./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4182169432 <...> Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts. execve("./syz-executor4182169432", ["./syz-executor4182169432"], 0x7fffba8a5880 /* 10 vars */) = 0 brk(NULL) = 0x55555ff38000 brk(0x55555ff38d40) = 0x55555ff38d40 arch_prctl(ARCH_SET_FS, 0x55555ff383c0) = 0 set_tid_address(0x55555ff38690) = 5820 set_robust_list(0x55555ff386a0, 24) = 0 rseq(0x55555ff38ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4182169432", 4096) = 28 getrandom("\xb4\x1f\xbb\x5b\xfe\x19\xa0\xee", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555ff38d40 brk(0x55555ff59d40) = 0x55555ff59d40 brk(0x55555ff5a000) = 0x55555ff5a000 mprotect(0x7f79e6a02000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5821 attached [pid 5821] set_robust_list(0x55555ff386a0, 24 [pid 5820] <... clone resumed>, child_tidptr=0x55555ff38690) = 5821 [pid 5821] <... set_robust_list resumed>) = 0 [pid 5821] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5821] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5821] dup2(4, 202) = 202 [pid 5821] close(4) = 0 [pid 5821] write(202, "\xff\x00", 2) = 2 [pid 5821] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5821] rt_sigaction(SIGRT_1, {sa_handler=0x7f79e69a8970, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f79e699a020}, NULL, 8) = 0 [pid 5821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5821] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f79e6131000 [pid 5821] mprotect(0x7f79e6132000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f79e6931990, parent_tid=0x7f79e6931990, exit_signal=0, stack=0x7f79e6131000, stack_size=0x800300, tls=0x7f79e69316c0}./strace-static-x86_64: Process 5824 attached [pid 5824] rseq(0x7f79e6931fe0, 0x20, 0, 0x53053053 [pid 5821] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5824] <... rseq resumed>) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] set_robust_list(0x7f79e69319a0, 24 [pid 5821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5824] read(202, [pid 5821] ioctl(3, HCIDEVUP [pid 5824] <... read resumed>"\x01\x03\x0c\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 87.387853][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.417144][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [pid 5824] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5824] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5824] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x38\x0c\x00", 1024) = 4 [ 87.437897][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.468675][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5824] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [ 87.488194][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5824] read(202, [pid 5821] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5821] ioctl(3, HCISETSCAN [pid 5824] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5824] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5821] <... ioctl resumed>, 0x7fff504ce7f8) = 0 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5824] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5821] <... writev resumed>) = 13 [pid 5824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] madvise(0x7f79e6131000, 8372224, MADV_DONTNEED) = 0 [pid 5824] exit(0 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5824] <... exit resumed>) = ? [pid 5821] <... writev resumed>) = 14 [pid 5824] +++ exited with 0 +++ [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5821] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5821] close(3) = 0 [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] getppid() = 0 [pid 5821] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5821] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5821] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5821] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5821] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5821] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5821] unshare(CLONE_NEWNS) = 0 [pid 5821] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5821] unshare(CLONE_NEWIPC) = 0 [pid 5821] unshare(CLONE_NEWCGROUP) = 0 [pid 5821] unshare(CLONE_NEWUTS) = 0 [pid 5821] unshare(CLONE_SYSVSEM) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "16777216", 8) = 8 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "536870912", 9) = 9 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1024", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "8192", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1024", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1024", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5821] close(3) = 0 [pid 5821] getpid() = 1 [pid 5821] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 103.661290][ T1163] dump_stack_lvl+0x189/0x250 [ 103.661310][ T1163] ? rcu_is_watching+0x15/0xb0 [ 103.661330][ T1163] ? __kasan_check_byte+0x12/0x40 [ 103.661352][ T1163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.661369][ T1163] ? rcu_is_watching+0x15/0xb0 [ 103.661388][ T1163] ? lock_release+0x4b/0x3e0 [ 103.661407][ T1163] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 103.661435][ T1163] ? __virt_addr_valid+0x18c/0x540 [ 103.661452][ T1163] ? __virt_addr_valid+0x469/0x540 [ 103.661469][ T1163] print_report+0xb4/0x290 [ 103.661485][ T1163] ? ext4_find_extent+0xae6/0xcc0 [ 103.661504][ T1163] kasan_report+0x118/0x150 [ 103.661525][ T1163] ? ext4_find_extent+0xae6/0xcc0 [ 103.661546][ T1163] ext4_find_extent+0xae6/0xcc0 [ 103.661569][ T1163] ext4_ext_map_blocks+0x26f/0x67c0 [ 103.661598][ T1163] ? __lock_acquire+0xaac/0xd20 [ 103.661619][ T1163] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 103.661646][ T1163] ? ext4_es_lookup_extent+0x622/0xa70 [ 103.661663][ T1163] ext4_map_blocks+0x807/0x1740 [ 103.661683][ T1163] ? __pfx_ext4_map_blocks+0x10/0x10 [ 103.661698][ T1163] ? rcu_is_watching+0x15/0xb0 [ 103.661721][ T1163] ? ext4_inode_journal_mode+0x193/0x470 [ 103.661741][ T1163] ext4_do_writepages+0x1e11/0x3e50 [ 103.661791][ T1163] ? __pfx_ext4_do_writepages+0x10/0x10 [ 103.661814][ T1163] ? __lock_acquire+0xaac/0xd20 [ 103.661834][ T1163] ? rcu_read_lock_any_held+0xb3/0x120 [ 103.661860][ T1163] ext4_writepages+0x203/0x350 [ 103.661881][ T1163] ? __pfx_ext4_writepages+0x10/0x10 [ 103.661905][ T1163] ? do_raw_spin_unlock+0x122/0x240 [ 103.661920][ T1163] ? __pfx_ext4_writepages+0x10/0x10 [ 103.661939][ T1163] do_writepages+0x3ae/0x7b0 [ 103.661962][ T1163] ? __pfx_do_writepages+0x10/0x10 [ 103.661983][ T1163] __writeback_single_inode+0x145/0xff0 [ 103.662001][ T1163] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 103.662016][ T1163] writeback_sb_inodes+0x6b5/0x1000 [ 103.662041][ T1163] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 103.662072][ T1163] ? rcu_is_watching+0x15/0xb0 [ 103.662094][ T1163] wb_writeback+0x43b/0xaf0 [ 103.662113][ T1163] ? queue_io+0x391/0x590 [ 103.662130][ T1163] ? __pfx_wb_writeback+0x10/0x10 [ 103.662149][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 103.662171][ T1163] wb_workfn+0x409/0xef0 [ 103.662189][ T1163] ? __pfx_wb_workfn+0x10/0x10 [ 103.662201][ T1163] ? register_lock_class+0x51/0x320 [ 103.662220][ T1163] ? __lock_acquire+0xaac/0xd20 [ 103.662239][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 103.662262][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 103.662281][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 103.662300][ T1163] process_scheduled_works+0xadb/0x17a0 [ 103.662329][ T1163] ? __pfx_process_scheduled_works+0x10/0x10 [ 103.662355][ T1163] worker_thread+0x8a0/0xda0 [ 103.662376][ T1163] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 103.662400][ T1163] ? __kthread_parkme+0x7b/0x200 [ 103.662415][ T1163] kthread+0x70e/0x8a0 [ 103.662431][ T1163] ? __pfx_worker_thread+0x10/0x10 [ 103.662450][ T1163] ? __pfx_kthread+0x10/0x10 [ 103.662464][ T1163] ? __pfx_kthread+0x10/0x10 [ 103.662477][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 103.662498][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.662512][ T1163] ? __pfx_kthread+0x10/0x10 [ 103.662525][ T1163] ret_from_fork+0x4b/0x80 [ 103.662537][ T1163] ? __pfx_kthread+0x10/0x10 [ 103.662550][ T1163] ret_from_fork_asm+0x1a/0x30 [ 103.662576][ T1163] [ 103.662582][ T1163] [ 104.019781][ T1163] The buggy address belongs to the physical page: [ 104.026204][ T1163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7fc4637e7 pfn:0x75a98 [ 104.035670][ T1163] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 104.042790][ T1163] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000 [ 104.051381][ T1163] raw: 00000007fc4637e7 0000000000000000 00000000ffffffff 0000000000000000 [ 104.059971][ T1163] page dumped because: kasan: bad access detected [ 104.066396][ T1163] page_owner tracks the page as freed [ 104.071754][ T1163] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5812, tgid 5812 (sshd), ts 81211559659, free_ts 81238517714 [ 104.089719][ T1163] post_alloc_hook+0x1d8/0x230 [ 104.094488][ T1163] get_page_from_freelist+0x21c7/0x22a0 [ 104.100045][ T1163] __alloc_frozen_pages_noprof+0x181/0x370 [ 104.105861][ T1163] alloc_pages_mpol+0x232/0x4a0 [ 104.110733][ T1163] vma_alloc_folio_noprof+0xe4/0x200 [ 104.116035][ T1163] folio_prealloc+0x30/0x180 [ 104.120617][ T1163] __handle_mm_fault+0x2b28/0x5380 [ 104.125736][ T1163] handle_mm_fault+0x2d5/0x7f0 [ 104.130507][ T1163] do_user_addr_fault+0xa81/0x1390 [ 104.135636][ T1163] exc_page_fault+0x68/0x110 [ 104.140249][ T1163] asm_exc_page_fault+0x26/0x30 [ 104.145197][ T1163] page last free pid 5812 tgid 5812 stack trace: [ 104.151564][ T1163] free_unref_folios+0xb70/0x1490 [ 104.156585][ T1163] folios_put_refs+0x559/0x640 [ 104.161358][ T1163] free_pages_and_swap_cache+0x277/0x520 [ 104.166996][ T1163] tlb_flush_mmu+0x3a0/0x680 [ 104.171579][ T1163] tlb_finish_mmu+0xc3/0x1d0 [ 104.176160][ T1163] vms_clear_ptes+0x42c/0x540 [ 104.180848][ T1163] vms_complete_munmap_vmas+0x206/0x8a0 [ 104.186479][ T1163] do_vmi_align_munmap+0x358/0x420 [ 104.191588][ T1163] do_vmi_munmap+0x253/0x2e0 [ 104.196172][ T1163] __vm_munmap+0x23b/0x3d0 [ 104.200591][ T1163] __x64_sys_munmap+0x60/0x70 [ 104.205272][ T1163] do_syscall_64+0xf6/0x210 [ 104.209805][ T1163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.215692][ T1163] [ 104.218009][ T1163] Memory state around the buggy address: [ 104.223635][ T1163] ffff888075a98780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.231690][ T1163] ffff888075a98800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.239742][ T1163] >ffff888075a98880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.247793][ T1163] ^ [ 104.252657][ T1163] ffff888075a98900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.260717][ T1163] ffff888075a98980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.269199][ T1163] ================================================================== [ 104.278815][ T1163] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 104.286157][ T1163] CPU: 1 UID: 0 PID: 1163 Comm: kworker/u8:7 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 104.298308][ T1163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 104.308364][ T1163] Workqueue: writeback wb_workfn (flush-7:0) [ 104.314372][ T1163] Call Trace: [ 104.317655][ T1163] [ 104.320595][ T1163] dump_stack_lvl+0x99/0x250 [ 104.325198][ T1163] ? __asan_memcpy+0x40/0x70 [ 104.329793][ T1163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.334995][ T1163] ? __pfx__printk+0x10/0x10 [ 104.339598][ T1163] panic+0x2db/0x790 [ 104.343505][ T1163] ? __pfx_preempt_schedule+0x10/0x10 [ 104.348890][ T1163] ? __pfx_panic+0x10/0x10 [ 104.353313][ T1163] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 104.359214][ T1163] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 104.365550][ T1163] ? ext4_find_extent+0xae6/0xcc0 [ 104.370583][ T1163] check_panic_on_warn+0x89/0xb0 [ 104.375529][ T1163] ? ext4_find_extent+0xae6/0xcc0 [ 104.380560][ T1163] end_report+0x78/0x160 [ 104.384812][ T1163] kasan_report+0x129/0x150 [ 104.389334][ T1163] ? ext4_find_extent+0xae6/0xcc0 [ 104.394365][ T1163] ext4_find_extent+0xae6/0xcc0 [ 104.399224][ T1163] ext4_ext_map_blocks+0x26f/0x67c0 [ 104.404440][ T1163] ? __lock_acquire+0xaac/0xd20 [ 104.409300][ T1163] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 104.414952][ T1163] ? ext4_es_lookup_extent+0x622/0xa70 [ 104.420414][ T1163] ext4_map_blocks+0x807/0x1740 [ 104.425273][ T1163] ? __pfx_ext4_map_blocks+0x10/0x10 [ 104.430565][ T1163] ? rcu_is_watching+0x15/0xb0 [ 104.435342][ T1163] ? ext4_inode_journal_mode+0x193/0x470 [ 104.440983][ T1163] ext4_do_writepages+0x1e11/0x3e50 [ 104.446210][ T1163] ? __pfx_ext4_do_writepages+0x10/0x10 [ 104.451786][ T1163] ? __lock_acquire+0xaac/0xd20 [ 104.456647][ T1163] ? rcu_read_lock_any_held+0xb3/0x120 [ 104.462121][ T1163] ext4_writepages+0x203/0x350 [ 104.466894][ T1163] ? __pfx_ext4_writepages+0x10/0x10 [ 104.472189][ T1163] ? do_raw_spin_unlock+0x122/0x240 [ 104.477390][ T1163] ? __pfx_ext4_writepages+0x10/0x10 [ 104.482703][ T1163] do_writepages+0x3ae/0x7b0 [ 104.487306][ T1163] ? __pfx_do_writepages+0x10/0x10 [ 104.492424][ T1163] __writeback_single_inode+0x145/0xff0 [ 104.497973][ T1163] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 104.503953][ T1163] writeback_sb_inodes+0x6b5/0x1000 [ 104.509162][ T1163] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 104.514814][ T1163] ? rcu_is_watching+0x15/0xb0 [ 104.519584][ T1163] wb_writeback+0x43b/0xaf0 [ 104.524094][ T1163] ? queue_io+0x391/0x590 [ 104.528427][ T1163] ? __pfx_wb_writeback+0x10/0x10 [ 104.533457][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.538668][ T1163] wb_workfn+0x409/0xef0 [ 104.542919][ T1163] ? __pfx_wb_workfn+0x10/0x10 [ 104.547680][ T1163] ? register_lock_class+0x51/0x320 [ 104.552884][ T1163] ? __lock_acquire+0xaac/0xd20 [ 104.557744][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 104.563474][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 104.569204][ T1163] ? process_scheduled_works+0x9ec/0x17a0 [ 104.574930][ T1163] process_scheduled_works+0xadb/0x17a0 [ 104.580495][ T1163] ? __pfx_process_scheduled_works+0x10/0x10 [ 104.586507][ T1163] worker_thread+0x8a0/0xda0 [ 104.591109][ T1163] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 104.597447][ T1163] ? __kthread_parkme+0x7b/0x200 [ 104.602387][ T1163] kthread+0x70e/0x8a0 [ 104.606459][ T1163] ? __pfx_worker_thread+0x10/0x10 [ 104.611579][ T1163] ? __pfx_kthread+0x10/0x10 [ 104.616174][ T1163] ? __pfx_kthread+0x10/0x10 [ 104.620765][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.625975][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.631173][ T1163] ? __pfx_kthread+0x10/0x10 [ 104.635767][ T1163] ret_from_fork+0x4b/0x80 [ 104.640184][ T1163] ? __pfx_kthread+0x10/0x10 [ 104.644774][ T1163] ret_from_fork_asm+0x1a/0x30 [ 104.649562][ T1163] [ 104.652777][ T1163] Kernel Offset: disabled [ 104.657104][ T1163] Rebooting in 86400 seconds..