[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.330055] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.349282] EXT4-fs error (device loop0): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters [ 33.365453] ================================================================== [ 33.372931] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x2562/0x3750 [ 33.380036] Read of size 18446744073709551600 at addr ffff8880abc820d4 by task syz-executor288/8103 [ 33.389210] [ 33.390845] CPU: 1 PID: 8103 Comm: syz-executor288 Not tainted 4.19.186-syzkaller #0 [ 33.398719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.408065] Call Trace: [ 33.410637] dump_stack+0x1fc/0x2ef [ 33.414253] print_address_description.cold+0x54/0x219 [ 33.419512] kasan_report_error.cold+0x8a/0x1b9 [ 33.424161] ? ext4_xattr_set_entry+0x2562/0x3750 [ 33.428986] kasan_report+0x8f/0xa0 [ 33.432593] ? ext4_xattr_set_entry+0x2562/0x3750 [ 33.437418] memmove+0x20/0x50 [ 33.440592] ext4_xattr_set_entry+0x2562/0x3750 [ 33.445247] ? mark_page_accessed+0x581/0xda0 [ 33.449747] ? ext4_xattr_inode_get+0x680/0x680 [ 33.454399] ? __getblk_gfp+0x48/0x70 [ 33.458180] ? xattr_find_entry+0x2aa/0x3b0 [ 33.462485] ext4_xattr_ibody_inline_set+0x81/0x2a0 [ 33.467492] ext4_destroy_inline_data_nolock+0x22d/0x4f0 [ 33.472921] ? ext4_update_inline_data+0x440/0x440 [ 33.477836] ? check_preemption_disabled+0x41/0x280 [ 33.482837] ? memcpy+0x35/0x50 [ 33.486099] ? ext4_read_inline_data.part.0+0x1fd/0x290 [ 33.491454] ? ext4_convert_inline_data_nolock+0x2c5/0xd10 [ 33.497085] ext4_convert_inline_data_nolock+0x145/0xd10 [ 33.502559] ? ext4_read_inline_page+0x6f0/0x6f0 [ 33.507315] ? lock_acquire+0x170/0x3c0 [ 33.511277] ? ext4_convert_inline_data+0x20a/0x3a0 [ 33.516292] ext4_convert_inline_data+0x347/0x3a0 [ 33.521168] ? ext4_inline_data_truncate+0xa30/0xa30 [ 33.526301] ? common_file_perm+0x4e5/0x850 [ 33.530607] ext4_fallocate+0x137/0x2150 [ 33.534654] ? ext4_insert_range+0x1500/0x1500 [ 33.539260] vfs_fallocate+0x487/0x9a0 [ 33.543136] __x64_sys_fallocate+0xcf/0x140 [ 33.547492] do_syscall_64+0xf9/0x620 [ 33.551279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.556453] RIP: 0033:0x44a649 [ 33.559626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.578510] RSP: 002b:00007f6a6cc272f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 33.586196] RAX: ffffffffffffffda RBX: 00000000004cc410 RCX: 000000000044a649 [ 33.593446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 33.600698] RBP: 000000000049c0c4 R08: 0000000000000000 R09: 0000000000000000 [ 33.607948] R10: 0000000010000101 R11: 0000000000000246 R12: 000000000049b0c0 [ 33.615261] R13: 0030656c69662f2e R14: e5d26e84aa4cf3c6 R15: 00000000004cc418 [ 33.622534] [ 33.624141] The buggy address belongs to the page: [ 33.629056] page:ffffea0002af2080 count:2 mapcount:0 mapping:ffff8880ae106b60 index:0x8 [ 33.637179] flags: 0xfff0000001107c(referenced|uptodate|dirty|lru|active|private|mappedtodisk) [ 33.645913] raw: 00fff0000001107c ffffea0002641888 ffffea0002624d08 ffff8880ae106b60 [ 33.653808] raw: 0000000000000008 ffff88808df34000 00000002ffffffff ffff8880b59f88c0 [ 33.661667] page dumped because: kasan: bad access detected [ 33.667362] page->mem_cgroup:ffff8880b59f88c0 [ 33.671838] [ 33.673443] Memory state around the buggy address: [ 33.678355] ffff8880abc81f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 33.685694] ffff8880abc82000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.693032] >ffff8880abc82080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.700367] ^ [ 33.706315] ffff8880abc82100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.713678] ffff8880abc82180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.721015] ================================================================== [ 33.728370] Disabling lock debugging due to kernel taint [ 33.734368] Kernel panic - not syncing: panic_on_warn set ... [ 33.734368] [ 33.741733] CPU: 1 PID: 8103 Comm: syz-executor288 Tainted: G B 4.19.186-syzkaller #0 [ 33.751001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.760341] Call Trace: [ 33.762931] dump_stack+0x1fc/0x2ef [ 33.766538] panic+0x26a/0x50e [ 33.769730] ? __warn_printk+0xf3/0xf3 [ 33.773602] ? preempt_schedule_common+0x45/0xc0 [ 33.778339] ? ___preempt_schedule+0x16/0x18 [ 33.782727] ? trace_hardirqs_on+0x55/0x210 [ 33.787029] kasan_end_report+0x43/0x49 [ 33.791013] kasan_report_error.cold+0xa7/0x1b9 [ 33.795669] ? ext4_xattr_set_entry+0x2562/0x3750 [ 33.800511] kasan_report+0x8f/0xa0 [ 33.804118] ? ext4_xattr_set_entry+0x2562/0x3750 [ 33.808940] memmove+0x20/0x50 [ 33.812141] ext4_xattr_set_entry+0x2562/0x3750 [ 33.816792] ? mark_page_accessed+0x581/0xda0 [ 33.821268] ? ext4_xattr_inode_get+0x680/0x680 [ 33.825918] ? __getblk_gfp+0x48/0x70 [ 33.829695] ? xattr_find_entry+0x2aa/0x3b0 [ 33.833998] ext4_xattr_ibody_inline_set+0x81/0x2a0 [ 33.839013] ext4_destroy_inline_data_nolock+0x22d/0x4f0 [ 33.844442] ? ext4_update_inline_data+0x440/0x440 [ 33.849353] ? check_preemption_disabled+0x41/0x280 [ 33.854367] ? memcpy+0x35/0x50 [ 33.857627] ? ext4_read_inline_data.part.0+0x1fd/0x290 [ 33.862968] ? ext4_convert_inline_data_nolock+0x2c5/0xd10 [ 33.868589] ext4_convert_inline_data_nolock+0x145/0xd10 [ 33.874018] ? ext4_read_inline_page+0x6f0/0x6f0 [ 33.878751] ? lock_acquire+0x170/0x3c0 [ 33.882703] ? ext4_convert_inline_data+0x20a/0x3a0 [ 33.887702] ext4_convert_inline_data+0x347/0x3a0 [ 33.892524] ? ext4_inline_data_truncate+0xa30/0xa30 [ 33.897606] ? common_file_perm+0x4e5/0x850 [ 33.901906] ext4_fallocate+0x137/0x2150 [ 33.905951] ? ext4_insert_range+0x1500/0x1500 [ 33.910528] vfs_fallocate+0x487/0x9a0 [ 33.914396] __x64_sys_fallocate+0xcf/0x140 [ 33.918697] do_syscall_64+0xf9/0x620 [ 33.922497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.927665] RIP: 0033:0x44a649 [ 33.930835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 33.949716] RSP: 002b:00007f6a6cc272f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 33.957422] RAX: ffffffffffffffda RBX: 00000000004cc410 RCX: 000000000044a649 [ 33.964669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 33.971921] RBP: 000000000049c0c4 R08: 0000000000000000 R09: 0000000000000000 [ 33.979174] R10: 0000000010000101 R11: 0000000000000246 R12: 000000000049b0c0 [ 33.986424] R13: 0030656c69662f2e R14: e5d26e84aa4cf3c6 R15: 00000000004cc418 [ 33.994347] Kernel Offset: disabled [ 33.997963] Rebooting in 86400 seconds..