program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000080)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@user_xattr}, {@quota}, {@delalloc}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000100)="06ff03076844268cb89e14f008004ee0ffff00febabec41177fb86dd1402e000030c", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x401, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x4, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x30, r4, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x20}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004841}, 0x80) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000001040)=ANY=[], 0x841, 0x0) truncate(&(0x7f0000000180)='./file1\x00', 0x6) r11 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$FUSE_WRITE(r11, &(0x7f00000000c0)={0x18}, 0xfffffdef) [ 74.179227][ T4667] Bluetooth: hci0: command tx timeout [ 74.269664][ T5318] loop0: detected capacity change from 0 to 1024 [ 74.280003][ T5318] ======================================================= [ 74.280003][ T5318] WARNING: The mand mount option has been deprecated and [ 74.280003][ T5318] and is ignored by this kernel. Remove the mand [ 74.280003][ T5318] option from the mount to silence this warning. [ 74.280003][ T5318] ======================================================= [ 74.313731][ T5318] EXT4-fs: Ignoring removed oldalloc option [ 74.316212][ T5318] EXT4-fs: Ignoring removed orlov option [ 74.335097][ T5318] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 74.371160][ T5318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.407487][ T5318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.442154][ T5316] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 74.446165][ T5316] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 74.500889][ T5318] ================================================================== [ 74.504385][ T5318] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x3170/0x4280 [ 74.508296][ T5318] Read of size 4 at addr ffff888055e3aea8 by task syz.0.0/5318 [ 74.511540][ T5318] [ 74.512658][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.512673][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.512680][ T5318] Call Trace: [ 74.512686][ T5318] [ 74.512698][ T5318] dump_stack_lvl+0xe8/0x150 [ 74.512928][ T5318] print_report+0xba/0x230 [ 74.512944][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.512958][ T5318] kasan_report+0x117/0x150 [ 74.513001][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.513013][ T5318] ext4_ext_remove_space+0x3170/0x4280 [ 74.513032][ T5318] ? __es_remove_extent+0x13d3/0x1da0 [ 74.513051][ T5318] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 74.513067][ T5318] ? ext4_es_remove_extent+0x2a7/0x4c0 [ 74.513087][ T5318] ext4_ext_truncate+0x17e/0x2f0 [ 74.513099][ T5318] ext4_truncate+0xb63/0x13b0 [ 74.513113][ T5318] ? unmap_mapping_range+0xe6/0x180 [ 74.513610][ T5318] ? __pfx_ext4_truncate+0x10/0x10 [ 74.513624][ T5318] ext4_setattr+0x106e/0x1c60 [ 74.513641][ T5318] ? __pfx_ext4_setattr+0x10/0x10 [ 74.513654][ T5318] notify_change+0xc1a/0xf40 [ 74.513717][ T5318] do_truncate+0x1c2/0x250 [ 74.513816][ T5318] ? __pfx_do_truncate+0x10/0x10 [ 74.513830][ T5318] ? apparmor_path_truncate+0x245/0x2e0 [ 74.513895][ T5318] vfs_truncate+0x4b4/0x540 [ 74.513910][ T5318] ? __pfx_vfs_truncate+0x10/0x10 [ 74.513924][ T5318] ? do_getname+0x151/0x250 [ 74.513936][ T5318] do_sys_truncate+0xf3/0x1c0 [ 74.513950][ T5318] ? __pfx_do_sys_truncate+0x10/0x10 [ 74.513966][ T5318] __x64_sys_truncate+0x5b/0x70 [ 74.513987][ T5318] do_syscall_64+0x14d/0xf80 [ 74.514034][ T5318] ? trace_irq_disable+0x3b/0x150 [ 74.514073][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.514084][ T5318] ? clear_bhb_loop+0x40/0x90 [ 74.514096][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.514105][ T5318] RIP: 0033:0x7f7f0a59c629 [ 74.514116][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.514146][ T5318] RSP: 002b:00007f7f069f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 74.514158][ T5318] RAX: ffffffffffffffda RBX: 00007f7f0a815fa0 RCX: 00007f7f0a59c629 [ 74.514167][ T5318] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000180 [ 74.514174][ T5318] RBP: 00007f7f0a632b39 R08: 0000000000000000 R09: 0000000000000000 [ 74.514181][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.514188][ T5318] R13: 00007f7f0a816038 R14: 00007f7f0a815fa0 R15: 00007fff2c5b81a8 [ 74.514200][ T5318] [ 74.514205][ T5318] [ 74.624125][ T5318] The buggy address belongs to the physical page: [ 74.627188][ T5318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55e3a [ 74.630871][ T5318] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 74.633937][ T5318] raw: 04fff00000000000 ffffea0001578ec8 ffffea0001578e48 0000000000000000 [ 74.637383][ T5318] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 74.641037][ T5318] page dumped because: kasan: bad access detected [ 74.643661][ T5318] page_owner info is not present (never set?) [ 74.646245][ T5318] [ 74.647333][ T5318] Memory state around the buggy address: [ 74.649739][ T5318] ffff888055e3ad80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.653161][ T5318] ffff888055e3ae00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.656531][ T5318] >ffff888055e3ae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.659963][ T5318] ^ [ 74.662265][ T5318] ffff888055e3af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.665692][ T5318] ffff888055e3af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.669152][ T5318] ================================================================== [ 74.702216][ T1083] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 74.758070][ T5318] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 74.761194][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.764998][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.769302][ T5318] Call Trace: [ 74.770804][ T5318] [ 74.772112][ T5318] vpanic+0x56c/0xa60 [ 74.773888][ T5318] ? __pfx_vpanic+0x10/0x10 [ 74.775867][ T5318] panic+0xc5/0xd0 [ 74.777531][ T5318] ? __pfx_panic+0x10/0x10 [ 74.779454][ T5318] ? preempt_schedule_thunk+0x16/0x30 [ 74.781680][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.784097][ T5318] ? preempt_schedule_thunk+0x16/0x30 [ 74.786407][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.788815][ T5318] check_panic_on_warn+0x89/0xb0 [ 74.791032][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.793377][ T5318] end_report+0x73/0x180 [ 74.795158][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.797526][ T5318] kasan_report+0x128/0x150 [ 74.799551][ T5318] ? ext4_ext_remove_space+0x3170/0x4280 [ 74.801992][ T5318] ext4_ext_remove_space+0x3170/0x4280 [ 74.804360][ T5318] ? __es_remove_extent+0x13d3/0x1da0 [ 74.806619][ T5318] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 74.809191][ T5318] ? ext4_es_remove_extent+0x2a7/0x4c0 [ 74.811528][ T5318] ext4_ext_truncate+0x17e/0x2f0 [ 74.813641][ T5318] ext4_truncate+0xb63/0x13b0 [ 74.815709][ T5318] ? unmap_mapping_range+0xe6/0x180 [ 74.817961][ T5318] ? __pfx_ext4_truncate+0x10/0x10 [ 74.820192][ T5318] ext4_setattr+0x106e/0x1c60 [ 74.822133][ T5318] ? __pfx_ext4_setattr+0x10/0x10 [ 74.824295][ T5318] notify_change+0xc1a/0xf40 [ 74.826345][ T5318] do_truncate+0x1c2/0x250 [ 74.828295][ T5318] ? __pfx_do_truncate+0x10/0x10 [ 74.830450][ T5318] ? apparmor_path_truncate+0x245/0x2e0 [ 74.832834][ T5318] vfs_truncate+0x4b4/0x540 [ 74.834795][ T5318] ? __pfx_vfs_truncate+0x10/0x10 [ 74.836964][ T5318] ? do_getname+0x151/0x250 [ 74.838877][ T5318] do_sys_truncate+0xf3/0x1c0 [ 74.840905][ T5318] ? __pfx_do_sys_truncate+0x10/0x10 [ 74.843217][ T5318] __x64_sys_truncate+0x5b/0x70 [ 74.845342][ T5318] do_syscall_64+0x14d/0xf80 [ 74.847393][ T5318] ? trace_irq_disable+0x3b/0x150 [ 74.849563][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.852154][ T5318] ? clear_bhb_loop+0x40/0x90 [ 74.854156][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.856646][ T5318] RIP: 0033:0x7f7f0a59c629 [ 74.858573][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.866704][ T5318] RSP: 002b:00007f7f069f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 74.870179][ T5318] RAX: ffffffffffffffda RBX: 00007f7f0a815fa0 RCX: 00007f7f0a59c629 [ 74.873486][ T5318] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000180 [ 74.876868][ T5318] RBP: 00007f7f0a632b39 R08: 0000000000000000 R09: 0000000000000000 [ 74.880257][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.883613][ T5318] R13: 00007f7f0a816038 R14: 00007f7f0a815fa0 R15: 00007fff2c5b81a8 [ 74.886933][ T5318] [ 74.888569][ T5318] Kernel Offset: disabled [ 74.890390][ T5318] Rebooting in 86400 seconds..