[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.585184] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 30.596881] EXT4-fs error (device loop0): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters [ 30.629975] ================================================================== [ 30.637443] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1787/0x3180 [ 30.644542] Read of size 18446744073709551600 at addr ffff88809b8980b8 by task syz-executor772/7987 [ 30.653731] [ 30.655358] CPU: 0 PID: 7987 Comm: syz-executor772 Not tainted 4.14.230-syzkaller #0 [ 30.663212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.672543] Call Trace: [ 30.675127] dump_stack+0x1b2/0x281 [ 30.678732] print_address_description.cold+0x54/0x1d3 [ 30.683989] kasan_report_error.cold+0x8a/0x191 [ 30.688642] ? ext4_xattr_set_entry+0x1787/0x3180 [ 30.693476] kasan_report+0x6f/0x80 [ 30.697110] ? trace_hardirqs_on_caller+0x520/0x580 [ 30.702109] ? ext4_xattr_set_entry+0x1787/0x3180 [ 30.706946] memmove+0x20/0x50 [ 30.710121] ext4_xattr_set_entry+0x1787/0x3180 [ 30.714773] ? mark_page_accessed+0x20c/0x530 [ 30.719260] ? ext4_xattr_inode_get+0x5d0/0x5d0 [ 30.723916] ext4_xattr_ibody_inline_set+0x73/0x280 [ 30.730059] ext4_destroy_inline_data_nolock+0x1cb/0x440 [ 30.735505] ? ext4_update_inline_data+0x3c0/0x3c0 [ 30.740429] ? ext4_read_inline_data.part.0+0x1e9/0x280 [ 30.745780] ? ext4_convert_inline_data_nolock+0x253/0xb40 [ 30.751381] ext4_convert_inline_data_nolock+0x115/0xb40 [ 30.756815] ? ext4_read_inline_page+0x560/0x560 [ 30.761554] ext4_convert_inline_data+0x2ae/0x300 [ 30.766375] ? ext4_inline_data_truncate+0x940/0x940 [ 30.771470] ? lock_downgrade+0x740/0x740 [ 30.775594] ? __fget+0x1fe/0x360 [ 30.779136] ext4_fallocate+0x106/0x1d80 [ 30.783182] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.788609] ? ext4_insert_range+0x1340/0x1340 [ 30.793170] vfs_fallocate+0x346/0x790 [ 30.797066] SyS_fallocate+0x4a/0x80 [ 30.800755] ? compat_SyS_ftruncate+0x20/0x20 [ 30.805240] do_syscall_64+0x1d5/0x640 [ 30.809113] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.814284] RIP: 0033:0x449b69 [ 30.817451] RSP: 002b:00007f55599e22f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 30.825147] RAX: ffffffffffffffda RBX: 00000000004cb420 RCX: 0000000000449b69 [ 30.832842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 30.840092] RBP: 000000000049b064 R08: 0000000000000000 R09: 0000000000000000 [ 30.847443] R10: 000000000000bb89 R11: 0000000000000246 R12: 0030656c69662f2e [ 30.854699] R13: 000000000049a060 R14: e5d26e84aa4cf3c6 R15: 00000000004cb428 [ 30.861951] [ 30.863551] The buggy address belongs to the page: [ 30.868474] page:ffffea00026e2600 count:2 mapcount:0 mapping:ffff8880b1e334a8 index:0x8 [ 30.876593] flags: 0xfff0000001107c(referenced|uptodate|dirty|lru|active|private|mappedtodisk) [ 30.885418] raw: 00fff0000001107c ffff8880b1e334a8 0000000000000008 00000002ffffffff [ 30.893273] raw: ffffea000249e4e0 ffffea00026d96e0 ffff88808e368348 ffff88823b320880 [ 30.901135] page dumped because: kasan: bad access detected [ 30.906819] page->mem_cgroup:ffff88823b320880 [ 30.911910] [ 30.913536] Memory state around the buggy address: [ 30.918438] ffff88809b897f80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 30.925791] ffff88809b898000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.933128] >ffff88809b898080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.940486] ^ [ 30.945659] ffff88809b898100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.952995] ffff88809b898180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.960340] ================================================================== [ 30.967688] Disabling lock debugging due to kernel taint [ 30.973615] Kernel panic - not syncing: panic_on_warn set ... [ 30.973615] [ 30.980972] CPU: 0 PID: 7987 Comm: syz-executor772 Tainted: G B 4.14.230-syzkaller #0 [ 30.990058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.999401] Call Trace: [ 31.001986] dump_stack+0x1b2/0x281 [ 31.005602] panic+0x1f9/0x42d [ 31.008768] ? add_taint.cold+0x16/0x16 [ 31.012733] ? ___preempt_schedule+0x16/0x18 [ 31.017117] kasan_end_report+0x43/0x49 [ 31.021083] kasan_report_error.cold+0xa7/0x191 [ 31.025735] ? ext4_xattr_set_entry+0x1787/0x3180 [ 31.030564] kasan_report+0x6f/0x80 [ 31.034169] ? trace_hardirqs_on_caller+0x520/0x580 [ 31.039166] ? ext4_xattr_set_entry+0x1787/0x3180 [ 31.043980] memmove+0x20/0x50 [ 31.047148] ext4_xattr_set_entry+0x1787/0x3180 [ 31.051809] ? mark_page_accessed+0x20c/0x530 [ 31.056278] ? ext4_xattr_inode_get+0x5d0/0x5d0 [ 31.060927] ext4_xattr_ibody_inline_set+0x73/0x280 [ 31.065920] ext4_destroy_inline_data_nolock+0x1cb/0x440 [ 31.071346] ? ext4_update_inline_data+0x3c0/0x3c0 [ 31.076254] ? ext4_read_inline_data.part.0+0x1e9/0x280 [ 31.081593] ? ext4_convert_inline_data_nolock+0x253/0xb40 [ 31.087205] ext4_convert_inline_data_nolock+0x115/0xb40 [ 31.092652] ? ext4_read_inline_page+0x560/0x560 [ 31.097382] ext4_convert_inline_data+0x2ae/0x300 [ 31.102198] ? ext4_inline_data_truncate+0x940/0x940 [ 31.107277] ? lock_downgrade+0x740/0x740 [ 31.111400] ? __fget+0x1fe/0x360 [ 31.114828] ext4_fallocate+0x106/0x1d80 [ 31.118889] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 31.124320] ? ext4_insert_range+0x1340/0x1340 [ 31.128913] vfs_fallocate+0x346/0x790 [ 31.132776] SyS_fallocate+0x4a/0x80 [ 31.136462] ? compat_SyS_ftruncate+0x20/0x20 [ 31.140934] do_syscall_64+0x1d5/0x640 [ 31.144796] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.152052] RIP: 0033:0x449b69 [ 31.155228] RSP: 002b:00007f55599e22f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 31.162907] RAX: ffffffffffffffda RBX: 00000000004cb420 RCX: 0000000000449b69 [ 31.170161] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 31.177412] RBP: 000000000049b064 R08: 0000000000000000 R09: 0000000000000000 [ 31.184680] R10: 000000000000bb89 R11: 0000000000000246 R12: 0030656c69662f2e [ 31.191921] R13: 000000000049a060 R14: e5d26e84aa4cf3c6 R15: 00000000004cb428 [ 31.199649] Kernel Offset: disabled [ 31.203258] Rebooting in 86400 seconds..