfx9+n4zz7W8X/8wt2PvvihU/vd9X9vNUrH80e66f+63cEnee8AAAAAAABgtylExMFICsX1cqFQLK7d33Ek9hfKlWrtxIXK0qXZaHxXdixGCs0r3Yc23A8xmd8P26xPPVKfjojDEfHt0L5GvThTKc/2O3gAAAAAAAAAAAAAAAAAAADYJQ50+P5/5o+hfu8d8NT5yW8YXNvmfy9+6QnYlfz/h8El/2FwyX8YXPIfBpf8h8El/2FwyX8YXPIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeurc2bPZUl99cG0mq89eWV6ar1w5OZtW54sLSzPFmcri5eJcpTJXToszlYXtXq9cqVyenIqlqxO1tFqbqC6vnF+oLF2qnb+4UJpLz6cjEaPPJDAAAAAAAAAAAAAAAAAAAAB4jlSXV+ZL5XK6qKCwo8Lw7tgNhR4X+t0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//ZdYzKA==") (async) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noauto_da_alloc}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x559, &(0x7f00000005c0)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfITW+6dknarMuWznw+cMs5uTc595t7v6fn5N6QAAbWePanEPFyRHyTRByKiCRfNxz5yvG17VYfXJvJliTq9U//ShrbZfXmazWfdyCvvBQRv30VcaLQ2m51eWW+VC6ni3l9orZweaK6vHLy4kJpLp1LL01NT59+e3rqvXff6Vmsb5z75/tP7nx4+utjq9/9cu/wrSTOxMF83cY4nsD1jZXxGM/fk5E488iGkz1obDdJ+r0D7MhQnucjkfUBh2Ioz3rg/+/LiKgDAyqR/zCgmuOA5ty+R/Pg58b9D9YmQK3xD699NhJ7G3Oj/avJpplRNt8d60H7WRu//nn7VrZE7z6HANjW9RsRcWp4uLX/S/L+b+dOdbHNo23o/+DZuZONf95sN/4prI9/os3450Cb3N2J7fO/cK8HzXSUjf/eb45/N330vX7Ramwor73QGPONJBcultOsb3sxIo7HyJ6svtX1nNOrd+ud1m0c/2VLth/NsWC+H/eG92x+zmypVtpZtK3u34h4pe34N1k//kmb45+9H+e6bONoevu1Tuu2j//pqv8U8Xrb+c/DK1rJ1tcnJxrnw0TzrGj1982jv3dqv9/xZ8d//9bxjyUbr9dWH7+NH/f+m3Zatyn+6P78H00+a5RH88eulmq1xcmI0eTj1senHj63WW9un8V//NjW/V+7839fRHzeZfw3j/z8alfx9+n4zz7W8X/8wt2PvvihU/vd9X9vNUrH80e66f+63cEnee8AAAAAAABgtylExMFICsX1cqFQLK7d33Ek9hfKlWrtxIXK0qXZaHxXdixGCs0r3Yc23A8xmd8P26xPPVKfjojDEfHt0L5GvThTKc/2O3gAAAAAAAAAAAAAAAAAAADYJQ50+P5/5o+hfu8d8NT5yW8YXNvmfy9+6QnYlfz/h8El/2FwyX8YXPIfBpf8h8El/2FwyX8YXPIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeurc2bPZUl99cG0mq89eWV6ar1w5OZtW54sLSzPFmcri5eJcpTJXToszlYXtXq9cqVyenIqlqxO1tFqbqC6vnF+oLF2qnb+4UJpLz6cjEaPPJDAAAAAAAAAAAAAAAAAAAAB4jlSXV+ZL5XK6qKCwo8Lw7tgNhR4X+t0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//ZdYzKA==") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8000c61) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xfecc) (async) pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000000180)=ANY=[@ANYRESHEX=r2], 0x841, 0x0) (async) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000000180)=ANY=[@ANYRESHEX=r2], 0x841, 0x0) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000080)=0xfaeb) ioctl$CDROM_LOCKDOOR(r2, 0x5329, 0x2000) ioctl$CDROMEJECT(0xffffffffffffffff, 0x5309) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_expedited', 0x200402, 0x11d) write$cgroup_int(r5, &(0x7f0000000000)=0xb00, 0x12) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0x1b, @void}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="013bde0111000000000000800803", @ANYRES32=r9, @ANYBLOB="040046000500340076000000080026006c09000028005180240000800400060005000200030000001100010040fd2cad9ee68885bce3d1518e000000"], 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x4804) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfe, 0x7fff0000}]}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02000000090000000000000000000000010001000000000003000000000000000200000000000000000000000000000002000100000000000000000000000000030015"], 0x48}, 0x1, 0x7}, 0x0) socket$inet(0x2, 0x3, 0x6) [ 177.350198][ T45] Bluetooth: hci0: command tx timeout [ 177.404837][ T5347] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 177.409585][ T5346] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'. [ 177.471331][ T5348] loop0: detected capacity change from 0 to 1024 [ 177.527019][ T5348] ======================================================= [ 177.527019][ T5348] WARNING: The mand mount option has been deprecated and [ 177.527019][ T5348] and is ignored by this kernel. Remove the mand [ 177.527019][ T5348] option from the mount to silence this warning. [ 177.527019][ T5348] ======================================================= [ 177.547546][ T5348] EXT4-fs: Ignoring removed oldalloc option [ 177.550187][ T5348] EXT4-fs: Ignoring removed orlov option [ 177.555537][ T5348] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 177.575801][ T5348] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.607235][ T5346] ================================================================== [ 177.611235][ T5346] BUG: KASAN: use-after-free in ext4_find_extent+0xaea/0xcc0 [ 177.615065][ T5346] Read of size 4 at addr ffff888055d1552c by task syz.0.0/5346 [ 177.618680][ T5346] [ 177.619845][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 177.619861][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.619889][ T5346] Call Trace: [ 177.619899][ T5346] [ 177.619905][ T5346] dump_stack_lvl+0xe8/0x150 [ 177.619924][ T5346] print_report+0xba/0x230 [ 177.619938][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.619950][ T5346] kasan_report+0x117/0x150 [ 177.619964][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.619976][ T5346] ext4_find_extent+0xaea/0xcc0 [ 177.619989][ T5346] ext4_ext_map_blocks+0x283/0x58b0 [ 177.620001][ T5346] ? kernel_text_address+0xa5/0xe0 [ 177.620015][ T5346] ? check_path+0x21/0x40 [ 177.620032][ T5346] ? lockdep_unlock+0x5d/0xd0 [ 177.620042][ T5346] ? __lock_acquire+0x146e/0x2cf0 [ 177.620064][ T5346] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 177.620082][ T5346] ext4_map_create_blocks+0x11d/0x540 [ 177.620101][ T5346] ext4_map_blocks+0x7cd/0x11d0 [ 177.620116][ T5346] ? __pfx_ext4_map_blocks+0x10/0x10 [ 177.620132][ T5346] ? ext4_inode_journal_mode+0x193/0x470 [ 177.620143][ T5346] ext4_do_writepages+0x22c0/0x46e0 [ 177.620160][ T5346] ? unwind_get_return_address+0x4d/0x90 [ 177.620181][ T5346] ? __pfx_ext4_do_writepages+0x10/0x10 [ 177.620196][ T5346] ? add_lock_to_list+0xc7/0x100 [ 177.620210][ T5346] ? lockdep_unlock+0x5d/0xd0 [ 177.620220][ T5346] ? __lock_acquire+0x146e/0x2cf0 [ 177.620241][ T5346] ext4_writepages+0x241/0x3b0 [ 177.620254][ T5346] ? __pfx_ext4_writepages+0x10/0x10 [ 177.620268][ T5346] ? __pfx_ext4_writepages+0x10/0x10 [ 177.620280][ T5346] do_writepages+0x32e/0x550 [ 177.620295][ T5346] ? do_raw_spin_unlock+0x4d/0x210 [ 177.620305][ T5346] filemap_write_and_wait_range+0x335/0x3f0 [ 177.620323][ T5346] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 177.620345][ T5346] ? down_read+0x272/0x2e0 [ 177.620419][ T5346] ext4_bmap+0x1ce/0x260 [ 177.620432][ T5346] ? __pfx_ext4_bmap+0x10/0x10 [ 177.620443][ T5346] bmap+0xac/0xe0 [ 177.620459][ T5346] file_ioctl+0x4ac/0x860 [ 177.620470][ T5346] ? __pfx_file_ioctl+0x10/0x10 [ 177.620482][ T5346] ? kasan_quarantine_put+0xbb/0x1f0 [ 177.620500][ T5346] ? tomoyo_path_number_perm+0x219/0x630 [ 177.620549][ T5346] ? tomoyo_path_number_perm+0x219/0x630 [ 177.620565][ T5346] do_vfs_ioctl+0xc26/0x1530 [ 177.620575][ T5346] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 177.620587][ T5346] ? do_futex+0x333/0x420 [ 177.620606][ T5346] ? __fget_files+0x2a/0x420 [ 177.620621][ T5346] ? __fget_files+0x2a/0x420 [ 177.620633][ T5346] ? __fget_files+0x3a0/0x420 [ 177.620644][ T5346] ? __fget_files+0x2a/0x420 [ 177.620657][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 177.620670][ T5346] __se_sys_ioctl+0x82/0x170 [ 177.620682][ T5346] do_syscall_64+0x14d/0xf80 [ 177.620698][ T5346] ? trace_irq_disable+0x3b/0x150 [ 177.620712][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.620722][ T5346] ? clear_bhb_loop+0x40/0x90 [ 177.620732][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.620742][ T5346] RIP: 0033:0x7f13de59c799 [ 177.620755][ T5346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.620764][ T5346] RSP: 002b:00007f13df3a7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.620779][ T5346] RAX: ffffffffffffffda RBX: 00007f13de815fa0 RCX: 00007f13de59c799 [ 177.620787][ T5346] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000006 [ 177.620793][ T5346] RBP: 00007f13de632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 177.620799][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.620805][ T5346] R13: 00007f13de816038 R14: 00007f13de815fa0 R15: 00007ffe2ce0c3a8 [ 177.620816][ T5346] [ 177.620820][ T5346] [ 177.802721][ T5346] The buggy address belongs to the physical page: [ 177.806817][ T5346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55d15 [ 177.810716][ T5346] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 177.814105][ T5346] raw: 04fff00000000000 ffffea0001574588 ffffea0001574508 0000000000000000 [ 177.818198][ T5346] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 177.822562][ T5346] page dumped because: kasan: bad access detected [ 177.826141][ T5346] page_owner info is not present (never set?) [ 177.829189][ T5346] [ 177.830268][ T5346] Memory state around the buggy address: [ 177.832712][ T5346] ffff888055d15400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 177.836361][ T5346] ffff888055d15480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 177.840461][ T5346] >ffff888055d15500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 177.844395][ T5346] ^ [ 177.846913][ T5346] ffff888055d15580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 177.850279][ T5346] ffff888055d15600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 177.854095][ T5346] ================================================================== [ 177.879763][ T5346] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 177.884519][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 177.889044][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.893669][ T5346] Call Trace: [ 177.895264][ T5346] [ 177.896620][ T5346] vpanic+0x56c/0xa60 [ 177.898550][ T5346] ? __pfx_vpanic+0x10/0x10 [ 177.900973][ T5346] panic+0xc5/0xd0 [ 177.903126][ T5346] ? __pfx_panic+0x10/0x10 [ 177.905549][ T5346] ? preempt_schedule_thunk+0x16/0x30 [ 177.908070][ T5346] ? preempt_schedule_thunk+0x16/0x30 [ 177.910489][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.912807][ T5346] check_panic_on_warn+0x89/0xb0 [ 177.915025][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.917454][ T5346] end_report+0x73/0x180 [ 177.919449][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.922118][ T5346] kasan_report+0x128/0x150 [ 177.924484][ T5346] ? ext4_find_extent+0xaea/0xcc0 [ 177.926934][ T5346] ext4_find_extent+0xaea/0xcc0 [ 177.929242][ T5346] ext4_ext_map_blocks+0x283/0x58b0 [ 177.931669][ T5346] ? kernel_text_address+0xa5/0xe0 [ 177.934050][ T5346] ? check_path+0x21/0x40 [ 177.936425][ T5346] ? lockdep_unlock+0x5d/0xd0 [ 177.938819][ T5346] ? __lock_acquire+0x146e/0x2cf0 [ 177.941056][ T5346] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 177.943809][ T5346] ext4_map_create_blocks+0x11d/0x540 [ 177.946606][ T5346] ext4_map_blocks+0x7cd/0x11d0 [ 177.949164][ T5346] ? __pfx_ext4_map_blocks+0x10/0x10 [ 177.951995][ T5346] ? ext4_inode_journal_mode+0x193/0x470 [ 177.954621][ T5346] ext4_do_writepages+0x22c0/0x46e0 [ 177.957041][ T5346] ? unwind_get_return_address+0x4d/0x90 [ 177.960045][ T5346] ? __pfx_ext4_do_writepages+0x10/0x10 [ 177.963076][ T5346] ? add_lock_to_list+0xc7/0x100 [ 177.965834][ T5346] ? lockdep_unlock+0x5d/0xd0 [ 177.968121][ T5346] ? __lock_acquire+0x146e/0x2cf0 [ 177.970302][ T5346] ext4_writepages+0x241/0x3b0 [ 177.972418][ T5346] ? __pfx_ext4_writepages+0x10/0x10 [ 177.974633][ T5346] ? __pfx_ext4_writepages+0x10/0x10 [ 177.977600][ T5346] do_writepages+0x32e/0x550 [ 177.980011][ T5346] ? do_raw_spin_unlock+0x4d/0x210 [ 177.982426][ T5346] filemap_write_and_wait_range+0x335/0x3f0 [ 177.985258][ T5346] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 177.988729][ T5346] ? down_read+0x272/0x2e0 [ 177.991350][ T5346] ext4_bmap+0x1ce/0x260 [ 177.993458][ T5346] ? __pfx_ext4_bmap+0x10/0x10 [ 177.995780][ T5346] bmap+0xac/0xe0 [ 177.997548][ T5346] file_ioctl+0x4ac/0x860 [ 178.000018][ T5346] ? __pfx_file_ioctl+0x10/0x10 [ 178.002970][ T5346] ? kasan_quarantine_put+0xbb/0x1f0 [ 178.005979][ T5346] ? tomoyo_path_number_perm+0x219/0x630 [ 178.008357][ T5346] ? tomoyo_path_number_perm+0x219/0x630 [ 178.010549][ T5346] do_vfs_ioctl+0xc26/0x1530 [ 178.012641][ T5346] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 178.015042][ T5346] ? do_futex+0x333/0x420 [ 178.017596][ T5346] ? __fget_files+0x2a/0x420 [ 178.020458][ T5346] ? __fget_files+0x2a/0x420 [ 178.023282][ T5346] ? __fget_files+0x3a0/0x420 [ 178.025732][ T5346] ? __fget_files+0x2a/0x420 [ 178.028181][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 178.030507][ T5346] __se_sys_ioctl+0x82/0x170 [ 178.032846][ T5346] do_syscall_64+0x14d/0xf80 [ 178.035478][ T5346] ? trace_irq_disable+0x3b/0x150 [ 178.038216][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.041207][ T5346] ? clear_bhb_loop+0x40/0x90 [ 178.043355][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.046067][ T5346] RIP: 0033:0x7f13de59c799 [ 178.048131][ T5346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.058338][ T5346] RSP: 002b:00007f13df3a7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.062122][ T5346] RAX: ffffffffffffffda RBX: 00007f13de815fa0 RCX: 00007f13de59c799 [ 178.065674][ T5346] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000006 [ 178.070066][ T5346] RBP: 00007f13de632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 178.073724][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.077457][ T5346] R13: 00007f13de816038 R14: 00007f13de815fa0 R15: 00007ffe2ce0c3a8 [ 178.081224][ T5346] [ 178.083311][ T5346] Kernel Offset: disabled [ 178.085335][ T5346] Rebooting in 86400 seconds..