==================================================================
BUG: KASAN: stack-out-of-bounds in add_transaction_credits+0xb61/0xe90 fs/jbd2/transaction.c:186
Read of size 4 at addr ffff880191ec8a8c by task syz-executor4/29811
CPU: 1 PID: 29811 Comm: syz-executor4 Not tainted 4.18.0-rc3+ #49
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
print_address_description+0x6c/0x20b mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432
add_transaction_credits+0xb61/0xe90 fs/jbd2/transaction.c:186
start_this_handle+0x427/0x1260 fs/jbd2/transaction.c:357
jbd2__journal_start+0x3cb/0xa80 fs/jbd2/transaction.c:439
__ext4_journal_start_sb+0x182/0x600 fs/ext4/ext4_jbd2.c:81
__ext4_journal_start fs/ext4/ext4_jbd2.h:311 [inline]
ext4_dirty_inode+0x62/0xc0 fs/ext4/inode.c:5978
__mark_inode_dirty+0x825/0x1550 fs/fs-writeback.c:2129
generic_update_time+0x26a/0x450 fs/inode.c:1643
update_time fs/inode.c:1659 [inline]
file_update_time+0x390/0x640 fs/inode.c:1870
ext4_page_mkwrite+0x1fe/0x1430 fs/ext4/inode.c:6126
do_page_mkwrite+0x14e/0x520 mm/memory.c:2380
do_shared_fault mm/memory.c:3706 [inline]
do_fault mm/memory.c:3745 [inline]
handle_pte_fault mm/memory.c:3972 [inline]
__handle_mm_fault+0x2b5d/0x4460 mm/memory.c:4096
handle_mm_fault+0x53e/0xc80 mm/memory.c:4133
__do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396
do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
RIP: 0033:0x4084b0
Code: 75 7b 52 00 00 75 33 48 8b 15 74 7b 31 00 48 8b 05 65 7b 31 00 48 39 d0 48 8d 8a 00 00 00 01 72 20 48 39 c8 73 1b 48 8d 50 04 <89> 38 48 89 15 47 7b 31 00 48 83 c4 08 c3 66 90 31 c0 48 83 c4 08
RSP: 002b:00007ffce838b600 EFLAGS: 00010287
RAX: 0000001b2c021000 RBX: 00000000e71c83f5 RCX: 0000001b2d020000
RDX: 0000001b2c021004 RSI: 0000000000001d77 RDI: ffffffffa7181d77
RBP: 0000000000000255 R08: 00000000a7181d77 R09: 00000000a7181d7b
R10: 00007ffce838b6a0 R11: 0000000000000246 R12: 000000000072bf48
R13: 0000000080000000 R14: 00007f307e399008 R15: 0000000000001919
Allocated by task 0:
(stack is not available)
Freed by task 1102416563:
(stack is not available)
The buggy address belongs to the object at ffff880191ec8a80
which belongs to the cache jbd2_transaction_s of size 272
The buggy address is located 12 bytes inside of
272-byte region [ffff880191ec8a80, ffff880191ec8b90)
The buggy address belongs to the page:
page:ffffea000647b200 count:1 mapcount:0 mapping:ffff8801d3f536c0 index:0x0
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffffea0006476f88 ffffea00065d2f88 ffff8801d3f536c0
raw: 0000000000000000 ffff880191ec8000 000000010000000a 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff880191ec8980: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2
ffff880191ec8a00: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
>ffff880191ec8a80: f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00
^
ffff880191ec8b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff880191ec8b80: 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00
==================================================================