INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   26.118158] EXT4-fs (sda1): Ignoring removed nobh option
[   26.123889] EXT4-fs (sda1): Ignoring removed mblk_io_submit option
[   26.139532] ==================================================================
[   26.147150] BUG: KASAN: use-after-free in __ext4_expand_extra_isize+0x178/0x240
[   26.150463] EXT4-fs (sda1): re-mounted. Opts: i_version,nouid32,debug_want_extra_isize=8536059,nobh,block_validity,mblk_io_submit,
[   26.154636] Write of size 8536027 at addr ffff8801bc1e61a0 by task rs:main Q:Reg/4354
[   26.168255] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[   26.168255] 
[   26.174499] 
[   26.183842] CPU: 1 PID: 1 Comm: init Not tainted 4.16.0+ #4
[   26.191126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.200472] Call Trace:
[   26.203063]  dump_stack+0x1b9/0x294
[   26.206684]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.211868]  ? lock_downgrade+0x8e0/0x8e0
[   26.216037]  panic+0x22f/0x4de
[   26.219219]  ? add_taint.cold.5+0x16/0x16
[   26.223364]  ? _raw_write_unlock_irq+0x27/0x70
[   26.227939]  ? forget_original_parent.cold.19+0x5f/0xd5
[   26.233297]  forget_original_parent.cold.19+0x7b/0xd5
[   26.238484]  ? debug_check_no_locks_freed+0x310/0x310
[   26.243669]  ? kill_orphaned_pgrp+0x590/0x590
[   26.248252]  ? perf_lock_task_context+0x970/0x970
[   26.253096]  ? perf_event_exit_task+0xbfc/0x1020
[   26.257842]  ? graph_lock+0x170/0x170
[   26.261635]  ? rcu_is_watching+0x85/0x140
[   26.265793]  ? SyS_perf_event_open+0x40/0x40
[   26.270192]  ? kasan_check_read+0x11/0x20
[   26.274331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.279874]  ? refcount_add_not_zero+0x320/0x320
[   26.284620]  ? fpu__drop+0x127/0x740
[   26.288324]  ? lock_acquire+0x1dc/0x520
[   26.292287]  ? do_exit+0x1b4d/0x2730
[   26.295991]  ? lock_release+0xa10/0xa10
[   26.299953]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.305488]  ? task_work_run+0x227/0x290
[   26.309544]  ? kasan_check_write+0x14/0x20
[   26.313769]  ? do_raw_write_lock+0xbd/0x1b0
[   26.318100]  do_exit+0x1b58/0x2730
[   26.321726]  ? mm_update_next_owner+0x980/0x980
[   26.326389]  ? profiling_store+0xd0/0xd0
[   26.330448]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.335457]  ? do_coredump+0x49d/0x4006
[   26.339423]  ? __kernel_text_address+0xd/0x40
[   26.344083]  ? unwind_get_return_address+0x61/0xa0
[   26.349003]  ? __save_stack_trace+0x7e/0xd0
[   26.353325]  ? dump_align+0xa0/0xa0
[   26.356941]  ? save_stack+0xa9/0xd0
[   26.360554]  ? save_stack+0x43/0xd0
[   26.364167]  ? __kasan_slab_free+0x11a/0x170
[   26.368590]  ? __sigqueue_free.part.29+0x7d/0xa0
[   26.373334]  ? __dequeue_signal+0x51c/0x7c0
[   26.377643]  ? dequeue_signal+0xb5/0x620
[   26.381693]  ? get_signal+0x3e9/0x1960
[   26.385657]  ? do_signal+0x98/0x2040
[   26.389365]  ? exit_to_usermode_loop+0x28a/0x310
[   26.394110]  ? retint_user+0x8/0x18
[   26.397724]  ? kasan_check_read+0x11/0x20
[   26.401863]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   26.406438]  ? graph_lock+0x170/0x170
[   26.410231]  ? trace_hardirqs_off+0xd/0x10
[   26.414455]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   26.419557]  ? debug_check_no_obj_freed+0x2ff/0x584
[   26.424572]  ? __lock_is_held+0xb5/0x140
[   26.428621]  ? trace_hardirqs_off+0xd/0x10
[   26.432850]  ? __sigqueue_free.part.29+0x7d/0xa0
[   26.437602]  ? graph_lock+0x170/0x170
[   26.441392]  ? __sigqueue_free.part.29+0x7d/0xa0
[   26.446150]  ? rcu_read_lock_sched_held+0x108/0x120
[   26.451251]  ? kmem_cache_free+0x25c/0x2d0
[   26.455481]  ? __sigqueue_free.part.29+0x7d/0xa0
[   26.460227]  ? find_held_lock+0x36/0x1c0
[   26.464289]  ? proc_comm_connector+0x500/0x500
[   26.468874]  do_group_exit+0x16f/0x430
[   26.472752]  ? SyS_exit+0x30/0x30
[   26.476197]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.480689]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.485696]  get_signal+0x886/0x1960
[   26.489748]  ? ptrace_notify+0x130/0x130
[   26.493797]  ? force_sig_info+0x281/0x310
[   26.497947]  ? force_sig_info_fault.constprop.32+0x2df/0x4e0
[   26.503738]  ? is_prefetch.isra.29+0x520/0x520
[   26.508312]  ? __bpf_trace_x86_exceptions+0x40/0x40
[   26.513314]  ? lock_downgrade+0x8e0/0x8e0
[   26.517455]  do_signal+0x98/0x2040
[   26.520992]  ? setup_sigcontext+0x7d0/0x7d0
[   26.525303]  ? __bad_area_nosemaphore+0x2a8/0x370
[   26.530231]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.535769]  ? bad_area+0x69/0x80
[   26.539215]  ? __do_page_fault+0x441/0xe40
[   26.543441]  ? __bpf_trace_x86_exceptions+0x40/0x40
[   26.548451]  ? lock_downgrade+0x8e0/0x8e0
[   26.552596]  ? exit_to_usermode_loop+0x87/0x310
[   26.557260]  exit_to_usermode_loop+0x28a/0x310
[   26.561833]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   26.566679]  ? syscall_return_slowpath+0x5c0/0x5c0
[   26.571603]  ? syscall_return_slowpath+0x30f/0x5c0
[   26.576528]  prepare_exit_to_usermode+0x32e/0x390
[   26.581376]  ? perf_trace_sys_enter+0xaf0/0xaf0
[   26.586042]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.590884]  ? page_fault+0x2f/0x50
[   26.594503]  retint_user+0x8/0x18
[   26.597950] RIP: 0033:0x404a40
[   26.601127] RSP: 002b:00007fffb00a4978 EFLAGS: 00010286
[   26.606479] RAX: 0000000000000000 RBX: 00007fffb00a50d0 RCX: ffffffffffffff00
[   26.613741] RDX: 00007fffb00a4980 RSI: 00007fffb00a4ab0 RDI: 000000000000000b
[   26.620996] RBP: 00007fffb00a5280 R08: 00007fffb00a5300 R09: 0000000000000001
[   26.628254] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   26.635531] R13: 00007fffb00a5660 R14: 0000000000000000 R15: 0000000000000000
[   26.642810] CPU: 0 PID: 4354 Comm: rs:main Q:Reg Not tainted 4.16.0+ #4
[   26.649559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.658895] Call Trace:
[   26.661480]  dump_stack+0x1b9/0x294
[   26.665101]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.670284]  ? printk+0x9e/0xba
[   26.673549]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   26.678293]  ? kasan_check_write+0x14/0x20
[   26.682515]  print_address_description+0x6c/0x20b
[   26.687345]  ? __ext4_expand_extra_isize+0x178/0x240
[   26.692434]  kasan_report.cold.7+0xac/0x2f5
[   26.696741]  check_memory_region+0x13e/0x1b0
[   26.701142]  memset+0x23/0x40
[   26.704240]  __ext4_expand_extra_isize+0x178/0x240
[   26.709157]  ext4_mark_inode_dirty+0x72f/0xb20
[   26.713727]  ? ext4_expand_extra_isize+0x590/0x590
[   26.718644]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.724176]  ? __ext4_journal_start_sb+0x182/0x5e0
[   26.729092]  ? ext4_dirty_inode+0x62/0xc0
[   26.733225]  ? ext4_journal_abort_handle.isra.4+0x260/0x260
[   26.738926]  ? __lock_is_held+0xb5/0x140
[   26.742974]  ? ext4_setattr+0x2ac0/0x2ac0
[   26.747107]  ext4_dirty_inode+0x97/0xc0
[   26.751068]  __mark_inode_dirty+0x811/0x1530
[   26.755466]  ? __inode_attach_wb+0x1310/0x1310
[   26.760895]  ? __lock_acquire+0x7f5/0x5130
[   26.765118]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.770124]  ? print_usage_bug+0xc0/0xc0
[   26.774174]  ? lock_downgrade+0x8e0/0x8e0
[   26.778317]  ? lock_release+0xa10/0xa10
[   26.782278]  ? mark_held_locks+0xc9/0x160
[   26.786421]  ? current_kernel_time64+0x242/0x2f0
[   26.791165]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.796173]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.801187]  ? current_kernel_time64+0x1f4/0x2f0
[   26.805932]  generic_update_time+0x255/0x420
[   26.810327]  ? put_itimerspec64+0x310/0x310
[   26.814648]  ? dentry_needs_remove_privs.part.24+0x70/0x70
[   26.820262]  ? ext4_file_write_iter+0x242/0x12e0
[   26.825008]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.830532]  ? mnt_clone_write+0xed/0x130
[   26.834669]  ? dentry_needs_remove_privs.part.24+0x70/0x70
[   26.840277]  file_update_time+0x384/0x640
[   26.844410]  ? current_time+0xc0/0xc0
[   26.848203]  ? generic_write_checks+0x37d/0x5b0
[   26.852860]  __generic_file_write_iter+0x1dc/0x5e0
[   26.857868]  ? mutex_trylock+0x2a0/0x2a0
[   26.861945]  ext4_file_write_iter+0x6dc/0x12e0
[   26.866521]  ? rcu_is_watching+0x85/0x140
[   26.870666]  ? ext4_file_mmap+0x220/0x220
[   26.874804]  ? __fget+0x40c/0x650
[   26.878254]  ? expand_files.part.8+0x9a0/0x9a0
[   26.882833]  ? graph_lock+0x170/0x170
[   26.886623]  ? __sb_end_write+0xac/0xe0
[   26.890584]  ? pipe_write+0xb63/0xeb0
[   26.894382]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.899904]  ? iov_iter_init+0xc9/0x1f0
[   26.903869]  __vfs_write+0x5bc/0x880
[   26.907573]  ? kernel_read+0x120/0x120
[   26.911448]  ? __lock_is_held+0xb5/0x140
[   26.915506]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.921041]  ? __sb_start_write+0x17f/0x300
[   26.925349]  vfs_write+0x1f8/0x560
[   26.928877]  ksys_write+0xf9/0x250
[   26.932406]  ? SyS_read+0x30/0x30
[   26.935845]  ? ksys_ioctl+0x81/0xd0
[   26.939455]  SyS_write+0x24/0x30
[   26.942804]  ? ksys_write+0x250/0x250
[   26.946599]  do_syscall_64+0x29e/0x9d0
[   26.950907]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   26.955734]  ? syscall_return_slowpath+0x5c0/0x5c0
[   26.960650]  ? syscall_return_slowpath+0x30f/0x5c0
[   26.965571]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.970924]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.975755]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.980931] RIP: 0033:0x7f7a7f23619d
[   26.984624] RSP: 002b:00007f7a7d7d7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   26.992317] RAX: ffffffffffffffda RBX: 00000000000000c6 RCX: 00007f7a7f23619d
[   26.999573] RDX: 00000000000000c6 RSI: 0000000000c3e340 RDI: 0000000000000006
[   27.006912] RBP: 0000000000c3e340 R08: 0000000000c3e3f6 R09: 3020392020727041
[   27.014163] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   27.021418] R13: 00007f7a7d7d7480 R14: 0000000000000002 R15: 0000000000c3e140
[   27.028694] 
[   27.030485] The buggy address belongs to the page:
[   27.035409] page:ffffea0006f07980 count:2 mapcount:0 mapping:ffff8801d5331ca0 index:0x4a6
[   27.043707] flags: 0x2fffc0000001074(referenced|dirty|lru|active|private)
[   27.050808] raw: 02fffc0000001074 ffff8801d5331ca0 00000000000004a6 00000002ffffffff
[   27.058761] raw: ffffea0006eba9e0 ffffea0006e754e0 ffff8801b1b789d8 ffff8801d9e30b40
[   27.066965] page dumped because: kasan: bad access detected
[   27.072657] page->mem_cgroup:ffff8801d9e30b40
[   27.077126] 
[   27.078731] Memory state around the buggy address:
[   27.083823]  ffff8801bc1ebf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.091162]  ffff8801bc1ebf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.098510] >ffff8801bc1ec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.105847]                    ^
[   27.109193]  ffff8801bc1ec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.116621]  ffff8801bc1ec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.123956] ==================================================================
[   27.131298] Disabling lock debugging due to kernel taint
[   27.137177] Dumping ftrace buffer:
[   27.140698]    (ftrace buffer empty)
[   27.144474] Kernel Offset: disabled
[   27.148099] Rebooting in 86400 seconds..