program: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000240)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noauto_da_alloc}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001040)="3c56a9", 0x3}], 0x1}}], 0x1, 0x4800) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="50484f4e454f55540a4d4f4e49544f52202753796e7468272030303030303030303030303030303030303030320a53594e544820274d6173746572204361707475726527203030303030303030303030306b4b8ca79db17ef90a564d495820274361707475726520566f6c756d65272030303030303030303030303030303030303030300a4d4f4e49544f520a"], 0xc1) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x3, &(0x7f0000000080)={[{@nogrpid}, {@noload}, {@noblock_validity}]}, 0x1, 0x612, &(0x7f0000000740)="$eJzs3c1vFOUfAPDvbLfvv58txKh4kCbGQKK0tIIhxkS4E4IvN71UWghSKKE1WiSxJHgxGi8eTDx5EP8KlcSr/4AHL54MCTGGgxgia2Y7U7Yvu3Tb7k7pfj7J0HnpzvMd6Jfvs0+f2QmgY42kf5Qi9kXE5SRiqOZYObKDI0vfd/eva2fSJYlK5a0/k7j2SbJYe64k+7one/G/Q5GkL9878cOaducWrl6YnJmZvpJtj81fvDw2t3D10PmLk+emz01fmnhl4tjRI0ePjR/e+vVlTt54/8Ohz069890395Px7387lcTxeNC1dCy9rtWv7d1Sy2nbI1FZcq92f/r3emyL594p/h7Kf05y/ZGUCwuHJp3Nfh67I+LpGIqumn/Nofj0jUKDA1qqkkReo4COk2wq//u2PxCgzfJ+QP7efr33wWuVWtwrAdrhzomlAYCl3O+OiDz/y9nYWV91bGDgbrJinCeJiK2NzC1J2/jl51M30iXqjMMBrbF4vTcbt19d/5Nqbg5HX3Vr4G5pRf6XapZ0/5ubbH9k1bb8h/ZZvB4Rz2T1vyeayv+Rmvx/b5Pty38AAAAAAADYPrdORMRL683/Ky3P/+lZZ/7PYEQc34b2H/37v9LtbCXZhuaAGndORLy27vzf5Tm+w13Z1v+r8wG6k7PnZ6YPR8QTEXEwunvT7fFV562dIXzoi71f12u/dv5fuqTt53MBszPdLq+6EXdqcn5yq9cNRNy5HvFsdf7v/mzPyvk/af1P1qn/aX5f3mAbe1+4ebresUfnP9AqlW8jDqxb/x92t5PGn88xVu0PjOW9gtzDHsBzH3/5Y7325T8UJ63/A43zvzep/byeuebO3xMRLy+UK/WOb7b/35O83ZWfP/XR5Pz8lfGInuTk2v0TzcUMu1WeD3m+pPl/8PnG43/L/f+aPOyPiMXVJ68zQvfUg8Hf68Wj/kNx0vyfalz/h1fW/+ZXJm4O/1Sv/dMbqv9HqjX9YLbH+B/UWvt5HBtN0ELCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHXCki/hdJaXR5vVQaHY0YjIgnY6A0Mzs3/+LZ2Q8uTaXHqs//L+VP+h1a2k7y5/8P12xPrNzuT9vaExFfdfVXj4+emZ2ZKvriAQAAAAAAAAAAAAAAAAAAYIcYrN7zX+ldff9/6o+uoqMDWq6cfZXv0Hmy/P/83aZfWend/miAdioXHQBQmI3nf3dL4wDar37+37tfqWprOEAb6f9D59pk/vt1AewC6j90qg2O6fW1Og6gCOo/AAAAAADsKnv23/o1iYjFV/urS6onO2ayP+xupaIDAApjDi90rvJs0REARfEeH0iW1/5Z92b/+rP/k9YEBAAAAAAAAAAAAACscWCf+/+hUzW+/9/cftjNGtz/X03+8oa/HXjc1H/0h9oPu12D9/ge+AUd4lHV3v3/AAAAAAAAAAAAALAD9F29MDkzM31lbuHxW3l9Z4TR3Mri5I4IY6sr/RGxvOdBa9rqjojir7SIlfwjOAoMo+D/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGX/BQAA///uyiaG") openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x400, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$key(0xf, 0x3, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/image_size', 0x200080, 0x10) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r6], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) r7 = dup3(r4, r3, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="ea96356df80a85e077473a5732f427cb3e17b03dd65fc10b08e9e39ab16a71750127befc7a9726612190779d6bc54c815cf8d71d9154aa27547fb77331c77392ad46dbc72f8beed192facaa1141d40bd250b94fe21d6784f1f6eb1f5e978a207899ddec2ae5c4b06bccaeb0345df4a027ecfb4e8b01a83e42871564a1269aaac677951d62ff8c02b0b48a340f2b5e63cdc523081e38815775353eef4eb013547a029e5929bb353c63d42d9f0221d0288f7be4a930681c62647547e3b1ca64800a8609fa5eaa5e5b7826ce71f29d532a86c98d3d420a93e34903c2421e1a375", @ANYRES8=r3, @ANYBLOB="e862fd6ca41b681f1ad91b7b8a8fdb2d8be0004e9d5ed6f02112851457f96adb086f9f5c636427ba287f94db1feaded93fc81de372bd4ac227aa3f85ddbbf3fe0b99581e737d19463dde1d68e36f535f1dcdff0c1dcaf2d74570663912e725ad251a1f4b8c195b5ea2a4d119d1c72899e918b0f0c2e1838f0000972b9c413ca0c7a72f74cf429a99a23efe3e2f152f84d4a42008173be1d96fbe0e131c6c78dba26b91ade345b37930e92faf4179581d81296e732f0b5c00e09e14e362b7f5db71db549adf012a03794c3946ac5f68dcd72bd2cba19548059a5f98cf3a98fe5a5e25308360d7de300010be0244d847a7f6bffa9c", @ANYBLOB="8fe460b5f5eb0df5a5d71248a9eec2da4f6e269f2feaf643f91fe8c20db27f5e4eaab5df9dbf3b08f5f178ec1cf4740ca09edf9212cfd051dfac4fa9907e00a50c97188d", @ANYRES64=0x0, @ANYRES64=r0, @ANYRES32=r3, @ANYRES64=r7], 0x841, 0x1) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000080)=0xfaeb) [ 105.472013][ T4666] Bluetooth: hci0: command tx timeout [ 105.644592][ T5327] loop0: detected capacity change from 0 to 1024 [ 105.716657][ T5327] ======================================================= [ 105.716657][ T5327] WARNING: The mand mount option has been deprecated and [ 105.716657][ T5327] and is ignored by this kernel. Remove the mand [ 105.716657][ T5327] option from the mount to silence this warning. [ 105.716657][ T5327] ======================================================= [ 105.736665][ T5327] EXT4-fs: Ignoring removed oldalloc option [ 105.739531][ T5327] EXT4-fs: Ignoring removed orlov option [ 105.746250][ T5327] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 105.798205][ T5327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.864402][ T5327] ALSA: mixer_oss: invalid OSS volume 'VMIX' [ 105.867569][ T5327] ALSA: mixer_oss: invalid OSS volume '' [ 105.876458][ T5327] ================================================================== [ 105.880403][ T5327] BUG: KASAN: use-after-free in ext4_find_extent+0xaea/0xcc0 [ 105.884110][ T5327] Read of size 4 at addr ffff88801fdde344 by task syz.0.0/5327 [ 105.887484][ T5327] [ 105.888666][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 105.888683][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.888693][ T5327] Call Trace: [ 105.888702][ T5327] [ 105.888709][ T5327] dump_stack_lvl+0xe8/0x150 [ 105.888734][ T5327] print_report+0xba/0x230 [ 105.888752][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 105.888768][ T5327] kasan_report+0x117/0x150 [ 105.888786][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 105.888802][ T5327] ext4_find_extent+0xaea/0xcc0 [ 105.888824][ T5327] ext4_ext_map_blocks+0x283/0x58b0 [ 105.888845][ T5327] ? check_path+0x21/0x40 [ 105.888865][ T5327] ? lockdep_unlock+0x5d/0xd0 [ 105.888878][ T5327] ? __lock_acquire+0x146e/0x2cf0 [ 105.888896][ T5327] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 105.888918][ T5327] ext4_map_create_blocks+0x11d/0x540 [ 105.888939][ T5327] ext4_map_blocks+0x7cd/0x11d0 [ 105.888961][ T5327] ? __pfx_ext4_map_blocks+0x10/0x10 [ 105.888982][ T5327] ? ext4_inode_journal_mode+0x193/0x470 [ 105.888997][ T5327] ext4_do_writepages+0x22c0/0x46e0 [ 105.889020][ T5327] ? unwind_get_return_address+0x4d/0x90 [ 105.889047][ T5327] ? __pfx_ext4_do_writepages+0x10/0x10 [ 105.889063][ T5327] ? add_lock_to_list+0xc7/0x100 [ 105.889081][ T5327] ? lockdep_unlock+0x5d/0xd0 [ 105.889093][ T5327] ? __lock_acquire+0x146e/0x2cf0 [ 105.889109][ T5327] ? __lock_acquire+0x6b5/0x2cf0 [ 105.889134][ T5327] ext4_writepages+0x241/0x3b0 [ 105.889149][ T5327] ? __pfx_ext4_writepages+0x10/0x10 [ 105.889169][ T5327] ? __pfx_ext4_writepages+0x10/0x10 [ 105.889183][ T5327] do_writepages+0x32e/0x550 [ 105.889207][ T5327] ? do_raw_spin_unlock+0x4d/0x210 [ 105.889221][ T5327] filemap_write_and_wait_range+0x335/0x3f0 [ 105.889241][ T5327] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 105.889263][ T5327] ? down_read+0x272/0x2e0 [ 105.889326][ T5327] ext4_bmap+0x1ce/0x260 [ 105.889339][ T5327] ? __pfx_ext4_bmap+0x10/0x10 [ 105.889353][ T5327] bmap+0xac/0xe0 [ 105.889370][ T5327] file_ioctl+0x4ac/0x860 [ 105.889381][ T5327] ? __pfx_file_ioctl+0x10/0x10 [ 105.889392][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 105.889408][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 105.889459][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 105.889479][ T5327] do_vfs_ioctl+0xc26/0x1530 [ 105.889490][ T5327] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 105.889503][ T5327] ? do_futex+0x395/0x420 [ 105.889521][ T5327] ? __fget_files+0x2a/0x420 [ 105.889536][ T5327] ? __fget_files+0x2a/0x420 [ 105.889550][ T5327] ? __fget_files+0x3a0/0x420 [ 105.889564][ T5327] ? __fget_files+0x2a/0x420 [ 105.889578][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 105.889593][ T5327] __se_sys_ioctl+0x82/0x170 [ 105.889606][ T5327] do_syscall_64+0x14d/0xf80 [ 105.889625][ T5327] ? trace_irq_disable+0x3b/0x150 [ 105.889643][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.889654][ T5327] ? clear_bhb_loop+0x40/0x90 [ 105.889666][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.889677][ T5327] RIP: 0033:0x7fc1faf9c799 [ 105.889690][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.889700][ T5327] RSP: 002b:00007fc1f73f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.889713][ T5327] RAX: ffffffffffffffda RBX: 00007fc1fb215fa0 RCX: 00007fc1faf9c799 [ 105.889723][ T5327] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000004 [ 105.889729][ T5327] RBP: 00007fc1fb032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 105.889735][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.889741][ T5327] R13: 00007fc1fb216038 R14: 00007fc1fb215fa0 R15: 00007fff29082e48 [ 105.889752][ T5327] [ 105.889756][ T5327] [ 106.079742][ T5327] The buggy address belongs to the physical page: [ 106.082712][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x11 pfn:0x1fdde [ 106.087078][ T5327] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 106.090446][ T5327] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 106.094913][ T5327] raw: 0000000000000011 0000000000000000 00000000ffffffff 0000000000000000 [ 106.099164][ T5327] page dumped because: kasan: bad access detected [ 106.102359][ T5327] page_owner tracks the page as freed [ 106.105101][ T5327] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 4716, tgid 4716 (S10udev), ts 39765882133, free_ts 100519394792 [ 106.116192][ T5327] post_alloc_hook+0x231/0x280 [ 106.118558][ T5327] get_page_from_freelist+0x24dc/0x2580 [ 106.121570][ T5327] __alloc_frozen_pages_noprof+0x18d/0x380 [ 106.124922][ T5327] alloc_pages_mpol+0x232/0x4a0 [ 106.127471][ T5327] alloc_pages_noprof+0xa8/0x190 [ 106.130002][ T5327] folio_alloc_noprof+0x1e/0x30 [ 106.132397][ T5327] filemap_alloc_folio_noprof+0x111/0x470 [ 106.135649][ T5327] page_cache_ra_unbounded+0x39b/0xa50 [ 106.138961][ T5327] page_cache_ra_order+0xaf2/0xeb0 [ 106.141827][ T5327] filemap_get_pages+0x897/0x1f10 [ 106.144294][ T5327] filemap_read+0x447/0x1230 [ 106.146403][ T5327] __kernel_read+0x504/0x9b0 [ 106.148762][ T5327] integrity_kernel_read+0x89/0xd0 [ 106.151237][ T5327] ima_calc_file_hash+0x12c3/0x17f0 [ 106.153882][ T5327] ima_collect_measurement+0x48b/0x930 [ 106.156629][ T5327] process_measurement+0x12cd/0x1c80 [ 106.159247][ T5327] page last free pid 77 tgid 77 stack trace: [ 106.161992][ T5327] free_unref_folios+0xed5/0x16d0 [ 106.164391][ T5327] shrink_folio_list+0x2a0f/0x5290 [ 106.167061][ T5327] evict_folios+0x4795/0x5880 [ 106.169284][ T5327] try_to_shrink_lruvec+0xb62/0xfa0 [ 106.171697][ T5327] shrink_one+0x25c/0x710 [ 106.173890][ T5327] shrink_node+0x3197/0x3a90 [ 106.176163][ T5327] kswapd+0x1742/0x2e10 [ 106.178217][ T5327] kthread+0x388/0x470 [ 106.180700][ T5327] ret_from_fork+0x51e/0xb90 [ 106.183511][ T5327] ret_from_fork_asm+0x1a/0x30 [ 106.186329][ T5327] [ 106.187696][ T5327] Memory state around the buggy address: [ 106.190578][ T5327] ffff88801fdde200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.194464][ T5327] ffff88801fdde280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.198309][ T5327] >ffff88801fdde300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.202119][ T5327] ^ [ 106.205395][ T5327] ffff88801fdde380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.209408][ T5327] ffff88801fdde400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.213623][ T5327] ================================================================== [ 106.240869][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 106.244444][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 106.248774][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.254987][ T5327] Call Trace: [ 106.257212][ T5327] [ 106.258849][ T5327] vpanic+0x56c/0xa60 [ 106.260773][ T5327] ? __pfx_vpanic+0x10/0x10 [ 106.262895][ T5327] panic+0xc5/0xd0 [ 106.264804][ T5327] ? __pfx_panic+0x10/0x10 [ 106.267147][ T5327] ? preempt_schedule_thunk+0x16/0x30 [ 106.269950][ T5327] ? preempt_schedule_thunk+0x16/0x30 [ 106.272798][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 106.275575][ T5327] check_panic_on_warn+0x89/0xb0 [ 106.278153][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 106.281035][ T5327] end_report+0x73/0x180 [ 106.283450][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 106.286181][ T5327] kasan_report+0x128/0x150 [ 106.288626][ T5327] ? ext4_find_extent+0xaea/0xcc0 [ 106.291400][ T5327] ext4_find_extent+0xaea/0xcc0 [ 106.294302][ T5327] ext4_ext_map_blocks+0x283/0x58b0 [ 106.297382][ T5327] ? check_path+0x21/0x40 [ 106.299562][ T5327] ? lockdep_unlock+0x5d/0xd0 [ 106.301785][ T5327] ? __lock_acquire+0x146e/0x2cf0 [ 106.304153][ T5327] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 106.306771][ T5327] ext4_map_create_blocks+0x11d/0x540 [ 106.309623][ T5327] ext4_map_blocks+0x7cd/0x11d0 [ 106.312594][ T5327] ? __pfx_ext4_map_blocks+0x10/0x10 [ 106.316084][ T5327] ? ext4_inode_journal_mode+0x193/0x470 [ 106.319294][ T5327] ext4_do_writepages+0x22c0/0x46e0 [ 106.321726][ T5327] ? unwind_get_return_address+0x4d/0x90 [ 106.324458][ T5327] ? __pfx_ext4_do_writepages+0x10/0x10 [ 106.327409][ T5327] ? add_lock_to_list+0xc7/0x100 [ 106.329679][ T5327] ? lockdep_unlock+0x5d/0xd0 [ 106.332122][ T5327] ? __lock_acquire+0x146e/0x2cf0 [ 106.334825][ T5327] ? __lock_acquire+0x6b5/0x2cf0 [ 106.338444][ T5327] ext4_writepages+0x241/0x3b0 [ 106.341198][ T5327] ? __pfx_ext4_writepages+0x10/0x10 [ 106.343710][ T5327] ? __pfx_ext4_writepages+0x10/0x10 [ 106.346242][ T5327] do_writepages+0x32e/0x550 [ 106.348685][ T5327] ? do_raw_spin_unlock+0x4d/0x210 [ 106.351338][ T5327] filemap_write_and_wait_range+0x335/0x3f0 [ 106.354264][ T5327] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 106.357668][ T5327] ? down_read+0x272/0x2e0 [ 106.362004][ T5327] ext4_bmap+0x1ce/0x260 [ 106.364070][ T5327] ? __pfx_ext4_bmap+0x10/0x10 [ 106.366457][ T5327] bmap+0xac/0xe0 [ 106.368445][ T5327] file_ioctl+0x4ac/0x860 [ 106.370512][ T5327] ? __pfx_file_ioctl+0x10/0x10 [ 106.373236][ T5327] ? kasan_quarantine_put+0xbb/0x1f0 [ 106.376262][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 106.379087][ T5327] ? tomoyo_path_number_perm+0x219/0x630 [ 106.381611][ T5327] do_vfs_ioctl+0xc26/0x1530 [ 106.383828][ T5327] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 106.385819][ T5327] ? do_futex+0x395/0x420 [ 106.387730][ T5327] ? __fget_files+0x2a/0x420 [ 106.389948][ T5327] ? __fget_files+0x2a/0x420 [ 106.392513][ T5327] ? __fget_files+0x3a0/0x420 [ 106.395626][ T5327] ? __fget_files+0x2a/0x420 [ 106.398279][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 106.400782][ T5327] __se_sys_ioctl+0x82/0x170 [ 106.403002][ T5327] do_syscall_64+0x14d/0xf80 [ 106.405163][ T5327] ? trace_irq_disable+0x3b/0x150 [ 106.407565][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.410160][ T5327] ? clear_bhb_loop+0x40/0x90 [ 106.412950][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.416857][ T5327] RIP: 0033:0x7fc1faf9c799 [ 106.420658][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.429430][ T5327] RSP: 002b:00007fc1f73f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 106.433901][ T5327] RAX: ffffffffffffffda RBX: 00007fc1fb215fa0 RCX: 00007fc1faf9c799 [ 106.438115][ T5327] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000004 [ 106.442146][ T5327] RBP: 00007fc1fb032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 106.445970][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.449406][ T5327] R13: 00007fc1fb216038 R14: 00007fc1fb215fa0 R15: 00007fff29082e48 [ 106.453631][ T5327] [ 106.456129][ T5327] Kernel Offset: disabled [ 106.458791][ T5327] Rebooting in 86400 seconds..