Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2024/09/21 22:41:02 ignoring optional flag "sandboxArg"="0" 2024/09/21 22:41:02 parsed 1 programs 2024/09/21 22:41:02 executed programs: 0 [ 58.737144][ T1401] loop0: detected capacity change from 0 to 2048 [ 58.753374][ T1401] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 58.768246][ T1401] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 58.786506][ T947] EXT4-fs (loop0): unmounting filesystem. [ 58.817684][ T1407] loop0: detected capacity change from 0 to 2048 [ 58.833499][ T1407] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 58.849079][ T1407] ================================================================== [ 58.857162][ T1407] BUG: KASAN: slab-out-of-bounds in ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.866447][ T1407] Read of size 20 at addr ffff888117f451a3 by task syz-executor.0/1407 [ 58.874652][ T1407] [ 58.876952][ T1407] CPU: 0 PID: 1407 Comm: syz-executor.0 Not tainted 6.1.111-syzkaller #0 [ 58.885337][ T1407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 58.895377][ T1407] Call Trace: [ 58.898648][ T1407] [ 58.901562][ T1407] dump_stack_lvl+0xf4/0x251 [ 58.906243][ T1407] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.911683][ T1407] ? panic+0x3fe/0x3fe [ 58.915731][ T1407] ? _printk+0xca/0x10a [ 58.919866][ T1407] ? __virt_addr_valid+0x139/0x270 [ 58.924957][ T1407] ? __virt_addr_valid+0x221/0x270 [ 58.930045][ T1407] print_report+0x15f/0x4f0 [ 58.934528][ T1407] ? __virt_addr_valid+0x139/0x270 [ 58.939618][ T1407] ? __virt_addr_valid+0x221/0x270 [ 58.944710][ T1407] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.951054][ T1407] kasan_report+0x136/0x160 [ 58.955539][ T1407] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.961874][ T1407] kasan_check_range+0x27f/0x290 [ 58.966793][ T1407] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.973096][ T1407] memcpy+0x25/0x60 [ 58.976886][ T1407] ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.983017][ T1407] ? ext4_add_dirent_to_inline+0x390/0x390 [ 58.988822][ T1407] ? down_write+0x146/0x1d0 [ 58.993318][ T1407] ? __ext4_journal_start_sb+0xa4/0x360 [ 58.998853][ T1407] ext4_convert_inline_data+0x3b8/0x4d0 [ 59.004390][ T1407] ? ext4_inline_data_truncate+0xb70/0xb70 [ 59.010203][ T1407] ? down_write+0x146/0x1d0 [ 59.014792][ T1407] ext4_fallocate+0x136/0x1790 [ 59.019543][ T1407] ? read_lock_is_recursive+0x10/0x10 [ 59.024899][ T1407] ? ext4_ext_truncate+0x260/0x260 [ 59.029992][ T1407] ? preempt_count_add+0x8f/0x120 [ 59.035259][ T1407] vfs_fallocate+0x30c/0x3d0 [ 59.039838][ T1407] __x64_sys_fallocate+0xa6/0xd0 [ 59.044766][ T1407] do_syscall_64+0x3b/0x80 [ 59.049185][ T1407] ? clear_bhb_loop+0x45/0xa0 [ 59.053844][ T1407] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.059717][ T1407] RIP: 0033:0x7fa691edf959 [ 59.064113][ T1407] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.083958][ T1407] RSP: 002b:00007fa691a620c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 59.092352][ T1407] RAX: ffffffffffffffda RBX: 00007fa691ffef80 RCX: 00007fa691edf959 [ 59.100311][ T1407] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 59.108264][ T1407] RBP: 00007fa691f3bc88 R08: 0000000000000000 R09: 0000000000000000 [ 59.116216][ T1407] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 59.124168][ T1407] R13: 0000000000000006 R14: 00007fa691ffef80 R15: 00007ffc92ff5448 [ 59.132128][ T1407] [ 59.135143][ T1407] [ 59.137464][ T1407] Allocated by task 1150: [ 59.141779][ T1407] kasan_set_track+0x4b/0x70 [ 59.146438][ T1407] __kasan_slab_alloc+0x65/0x70 [ 59.151265][ T1407] slab_post_alloc_hook+0x54/0x3e0 [ 59.156363][ T1407] kmem_cache_alloc_bulk+0x2d4/0x360 [ 59.161624][ T1407] mas_alloc_nodes+0x359/0x680 [ 59.166368][ T1407] mas_preallocate+0xee/0x290 [ 59.171024][ T1407] mmap_region+0xd1c/0x1780 [ 59.175508][ T1407] do_mmap+0x69e/0xb60 [ 59.179644][ T1407] vm_mmap_pgoff+0x1b7/0x280 [ 59.184210][ T1407] ksys_mmap_pgoff+0x2cf/0x3b0 [ 59.188951][ T1407] do_syscall_64+0x3b/0x80 [ 59.193444][ T1407] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.199313][ T1407] [ 59.201629][ T1407] Freed by task 1150: [ 59.205588][ T1407] kasan_set_track+0x4b/0x70 [ 59.210166][ T1407] kasan_save_free_info+0x27/0x40 [ 59.215188][ T1407] ____kasan_slab_free+0x122/0x1e0 [ 59.220303][ T1407] kmem_cache_free+0x2e8/0x510 [ 59.225052][ T1407] mas_destroy+0x267f/0x2ec0 [ 59.229630][ T1407] mas_store_prealloc+0x283/0x3b0 [ 59.234635][ T1407] mmap_region+0xf25/0x1780 [ 59.239123][ T1407] do_mmap+0x69e/0xb60 [ 59.243294][ T1407] vm_mmap_pgoff+0x1b7/0x280 [ 59.247882][ T1407] ksys_mmap_pgoff+0x2cf/0x3b0 [ 59.252634][ T1407] do_syscall_64+0x3b/0x80 [ 59.257129][ T1407] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.263011][ T1407] [ 59.265359][ T1407] The buggy address belongs to the object at ffff888117f45000 [ 59.265359][ T1407] which belongs to the cache maple_node of size 256 [ 59.279482][ T1407] The buggy address is located 163 bytes to the right of [ 59.279482][ T1407] 256-byte region [ffff888117f45000, ffff888117f45100) [ 59.293319][ T1407] [ 59.295665][ T1407] The buggy address belongs to the physical page: [ 59.302057][ T1407] page:ffffea00045fd100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117f44 [ 59.312285][ T1407] head:ffffea00045fd100 order:1 compound_mapcount:0 compound_pincount:0 [ 59.320786][ T1407] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 59.327357][ T1407] raw: 0200000000010200 ffffea0004626b00 dead000000000002 ffff8881000cd000 [ 59.335928][ T1407] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 59.344495][ T1407] page dumped because: kasan: bad access detected [ 59.350886][ T1407] page_owner tracks the page as allocated [ 59.356581][ T1407] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 600, tgid 600 (modprobe), ts 33442465374, free_ts 33112508658 [ 59.375306][ T1407] post_alloc_hook+0x286/0x2b0 [ 59.380051][ T1407] get_page_from_freelist+0x2ba7/0x2de0 [ 59.385572][ T1407] __alloc_pages+0x251/0x640 [ 59.390136][ T1407] alloc_slab_page+0x6a/0x150 [ 59.394792][ T1407] new_slab+0x70/0x250 [ 59.398835][ T1407] ___slab_alloc+0x9df/0xe70 [ 59.403417][ T1407] kmem_cache_alloc_bulk+0x15c/0x360 [ 59.408775][ T1407] mas_alloc_nodes+0x359/0x680 [ 59.413606][ T1407] mas_wr_modify+0x217a/0x6760 [ 59.418346][ T1407] mas_store_gfp+0x25c/0x3c0 [ 59.422912][ T1407] do_brk_flags+0x500/0xa70 [ 59.427410][ T1407] __se_sys_brk+0x6a4/0x9c0 [ 59.431890][ T1407] do_syscall_64+0x3b/0x80 [ 59.436286][ T1407] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.442158][ T1407] page last free stack trace: [ 59.446897][ T1407] free_unref_page_prepare+0xccc/0xdb0 [ 59.452331][ T1407] free_unref_page+0x30/0x230 [ 59.456978][ T1407] __unfreeze_partials+0x1af/0x210 [ 59.462066][ T1407] put_cpu_partial+0x150/0x1a0 [ 59.466809][ T1407] qlist_free_all+0x76/0xe0 [ 59.471305][ T1407] kasan_quarantine_reduce+0x156/0x170 [ 59.476739][ T1407] __kasan_slab_alloc+0x1f/0x70 [ 59.481570][ T1407] slab_post_alloc_hook+0x54/0x3e0 [ 59.486658][ T1407] kmem_cache_alloc_bulk+0x2d4/0x360 [ 59.491923][ T1407] mas_alloc_nodes+0x359/0x680 [ 59.496679][ T1407] mas_preallocate+0xee/0x290 [ 59.501423][ T1407] mmap_region+0xd1c/0x1780 [ 59.505902][ T1407] do_mmap+0x69e/0xb60 [ 59.509952][ T1407] vm_mmap_pgoff+0x1b7/0x280 [ 59.514607][ T1407] elf_map+0xe8/0x250 [ 59.518568][ T1407] load_elf_interp+0x391/0xac0 [ 59.523308][ T1407] [ 59.525616][ T1407] Memory state around the buggy address: [ 59.531269][ T1407] ffff888117f45080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.539336][ T1407] ffff888117f45100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.547558][ T1407] >ffff888117f45180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.555600][ T1407] ^ [ 59.560689][ T1407] ffff888117f45200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.568817][ T1407] ffff888117f45280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.576869][ T1407] ================================================================== [ 59.585025][ T1407] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.592343][ T1407] Kernel Offset: disabled [ 59.596649][ T1407] Rebooting in 86400 seconds..