Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts. 2023/12/29 03:52:11 ignoring optional flag "sandboxArg"="0" 2023/12/29 03:52:11 parsed 1 programs 2023/12/29 03:52:11 executed programs: 0 [ 50.775140][ T1851] loop0: detected capacity change from 0 to 2048 [ 50.791407][ T1851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.812285][ T1851] ================================================================== [ 50.820467][ T1851] BUG: KASAN: slab-out-of-bounds in ext4_convert_inline_data_nolock+0x293/0xca0 [ 50.829649][ T1851] Read of size 20 at addr ffff88811aaed1a3 by task syz-executor.0/1851 [ 50.838137][ T1851] [ 50.840661][ T1851] CPU: 1 PID: 1851 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller #0 [ 50.849286][ T1851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 50.859380][ T1851] Call Trace: [ 50.862726][ T1851] [ 50.865655][ T1851] dump_stack_lvl+0xf8/0x260 [ 50.870317][ T1851] ? nf_tcp_handle_invalid+0x300/0x300 [ 50.875768][ T1851] ? panic+0x500/0x500 [ 50.879911][ T1851] ? _printk+0xce/0x110 [ 50.884051][ T1851] print_report+0x163/0x540 [ 50.888846][ T1851] ? ext4_convert_inline_data_nolock+0x293/0xca0 [ 50.895441][ T1851] kasan_report+0x142/0x170 [ 50.900186][ T1851] ? ext4_convert_inline_data_nolock+0x293/0xca0 [ 50.906492][ T1851] kasan_check_range+0x27e/0x290 [ 50.911583][ T1851] ? ext4_convert_inline_data_nolock+0x293/0xca0 [ 50.917893][ T1851] __asan_memcpy+0x29/0x70 [ 50.922292][ T1851] ext4_convert_inline_data_nolock+0x293/0xca0 [ 50.928680][ T1851] ? ext4_add_dirent_to_inline+0x380/0x380 [ 50.934666][ T1851] ? down_write+0x12d/0x190 [ 50.939172][ T1851] ext4_convert_inline_data+0x3c4/0x4e0 [ 50.944812][ T1851] ? ext4_inline_data_truncate+0xac0/0xac0 [ 50.950894][ T1851] ? down_write+0x12d/0x190 [ 50.955658][ T1851] ext4_fallocate+0x141/0x16e0 [ 50.960411][ T1851] ? read_lock_is_recursive+0x20/0x20 [ 50.965960][ T1851] ? ext4_ext_truncate+0x210/0x210 [ 50.971059][ T1851] ? preempt_count_add+0x93/0x130 [ 50.976139][ T1851] vfs_fallocate+0x316/0x3d0 [ 50.980755][ T1851] __x64_sys_fallocate+0xaa/0xe0 [ 50.985750][ T1851] do_syscall_64+0x45/0xe0 [ 50.990169][ T1851] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 50.996060][ T1851] RIP: 0033:0x7f0468a0d8d9 [ 51.000545][ T1851] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 51.020342][ T1851] RSP: 002b:00007f04685900c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 51.028754][ T1851] RAX: ffffffffffffffda RBX: 00007f0468b2cf80 RCX: 00007f0468a0d8d9 [ 51.036799][ T1851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 51.045117][ T1851] RBP: 00007f0468a69b20 R08: 0000000000000000 R09: 0000000000000000 [ 51.053530][ T1851] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 51.061584][ T1851] R13: 0000000000000006 R14: 00007f0468b2cf80 R15: 00007fffb1df7dd8 [ 51.069811][ T1851] [ 51.072810][ T1851] [ 51.075295][ T1851] Allocated by task 1600: [ 51.079623][ T1851] kasan_set_track+0x4f/0x70 [ 51.084238][ T1851] __kasan_slab_alloc+0x66/0x70 [ 51.089155][ T1851] slab_post_alloc_hook+0x67/0x3c0 [ 51.094425][ T1851] kmem_cache_alloc_bulk+0x456/0x520 [ 51.099681][ T1851] mas_alloc_nodes+0x359/0x680 [ 51.104947][ T1851] mas_preallocate+0xd91/0x17b0 [ 51.110146][ T1851] __split_vma+0x219/0xad0 [ 51.114823][ T1851] do_vmi_align_munmap+0x3e0/0x1390 [ 51.120322][ T1851] do_vmi_munmap+0x1b1/0x210 [ 51.124986][ T1851] mmap_region+0x6eb/0x1ad0 [ 51.129598][ T1851] do_mmap+0x6c0/0xb90 [ 51.133642][ T1851] vm_mmap_pgoff+0x216/0x3a0 [ 51.139169][ T1851] ksys_mmap_pgoff+0x2d9/0x3c0 [ 51.143930][ T1851] do_syscall_64+0x45/0xe0 [ 51.148993][ T1851] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 51.154987][ T1851] [ 51.157738][ T1851] Freed by task 1603: [ 51.161841][ T1851] kasan_set_track+0x4f/0x70 [ 51.166443][ T1851] kasan_save_free_info+0x28/0x40 [ 51.171503][ T1851] ____kasan_slab_free+0x122/0x1e0 [ 51.176647][ T1851] kmem_cache_free+0x2f0/0x510 [ 51.181392][ T1851] rcu_core+0xc48/0x1460 [ 51.185699][ T1851] __do_softirq+0x1ba/0x571 [ 51.190193][ T1851] [ 51.192515][ T1851] Last potentially related work creation: [ 51.198235][ T1851] kasan_save_stack+0x3f/0x60 [ 51.202904][ T1851] __kasan_record_aux_stack+0xad/0xc0 [ 51.208358][ T1851] call_rcu+0x159/0x8e0 [ 51.212607][ T1851] mas_wmb_replace+0x11b0/0x2410 [ 51.217541][ T1851] mas_commit_b_node+0x1f44/0x3b00 [ 51.222745][ T1851] mas_wr_modify+0x109a/0x2600 [ 51.227492][ T1851] mas_store_prealloc+0x1f4/0x690 [ 51.232678][ T1851] vma_complete+0x275/0x950 [ 51.237436][ T1851] __split_vma+0x967/0xad0 [ 51.242108][ T1851] do_vmi_align_munmap+0x3e0/0x1390 [ 51.247612][ T1851] do_vmi_munmap+0x1b1/0x210 [ 51.252240][ T1851] mmap_region+0x6eb/0x1ad0 [ 51.256722][ T1851] do_mmap+0x6c0/0xb90 [ 51.261295][ T1851] vm_mmap_pgoff+0x216/0x3a0 [ 51.265874][ T1851] ksys_mmap_pgoff+0x2d9/0x3c0 [ 51.270611][ T1851] do_syscall_64+0x45/0xe0 [ 51.275030][ T1851] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 51.281086][ T1851] [ 51.283488][ T1851] Second to last potentially related work creation: [ 51.290411][ T1851] kasan_save_stack+0x3f/0x60 [ 51.295234][ T1851] __kasan_record_aux_stack+0xad/0xc0 [ 51.300623][ T1851] call_rcu+0x159/0x8e0 [ 51.304884][ T1851] mas_wr_modify+0x1c55/0x2600 [ 51.309742][ T1851] mas_store_prealloc+0x1f4/0x690 [ 51.314762][ T1851] vma_complete+0x275/0x950 [ 51.319252][ T1851] __split_vma+0x967/0xad0 [ 51.323921][ T1851] vma_modify+0x287/0x330 [ 51.328232][ T1851] mprotect_fixup+0x323/0x920 [ 51.332995][ T1851] do_mprotect_pkey+0x7ad/0xa70 [ 51.338187][ T1851] __x64_sys_mprotect+0x7b/0x90 [ 51.343083][ T1851] do_syscall_64+0x45/0xe0 [ 51.347483][ T1851] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 51.353533][ T1851] [ 51.355867][ T1851] The buggy address belongs to the object at ffff88811aaed000 [ 51.355867][ T1851] which belongs to the cache maple_node of size 256 [ 51.370206][ T1851] The buggy address is located 163 bytes to the right of [ 51.370206][ T1851] allocated 256-byte region [ffff88811aaed000, ffff88811aaed100) [ 51.385550][ T1851] [ 51.387865][ T1851] The buggy address belongs to the physical page: [ 51.394286][ T1851] page:ffffea00046abb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11aaec [ 51.404762][ T1851] head:ffffea00046abb00 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.413935][ T1851] flags: 0x200000000000840(slab|head|node=0|zone=2) [ 51.420502][ T1851] page_type: 0xffffffff() [ 51.424807][ T1851] raw: 0200000000000840 ffff888100a4d000 dead000000000100 dead000000000122 [ 51.433718][ T1851] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 51.442813][ T1851] page dumped because: kasan: bad access detected [ 51.449304][ T1851] page_owner tracks the page as allocated [ 51.455181][ T1851] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1171, tgid 1171 (modprobe), ts 27044431228, free_ts 26841236992 [ 51.476253][ T1851] post_alloc_hook+0x10b/0x130 [ 51.480997][ T1851] get_page_from_freelist+0x32d5/0x36a0 [ 51.486618][ T1851] __alloc_pages+0x255/0x650 [ 51.491484][ T1851] alloc_pages_mpol+0x143/0x320 [ 51.496415][ T1851] alloc_slab_page+0x6a/0x170 [ 51.501086][ T1851] new_slab+0x70/0x270 [ 51.505782][ T1851] ___slab_alloc+0x94b/0xee0 [ 51.510390][ T1851] kmem_cache_alloc+0x1dd/0x2f0 [ 51.515278][ T1851] mas_alloc_nodes+0x1dd/0x680 [ 51.520313][ T1851] mas_preallocate+0xd91/0x17b0 [ 51.525767][ T1851] __split_vma+0x219/0xad0 [ 51.531298][ T1851] do_vmi_align_munmap+0x3e0/0x1390 [ 51.536619][ T1851] do_vmi_munmap+0x1b1/0x210 [ 51.542000][ T1851] mmap_region+0x6eb/0x1ad0 [ 51.547839][ T1851] do_mmap+0x6c0/0xb90 [ 51.552100][ T1851] vm_mmap_pgoff+0x216/0x3a0 [ 51.556962][ T1851] page last free stack trace: [ 51.561626][ T1851] free_unref_page_prepare+0x7e3/0x900 [ 51.568211][ T1851] free_unref_page+0x34/0x230 [ 51.572896][ T1851] vfree+0x10e/0x200 [ 51.576820][ T1851] delayed_vfree_work+0x3c/0x70 [ 51.581983][ T1851] process_scheduled_works+0x7e6/0xfc0 [ 51.587445][ T1851] worker_thread+0x868/0xc90 [ 51.592398][ T1851] kthread+0x233/0x280 [ 51.596620][ T1851] ret_from_fork+0x2e/0x60 [ 51.601042][ T1851] ret_from_fork_asm+0x11/0x20 [ 51.605868][ T1851] [ 51.608191][ T1851] Memory state around the buggy address: [ 51.613881][ T1851] ffff88811aaed080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.622290][ T1851] ffff88811aaed100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.630442][ T1851] >ffff88811aaed180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.638773][ T1851] ^ [ 51.643948][ T1851] ffff88811aaed200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.652010][ T1851] ffff88811aaed280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.660063][ T1851] ================================================================== [ 51.668602][ T1851] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.676163][ T1851] Kernel Offset: disabled [ 51.680507][ T1851] Rebooting in 86400 seconds..