[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. syzkaller login: [ 42.885573] IPVS: ftp: loaded support on port[0] = 21 executing program [ 43.037268] FAULT_INJECTION: forcing a failure. [ 43.037268] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 43.049846] CPU: 1 PID: 8091 Comm: syz-executor759 Not tainted 4.19.211-syzkaller #0 [ 43.057732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 43.067082] Call Trace: [ 43.069672] dump_stack+0x1fc/0x2ef [ 43.073310] should_fail.cold+0xa/0xf [ 43.077105] ? setup_fault_attr+0x200/0x200 [ 43.081418] __alloc_pages_nodemask+0x239/0x2890 [ 43.086164] ? lock_downgrade+0x720/0x720 [ 43.090292] ? __radix_tree_lookup+0x216/0x370 [ 43.094859] ? find_get_entry+0x4cd/0x8a0 [ 43.098993] ? lock_downgrade+0x720/0x720 [ 43.103126] ? __radix_tree_lookup+0x370/0x370 [ 43.107697] ? check_preemption_disabled+0x41/0x280 [ 43.112704] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 43.117536] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 43.122638] ? find_get_pages_range_tag+0xc50/0xc50 [ 43.127644] ? kasan_kmalloc+0x139/0x160 [ 43.131701] alloc_pages_current+0x193/0x2a0 [ 43.136098] do_read_cache_page+0xa36/0x1170 [ 43.140492] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.145848] ? metapage_get_blocks+0x2d0/0x2d0 [ 43.150416] __get_metapage+0x240/0x13d0 [ 43.154477] ? lock_downgrade+0x720/0x720 [ 43.158611] ? release_metapage+0x9b0/0x9b0 [ 43.162919] ? setup_fault_attr+0x200/0x200 [ 43.167222] ? lock_acquire+0x170/0x3c0 [ 43.171179] ? check_preemption_disabled+0x41/0x280 [ 43.176175] ? dbMount+0x4d/0x880 [ 43.179614] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 43.184625] ? kmem_cache_alloc_trace+0x323/0x380 [ 43.189464] dbMount+0x74/0x880 [ 43.192732] jfs_mount_rw+0x268/0x4b0 [ 43.196612] ? updateSuper+0x730/0x730 [ 43.200520] ? dentry_lru_isolate+0x1c0/0x1c0 [ 43.205010] ? do_raw_spin_unlock+0x171/0x230 [ 43.209492] ? shrink_dentry_list+0x1a/0x6e0 [ 43.213882] ? _raw_spin_unlock+0x29/0x40 [ 43.218014] ? list_lru_walk_node+0x226/0x2a0 [ 43.222520] jfs_remount+0x51c/0x640 [ 43.226224] ? jfs_fill_super+0xb50/0xb50 [ 43.230358] ? apparmor_sb_mount+0x5b1/0x970 [ 43.234751] do_remount_sb+0x1a0/0x6a0 [ 43.238624] ? jfs_fill_super+0xb50/0xb50 [ 43.242749] ? user_get_super+0x240/0x240 [ 43.246880] ? security_capable+0x8f/0xc0 [ 43.251008] do_mount+0x1a62/0x2f50 [ 43.254617] ? lock_downgrade+0x720/0x720 [ 43.258742] ? copy_mount_string+0x40/0x40 [ 43.262954] ? vfs_write+0x393/0x540 [ 43.266669] ? copy_mount_options+0x26f/0x380 [ 43.271170] ksys_mount+0xcf/0x130 [ 43.274714] __x64_sys_mount+0xba/0x150 [ 43.278682] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 43.283243] do_syscall_64+0xf9/0x620 [ 43.287026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.292192] RIP: 0033:0x7f4d81d2c3d9 [ 43.295882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 43.314789] RSP: 002b:00007fff8fc88988 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 43.322476] RAX: ffffffffffffffda RBX: 00007f4d81d98e50 RCX: 00007f4d81d2c3d9 [ 43.329723] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000 [ 43.336971] RBP: 00007fff8fc88990 R08: 0000000000000000 R09: 0000000000000039 [ 43.344217] R10: 0000000000800020 R11: 0000000000000246 R12: 0000000000000001 [ 43.351466] R13: 00007fff8fc88ac0 R14: 00007f4d81d68128 R15: 00007fff8fc889c0 [ 43.364051] ================================================================== [ 43.371529] BUG: KASAN: double-free or invalid-free in dbUnmount+0xff/0x140 [ 43.378620] [ 43.380247] CPU: 1 PID: 8091 Comm: syz-executor759 Not tainted 4.19.211-syzkaller #0 [ 43.388122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 43.397462] Call Trace: [ 43.400032] dump_stack+0x1fc/0x2ef [ 43.403640] print_address_description.cold+0x54/0x219 [ 43.408899] ? dbUnmount+0xff/0x140 [ 43.412524] kasan_report_invalid_free+0x61/0xa0 [ 43.417259] ? dbUnmount+0xff/0x140 [ 43.420864] __kasan_slab_free+0x1d0/0x1f0 [ 43.425083] ? truncate_inode_page+0xc0/0xc0 [ 43.429472] ? mark_held_locks+0xa6/0xf0 [ 43.433532] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 43.438618] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 43.443184] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 43.448264] ? debug_check_no_obj_freed+0x201/0x490 [ 43.453258] ? lock_downgrade+0x720/0x720 [ 43.457384] ? lock_acquire+0x170/0x3c0 [ 43.461334] ? debug_check_no_obj_freed+0xb5/0x490 [ 43.466246] ? trace_hardirqs_off+0x64/0x200 [ 43.470633] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 43.475710] ? debug_check_no_obj_freed+0x201/0x490 [ 43.480709] ? dbUnmount+0xff/0x140 [ 43.484312] kfree+0xcc/0x210 [ 43.487397] dbUnmount+0xff/0x140 [ 43.490830] jfs_umount+0x1cc/0x310 [ 43.494444] jfs_put_super+0x61/0x140 [ 43.498222] ? jfs_quota_off+0x150/0x150 [ 43.502265] generic_shutdown_super+0x144/0x370 [ 43.506916] kill_block_super+0x97/0xf0 [ 43.510873] deactivate_locked_super+0x94/0x160 [ 43.515525] deactivate_super+0x174/0x1a0 [ 43.519659] ? deactivate_locked_super+0x160/0x160 [ 43.524566] ? dput+0x31/0x640 [ 43.527739] cleanup_mnt+0x1a8/0x290 [ 43.531442] task_work_run+0x148/0x1c0 [ 43.535307] do_exit+0xbf3/0x2be0 [ 43.538742] ? lock_downgrade+0x720/0x720 [ 43.542868] ? mm_update_next_owner+0x650/0x650 [ 43.547514] ? up_read+0x17/0x110 [ 43.550945] ? __do_page_fault+0x180/0xd60 [ 43.555161] do_group_exit+0x125/0x310 [ 43.559026] __x64_sys_exit_group+0x3a/0x50 [ 43.563326] do_syscall_64+0xf9/0x620 [ 43.567107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.572272] RIP: 0033:0x7f4d81d2af39 [ 43.575967] Code: Bad RIP value. [ 43.579309] RSP: 002b:00007fff8fc88968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 43.586992] RAX: ffffffffffffffda RBX: 00007f4d81d9e3d0 RCX: 00007f4d81d2af39 [ 43.594239] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 43.601497] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000039 [ 43.608744] R10: 0000000000800020 R11: 0000000000000246 R12: 00007f4d81d9e3d0 [ 43.615994] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 43.623253] [ 43.624855] Allocated by task 8091: [ 43.628474] kmem_cache_alloc_trace+0x12f/0x380 [ 43.633125] dbMount+0x4d/0x880 [ 43.636381] jfs_mount+0x124/0x3d0 [ 43.639897] jfs_fill_super+0x55c/0xb50 [ 43.643844] mount_bdev+0x2fc/0x3b0 [ 43.647444] mount_fs+0xa3/0x310 [ 43.650786] vfs_kern_mount.part.0+0x68/0x470 [ 43.655257] do_mount+0x115c/0x2f50 [ 43.658861] ksys_mount+0xcf/0x130 [ 43.662388] __x64_sys_mount+0xba/0x150 [ 43.666350] do_syscall_64+0xf9/0x620 [ 43.670131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.675291] [ 43.676894] Freed by task 8091: [ 43.680153] kfree+0xcc/0x210 [ 43.683237] dbUnmount+0xff/0x140 [ 43.686752] jfs_mount_rw+0x244/0x4b0 [ 43.690531] jfs_remount+0x51c/0x640 [ 43.694221] do_remount_sb+0x1a0/0x6a0 [ 43.698085] do_mount+0x1a62/0x2f50 [ 43.701686] ksys_mount+0xcf/0x130 [ 43.705200] __x64_sys_mount+0xba/0x150 [ 43.709150] do_syscall_64+0xf9/0x620 [ 43.712925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.718086] [ 43.719690] The buggy address belongs to the object at ffff8880b02f1240 [ 43.719690] which belongs to the cache kmalloc-2048 of size 2048 [ 43.732499] The buggy address is located 0 bytes inside of [ 43.732499] 2048-byte region [ffff8880b02f1240, ffff8880b02f1a40) [ 43.744261] The buggy address belongs to the page: [ 43.749167] page:ffffea0002c0bc00 count:1 mapcount:0 mapping:ffff88813bff0c40 index:0x0 compound_mapcount: 0 [ 43.759109] flags: 0xfff00000008100(slab|head) [ 43.763668] raw: 00fff00000008100 ffffea0002534208 ffff88813bff1948 ffff88813bff0c40 [ 43.771525] raw: 0000000000000000 ffff8880b02f0140 0000000100000003 0000000000000000 [ 43.779375] page dumped because: kasan: bad access detected [ 43.785071] [ 43.786671] Memory state around the buggy address: [ 43.791576] ffff8880b02f1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.798912] ffff8880b02f1180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 43.806245] >ffff8880b02f1200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 43.813574] ^ [ 43.819001] ffff8880b02f1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.826334] ffff8880b02f1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.833664] ================================================================== [ 43.841082] Disabling lock debugging due to kernel taint [ 43.846503] Kernel panic - not syncing: panic_on_warn set ... [ 43.846503] [ 43.853840] CPU: 1 PID: 8091 Comm: syz-executor759 Tainted: G B 4.19.211-syzkaller #0 [ 43.863081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 43.872408] Call Trace: [ 43.874983] dump_stack+0x1fc/0x2ef [ 43.878592] panic+0x26a/0x50e [ 43.881763] ? __warn_printk+0xf3/0xf3 [ 43.885629] ? lock_downgrade+0x720/0x720 [ 43.889754] ? print_shadow_for_address+0xb8/0x114 [ 43.894660] ? trace_hardirqs_off+0x64/0x200 [ 43.899048] ? dbUnmount+0xff/0x140 [ 43.902667] kasan_end_report+0x43/0x49 [ 43.906618] kasan_report_invalid_free+0x7d/0xa0 [ 43.911352] ? dbUnmount+0xff/0x140 [ 43.914953] __kasan_slab_free+0x1d0/0x1f0 [ 43.919163] ? truncate_inode_page+0xc0/0xc0 [ 43.923549] ? mark_held_locks+0xa6/0xf0 [ 43.927589] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 43.932667] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 43.937224] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 43.942301] ? debug_check_no_obj_freed+0x201/0x490 [ 43.947293] ? lock_downgrade+0x720/0x720 [ 43.951415] ? lock_acquire+0x170/0x3c0 [ 43.955371] ? debug_check_no_obj_freed+0xb5/0x490 [ 43.960381] ? trace_hardirqs_off+0x64/0x200 [ 43.964764] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 43.969840] ? debug_check_no_obj_freed+0x201/0x490 [ 43.974835] ? dbUnmount+0xff/0x140 [ 43.978436] kfree+0xcc/0x210 [ 43.981518] dbUnmount+0xff/0x140 [ 43.984946] jfs_umount+0x1cc/0x310 [ 43.988549] jfs_put_super+0x61/0x140 [ 43.992322] ? jfs_quota_off+0x150/0x150 [ 43.996367] generic_shutdown_super+0x144/0x370 [ 44.001017] kill_block_super+0x97/0xf0 [ 44.004968] deactivate_locked_super+0x94/0x160 [ 44.009613] deactivate_super+0x174/0x1a0 [ 44.013738] ? deactivate_locked_super+0x160/0x160 [ 44.018644] ? dput+0x31/0x640 [ 44.021815] cleanup_mnt+0x1a8/0x290 [ 44.025509] task_work_run+0x148/0x1c0 [ 44.029377] do_exit+0xbf3/0x2be0 [ 44.032808] ? lock_downgrade+0x720/0x720 [ 44.036933] ? mm_update_next_owner+0x650/0x650 [ 44.041579] ? up_read+0x17/0x110 [ 44.045008] ? __do_page_fault+0x180/0xd60 [ 44.049229] do_group_exit+0x125/0x310 [ 44.053093] __x64_sys_exit_group+0x3a/0x50 [ 44.057391] do_syscall_64+0xf9/0x620 [ 44.061170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.066347] RIP: 0033:0x7f4d81d2af39 [ 44.070041] Code: Bad RIP value. [ 44.073381] RSP: 002b:00007fff8fc88968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 44.081068] RAX: ffffffffffffffda RBX: 00007f4d81d9e3d0 RCX: 00007f4d81d2af39 [ 44.088339] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 44.095582] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000039 [ 44.102825] R10: 0000000000800020 R11: 0000000000000246 R12: 00007f4d81d9e3d0 [ 44.110069] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 44.117489] Kernel Offset: disabled [ 44.121103] Rebooting in 86400 seconds..