Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. [ 428.413044] ================================================================== [ 428.420759] BUG: KASAN: use-after-free in __lock_acquire+0x2cb4/0x3ff0 [ 428.427421] Read of size 8 at addr ffff8880b0e2e968 by task loop2/12424 [ 428.434146] [ 428.435753] CPU: 0 PID: 12424 Comm: loop2 Not tainted 4.19.157-syzkaller #0 [ 428.442829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.452193] Call Trace: [ 428.454842] dump_stack+0x1fc/0x2fe [ 428.458514] print_address_description.cold+0x54/0x219 [ 428.463781] kasan_report_error.cold+0x8a/0x1c7 [ 428.468461] ? __lock_acquire+0x2cb4/0x3ff0 [ 428.472768] __asan_report_load8_noabort+0x88/0x90 [ 428.477765] ? __lock_acquire+0x2cb4/0x3ff0 [ 428.482065] __lock_acquire+0x2cb4/0x3ff0 [ 428.486314] ? trace_hardirqs_off+0x64/0x200 [ 428.490738] ? __kasan_slab_free+0x186/0x1f0 [ 428.495124] ? kmem_cache_free+0x7f/0x260 [ 428.499285] ? mempool_free+0xe3/0x370 [ 428.503200] ? bio_free+0xee/0x140 [ 428.506720] ? mark_held_locks+0xf0/0xf0 [ 428.510792] ? blk_update_request+0x30f/0xaf0 [ 428.515295] ? blk_mq_end_request+0x4a/0x340 [ 428.519746] ? lo_complete_rq+0x201/0x2d0 [ 428.523877] ? blk_mq_complete_request+0x472/0x660 [ 428.528811] ? loop_queue_work+0x274/0x20c0 [ 428.533220] ? kthread_worker_fn+0x292/0x730 [ 428.537644] ? kthread+0x33f/0x460 [ 428.541231] ? ret_from_fork+0x24/0x30 [ 428.545150] ? debug_check_no_obj_freed+0x201/0x482 [ 428.550161] ? lock_downgrade+0x720/0x720 [ 428.554338] ? lock_acquire+0x170/0x3c0 [ 428.558293] lock_acquire+0x170/0x3c0 [ 428.562102] ? __wake_up_common_lock+0xb0/0x170 [ 428.566764] _raw_spin_lock_irqsave+0x8c/0xc0 [ 428.571245] ? __wake_up_common_lock+0xb0/0x170 [ 428.576026] __wake_up_common_lock+0xb0/0x170 [ 428.580515] ? __wake_up_common+0x650/0x650 [ 428.584830] ? _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 428.589980] lbmIODone+0x44b/0xf40 [ 428.593637] ? lock_downgrade+0x720/0x720 [ 428.597816] ? lock_acquire+0x170/0x3c0 [ 428.601809] ? scale_cookie_change.isra.0+0x380/0x380 [ 428.606994] ? lbmFree+0x100/0x100 [ 428.610516] bio_endio+0x471/0x810 [ 428.614038] blk_update_request+0x30f/0xaf0 [ 428.618456] blk_mq_end_request+0x4a/0x340 [ 428.622675] lo_complete_rq+0x201/0x2d0 [ 428.626726] blk_mq_complete_request+0x472/0x660 [ 428.631469] loop_queue_work+0x274/0x20c0 [ 428.635644] ? finish_task_switch+0x118/0x780 [ 428.640177] ? switch_mm_irqs_off+0x2e5/0x1340 [ 428.644835] ? lo_fallocate.isra.0+0x170/0x170 [ 428.649429] ? kthread_worker_fn+0x217/0x730 [ 428.653826] ? kthread_worker_fn+0x3e4/0x730 [ 428.658228] ? _raw_spin_unlock_irq+0x24/0x80 [ 428.662703] kthread_worker_fn+0x292/0x730 [ 428.666918] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 428.671481] ? __kthread_init_worker+0xf0/0xf0 [ 428.676041] ? __kthread_parkme+0x133/0x1e0 [ 428.680345] ? loop_info64_to_compat+0x5e0/0x5e0 [ 428.685172] kthread+0x33f/0x460 [ 428.688519] ? kthread_park+0x180/0x180 [ 428.692472] ret_from_fork+0x24/0x30 [ 428.696172] [ 428.697847] Allocated by task 12419: [ 428.701596] kmem_cache_alloc_trace+0x12f/0x380 [ 428.706252] lmLogInit+0x301/0x13d0 [ 428.709861] lmLogOpen+0x718/0x11e0 [ 428.713510] jfs_mount_rw+0x286/0x4b0 [ 428.717420] jfs_fill_super+0x814/0xb50 [ 428.721429] mount_bdev+0x2fc/0x3b0 [ 428.725035] mount_fs+0xa3/0x30c [ 428.728420] vfs_kern_mount.part.0+0x68/0x470 [ 428.732894] do_mount+0x113c/0x2f10 [ 428.736500] ksys_mount+0xcf/0x130 [ 428.740027] __x64_sys_mount+0xba/0x150 [ 428.744031] do_syscall_64+0xf9/0x620 [ 428.747816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.752981] [ 428.754586] Freed by task 12419: [ 428.757930] kfree+0xcc/0x210 [ 428.761021] lmLogInit+0xf85/0x13d0 [ 428.764630] lmLogOpen+0x718/0x11e0 [ 428.768230] jfs_mount_rw+0x286/0x4b0 [ 428.772011] jfs_fill_super+0x814/0xb50 [ 428.775967] mount_bdev+0x2fc/0x3b0 [ 428.779571] mount_fs+0xa3/0x30c [ 428.782911] vfs_kern_mount.part.0+0x68/0x470 [ 428.787395] do_mount+0x113c/0x2f10 [ 428.791041] ksys_mount+0xcf/0x130 [ 428.794566] __x64_sys_mount+0xba/0x150 [ 428.798515] do_syscall_64+0xf9/0x620 [ 428.802294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.807491] [ 428.809112] The buggy address belongs to the object at ffff8880b0e2e900 [ 428.809112] which belongs to the cache kmalloc-192 of size 192 [ 428.821828] The buggy address is located 104 bytes inside of [ 428.821828] 192-byte region [ffff8880b0e2e900, ffff8880b0e2e9c0) [ 428.833671] The buggy address belongs to the page: [ 428.838584] page:ffffea0002c38b80 count:1 mapcount:0 mapping:ffff88813bff0040 index:0x0 [ 428.846942] flags: 0xfff00000000100(slab) [ 428.851081] raw: 00fff00000000100 ffffea0002c10048 ffffea0002c38a88 ffff88813bff0040 [ 428.858959] raw: 0000000000000000 ffff8880b0e2e000 0000000100000010 0000000000000000 [ 428.866827] page dumped because: kasan: bad access detected [ 428.872518] [ 428.874117] Memory state around the buggy address: [ 428.879029] ffff8880b0e2e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 428.886376] ffff8880b0e2e880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 428.893714] >ffff8880b0e2e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 428.901056] ^ [ 428.907802] ffff8880b0e2e980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 428.915143] ffff8880b0e2ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 428.922478] ================================================================== [ 428.929810] Disabling lock debugging due to kernel taint [ 428.935236] Kernel panic - not syncing: panic_on_warn set ... [ 428.935236] [ 428.942598] CPU: 0 PID: 12424 Comm: loop2 Tainted: G B 4.19.157-syzkaller #0 [ 428.951061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.960391] Call Trace: [ 428.962962] dump_stack+0x1fc/0x2fe [ 428.966633] panic+0x26a/0x50e [ 428.969805] ? __warn_printk+0xf3/0xf3 [ 428.973668] ? lock_downgrade+0x720/0x720 [ 428.977801] ? print_shadow_for_address+0xb8/0x114 [ 428.982726] ? trace_hardirqs_off+0x64/0x200 [ 428.987115] kasan_end_report+0x43/0x49 [ 428.991067] kasan_report_error.cold+0xa7/0x1c7 [ 428.995713] ? __lock_acquire+0x2cb4/0x3ff0 [ 429.000015] __asan_report_load8_noabort+0x88/0x90 [ 429.004924] ? __lock_acquire+0x2cb4/0x3ff0 [ 429.009223] __lock_acquire+0x2cb4/0x3ff0 [ 429.013352] ? trace_hardirqs_off+0x64/0x200 [ 429.017740] ? __kasan_slab_free+0x186/0x1f0 [ 429.022130] ? kmem_cache_free+0x7f/0x260 [ 429.026259] ? mempool_free+0xe3/0x370 [ 429.030129] ? bio_free+0xee/0x140 [ 429.033647] ? mark_held_locks+0xf0/0xf0 [ 429.037686] ? blk_update_request+0x30f/0xaf0 [ 429.042200] ? blk_mq_end_request+0x4a/0x340 [ 429.046590] ? lo_complete_rq+0x201/0x2d0 [ 429.050715] ? blk_mq_complete_request+0x472/0x660 [ 429.055745] ? loop_queue_work+0x274/0x20c0 [ 429.060055] ? kthread_worker_fn+0x292/0x730 [ 429.064458] ? kthread+0x33f/0x460 [ 429.067981] ? ret_from_fork+0x24/0x30 [ 429.071847] ? debug_check_no_obj_freed+0x201/0x482 [ 429.076842] ? lock_downgrade+0x720/0x720 [ 429.080966] ? lock_acquire+0x170/0x3c0 [ 429.084917] lock_acquire+0x170/0x3c0 [ 429.088702] ? __wake_up_common_lock+0xb0/0x170 [ 429.093359] _raw_spin_lock_irqsave+0x8c/0xc0 [ 429.097833] ? __wake_up_common_lock+0xb0/0x170 [ 429.102480] __wake_up_common_lock+0xb0/0x170 [ 429.106952] ? __wake_up_common+0x650/0x650 [ 429.111254] ? _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 429.116337] lbmIODone+0x44b/0xf40 [ 429.119858] ? lock_downgrade+0x720/0x720 [ 429.123993] ? lock_acquire+0x170/0x3c0 [ 429.127954] ? scale_cookie_change.isra.0+0x380/0x380 [ 429.133122] ? lbmFree+0x100/0x100 [ 429.136642] bio_endio+0x471/0x810 [ 429.140171] blk_update_request+0x30f/0xaf0 [ 429.144484] blk_mq_end_request+0x4a/0x340 [ 429.148698] lo_complete_rq+0x201/0x2d0 [ 429.152650] blk_mq_complete_request+0x472/0x660 [ 429.157515] loop_queue_work+0x274/0x20c0 [ 429.161659] ? finish_task_switch+0x118/0x780 [ 429.166134] ? switch_mm_irqs_off+0x2e5/0x1340 [ 429.170693] ? lo_fallocate.isra.0+0x170/0x170 [ 429.175253] ? kthread_worker_fn+0x217/0x730 [ 429.179637] ? kthread_worker_fn+0x3e4/0x730 [ 429.184023] ? _raw_spin_unlock_irq+0x24/0x80 [ 429.188496] kthread_worker_fn+0x292/0x730 [ 429.192708] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 429.197266] ? __kthread_init_worker+0xf0/0xf0 [ 429.201830] ? __kthread_parkme+0x133/0x1e0 [ 429.206140] ? loop_info64_to_compat+0x5e0/0x5e0 [ 429.210873] kthread+0x33f/0x460 [ 429.214218] ? kthread_park+0x180/0x180 [ 429.218192] ret_from_fork+0x24/0x30 [ 429.222458] Kernel Offset: disabled [ 429.226068] Rebooting in 86400 seconds..