netlink: 3760 bytes leftover after parsing attributes in process `syz-executor.3'.
==================================================================
BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1aa1/0x22d0
Read of size 8 at addr ffff88800d9ef360 by task syz-executor.5/10022
CPU: 1 PID: 10022 Comm: syz-executor.5 Not tainted 6.2.0-rc8-next-20230217 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0x91/0xf0
print_report+0xcc/0x620
kasan_report+0xc0/0xf0
unwind_next_frame+0x1aa1/0x22d0
arch_stack_walk+0x87/0xf0
stack_trace_save+0x90/0xd0
kasan_save_stack+0x22/0x50
kasan_set_track+0x25/0x30
kasan_save_free_info+0x2e/0x50
__kasan_slab_free+0x10a/0x190
kmem_cache_free+0xff/0x510
rcu_core+0x822/0x1d40
__do_softirq+0x258/0x8a2
__irq_exit_rcu+0xcc/0x110
irq_exit_rcu+0x9/0x20
sysvec_apic_timer_interrupt+0x6e/0x90
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:lock_is_held_type+0x58/0x120
Code: 54 55 53 65 4c 8b 24 25 80 89 03 00 48 83 ec 08 41 8b 94 24 5c 09 00 00 85 d2 0f 85 92 00 00 00 48 89 fd 41 89 f6 9c 8f 04 24 41 8b 84 24 58 09 00 00 4d 8d ac 24 60 09 00 00 31 db 65 ff 05
RSP: 0018:ffff88800d9ef290 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff8560a8c0
RBP: ffffffff8560a8c0 R08: 00000000ffffffff R09: fffffffffffff000
R10: ffff888019b433c8 R11: 0000000000000001 R12: ffff88800902b580
R13: ffff88800fff0000 R14: 00000000ffffffff R15: ffff88800fff2000
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:trace_jbd2_handle_start+0x62/0x270
Code: 48 8d 3c c5 50 5e d2 85 e8 2b 9f ba ff 48 0f a3 1d 33 ef 0c 04 0f 92 c3 31 ff 89 de e8 07 08 86 ff 84 db 0f 85 f4 00 00 00 5b <5d> 41 5c 41 5d 41 5e 41 5f e9 80 0c 86 ff e8 7b 0c 86 ff 65 44 8b
RSP: 0018:ffff88800d9ef388 EFLAGS: 00000246 ORIG_RAX: ffffffff81b31c10
RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff81c57083
RDX: ffff88800902b580 RSI: 0000000041b58ab3 RDI: ffffffff851d7c18
RBP: ffff88800fff0000 R08: 000017de00000001 R09: ffffffff8493ab40
R10: ffff88801beba0a8 R11: ffffffff81b31cfc R12: ffff888019b433c8
R13: ffff88801beba080 R14: 1ffff11001b3de68 R15: ffffffff87ed9380
The buggy address belongs to stack of task syz-executor.5/10022
and is located at offset 32 in frame:
__ext4_mark_inode_dirty+0x0/0x890
This frame has 3 objects:
[48, 52) 'no_expand'
[64, 88) 'iloc'
[128, 152) 'iloc'
The buggy address belongs to the physical page:
page:0000000054e22384 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd9ef
flags: 0x100000000000000(node=0|zone=1)
raw: 0100000000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88800d9ef200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88800d9ef280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88800d9ef300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2
^
ffff88800d9ef380: 00 00 00 f2 f2 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3
ffff88800d9ef400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
netlink: 3760 bytes leftover after parsing attributes in process `syz-executor.3'.
----------------
Code disassembly (best guess):
0: 54 push %rsp
1: 55 push %rbp
2: 53 push %rbx
3: 65 4c 8b 24 25 80 89 mov %gs:0x38980,%r12
a: 03 00
c: 48 83 ec 08 sub $0x8,%rsp
10: 41 8b 94 24 5c 09 00 mov 0x95c(%r12),%edx
17: 00
18: 85 d2 test %edx,%edx
1a: 0f 85 92 00 00 00 jne 0xb2
20: 48 89 fd mov %rdi,%rbp
23: 41 89 f6 mov %esi,%r14d
26: 9c pushfq
27: 8f 04 24 popq (%rsp)
* 2a: fa cli <-- trapping instruction
2b: 41 8b 84 24 58 09 00 mov 0x958(%r12),%eax
32: 00
33: 4d 8d ac 24 60 09 00 lea 0x960(%r12),%r13
3a: 00
3b: 31 db xor %ebx,%ebx
3d: 65 gs
3e: ff .byte 0xff
3f: 05 .byte 0x5