[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.874250][ T8441] loop0: detected capacity change from 0 to 512 [ 67.889696][ T8441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.924535][ T8446] ================================================================== [ 67.932978][ T8446] BUG: KASAN: use-after-free in ext4_write_inline_data+0x30d/0x3e0 [ 67.940888][ T8446] Write of size 70 at addr ffff8880359ec4ef by task syz-executor244/8446 [ 67.949378][ T8446] [ 67.951686][ T8446] CPU: 1 PID: 8446 Comm: syz-executor244 Not tainted 5.14.0-rc5-syzkaller #0 [ 67.960428][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.970464][ T8446] Call Trace: [ 67.973731][ T8446] dump_stack_lvl+0xcd/0x134 [ 67.978328][ T8446] print_address_description.constprop.0.cold+0x6c/0x309 [ 67.985477][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 67.991011][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 67.996544][ T8446] kasan_report.cold+0x83/0xdf [ 68.001301][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 68.006837][ T8446] kasan_check_range+0x13d/0x180 [ 68.011774][ T8446] memcpy+0x39/0x60 [ 68.015660][ T8446] ext4_write_inline_data+0x30d/0x3e0 [ 68.021029][ T8446] ext4_write_inline_data_end+0x24c/0x6b0 [ 68.026746][ T8446] ? ext4_try_to_write_inline_data+0x18f0/0x18f0 [ 68.033075][ T8446] ext4_write_end+0x22b/0xf60 [ 68.037745][ T8446] ? csum_and_copy_to_iter+0x18a0/0x18a0 [ 68.043370][ T8446] ext4_da_write_end+0x440/0xb50 [ 68.048294][ T8446] ? dup_iter+0x280/0x280 [ 68.052618][ T8446] generic_perform_write+0x2bd/0x500 [ 68.057903][ T8446] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 68.063787][ T8446] ? down_write_killable_nested+0x180/0x180 [ 68.069677][ T8446] ext4_buffered_write_iter+0x244/0x4d0 [ 68.075216][ T8446] ext4_file_write_iter+0x423/0x14e0 [ 68.080496][ T8446] ? ext4_buffered_write_iter+0x4d0/0x4d0 [ 68.086208][ T8446] ? aa_path_link+0x2f0/0x2f0 [ 68.091003][ T8446] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.096969][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.103202][ T8446] new_sync_write+0x426/0x650 [ 68.107870][ T8446] ? new_sync_read+0x6e0/0x6e0 [ 68.112624][ T8446] ? lock_release+0x720/0x720 [ 68.117286][ T8446] ? apparmor_file_permission+0x264/0x4e0 [ 68.123006][ T8446] vfs_write+0x75a/0xa40 [ 68.127240][ T8446] ksys_write+0x12d/0x250 [ 68.131557][ T8446] ? __ia32_sys_read+0xb0/0xb0 [ 68.136312][ T8446] ? syscall_enter_from_user_mode+0x21/0x70 [ 68.142200][ T8446] do_syscall_64+0x35/0xb0 [ 68.146605][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.152484][ T8446] RIP: 0033:0x44ac89 [ 68.156367][ T8446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.175958][ T8446] RSP: 002b:00007f8a10a6f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.184615][ T8446] RAX: ffffffffffffffda RBX: 00000000004ce4e0 RCX: 000000000044ac89 [ 68.192570][ T8446] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000008 [ 68.200524][ T8446] RBP: 000000000049de98 R08: 0000000000000000 R09: 0000000000000000 [ 68.208479][ T8446] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 68.216432][ T8446] R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 00000000004ce4e8 [ 68.224403][ T8446] [ 68.226707][ T8446] The buggy address belongs to the page: [ 68.232312][ T8446] page:ffffea0000d67b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x359ec [ 68.242442][ T8446] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 68.249662][ T8446] raw: 00fff00000000000 ffffea0000497f88 ffffea0000614208 0000000000000000 [ 68.258229][ T8446] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 68.266790][ T8446] page dumped because: kasan: bad access detected [ 68.273267][ T8446] page_owner tracks the page as freed [ 68.278783][ T8446] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8369, ts 45323892408, free_ts 45393497770 [ 68.294609][ T8446] get_page_from_freelist+0xa72/0x2f80 [ 68.300072][ T8446] __alloc_pages+0x1b2/0x500 [ 68.304649][ T8446] alloc_pages+0x18c/0x2a0 [ 68.309051][ T8446] pte_alloc_one+0x16/0x230 [ 68.313538][ T8446] __handle_mm_fault+0x49de/0x5320 [ 68.318635][ T8446] handle_mm_fault+0x1c8/0x790 [ 68.323384][ T8446] do_user_addr_fault+0x48b/0x11c0 [ 68.328482][ T8446] exc_page_fault+0x9e/0x180 [ 68.333060][ T8446] asm_exc_page_fault+0x1e/0x30 [ 68.337894][ T8446] page last free stack trace: [ 68.342544][ T8446] free_pcp_prepare+0x2c5/0x780 [ 68.347380][ T8446] free_unref_page_list+0x1a1/0x1050 [ 68.352655][ T8446] release_pages+0x824/0x20b0 [ 68.357315][ T8446] tlb_finish_mmu+0x165/0x8c0 [ 68.361973][ T8446] exit_mmap+0x1ea/0x620 [ 68.366196][ T8446] __mmput+0x122/0x470 [ 68.370253][ T8446] mmput+0x58/0x60 [ 68.373957][ T8446] do_exit+0xae2/0x2a60 [ 68.378101][ T8446] do_group_exit+0x125/0x310 [ 68.382681][ T8446] __x64_sys_exit_group+0x3a/0x50 [ 68.387688][ T8446] do_syscall_64+0x35/0xb0 [ 68.392089][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.397972][ T8446] [ 68.400278][ T8446] Memory state around the buggy address: [ 68.405886][ T8446] ffff8880359ec380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.413928][ T8446] ffff8880359ec400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.422059][ T8446] >ffff8880359ec480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.430101][ T8446] ^ [ 68.437539][ T8446] ffff8880359ec500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.445580][ T8446] ffff8880359ec580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.453620][ T8446] ================================================================== [ 68.461744][ T8446] Disabling lock debugging due to kernel taint [ 68.468150][ T8446] Kernel panic - not syncing: panic_on_warn set ... [ 68.474722][ T8446] CPU: 1 PID: 8446 Comm: syz-executor244 Tainted: G B 5.14.0-rc5-syzkaller #0 [ 68.484860][ T8446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.495190][ T8446] Call Trace: [ 68.498451][ T8446] dump_stack_lvl+0xcd/0x134 [ 68.503033][ T8446] panic+0x306/0x73d [ 68.506909][ T8446] ? __warn_printk+0xf3/0xf3 [ 68.511480][ T8446] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.517619][ T8446] ? trace_hardirqs_on+0x38/0x1c0 [ 68.522631][ T8446] ? trace_hardirqs_on+0x51/0x1c0 [ 68.527639][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 68.533254][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 68.538785][ T8446] end_report.cold+0x5a/0x5a [ 68.543392][ T8446] kasan_report.cold+0x71/0xdf [ 68.548315][ T8446] ? ext4_write_inline_data+0x30d/0x3e0 [ 68.553848][ T8446] kasan_check_range+0x13d/0x180 [ 68.558771][ T8446] memcpy+0x39/0x60 [ 68.562566][ T8446] ext4_write_inline_data+0x30d/0x3e0 [ 68.567924][ T8446] ext4_write_inline_data_end+0x24c/0x6b0 [ 68.573745][ T8446] ? ext4_try_to_write_inline_data+0x18f0/0x18f0 [ 68.580320][ T8446] ext4_write_end+0x22b/0xf60 [ 68.584978][ T8446] ? csum_and_copy_to_iter+0x18a0/0x18a0 [ 68.590596][ T8446] ext4_da_write_end+0x440/0xb50 [ 68.595517][ T8446] ? dup_iter+0x280/0x280 [ 68.599833][ T8446] generic_perform_write+0x2bd/0x500 [ 68.605112][ T8446] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 68.610989][ T8446] ? down_write_killable_nested+0x180/0x180 [ 68.616872][ T8446] ext4_buffered_write_iter+0x244/0x4d0 [ 68.622402][ T8446] ext4_file_write_iter+0x423/0x14e0 [ 68.627677][ T8446] ? ext4_buffered_write_iter+0x4d0/0x4d0 [ 68.633652][ T8446] ? aa_path_link+0x2f0/0x2f0 [ 68.638317][ T8446] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 68.644281][ T8446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.650512][ T8446] new_sync_write+0x426/0x650 [ 68.655295][ T8446] ? new_sync_read+0x6e0/0x6e0 [ 68.660218][ T8446] ? lock_release+0x720/0x720 [ 68.664876][ T8446] ? apparmor_file_permission+0x264/0x4e0 [ 68.671420][ T8446] vfs_write+0x75a/0xa40 [ 68.675658][ T8446] ksys_write+0x12d/0x250 [ 68.680059][ T8446] ? __ia32_sys_read+0xb0/0xb0 [ 68.684813][ T8446] ? syscall_enter_from_user_mode+0x21/0x70 [ 68.690697][ T8446] do_syscall_64+0x35/0xb0 [ 68.695273][ T8446] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.701148][ T8446] RIP: 0033:0x44ac89 [ 68.705020][ T8446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.724870][ T8446] RSP: 002b:00007f8a10a6f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.733352][ T8446] RAX: ffffffffffffffda RBX: 00000000004ce4e0 RCX: 000000000044ac89 [ 68.741313][ T8446] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000008 [ 68.749267][ T8446] RBP: 000000000049de98 R08: 0000000000000000 R09: 0000000000000000 [ 68.757220][ T8446] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 68.765434][ T8446] R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 00000000004ce4e8 [ 68.779942][ T8446] Kernel Offset: disabled [ 68.784336][ T8446] Rebooting in 86400 seconds..