ci2 starts bisection 2023-07-29 21:47:33.554067644 +0000 UTC m=+204113.323766948
bisecting fixing commit since 3a93e40326c8f470e71d20b4c42d36767450f38f
building syzkaller on 47f3aaf18b57644f3c07714c9ce073a210f061b4
ensuring issue is reproducible on original commit 3a93e40326c8f470e71d20b4c42d36767450f38f

testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6db6f98072ac79cbcc59f2a03c396f948056417eec68ab14f265f70116e0b11e
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #20: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #21: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #22: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #23: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #24: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #25: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #26: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #27: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #28: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #29: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #30: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #31: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #32: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #33: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #34: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #35: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #36: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #37: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #38: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #39: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1bb09200dbf668909fe4e8db34d718a9cf8bcc84aa2d716e79987e0d9b3c9914
run #0: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
kconfig minimization: base=3876 full=7587 leaves diff=1994
split chunks (needed=false): <1994>
split chunk #0 of len 1994 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bf226a21b26724ee44d2b4107d778d620a25dade8e118ab9cc15e8d1a2f14ace
run #0: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: eb5278ea1bee3d74e263bbf7686a39162811a9e5a1c68200844d74ecc15a57b6
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2424a21776ff8e595158f983d2cc3c21e5684aad6a9ad4fff8441a79dfa0ecdc
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1fa4cfd188cf3dde04cea42e0cf6704ad44cd495e5a9cd80423f5561352b5a08
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 3a93e40326c8f470e71d20b4c42d36767450f38f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0ecdbc4543da77f4ffc75fdbc83a35a3be1f5d7dda6fa2ddb4f9a20ccd3cc5fc
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD 12214540ad87ce824a8a791a3f063e6121ec5b66
testing commit 12214540ad87ce824a8a791a3f063e6121ec5b66 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 00d88417dcc402e2f7cb456d48be713a2e025a91858186b77a02bafc00cee3bc
run #0: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #1: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #2: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #3: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #6: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #7: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #10: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #11: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #12: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #13: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
run #14: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #15: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #16: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #17: crashed: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
run #18: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
run #19: crashed: KASAN: slab-out-of-bounds Read in ext4_convert_inline_data_nolock
representative crash: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 3h12m48.345405209s (build: 2h29m30.975272601s, test: 26m15.455636286s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Merge tag 'loongarch-fixes-6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
crash: KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
loop0: detected capacity change from 0 to 2048
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
==================================================================
BUG: KASAN: slab-use-after-free in ext4_read_inline_data fs/ext4/inline.c:209 [inline]
BUG: KASAN: slab-use-after-free in ext4_convert_inline_data_nolock+0x286/0xbf0 fs/ext4/inline.c:1188
Read of size 20 at addr ffff88811495e1a3 by task syz-executor.0/1846

CPU: 0 PID: 1846 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xf8/0x260 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x163/0x540 mm/kasan/report.c:475
 kasan_report+0x175/0x1b0 mm/kasan/report.c:588
 kasan_check_range+0x27e/0x290 mm/kasan/generic.c:187
 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
 ext4_read_inline_data fs/ext4/inline.c:209 [inline]
 ext4_convert_inline_data_nolock+0x286/0xbf0 fs/ext4/inline.c:1188
 ext4_convert_inline_data+0x3c4/0x4e0 fs/ext4/inline.c:2041
 ext4_fallocate+0x141/0x1710 fs/ext4/extents.c:4700
 vfs_fallocate+0x316/0x3d0 fs/open.c:324
 ksys_fallocate fs/open.c:347 [inline]
 __do_sys_fallocate fs/open.c:355 [inline]
 __se_sys_fallocate fs/open.c:353 [inline]
 __x64_sys_fallocate+0xaa/0xe0 fs/open.c:353
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f07c321a8d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f07c2d9d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f07c3339f80 RCX: 00007f07c321a8d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f07c3276b20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007f07c3339f80 R15: 00007ffca37ee068
 </TASK>

Allocated by task 31:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4f/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x66/0x70 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:186 [inline]
 slab_post_alloc_hook+0x67/0x3c0 mm/slab.h:762
 slab_alloc_node mm/slub.c:3470 [inline]
 kmem_cache_alloc_node+0x149/0x2f0 mm/slub.c:3515
 alloc_task_struct_node kernel/fork.c:173 [inline]
 dup_task_struct+0x9f/0x990 kernel/fork.c:1105
 copy_process+0x40a/0x3630 kernel/fork.c:2330
 kernel_clone+0x18f/0x660 kernel/fork.c:2912
 user_mode_thread+0x12d/0x190 kernel/fork.c:2990
 call_usermodehelper_exec_sync kernel/umh.c:133 [inline]
 call_usermodehelper_exec_work+0x74/0x1c0 kernel/umh.c:164
 process_one_work+0x7e4/0xf40 kernel/workqueue.c:2597
 worker_thread+0x80a/0xe70 kernel/workqueue.c:2748
 kthread+0x233/0x280 kernel/kthread.c:389
 ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296

Freed by task 0:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4f/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x28/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free+0x122/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:162 [inline]
 slab_free_hook mm/slub.c:1792 [inline]
 slab_free_freelist_hook mm/slub.c:1818 [inline]
 slab_free mm/slub.c:3801 [inline]
 kmem_cache_free+0x2ba/0x4e0 mm/slub.c:3823
 rcu_do_batch kernel/rcu/tree.c:2135 [inline]
 rcu_core+0xa06/0x14a0 kernel/rcu/tree.c:2399
 __do_softirq+0x1bb/0x563 kernel/softirq.c:553

Last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xad/0xc0 mm/kasan/generic.c:492
 __call_rcu_common kernel/rcu/tree.c:2649 [inline]
 call_rcu+0x159/0x8e0 kernel/rcu/tree.c:2763
 release_task+0x11c8/0x1240
 wait_task_zombie kernel/exit.c:1210 [inline]
 wait_consider_task+0x1688/0x23a0 kernel/exit.c:1437
 do_wait_pid kernel/exit.c:1568 [inline]
 do_wait+0x43a/0x890 kernel/exit.c:1610
 kernel_wait+0xea/0x210 kernel/exit.c:1797
 call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
 call_usermodehelper_exec_work+0x88/0x1c0 kernel/umh.c:164
 process_one_work+0x7e4/0xf40 kernel/workqueue.c:2597
 worker_thread+0x80a/0xe70 kernel/workqueue.c:2748
 kthread+0x233/0x280 kernel/kthread.c:389
 ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296

Second to last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xad/0xc0 mm/kasan/generic.c:492
 task_work_add+0x7d/0x260 kernel/task_work.c:48
 task_tick_mm_cid kernel/sched/core.c:11976 [inline]
 scheduler_tick+0x241/0x460 kernel/sched/core.c:5664
 update_process_times+0x114/0x130 kernel/time/timer.c:2076
 tick_sched_handle kernel/time/tick-sched.c:254 [inline]
 tick_sched_timer+0x264/0x430 kernel/time/tick-sched.c:1492
 __run_hrtimer kernel/time/hrtimer.c:1688 [inline]
 __hrtimer_run_queues+0x413/0x810 kernel/time/hrtimer.c:1752
 hrtimer_interrupt+0x2e6/0xbc0 kernel/time/hrtimer.c:1814
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1098 [inline]
 __sysvec_apic_timer_interrupt+0x125/0x410 arch/x86/kernel/apic/apic.c:1115
 sysvec_apic_timer_interrupt+0x8b/0xb0 arch/x86/kernel/apic/apic.c:1109
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645

The buggy address belongs to the object at ffff88811495d400
 which belongs to the cache task_struct of size 6912
The buggy address is located 3491 bytes inside of
 freed 6912-byte region [ffff88811495d400, ffff88811495ef00)

The buggy address belongs to the physical page:
page:ffffea0004525600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114958
head:ffffea0004525600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x200000000010200(slab|head|node=0|zone=2)
page_type: 0xffffffff()
raw: 0200000000010200 ffff888101262500 ffffea000457c600 dead000000000002
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31, tgid 31 (kworker/u4:2), ts 24918614972, free_ts 24900655427
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x26e/0x290 mm/page_alloc.c:1570
 prep_new_page mm/page_alloc.c:1577 [inline]
 get_page_from_freelist+0x332d/0x3590 mm/page_alloc.c:3221
 __alloc_pages+0x255/0x650 mm/page_alloc.c:4477
 alloc_slab_page+0x6a/0x160 mm/slub.c:1862
 allocate_slab mm/slub.c:2009 [inline]
 new_slab+0x70/0x260 mm/slub.c:2062
 ___slab_alloc+0x833/0xd60 mm/slub.c:3215
 __slab_alloc mm/slub.c:3314 [inline]
 __slab_alloc_node mm/slub.c:3367 [inline]
 slab_alloc_node mm/slub.c:3460 [inline]
 kmem_cache_alloc_node+0x1cc/0x2f0 mm/slub.c:3515
 alloc_task_struct_node kernel/fork.c:173 [inline]
 dup_task_struct+0x9f/0x990 kernel/fork.c:1105
 copy_process+0x40a/0x3630 kernel/fork.c:2330
 kernel_clone+0x18f/0x660 kernel/fork.c:2912
 user_mode_thread+0x12d/0x190 kernel/fork.c:2990
 call_usermodehelper_exec_sync kernel/umh.c:133 [inline]
 call_usermodehelper_exec_work+0x74/0x1c0 kernel/umh.c:164
 process_one_work+0x7e4/0xf40 kernel/workqueue.c:2597
 worker_thread+0x80a/0xe70 kernel/workqueue.c:2748
 kthread+0x233/0x280 kernel/kthread.c:389
 ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:145
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1161 [inline]
 free_unref_page_prepare+0x800/0x920 mm/page_alloc.c:2348
 free_unref_page+0x34/0x220 mm/page_alloc.c:2443
 discard_slab mm/slub.c:2108 [inline]
 __unfreeze_partials+0x1b1/0x1f0 mm/slub.c:2647
 put_cpu_partial+0xdc/0x120 mm/slub.c:2723
 __slab_free+0x26b/0x330 mm/slub.c:3671
 qlist_free_all+0x22/0x60 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x157/0x180 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x23/0x70 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:186 [inline]
 slab_post_alloc_hook+0x67/0x3c0 mm/slab.h:762
 slab_alloc_node mm/slub.c:3470 [inline]
 slab_alloc mm/slub.c:3478 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3485 [inline]
 kmem_cache_alloc+0x11f/0x2a0 mm/slub.c:3494
 getname_flags+0xa0/0x430 fs/namei.c:140
 do_sys_openat2+0xb0/0x170 fs/open.c:1401
 do_sys_open fs/open.c:1422 [inline]
 __do_sys_openat fs/open.c:1438 [inline]
 __se_sys_openat fs/open.c:1433 [inline]
 __x64_sys_openat+0x20d/0x260 fs/open.c:1433
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Memory state around the buggy address:
 ffff88811495e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811495e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88811495e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
 ffff88811495e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88811495e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================