[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.251290][ T8420] loop0: detected capacity change from 0 to 512 [ 48.268999][ T8420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 48.314141][ T8426] ================================================================== [ 48.322322][ T8426] BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data_end+0x4d4/0x960 [ 48.330936][ T8426] Write of size 70 at addr ffff8880195444ef by task syz-executor279/8426 [ 48.339348][ T8426] [ 48.341678][ T8426] CPU: 0 PID: 8426 Comm: syz-executor279 Not tainted 5.14.0-rc6-syzkaller #0 [ 48.350433][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.360483][ T8426] Call Trace: [ 48.363747][ T8426] dump_stack_lvl+0x1ae/0x29f [ 48.368438][ T8426] ? show_regs_print_info+0x12/0x12 [ 48.373655][ T8426] ? printk+0xc0/0x108 [ 48.377704][ T8426] ? wake_up_klogd+0xb2/0xf0 [ 48.382272][ T8426] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 48.387965][ T8426] ? _raw_spin_lock_irqsave+0xbf/0x100 [ 48.393452][ T8426] print_address_description+0x66/0x3b0 [ 48.398982][ T8426] kasan_report+0x163/0x210 [ 48.403463][ T8426] ? ext4_write_inline_data_end+0x4d4/0x960 [ 48.409337][ T8426] kasan_check_range+0x2b5/0x2f0 [ 48.414252][ T8426] ? ext4_write_inline_data_end+0x4d4/0x960 [ 48.420124][ T8426] memcpy+0x3c/0x60 [ 48.423915][ T8426] ext4_write_inline_data_end+0x4d4/0x960 [ 48.429624][ T8426] ? ext4_convert_inline_data_to_extent+0x10a0/0x10a0 [ 48.436375][ T8426] ? trace_ext4_write_end+0xee/0x290 [ 48.441643][ T8426] ext4_write_end+0x1ff/0xbd0 [ 48.446307][ T8426] generic_perform_write+0x361/0x580 [ 48.451618][ T8426] ? ext4_da_write_begin+0x10c0/0x10c0 [ 48.457054][ T8426] ? grab_cache_page_write_begin+0x90/0x90 [ 48.462836][ T8426] ? file_remove_privs+0x670/0x670 [ 48.467935][ T8426] ext4_buffered_write_iter+0x41c/0x590 [ 48.473475][ T8426] ext4_file_write_iter+0x8f7/0x1b90 [ 48.478741][ T8426] ? read_lock_is_recursive+0x10/0x10 [ 48.484101][ T8426] ? iov_iter_init+0xf0/0x1f0 [ 48.488764][ T8426] ? memcpy+0x3c/0x60 [ 48.492729][ T8426] ? ext4_file_read_iter+0x6b0/0x6b0 [ 48.498008][ T8426] ? iov_iter_fault_in_readable+0x430/0x430 [ 48.503890][ T8426] vfs_write+0xa39/0xc90 [ 48.508118][ T8426] ? file_end_write+0x230/0x230 [ 48.512957][ T8426] ? mutex_lock_nested+0x1a/0x20 [ 48.517872][ T8426] ? __fdget_pos+0x24e/0x2f0 [ 48.522436][ T8426] ? ksys_write+0x72/0x2a0 [ 48.526843][ T8426] ksys_write+0x171/0x2a0 [ 48.531149][ T8426] ? __ia32_sys_read+0x80/0x80 [ 48.535890][ T8426] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 48.541854][ T8426] ? lockdep_hardirqs_on+0x8d/0x130 [ 48.547029][ T8426] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 48.552985][ T8426] do_syscall_64+0x3d/0xb0 [ 48.557381][ T8426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.563249][ T8426] RIP: 0033:0x44ac89 [ 48.567120][ T8426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.586711][ T8426] RSP: 002b:00007ff12e8852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 48.595114][ T8426] RAX: ffffffffffffffda RBX: 00000000004ce4d0 RCX: 000000000044ac89 [ 48.603074][ T8426] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000006 [ 48.611035][ T8426] RBP: 000000000049de98 R08: 0000000000000000 R09: 0000000000000000 [ 48.618981][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 48.626943][ T8426] R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 00000000004ce4d8 [ 48.634905][ T8426] [ 48.637208][ T8426] Allocated by task 1: [ 48.641248][ T8426] __kasan_slab_alloc+0x96/0xd0 [ 48.646078][ T8426] kmem_cache_alloc+0x1d1/0x340 [ 48.650906][ T8426] acpi_ut_allocate_object_desc_dbg+0xd8/0x165 [ 48.657050][ T8426] acpi_ut_create_internal_object_dbg+0x21/0x195 [ 48.663352][ T8426] acpi_ds_build_internal_object+0x15f/0x732 [ 48.669308][ T8426] acpi_ds_create_node+0xe9/0x1a8 [ 48.674312][ T8426] acpi_ds_load2_end_op+0x7d0/0xebc [ 48.679488][ T8426] acpi_ds_exec_end_op+0x6ce/0x11d4 [ 48.684666][ T8426] acpi_ps_parse_loop+0xd9f/0x1cf0 [ 48.689766][ T8426] acpi_ps_parse_aml+0x1d5/0x955 [ 48.694685][ T8426] acpi_ps_execute_table+0x317/0x3ef [ 48.699949][ T8426] acpi_ns_execute_table+0x436/0x5bf [ 48.705219][ T8426] acpi_ns_load_table+0x5e/0x120 [ 48.710148][ T8426] acpi_tb_load_namespace+0x456/0x6b9 [ 48.715505][ T8426] acpi_load_tables+0x45/0xf5 [ 48.720161][ T8426] acpi_bus_init+0x9a/0x993 [ 48.724642][ T8426] acpi_init+0x8c/0x22c [ 48.728790][ T8426] do_one_initcall+0x197/0x3f0 [ 48.733532][ T8426] do_initcall_level+0x14a/0x1f5 [ 48.738449][ T8426] do_initcalls+0x4b/0x8c [ 48.742759][ T8426] kernel_init_freeable+0x3f1/0x57e [ 48.747942][ T8426] kernel_init+0x19/0x2a0 [ 48.752252][ T8426] ret_from_fork+0x1f/0x30 [ 48.756647][ T8426] [ 48.758956][ T8426] The buggy address belongs to the object at ffff8880195444e0 [ 48.758956][ T8426] which belongs to the cache Acpi-Operand of size 72 [ 48.773071][ T8426] The buggy address is located 15 bytes inside of [ 48.773071][ T8426] 72-byte region [ffff8880195444e0, ffff888019544528) [ 48.786144][ T8426] The buggy address belongs to the page: [ 48.791751][ T8426] page:ffffea0000655100 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888019544068 pfn:0x19544 [ 48.803176][ T8426] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 48.810700][ T8426] raw: 00fff00000000200 ffffea0000654f88 ffffea0000654e08 ffff8880110c2b40 [ 48.819257][ T8426] raw: ffff888019544068 000000000027001d 00000001ffffffff 0000000000000000 [ 48.827809][ T8426] page dumped because: kasan: bad access detected [ 48.834193][ T8426] page_owner tracks the page as allocated [ 48.839883][ T8426] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 3012488798, free_ts 0 [ 48.854699][ T8426] get_page_from_freelist+0x779/0xa30 [ 48.860052][ T8426] __alloc_pages+0x26c/0x5f0 [ 48.864619][ T8426] alloc_page_interleave+0x22/0x1c0 [ 48.869795][ T8426] allocate_slab+0xf1/0x540 [ 48.874270][ T8426] ___slab_alloc+0x1cf/0x350 [ 48.878846][ T8426] kmem_cache_alloc+0x299/0x340 [ 48.883682][ T8426] acpi_ut_allocate_object_desc_dbg+0xd8/0x165 [ 48.889815][ T8426] acpi_ut_create_internal_object_dbg+0x21/0x195 [ 48.896136][ T8426] acpi_ds_build_internal_object+0x15f/0x732 [ 48.902097][ T8426] acpi_ds_create_node+0xe9/0x1a8 [ 48.907100][ T8426] acpi_ds_load2_end_op+0x7d0/0xebc [ 48.912280][ T8426] acpi_ds_exec_end_op+0x6ce/0x11d4 [ 48.917456][ T8426] acpi_ps_parse_loop+0xd9f/0x1cf0 [ 48.922546][ T8426] acpi_ps_parse_aml+0x1d5/0x955 [ 48.927460][ T8426] acpi_ps_execute_table+0x317/0x3ef [ 48.932720][ T8426] acpi_ns_execute_table+0x436/0x5bf [ 48.937984][ T8426] page_owner free stack trace missing [ 48.943328][ T8426] [ 48.945634][ T8426] Memory state around the buggy address: [ 48.951243][ T8426] ffff888019544400: fc fc 00 00 00 00 00 00 00 00 00 fc fc fc fc 00 [ 48.959281][ T8426] ffff888019544480: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 [ 48.967313][ T8426] >ffff888019544500: 00 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb [ 48.975343][ T8426] ^ [ 48.980689][ T8426] ffff888019544580: fb fb fc fc fc fc 00 00 00 00 00 00 00 00 00 fc [ 48.988726][ T8426] ffff888019544600: fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 48.996758][ T8426] ================================================================== [ 49.004788][ T8426] Disabling lock debugging due to kernel taint [ 49.011189][ T8426] Kernel panic - not syncing: panic_on_warn set ... [ 49.017765][ T8426] CPU: 0 PID: 8426 Comm: syz-executor279 Tainted: G B 5.14.0-rc6-syzkaller #0 [ 49.027894][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.037924][ T8426] Call Trace: [ 49.041184][ T8426] dump_stack_lvl+0x1ae/0x29f [ 49.045844][ T8426] ? show_regs_print_info+0x12/0x12 [ 49.051022][ T8426] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 49.056721][ T8426] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 49.062856][ T8426] panic+0x2e1/0x850 [ 49.066730][ T8426] ? trace_hardirqs_on+0x30/0x80 [ 49.071656][ T8426] ? nmi_panic+0x90/0x90 [ 49.075888][ T8426] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 49.081768][ T8426] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 49.087653][ T8426] ? print_memory_metadata+0xa7/0x100 [ 49.093016][ T8426] kasan_report+0x206/0x210 [ 49.097516][ T8426] ? ext4_write_inline_data_end+0x4d4/0x960 [ 49.103423][ T8426] kasan_check_range+0x2b5/0x2f0 [ 49.108346][ T8426] ? ext4_write_inline_data_end+0x4d4/0x960 [ 49.114224][ T8426] memcpy+0x3c/0x60 [ 49.118016][ T8426] ext4_write_inline_data_end+0x4d4/0x960 [ 49.123724][ T8426] ? ext4_convert_inline_data_to_extent+0x10a0/0x10a0 [ 49.130471][ T8426] ? trace_ext4_write_end+0xee/0x290 [ 49.135739][ T8426] ext4_write_end+0x1ff/0xbd0 [ 49.140397][ T8426] generic_perform_write+0x361/0x580 [ 49.145669][ T8426] ? ext4_da_write_begin+0x10c0/0x10c0 [ 49.151108][ T8426] ? grab_cache_page_write_begin+0x90/0x90 [ 49.156898][ T8426] ? file_remove_privs+0x670/0x670 [ 49.161995][ T8426] ext4_buffered_write_iter+0x41c/0x590 [ 49.167522][ T8426] ext4_file_write_iter+0x8f7/0x1b90 [ 49.172788][ T8426] ? read_lock_is_recursive+0x10/0x10 [ 49.178157][ T8426] ? iov_iter_init+0xf0/0x1f0 [ 49.182820][ T8426] ? memcpy+0x3c/0x60 [ 49.186784][ T8426] ? ext4_file_read_iter+0x6b0/0x6b0 [ 49.192048][ T8426] ? iov_iter_fault_in_readable+0x430/0x430 [ 49.197923][ T8426] vfs_write+0xa39/0xc90 [ 49.202147][ T8426] ? file_end_write+0x230/0x230 [ 49.206986][ T8426] ? mutex_lock_nested+0x1a/0x20 [ 49.211921][ T8426] ? __fdget_pos+0x24e/0x2f0 [ 49.216504][ T8426] ? ksys_write+0x72/0x2a0 [ 49.220910][ T8426] ksys_write+0x171/0x2a0 [ 49.225411][ T8426] ? __ia32_sys_read+0x80/0x80 [ 49.230154][ T8426] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 49.236116][ T8426] ? lockdep_hardirqs_on+0x8d/0x130 [ 49.241295][ T8426] ? syscall_enter_from_user_mode+0x2e/0x1b0 [ 49.247260][ T8426] do_syscall_64+0x3d/0xb0 [ 49.251674][ T8426] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.257558][ T8426] RIP: 0033:0x44ac89 [ 49.261440][ T8426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.281024][ T8426] RSP: 002b:00007ff12e8852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.289679][ T8426] RAX: ffffffffffffffda RBX: 00000000004ce4d0 RCX: 000000000044ac89 [ 49.297630][ T8426] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000006 [ 49.305584][ T8426] RBP: 000000000049de98 R08: 0000000000000000 R09: 0000000000000000 [ 49.313542][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 49.321502][ T8426] R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 00000000004ce4d8 [ 49.330631][ T8426] Kernel Offset: disabled [ 49.334984][ T8426] Rebooting in 86400 seconds..