Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts. 2024/03/22 10:53:54 ignoring optional flag "sandboxArg"="0" 2024/03/22 10:53:54 parsed 1 programs 2024/03/22 10:53:54 executed programs: 0 2024/03/22 10:53:59 executed programs: 1 [ 54.459172][ T1504] loop0: detected capacity change from 0 to 2048 [ 54.475032][ T1504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.489679][ T1504] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 54.506270][ T1050] EXT4-fs (loop0): unmounting filesystem. [ 54.531125][ T1510] loop0: detected capacity change from 0 to 2048 [ 54.544821][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.560153][ T1510] ================================================================== [ 54.568343][ T1510] BUG: KASAN: slab-out-of-bounds in ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.577348][ T1510] Read of size 20 at addr ffff888119aa11a3 by task syz-executor.0/1510 [ 54.585658][ T1510] [ 54.587975][ T1510] CPU: 1 PID: 1510 Comm: syz-executor.0 Not tainted 6.1.82-syzkaller #0 [ 54.596358][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 54.606398][ T1510] Call Trace: [ 54.609659][ T1510] [ 54.612569][ T1510] dump_stack_lvl+0xf4/0x251 [ 54.617133][ T1510] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.622571][ T1510] ? panic+0x3f7/0x3f7 [ 54.626852][ T1510] ? _printk+0xca/0x10a [ 54.631181][ T1510] ? __virt_addr_valid+0x139/0x260 [ 54.636270][ T1510] ? __virt_addr_valid+0x211/0x260 [ 54.641362][ T1510] print_report+0x15f/0x4f0 [ 54.646621][ T1510] ? __virt_addr_valid+0x139/0x260 [ 54.651875][ T1510] ? __virt_addr_valid+0x211/0x260 [ 54.657039][ T1510] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.663422][ T1510] kasan_report+0x136/0x160 [ 54.667903][ T1510] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.674221][ T1510] kasan_check_range+0x27f/0x290 [ 54.679228][ T1510] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.685622][ T1510] memcpy+0x25/0x60 [ 54.689406][ T1510] ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.695720][ T1510] ? __down_write_common+0x12a/0x1e0 [ 54.701063][ T1510] ? ext4_add_dirent_to_inline+0x390/0x390 [ 54.706839][ T1510] ? __ext4_journal_start_sb+0xa4/0x360 [ 54.712366][ T1510] ext4_convert_inline_data+0x3b8/0x4d0 [ 54.717897][ T1510] ? ext4_inline_data_truncate+0xb70/0xb70 [ 54.723789][ T1510] ext4_fallocate+0x136/0x1790 [ 54.728979][ T1510] ? read_lock_is_recursive+0x10/0x10 [ 54.734409][ T1510] ? ext4_ext_truncate+0x260/0x260 [ 54.739485][ T1510] ? preempt_count_add+0x8f/0x120 [ 54.744488][ T1510] vfs_fallocate+0x30c/0x3d0 [ 54.749236][ T1510] __x64_sys_fallocate+0xa6/0xd0 [ 54.754257][ T1510] do_syscall_64+0x3d/0x80 [ 54.758645][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.764604][ T1510] RIP: 0033:0x7f60d8db5959 [ 54.768992][ T1510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.788839][ T1510] RSP: 002b:00007f60d89380c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 54.797221][ T1510] RAX: ffffffffffffffda RBX: 00007f60d8ed4f80 RCX: 00007f60d8db5959 [ 54.805340][ T1510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 54.813282][ T1510] RBP: 00007f60d8e11c88 R08: 0000000000000000 R09: 0000000000000000 [ 54.821232][ T1510] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 54.829181][ T1510] R13: 0000000000000006 R14: 00007f60d8ed4f80 R15: 00007ffe4a68cb08 [ 54.837421][ T1510] [ 54.840451][ T1510] [ 54.842754][ T1510] Allocated by task 1452: [ 54.847156][ T1510] kasan_set_track+0x4b/0x70 [ 54.851721][ T1510] __kasan_slab_alloc+0x65/0x70 [ 54.856921][ T1510] slab_post_alloc_hook+0x54/0x3e0 [ 54.862058][ T1510] kmem_cache_alloc_bulk+0x2d4/0x360 [ 54.867745][ T1510] mas_alloc_nodes+0x359/0x680 [ 54.872999][ T1510] mas_preallocate+0xee/0x290 [ 54.877666][ T1510] __vma_adjust+0x31c/0x12b0 [ 54.882244][ T1510] __split_vma+0x32f/0x4a0 [ 54.886643][ T1510] do_mas_align_munmap+0x3fe/0x11e0 [ 54.891813][ T1510] do_mas_munmap+0x195/0x1f0 [ 54.896468][ T1510] mmap_region+0x708/0x1780 [ 54.900981][ T1510] do_mmap+0x69e/0xb60 [ 54.905049][ T1510] vm_mmap_pgoff+0x1b7/0x280 [ 54.909805][ T1510] ksys_mmap_pgoff+0x2cf/0x3b0 [ 54.914551][ T1510] do_syscall_64+0x3d/0x80 [ 54.919032][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.924895][ T1510] [ 54.927201][ T1510] Freed by task 1452: [ 54.931156][ T1510] kasan_set_track+0x4b/0x70 [ 54.935715][ T1510] kasan_save_free_info+0x27/0x40 [ 54.941041][ T1510] ____kasan_slab_free+0x122/0x1e0 [ 54.946223][ T1510] kmem_cache_free_bulk+0x582/0x770 [ 54.951414][ T1510] mas_destroy+0x2730/0x2ec0 [ 54.956162][ T1510] mas_store_prealloc+0x283/0x3b0 [ 54.961163][ T1510] __vma_adjust+0xe31/0x12b0 [ 54.965910][ T1510] __split_vma+0x32f/0x4a0 [ 54.970295][ T1510] do_mas_align_munmap+0x3fe/0x11e0 [ 54.975479][ T1510] do_mas_munmap+0x195/0x1f0 [ 54.980222][ T1510] mmap_region+0x708/0x1780 [ 54.984809][ T1510] do_mmap+0x69e/0xb60 [ 54.988866][ T1510] vm_mmap_pgoff+0x1b7/0x280 [ 54.993435][ T1510] ksys_mmap_pgoff+0x2cf/0x3b0 [ 54.998260][ T1510] do_syscall_64+0x3d/0x80 [ 55.002831][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.008697][ T1510] [ 55.011016][ T1510] Last potentially related work creation: [ 55.016784][ T1510] kasan_save_stack+0x3b/0x60 [ 55.021439][ T1510] __kasan_record_aux_stack+0xb0/0xc0 [ 55.026865][ T1510] call_rcu+0x149/0x830 [ 55.031020][ T1510] mas_wmb_replace+0x1346/0x19c0 [ 55.035932][ T1510] mas_wr_modify+0x360b/0x6760 [ 55.040670][ T1510] mas_store_prealloc+0x24e/0x3b0 [ 55.045672][ T1510] __vma_adjust+0xc22/0x12b0 [ 55.050320][ T1510] __split_vma+0x32f/0x4a0 [ 55.054732][ T1510] do_mas_align_munmap+0xd67/0x11e0 [ 55.059899][ T1510] do_mas_munmap+0x195/0x1f0 [ 55.064471][ T1510] mmap_region+0x708/0x1780 [ 55.068968][ T1510] do_mmap+0x69e/0xb60 [ 55.073111][ T1510] vm_mmap_pgoff+0x1b7/0x280 [ 55.077692][ T1510] ksys_mmap_pgoff+0x2cf/0x3b0 [ 55.082475][ T1510] do_syscall_64+0x3d/0x80 [ 55.086884][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.092765][ T1510] [ 55.095152][ T1510] The buggy address belongs to the object at ffff888119aa1000 [ 55.095152][ T1510] which belongs to the cache maple_node of size 256 [ 55.109101][ T1510] The buggy address is located 163 bytes to the right of [ 55.109101][ T1510] 256-byte region [ffff888119aa1000, ffff888119aa1100) [ 55.122961][ T1510] [ 55.125348][ T1510] The buggy address belongs to the physical page: [ 55.131919][ T1510] page:ffffea000466a800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119aa0 [ 55.142150][ T1510] head:ffffea000466a800 order:1 compound_mapcount:0 compound_pincount:0 [ 55.150532][ T1510] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 55.157115][ T1510] raw: 0200000000010200 ffffea00045ca000 dead000000000002 ffff8881000cd000 [ 55.165863][ T1510] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.174768][ T1510] page dumped because: kasan: bad access detected [ 55.181425][ T1510] page_owner tracks the page as allocated [ 55.187113][ T1510] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 625, tgid 625 (modprobe), ts 25703010861, free_ts 25342997813 [ 55.208001][ T1510] post_alloc_hook+0x286/0x2b0 [ 55.212751][ T1510] get_page_from_freelist+0x2ba7/0x2de0 [ 55.218356][ T1510] __alloc_pages+0x251/0x640 [ 55.222939][ T1510] alloc_slab_page+0x6a/0x150 [ 55.227608][ T1510] new_slab+0x70/0x250 [ 55.231642][ T1510] ___slab_alloc+0x9df/0xe70 [ 55.236208][ T1510] kmem_cache_alloc_bulk+0x15c/0x360 [ 55.241458][ T1510] mas_alloc_nodes+0x359/0x680 [ 55.246217][ T1510] mas_preallocate+0xee/0x290 [ 55.250883][ T1510] do_mas_align_munmap+0x2e5/0x11e0 [ 55.256051][ T1510] do_mas_munmap+0x195/0x1f0 [ 55.260610][ T1510] mmap_region+0x708/0x1780 [ 55.265172][ T1510] do_mmap+0x69e/0xb60 [ 55.269213][ T1510] vm_mmap_pgoff+0x1b7/0x280 [ 55.273770][ T1510] do_syscall_64+0x3d/0x80 [ 55.278183][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.284041][ T1510] page last free stack trace: [ 55.288771][ T1510] free_unref_page_prepare+0xca9/0xd80 [ 55.294200][ T1510] free_unref_page+0x30/0x230 [ 55.298846][ T1510] __unfreeze_partials+0x1af/0x210 [ 55.303929][ T1510] put_cpu_partial+0x150/0x1a0 [ 55.308664][ T1510] qlist_free_all+0x76/0xe0 [ 55.313134][ T1510] kasan_quarantine_reduce+0x156/0x170 [ 55.318560][ T1510] __kasan_slab_alloc+0x1f/0x70 [ 55.323464][ T1510] slab_post_alloc_hook+0x54/0x3e0 [ 55.328543][ T1510] kmem_cache_alloc+0x10c/0x290 [ 55.333359][ T1510] __alloc_file+0x21/0x200 [ 55.337858][ T1510] alloc_empty_file+0x59/0x110 [ 55.342589][ T1510] path_openat+0xfb/0x2410 [ 55.346983][ T1510] do_filp_open+0x226/0x430 [ 55.351472][ T1510] do_sys_openat2+0x10b/0x420 [ 55.356117][ T1510] __x64_sys_openat+0x209/0x250 [ 55.361024][ T1510] do_syscall_64+0x3d/0x80 [ 55.365409][ T1510] [ 55.367707][ T1510] Memory state around the buggy address: [ 55.373319][ T1510] ffff888119aa1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.381459][ T1510] ffff888119aa1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.389750][ T1510] >ffff888119aa1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.397779][ T1510] ^ [ 55.402857][ T1510] ffff888119aa1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.410971][ T1510] ffff888119aa1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.419085][ T1510] ================================================================== [ 55.427483][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.435004][ T1510] Kernel Offset: disabled [ 55.439307][ T1510] Rebooting in 86400 seconds..