Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.217498] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.228627] EXT4-fs error (device loop0): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters [ 28.254024] ================================================================== [ 28.261487] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1787/0x3180 [ 28.268566] Read of size 18446744073709551600 at addr ffff88809aa150d4 by task syz-executor500/7976 [ 28.277724] [ 28.279372] CPU: 1 PID: 7976 Comm: syz-executor500 Not tainted 4.14.230-syzkaller #0 [ 28.287230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.296563] Call Trace: [ 28.299130] dump_stack+0x1b2/0x281 [ 28.302734] print_address_description.cold+0x54/0x1d3 [ 28.308000] kasan_report_error.cold+0x8a/0x191 [ 28.312646] ? ext4_xattr_set_entry+0x1787/0x3180 [ 28.317461] kasan_report+0x6f/0x80 [ 28.321080] ? trace_hardirqs_on_caller+0x520/0x580 [ 28.326069] ? ext4_xattr_set_entry+0x1787/0x3180 [ 28.330887] memmove+0x20/0x50 [ 28.334057] ext4_xattr_set_entry+0x1787/0x3180 [ 28.338706] ? mark_page_accessed+0x20c/0x530 [ 28.343180] ? ext4_xattr_inode_get+0x5d0/0x5d0 [ 28.347833] ext4_xattr_ibody_inline_set+0x73/0x280 [ 28.352825] ext4_destroy_inline_data_nolock+0x1cb/0x440 [ 28.358253] ? ext4_update_inline_data+0x3c0/0x3c0 [ 28.363161] ? ext4_read_inline_data.part.0+0x1e9/0x280 [ 28.368846] ? ext4_convert_inline_data_nolock+0x253/0xb40 [ 28.374447] ext4_convert_inline_data_nolock+0x115/0xb40 [ 28.379886] ? ext4_read_inline_page+0x560/0x560 [ 28.384619] ext4_convert_inline_data+0x2ae/0x300 [ 28.389437] ? ext4_inline_data_truncate+0x940/0x940 [ 28.394525] ? __fd_install+0x227/0x5c0 [ 28.398496] ? __fget+0x1fe/0x360 [ 28.401951] ext4_fallocate+0x106/0x1d80 [ 28.405994] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.411434] ? ext4_insert_range+0x1340/0x1340 [ 28.416003] vfs_fallocate+0x346/0x790 [ 28.419865] SyS_fallocate+0x4a/0x80 [ 28.423568] ? compat_SyS_ftruncate+0x20/0x20 [ 28.428038] do_syscall_64+0x1d5/0x640 [ 28.431903] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.437068] RIP: 0033:0x449d49 [ 28.440232] RSP: 002b:00007f01896c72f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 28.447927] RAX: ffffffffffffffda RBX: 00000000004cc4d0 RCX: 0000000000449d49 [ 28.455173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 28.462429] RBP: 000000000049c064 R08: 0000000000000000 R09: 0000000000000000 [ 28.469674] R10: 0000000010000101 R11: 0000000000000246 R12: 000000000049b060 [ 28.476925] R13: 0030656c69662f2e R14: e5d26e84aa4cf3c6 R15: 00000000004cc4d8 [ 28.484195] [ 28.485800] The buggy address belongs to the page: [ 28.490708] page:ffffea00026a8540 count:2 mapcount:0 mapping:ffff8880b1d7ea68 index:0x8 [ 28.498830] flags: 0xfff0000001107c(referenced|uptodate|dirty|lru|active|private|mappedtodisk) [ 28.507564] raw: 00fff0000001107c ffff8880b1d7ea68 0000000000000008 00000002ffffffff [ 28.515420] raw: ffffea00026af960 ffffea00027724a0 ffff888090694000 ffff88823b320880 [ 28.523271] page dumped because: kasan: bad access detected [ 28.528954] page->mem_cgroup:ffff88823b320880 [ 28.533432] [ 28.535033] Memory state around the buggy address: [ 28.539935] ffff88809aa14f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.547278] ffff88809aa15000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.554608] >ffff88809aa15080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.561940] ^ [ 28.567897] ffff88809aa15100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.575230] ffff88809aa15180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.582559] ================================================================== [ 28.589889] Disabling lock debugging due to kernel taint [ 28.601732] Kernel panic - not syncing: panic_on_warn set ... [ 28.601732] [ 28.609113] CPU: 0 PID: 7976 Comm: syz-executor500 Tainted: G B 4.14.230-syzkaller #0 [ 28.618244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.627573] Call Trace: [ 28.630142] dump_stack+0x1b2/0x281 [ 28.633745] panic+0x1f9/0x42d [ 28.637002] ? add_taint.cold+0x16/0x16 [ 28.640950] ? ___preempt_schedule+0x16/0x18 [ 28.645335] kasan_end_report+0x43/0x49 [ 28.649281] kasan_report_error.cold+0xa7/0x191 [ 28.653962] ? ext4_xattr_set_entry+0x1787/0x3180 [ 28.658790] kasan_report+0x6f/0x80 [ 28.662403] ? trace_hardirqs_on_caller+0x520/0x580 [ 28.667394] ? ext4_xattr_set_entry+0x1787/0x3180 [ 28.672208] memmove+0x20/0x50 [ 28.675443] ext4_xattr_set_entry+0x1787/0x3180 [ 28.680100] ? mark_page_accessed+0x20c/0x530 [ 28.684578] ? ext4_xattr_inode_get+0x5d0/0x5d0 [ 28.689229] ext4_xattr_ibody_inline_set+0x73/0x280 [ 28.694225] ext4_destroy_inline_data_nolock+0x1cb/0x440 [ 28.699657] ? ext4_update_inline_data+0x3c0/0x3c0 [ 28.704589] ? ext4_read_inline_data.part.0+0x1e9/0x280 [ 28.709928] ? ext4_convert_inline_data_nolock+0x253/0xb40 [ 28.715527] ext4_convert_inline_data_nolock+0x115/0xb40 [ 28.720967] ? ext4_read_inline_page+0x560/0x560 [ 28.725711] ext4_convert_inline_data+0x2ae/0x300 [ 28.730532] ? ext4_inline_data_truncate+0x940/0x940 [ 28.735611] ? __fd_install+0x227/0x5c0 [ 28.739559] ? __fget+0x1fe/0x360 [ 28.742987] ext4_fallocate+0x106/0x1d80 [ 28.747069] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.752500] ? ext4_insert_range+0x1340/0x1340 [ 28.757066] vfs_fallocate+0x346/0x790 [ 28.760928] SyS_fallocate+0x4a/0x80 [ 28.764618] ? compat_SyS_ftruncate+0x20/0x20 [ 28.769097] do_syscall_64+0x1d5/0x640 [ 28.772961] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.778125] RIP: 0033:0x449d49 [ 28.781287] RSP: 002b:00007f01896c72f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 28.788967] RAX: ffffffffffffffda RBX: 00000000004cc4d0 RCX: 0000000000449d49 [ 28.796212] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 28.803455] RBP: 000000000049c064 R08: 0000000000000000 R09: 0000000000000000 [ 28.810698] R10: 0000000010000101 R11: 0000000000000246 R12: 000000000049b060 [ 28.817946] R13: 0030656c69662f2e R14: e5d26e84aa4cf3c6 R15: 00000000004cc4d8 [ 28.825974] Kernel Offset: disabled [ 28.829589] Rebooting in 86400 seconds..