program: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r1, &(0x7f0000000f00)={@val={0x0, 0x800}, @val={0x1, 0x5, 0x4, 0x3, 0x61c, 0x6}, @mpls={[], @ipv6=@tcp={0x9, 0x6, "9a7691", 0x161, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, {[@fragment={0x87, 0x0, 0x6, 0x0, 0x0, 0x10, 0x68}, @routing={0x32, 0x0, 0x2, 0x8}, @hopopts={0x0, 0x0, '\x00', [@ra={0x5, 0x2, 0xc}]}, @dstopts={0x16, 0x8, '\x00', [@hao={0xc9, 0x10, @private1}, @enc_lim={0x4, 0x1, 0x4}, @calipso={0x7, 0x18, {0x2, 0x4, 0x5, 0x9, [0xf, 0x4]}}, @calipso={0x7, 0x10, {0x1, 0x2, 0x5, 0xe, [0xe]}}]}, @dstopts={0x3b, 0x4, '\x00', [@calipso={0x7, 0x20, {0x1, 0x6, 0x5, 0x1, [0x5, 0x80, 0x8f88]}}]}], {{0x4e23, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x10, 0x4, 0x0, 0x8, {[@generic={0x0, 0xd, "01017d3c04bbf038f498a5"}]}}, {"a9cb222e6b67b6a733749bbf8227be9c23afb74f124a2c82d202ca6b6c941bcb08acdaafb30cb240794b15ad99747ac2148fd288aa7abbe5c6b513d1221564a7a514ac57ab3e1e7532657a88700690ad31034fb56ae626de625a478e954589c938d6adf727a4ec697eac9596412eb8200ffb7aa7acf4761933e014b56f03c5dc6580e631649f27e45ba904e8236f85a5e14c22c862e4469c18fcebdd2a"}}}}}}, 0x197) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) getpid() syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noauto_da_alloc}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x559, &(0x7f00000005c0)="$eJzs3d9rW1UcAPDvTX/sp66DMVRECntwMpeurT8m+DAfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EN/13cfhP+BfMdDBkFH0wZfITW+6dknarMuWznw+cMs5uTc595t7v6fn5N6QAAbWePanEPFyRHyTRByKiCRfNxz5yvG17VYfXJvJliTq9U//ShrbZfXmazWfdyCvvBQRv30VcaLQ2m51eWW+VC6ni3l9orZweaK6vHLy4kJpLp1LL01NT59+e3rqvXff6Vmsb5z75/tP7nx4+utjq9/9cu/wrSTOxMF83cY4nsD1jZXxGM/fk5E488iGkz1obDdJ+r0D7MhQnucjkfUBh2Ioz3rg/+/LiKgDAyqR/zCgmuOA5ty+R/Pg58b9D9YmQK3xD699NhJ7G3Oj/avJpplRNt8d60H7WRu//nn7VrZE7z6HANjW9RsRcWp4uLX/S/L+b+dOdbHNo23o/+DZuZONf95sN/4prI9/os3450Cb3N2J7fO/cK8HzXSUjf/eb45/N330vX7Ramwor73QGPONJBcultOsb3sxIo7HyJ6svtX1nNOrd+ud1m0c/2VLth/NsWC+H/eG92x+zmypVtpZtK3u34h4pe34N1k//kmb45+9H+e6bONoevu1Tuu2j//pqv8U8Xrb+c/DK1rJ1tcnJxrnw0TzrGj1982jv3dqv9/xZ8d//9bxjyUbr9dWH7+NH/f+m3Zatyn+6P78H00+a5RH88eulmq1xcmI0eTj1senHj63WW9un8V//NjW/V+7839fRHzeZfw3j/z8alfx9+n4zz7W8X/8wt2PvvihU/vd9X9vNUrH80e66f+63cEnee8AAAAAAABgtylExMFICsX1cqFQLK7d33Ek9hfKlWrtxIXK0qXZaHxXdixGCs0r3Yc23A8xmd8P26xPPVKfjojDEfHt0L5GvThTKc/2O3gAAAAAAAAAAAAAAAAAAADYJQ50+P5/5o+hfu8d8NT5yW8YXNvmfy9+6QnYlfz/h8El/2FwyX8YXPIfBpf8h8El/2FwyX8YXPIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeurc2bPZUl99cG0mq89eWV6ar1w5OZtW54sLSzPFmcri5eJcpTJXToszlYXtXq9cqVyenIqlqxO1tFqbqC6vnF+oLF2qnb+4UJpLz6cjEaPPJDAAAAAAAAAAAAAAAAAAAAB4jlSXV+ZL5XK6qKCwo8Lw7tgNhR4X+t0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//ZdYzKA==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8000c61) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000001040)=ANY=[], 0x841, 0x0) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000080)=0xfaeb) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$nci(r2, &(0x7f0000000b40)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x1, 0x2, 0x2, 0x2, {0x0, 0x45, "df2594c1f208a86de2ff3c9566cb009bb1544086ebcb00ca46f836d6e0c8da2afb3064a571fb10a3da50d6a66daa7e739e720c02c7278d131622bfecd11ced70ead257c2ea"}}, 0x4a) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r8) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r9, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)=0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) ioctl$KVM_GET_STATS_FD_cpu(r13, 0xaece) syz_mount_image$vfat(&(0x7f0000000600), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000bc0)={[{@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@shortname_lower}, {@uni_xlate}, {@shortname_mixed}, {@utf8}, {@uni_xlate}, {@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp775'}}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@shortname_win95}, {@fat=@flush}, {@shortname_winnt}, {@shortname_win95}, {@nonumtail}, {@iocharset={'iocharset', 0x3d, 'cp852'}}], [{@subj_role={'subj_role', 0x3d, 'uid'}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@obj_user={'obj_user', 0x3d, 'cp865'}}, {@euid_lt}, {@uid_gt={'uid>', 0xffffffffffffffff}}, {@audit}, {@subj_role={'subj_role', 0x3d, 'ext4\x00'}}, {@fsname={'fsname', 0x3d, 'cp865'}}, {@uid_eq}]}, 0x1, 0x222, &(0x7f00000002c0)="$eJzs2j+LXFUcBuDfXVcSN2xmxX8kIB60UJtLZmqLLJKAOKBoRoiC5Ma9o8NcZ5a5w8KImK209SNYi6WdIClttvETWNhts2UK8cpmopsNIxLC7oB5nmZeOPNyz+VcDqc4+298+/mwX+f9YhorWRYrl2M37mSxESvxt914/dXrv7z4/vUP397sdq+8l9LVzWvtTkrp/Es/f/TlDy/fnp774MfzP52JvY2P9w86v+89v3dh/89rnw3qNKjTaDxNRbo5Hk+Lm1WZtgb1ME/p3aos6jINRnU5OTber8bb27NUjLbW17YnZV2nYjRLw3KWpuM0ncxS8WkxGKU8z9P6WvAoet/faZo4aJ68EU3TPPVdnLsd679FK7KnU/bM5ey5G9kLu9mFg6ZpLXuqnAjr/3i7b1M/G1F9s9Pb6c1/5+Ob/RhEFWVcilb8EYefyT3zfPWt7pVL6a6N+Lq6da9/a6f3xPF+O1qxsbjfnvfT8f6ZWLu/34lWPLu431nYPxuvvXLUbw6n8+snMY4qtuKwe9T/qp3Sm+90H+hfvPs/AID/mzz9Y+H5Lc//bXzef4jz4QPnq9W4uLrcdyeinn0xLKqqnJx4WDvFZwmC8Ghh2TsTp+Fo0Zc9EwAAAAAAAAAAAB7Gyd4iXHWzDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+E9/BQAA//8uMNVd") sendmsg$NFC_CMD_ENABLE_SE(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00012cbd7000fddbdf251100070008000100", @ANYRESOCT=r5, @ANYBLOB="08001500c000000008000100", @ANYRES8=r1, @ANYBLOB="08001500c0000900"/20, @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="900759d1e182081b9fbf69157f496a7a85dd11c3e800e9b5947af3010ee387c8d530631ebb69441d6791fd0d9c84c5d6aae4fe29aa14bb62b844410b663c0a1b49a85816ddfc0086541de61f1d714b1de20aacbf3e42670d1e134f231364a4686bd0da1522b36627d0ec9e235be47cb43393697db7ac15cf7038c3204ab3208beda5cfff68f9d447ebec9cb4cf47c52afde4"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) [ 120.043044][ T4666] Bluetooth: hci0: command tx timeout [ 120.013143][ T5333] loop0: detected capacity change from 0 to 1024 [ 120.031508][ T5333] ======================================================= [ 120.031508][ T5333] WARNING: The mand mount option has been deprecated and [ 120.031508][ T5333] and is ignored by this kernel. Remove the mand [ 120.031508][ T5333] option from the mount to silence this warning. [ 120.031508][ T5333] ======================================================= [ 120.048403][ T5333] EXT4-fs: Ignoring removed oldalloc option [ 120.051216][ T5333] EXT4-fs: Ignoring removed orlov option [ 120.068721][ T4666] Bluetooth: hci0: command tx timeout [ 120.163819][ T5333] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 120.216393][ T5333] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.266173][ T5333] ================================================================== [ 120.269880][ T5333] BUG: KASAN: use-after-free in ext4_find_extent+0xaea/0xcc0 [ 120.274128][ T5333] Read of size 4 at addr ffff88801fd57338 by task syz.0.0/5333 [ 120.278460][ T5333] [ 120.279631][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 120.279651][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.279662][ T5333] Call Trace: [ 120.279670][ T5333] [ 120.279678][ T5333] dump_stack_lvl+0xe8/0x150 [ 120.279704][ T5333] print_report+0xba/0x230 [ 120.279718][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.279735][ T5333] kasan_report+0x117/0x150 [ 120.279777][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.279791][ T5333] ext4_find_extent+0xaea/0xcc0 [ 120.279803][ T5333] ext4_ext_map_blocks+0x283/0x58b0 [ 120.279815][ T5333] ? kernel_text_address+0xa5/0xe0 [ 120.279852][ T5333] ? check_path+0x21/0x40 [ 120.279873][ T5333] ? lockdep_unlock+0x5d/0xd0 [ 120.279887][ T5333] ? __lock_acquire+0x146e/0x2cf0 [ 120.279903][ T5333] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 120.279918][ T5333] ext4_map_create_blocks+0x11d/0x540 [ 120.279934][ T5333] ext4_map_blocks+0x7cd/0x11d0 [ 120.279950][ T5333] ? __pfx_ext4_map_blocks+0x10/0x10 [ 120.279966][ T5333] ? ext4_inode_journal_mode+0x193/0x470 [ 120.279978][ T5333] ext4_do_writepages+0x22c0/0x46e0 [ 120.279998][ T5333] ? unwind_get_return_address+0x4d/0x90 [ 120.280022][ T5333] ? __pfx_ext4_do_writepages+0x10/0x10 [ 120.280037][ T5333] ? add_lock_to_list+0xc7/0x100 [ 120.280053][ T5333] ? lockdep_unlock+0x5d/0xd0 [ 120.280065][ T5333] ? __lock_acquire+0x146e/0x2cf0 [ 120.280095][ T5333] ext4_writepages+0x241/0x3b0 [ 120.280111][ T5333] ? __pfx_ext4_writepages+0x10/0x10 [ 120.280131][ T5333] ? __pfx_ext4_writepages+0x10/0x10 [ 120.280146][ T5333] do_writepages+0x32e/0x550 [ 120.280164][ T5333] ? do_raw_spin_unlock+0x4d/0x210 [ 120.280176][ T5333] filemap_write_and_wait_range+0x335/0x3f0 [ 120.280188][ T5333] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 120.280207][ T5333] ? down_read+0x272/0x2e0 [ 120.280297][ T5333] ext4_bmap+0x1ce/0x260 [ 120.280307][ T5333] ? __pfx_ext4_bmap+0x10/0x10 [ 120.280316][ T5333] bmap+0xac/0xe0 [ 120.280331][ T5333] file_ioctl+0x4ac/0x860 [ 120.280342][ T5333] ? __pfx_file_ioctl+0x10/0x10 [ 120.280350][ T5333] ? kasan_quarantine_put+0xbb/0x1f0 [ 120.280362][ T5333] ? tomoyo_path_number_perm+0x219/0x630 [ 120.280458][ T5333] ? tomoyo_path_number_perm+0x219/0x630 [ 120.280473][ T5333] do_vfs_ioctl+0xc26/0x1530 [ 120.280485][ T5333] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 120.280499][ T5333] ? do_futex+0x395/0x420 [ 120.280518][ T5333] ? __fget_files+0x2a/0x420 [ 120.280531][ T5333] ? __fget_files+0x2a/0x420 [ 120.280544][ T5333] ? __fget_files+0x3a0/0x420 [ 120.280557][ T5333] ? __fget_files+0x2a/0x420 [ 120.280571][ T5333] ? bpf_lsm_file_ioctl+0x9/0x20 [ 120.280585][ T5333] __se_sys_ioctl+0x82/0x170 [ 120.280597][ T5333] do_syscall_64+0x14d/0xf80 [ 120.280610][ T5333] ? trace_irq_disable+0x3b/0x150 [ 120.280622][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.280634][ T5333] ? clear_bhb_loop+0x40/0x90 [ 120.280648][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.280660][ T5333] RIP: 0033:0x7f4b9bb9c819 [ 120.280673][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.280684][ T5333] RSP: 002b:00007f4b9cb3ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.280699][ T5333] RAX: ffffffffffffffda RBX: 00007f4b9be15fa0 RCX: 00007f4b9bb9c819 [ 120.280708][ T5333] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000006 [ 120.280717][ T5333] RBP: 00007f4b9bc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 120.280724][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.280732][ T5333] R13: 00007f4b9be16038 R14: 00007f4b9be15fa0 R15: 00007ffc7d4804b8 [ 120.280745][ T5333] [ 120.280750][ T5333] [ 120.453897][ T5333] The buggy address belongs to the physical page: [ 120.456834][ T5333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7fe1d9b15 pfn:0x1fd57 [ 120.461460][ T5333] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 120.464815][ T5333] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 120.468672][ T5333] raw: 00000007fe1d9b15 0000000000000000 00000000ffffffff 0000000000000000 [ 120.473261][ T5333] page dumped because: kasan: bad access detected [ 120.476258][ T5333] page_owner tracks the page as freed [ 120.478636][ T5333] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4720, tgid 4720 (udevd), ts 31944249648, free_ts 71430416307 [ 120.487283][ T5333] post_alloc_hook+0x231/0x280 [ 120.489467][ T5333] get_page_from_freelist+0x24dc/0x2580 [ 120.491938][ T5333] __alloc_frozen_pages_noprof+0x18d/0x380 [ 120.494588][ T5333] alloc_pages_mpol+0x232/0x4a0 [ 120.496882][ T5333] vma_alloc_folio_noprof+0xea/0x210 [ 120.499497][ T5333] do_wp_page+0x1204/0x5a00 [ 120.501945][ T5333] handle_mm_fault+0x1520/0x3310 [ 120.504365][ T5333] do_user_addr_fault+0xa73/0x1340 [ 120.506755][ T5333] exc_page_fault+0x6a/0xc0 [ 120.508782][ T5333] asm_exc_page_fault+0x26/0x30 [ 120.511147][ T5333] page last free pid 4720 tgid 4720 stack trace: [ 120.514605][ T5333] free_unref_folios+0xed5/0x16d0 [ 120.516996][ T5333] folios_put_refs+0x789/0x8d0 [ 120.519159][ T5333] free_pages_and_swap_cache+0x2e7/0x5b0 [ 120.521690][ T5333] tlb_flush_mmu+0x6d3/0xa30 [ 120.524113][ T5333] tlb_finish_mmu+0xf9/0x230 [ 120.526664][ T5333] exit_mmap+0x498/0xa10 [ 120.528748][ T5333] __mmput+0x118/0x430 [ 120.530608][ T5333] exit_mm+0x168/0x220 [ 120.532436][ T5333] do_exit+0x6a2/0x23c0 [ 120.534479][ T5333] do_group_exit+0x21b/0x2d0 [ 120.537099][ T5333] __x64_sys_exit_group+0x3f/0x40 [ 120.539677][ T5333] x64_sys_call+0x221a/0x2240 [ 120.541832][ T5333] do_syscall_64+0x14d/0xf80 [ 120.543892][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.547041][ T5333] [ 120.548570][ T5333] Memory state around the buggy address: [ 120.551768][ T5333] ffff88801fd57200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.555398][ T5333] ffff88801fd57280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.558945][ T5333] >ffff88801fd57300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.562430][ T5333] ^ [ 120.565123][ T5333] ffff88801fd57380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.569307][ T5333] ffff88801fd57400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.572889][ T5333] ================================================================== [ 120.597570][ T5333] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.600595][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 120.604509][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.609739][ T5333] Call Trace: [ 120.611415][ T5333] [ 120.612817][ T5333] vpanic+0x56c/0xa60 [ 120.614666][ T5333] ? __pfx_vpanic+0x10/0x10 [ 120.616742][ T5333] panic+0xc5/0xd0 [ 120.618467][ T5333] ? __pfx_panic+0x10/0x10 [ 120.620685][ T5333] ? preempt_schedule_thunk+0x16/0x30 [ 120.623370][ T5333] ? preempt_schedule_thunk+0x16/0x30 [ 120.625903][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.628090][ T5333] check_panic_on_warn+0x89/0xb0 [ 120.630029][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.632190][ T5333] end_report+0x73/0x180 [ 120.634063][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.636388][ T5333] kasan_report+0x128/0x150 [ 120.639110][ T5333] ? ext4_find_extent+0xaea/0xcc0 [ 120.642079][ T5333] ext4_find_extent+0xaea/0xcc0 [ 120.644444][ T5333] ext4_ext_map_blocks+0x283/0x58b0 [ 120.646776][ T5333] ? kernel_text_address+0xa5/0xe0 [ 120.649028][ T5333] ? check_path+0x21/0x40 [ 120.650919][ T5333] ? lockdep_unlock+0x5d/0xd0 [ 120.652956][ T5333] ? __lock_acquire+0x146e/0x2cf0 [ 120.655617][ T5333] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 120.659001][ T5333] ext4_map_create_blocks+0x11d/0x540 [ 120.661739][ T5333] ext4_map_blocks+0x7cd/0x11d0 [ 120.663972][ T5333] ? __pfx_ext4_map_blocks+0x10/0x10 [ 120.666288][ T5333] ? ext4_inode_journal_mode+0x193/0x470 [ 120.668861][ T5333] ext4_do_writepages+0x22c0/0x46e0 [ 120.671265][ T5333] ? unwind_get_return_address+0x4d/0x90 [ 120.674000][ T5333] ? __pfx_ext4_do_writepages+0x10/0x10 [ 120.677131][ T5333] ? add_lock_to_list+0xc7/0x100 [ 120.679654][ T5333] ? lockdep_unlock+0x5d/0xd0 [ 120.681899][ T5333] ? __lock_acquire+0x146e/0x2cf0 [ 120.684215][ T5333] ext4_writepages+0x241/0x3b0 [ 120.686585][ T5333] ? __pfx_ext4_writepages+0x10/0x10 [ 120.689441][ T5333] ? __pfx_ext4_writepages+0x10/0x10 [ 120.692153][ T5333] do_writepages+0x32e/0x550 [ 120.694201][ T5333] ? do_raw_spin_unlock+0x4d/0x210 [ 120.696446][ T5333] filemap_write_and_wait_range+0x335/0x3f0 [ 120.699204][ T5333] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 120.703160][ T5333] ? down_read+0x272/0x2e0 [ 120.705457][ T5333] ext4_bmap+0x1ce/0x260 [ 120.707473][ T5333] ? __pfx_ext4_bmap+0x10/0x10 [ 120.709588][ T5333] bmap+0xac/0xe0 [ 120.711250][ T5333] file_ioctl+0x4ac/0x860 [ 120.713281][ T5333] ? __pfx_file_ioctl+0x10/0x10 [ 120.715932][ T5333] ? kasan_quarantine_put+0xbb/0x1f0 [ 120.719130][ T5333] ? tomoyo_path_number_perm+0x219/0x630 [ 120.721912][ T5333] ? tomoyo_path_number_perm+0x219/0x630 [ 120.724466][ T5333] do_vfs_ioctl+0xc26/0x1530 [ 120.726407][ T5333] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 120.728644][ T5333] ? do_futex+0x395/0x420 [ 120.730586][ T5333] ? __fget_files+0x2a/0x420 [ 120.732847][ T5333] ? __fget_files+0x2a/0x420 [ 120.735625][ T5333] ? __fget_files+0x3a0/0x420 [ 120.738701][ T5333] ? __fget_files+0x2a/0x420 [ 120.741587][ T5333] ? bpf_lsm_file_ioctl+0x9/0x20 [ 120.744384][ T5333] __se_sys_ioctl+0x82/0x170 [ 120.747094][ T5333] do_syscall_64+0x14d/0xf80 [ 120.749844][ T5333] ? trace_irq_disable+0x3b/0x150 [ 120.753044][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.755933][ T5333] ? clear_bhb_loop+0x40/0x90 [ 120.758159][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.761114][ T5333] RIP: 0033:0x7f4b9bb9c819 [ 120.763367][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.772099][ T5333] RSP: 002b:00007f4b9cb3ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.776297][ T5333] RAX: ffffffffffffffda RBX: 00007f4b9be15fa0 RCX: 00007f4b9bb9c819 [ 120.779954][ T5333] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000006 [ 120.783592][ T5333] RBP: 00007f4b9bc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 120.787580][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.792631][ T5333] R13: 00007f4b9be16038 R14: 00007f4b9be15fa0 R15: 00007ffc7d4804b8 [ 120.796009][ T5333] [ 120.797770][ T5333] Kernel Offset: disabled [ 120.799815][ T5333] Rebooting in 86400 seconds..