Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts. 2024/01/10 23:43:49 ignoring optional flag "sandboxArg"="0" 2024/01/10 23:43:49 parsed 1 programs 2024/01/10 23:43:49 executed programs: 0 [ 52.358180][ T1502] loop0: detected capacity change from 0 to 2048 [ 52.376917][ T1502] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 52.396639][ T1502] ================================================================== [ 52.404705][ T1502] BUG: KASAN: slab-out-of-bounds in ext4_convert_inline_data_nolock+0x282/0xc10 [ 52.413710][ T1502] Read of size 20 at addr ffff888117d651a3 by task syz-executor.0/1502 [ 52.421914][ T1502] [ 52.424213][ T1502] CPU: 0 PID: 1502 Comm: syz-executor.0 Not tainted 6.1.72-syzkaller #0 [ 52.432530][ T1502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 52.442573][ T1502] Call Trace: [ 52.445829][ T1502] [ 52.448738][ T1502] dump_stack_lvl+0xf4/0x251 [ 52.453387][ T1502] ? ext4_convert_inline_data+0x3b8/0x4d0 [ 52.459341][ T1502] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 52.464805][ T1502] ? panic+0x3f7/0x3f7 [ 52.468846][ T1502] ? _printk+0xca/0x10a [ 52.472970][ T1502] print_report+0x15f/0x4f0 [ 52.477443][ T1502] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 52.483755][ T1502] kasan_report+0x136/0x160 [ 52.488231][ T1502] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 52.494721][ T1502] kasan_check_range+0x27f/0x290 [ 52.499633][ T1502] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 52.505940][ T1502] memcpy+0x25/0x60 [ 52.509733][ T1502] ext4_convert_inline_data_nolock+0x282/0xc10 [ 52.515878][ T1502] ? __down_write_common+0x12a/0x1e0 [ 52.521162][ T1502] ? ext4_add_dirent_to_inline+0x390/0x390 [ 52.526951][ T1502] ? __ext4_journal_start_sb+0xa4/0x360 [ 52.532479][ T1502] ext4_convert_inline_data+0x3b8/0x4d0 [ 52.538007][ T1502] ? ext4_inline_data_truncate+0xb70/0xb70 [ 52.543789][ T1502] ext4_fallocate+0x136/0x1790 [ 52.548526][ T1502] ? read_lock_is_recursive+0x10/0x10 [ 52.553890][ T1502] ? ext4_ext_truncate+0x260/0x260 [ 52.558979][ T1502] ? preempt_count_add+0x8f/0x120 [ 52.563978][ T1502] vfs_fallocate+0x30c/0x3d0 [ 52.568540][ T1502] __x64_sys_fallocate+0xa6/0xd0 [ 52.573450][ T1502] do_syscall_64+0x3d/0x80 [ 52.578100][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.583967][ T1502] RIP: 0033:0x7fe79f921959 [ 52.588380][ T1502] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 52.607958][ T1502] RSP: 002b:00007fe79f4a40c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 52.616433][ T1502] RAX: ffffffffffffffda RBX: 00007fe79fa40f80 RCX: 00007fe79f921959 [ 52.624464][ T1502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 52.632416][ T1502] RBP: 00007fe79f97dc88 R08: 0000000000000000 R09: 0000000000000000 [ 52.640450][ T1502] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 52.648406][ T1502] R13: 0000000000000006 R14: 00007fe79fa40f80 R15: 00007ffdd100d338 [ 52.656354][ T1502] [ 52.659364][ T1502] [ 52.661662][ T1502] Allocated by task 1398: [ 52.665967][ T1502] kasan_set_track+0x4b/0x70 [ 52.670542][ T1502] __kasan_slab_alloc+0x65/0x70 [ 52.675372][ T1502] slab_post_alloc_hook+0x54/0x3e0 [ 52.680459][ T1502] kmem_cache_alloc_bulk+0x2d4/0x360 [ 52.685725][ T1502] mas_alloc_nodes+0x359/0x680 [ 52.690458][ T1502] mas_preallocate+0xee/0x290 [ 52.695104][ T1502] mmap_region+0xd1c/0x1780 [ 52.699577][ T1502] do_mmap+0x69e/0xb60 [ 52.703618][ T1502] vm_mmap_pgoff+0x1b7/0x280 [ 52.708177][ T1502] ksys_mmap_pgoff+0x2cf/0x3b0 [ 52.712911][ T1502] do_syscall_64+0x3d/0x80 [ 52.717299][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.723161][ T1502] [ 52.725463][ T1502] Freed by task 1398: [ 52.729412][ T1502] kasan_set_track+0x4b/0x70 [ 52.733971][ T1502] kasan_save_free_info+0x27/0x40 [ 52.738965][ T1502] ____kasan_slab_free+0x122/0x1e0 [ 52.744052][ T1502] kmem_cache_free+0x2e8/0x510 [ 52.748875][ T1502] mas_destroy+0x267f/0x2ec0 [ 52.753435][ T1502] mas_store_prealloc+0x283/0x3b0 [ 52.758429][ T1502] mmap_region+0xf25/0x1780 [ 52.762904][ T1502] do_mmap+0x69e/0xb60 [ 52.766941][ T1502] vm_mmap_pgoff+0x1b7/0x280 [ 52.771500][ T1502] ksys_mmap_pgoff+0x2cf/0x3b0 [ 52.776405][ T1502] do_syscall_64+0x3d/0x80 [ 52.780790][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.786658][ T1502] [ 52.788957][ T1502] Last potentially related work creation: [ 52.794645][ T1502] kasan_save_stack+0x3b/0x60 [ 52.799294][ T1502] __kasan_record_aux_stack+0xb0/0xc0 [ 52.804639][ T1502] call_rcu+0x149/0x830 [ 52.808775][ T1502] mas_wr_modify+0x4512/0x6760 [ 52.813509][ T1502] mas_store_prealloc+0x24e/0x3b0 [ 52.818504][ T1502] vma_expand+0x404/0x720 [ 52.822803][ T1502] mmap_region+0x995/0x1780 [ 52.827273][ T1502] do_mmap+0x69e/0xb60 [ 52.831317][ T1502] vm_mmap_pgoff+0x1b7/0x280 [ 52.835881][ T1502] ksys_mmap_pgoff+0x2cf/0x3b0 [ 52.840614][ T1502] do_syscall_64+0x3d/0x80 [ 52.845007][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.850955][ T1502] [ 52.853253][ T1502] The buggy address belongs to the object at ffff888117d65000 [ 52.853253][ T1502] which belongs to the cache maple_node of size 256 [ 52.867483][ T1502] The buggy address is located 163 bytes to the right of [ 52.867483][ T1502] 256-byte region [ffff888117d65000, ffff888117d65100) [ 52.881255][ T1502] [ 52.883560][ T1502] The buggy address belongs to the physical page: [ 52.890033][ T1502] page:ffffea00045f5900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117d64 [ 52.900248][ T1502] head:ffffea00045f5900 order:1 compound_mapcount:0 compound_pincount:0 [ 52.908715][ T1502] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 52.915276][ T1502] raw: 0200000000010200 ffffea00045eca80 dead000000000004 ffff8881000cd000 [ 52.923836][ T1502] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 52.932387][ T1502] page dumped because: kasan: bad access detected [ 52.938768][ T1502] page_owner tracks the page as allocated [ 52.944466][ T1502] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 575, tgid 575 (modprobe), ts 24150330679, free_ts 24001306215 [ 52.965261][ T1502] post_alloc_hook+0x286/0x2b0 [ 52.970353][ T1502] get_page_from_freelist+0x2ba7/0x2de0 [ 52.975871][ T1502] __alloc_pages+0x251/0x640 [ 52.980436][ T1502] alloc_slab_page+0x6a/0x150 [ 52.985081][ T1502] new_slab+0x70/0x250 [ 52.989119][ T1502] ___slab_alloc+0x9df/0xe70 [ 52.993679][ T1502] kmem_cache_alloc_bulk+0x15c/0x360 [ 52.998934][ T1502] mas_alloc_nodes+0x359/0x680 [ 53.003671][ T1502] mas_preallocate+0xee/0x290 [ 53.008318][ T1502] vma_expand+0x1f9/0x720 [ 53.012617][ T1502] mmap_region+0x995/0x1780 [ 53.017176][ T1502] do_mmap+0x69e/0xb60 [ 53.021217][ T1502] vm_mmap_pgoff+0x1b7/0x280 [ 53.025778][ T1502] ksys_mmap_pgoff+0x2cf/0x3b0 [ 53.030521][ T1502] do_syscall_64+0x3d/0x80 [ 53.034919][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.040851][ T1502] page last free stack trace: [ 53.045501][ T1502] free_unref_page_prepare+0xca9/0xd80 [ 53.050954][ T1502] free_unref_page+0x30/0x230 [ 53.055606][ T1502] __unfreeze_partials+0x1af/0x210 [ 53.060693][ T1502] put_cpu_partial+0x150/0x1a0 [ 53.065429][ T1502] qlist_free_all+0x76/0xe0 [ 53.069907][ T1502] kasan_quarantine_reduce+0x156/0x170 [ 53.075335][ T1502] __kasan_slab_alloc+0x1f/0x70 [ 53.080155][ T1502] slab_post_alloc_hook+0x54/0x3e0 [ 53.085236][ T1502] kmem_cache_alloc+0x10c/0x290 [ 53.090056][ T1502] vm_area_alloc+0x1b/0xd0 [ 53.094461][ T1502] mmap_region+0x9fe/0x1780 [ 53.099040][ T1502] do_mmap+0x69e/0xb60 [ 53.103169][ T1502] vm_mmap_pgoff+0x1b7/0x280 [ 53.107734][ T1502] ksys_mmap_pgoff+0x2cf/0x3b0 [ 53.112471][ T1502] do_syscall_64+0x3d/0x80 [ 53.116860][ T1502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.122810][ T1502] [ 53.125117][ T1502] Memory state around the buggy address: [ 53.130714][ T1502] ffff888117d65080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.138831][ T1502] ffff888117d65100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.147210][ T1502] >ffff888117d65180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 53.155332][ T1502] ^ [ 53.160411][ T1502] ffff888117d65200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.168450][ T1502] ffff888117d65280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.176483][ T1502] ================================================================== [ 53.184730][ T1502] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.192195][ T1502] Kernel Offset: disabled [ 53.196599][ T1502] Rebooting in 86400 seconds..