[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.201795] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 40.209688] gfs2: fsid=syz:syz: Now mounting FS... [ 40.217870] ================================================================== [ 40.225314] BUG: KASAN: stack-out-of-bounds in gfs2_block_map+0x240b/0x2de0 [ 40.232401] Write of size 2 at addr ffff88809ca976a0 by task syz-executor247/7967 [ 40.240005] [ 40.241612] CPU: 0 PID: 7967 Comm: syz-executor247 Not tainted 4.14.302-syzkaller #0 [ 40.249464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 40.258791] Call Trace: [ 40.261355] dump_stack+0x1b2/0x281 [ 40.264957] print_address_description.cold+0x54/0x1d3 [ 40.270206] kasan_report_error.cold+0x8a/0x191 [ 40.274849] ? gfs2_block_map+0x240b/0x2de0 [ 40.279144] __asan_report_store2_noabort+0x68/0x70 [ 40.284135] ? gfs2_block_map+0x240b/0x2de0 [ 40.288427] gfs2_block_map+0x240b/0x2de0 [ 40.292553] ? finish_task_switch+0x178/0x610 [ 40.297020] ? finish_task_switch+0x14d/0x610 [ 40.301489] ? trace_hardirqs_on+0x10/0x10 [ 40.305700] ? __schedule+0x893/0x1de0 [ 40.309563] ? gfs2_unstuff_dinode+0x10e0/0x10e0 [ 40.314292] ? io_schedule_timeout+0x140/0x140 [ 40.318851] ? gfs2_glock_nq+0x83a/0x1120 [ 40.322974] gfs2_write_alloc_required+0x2dc/0x3c0 [ 40.327878] ? gfs2_map_journal_extents+0x5c0/0x5c0 [ 40.332873] ? gfs2_glock_wait+0xd6/0x1b0 [ 40.336998] ? gfs2_glock_nq+0x871/0x1120 [ 40.341120] ? lock_downgrade+0x740/0x740 [ 40.345241] gfs2_jdesc_check+0x174/0x220 [ 40.349362] init_inodes+0x110b/0x18d0 [ 40.353226] ? gfs2_mount_meta+0x260/0x260 [ 40.357435] ? snprintf+0xa5/0xd0 [ 40.360863] ? vsprintf+0x30/0x30 [ 40.364288] ? check_journal_clean+0x180/0x180 [ 40.368844] ? init_inodes+0x682/0x18d0 [ 40.372793] fill_super+0x1721/0x2310 [ 40.376571] ? gfs2_online_uevent+0x1b0/0x1b0 [ 40.381039] ? pointer+0x9e0/0x9e0 [ 40.384554] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 40.388850] ? vsprintf+0x30/0x30 [ 40.392275] ? gfs2_open+0x160/0x160 [ 40.395964] ? set_blocksize+0x125/0x380 [ 40.399998] gfs2_mount+0x439/0x510 [ 40.403598] ? fill_super+0x2310/0x2310 [ 40.407547] ? _find_next_bit+0xdb/0x100 [ 40.411589] ? alloc_pages_current+0x15d/0x260 [ 40.416144] ? __lockdep_init_map+0x100/0x560 [ 40.420611] mount_fs+0x92/0x2a0 [ 40.423955] vfs_kern_mount.part.0+0x5b/0x470 [ 40.428424] do_mount+0xe65/0x2a30 [ 40.431936] ? do_raw_spin_unlock+0x164/0x220 [ 40.436406] ? copy_mount_string+0x40/0x40 [ 40.440616] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 40.445605] ? copy_mnt_ns+0xa30/0xa30 [ 40.449464] ? copy_mount_options+0x1fa/0x2f0 [ 40.453949] ? copy_mnt_ns+0xa30/0xa30 [ 40.457811] SyS_mount+0xa8/0x120 [ 40.461238] ? copy_mnt_ns+0xa30/0xa30 [ 40.465098] do_syscall_64+0x1d5/0x640 [ 40.468964] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 40.474128] RIP: 0033:0x7fdd19910ada [ 40.477813] RSP: 002b:00007fff18650f18 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 40.485493] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdd19910ada [ 40.492736] RDX: 0000000020037f40 RSI: 0000000020037f80 RDI: 00007fff18650f20 [ 40.499978] RBP: 00007fff18650f20 R08: 00007fff18650f60 R09: 0000000000043350 [ 40.507220] R10: 0000000002000011 R11: 0000000000000282 R12: 0000000000000004 [ 40.514462] R13: 00005555559902c0 R14: 00007fff18650f60 R15: 0000000000000000 [ 40.521709] [ 40.523309] The buggy address belongs to the page: [ 40.528214] page:ffffea000272a5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 40.536328] flags: 0xfff00000000000() [ 40.540103] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 40.548025] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 40.555877] page dumped because: kasan: bad access detected [ 40.561557] [ 40.563159] Memory state around the buggy address: [ 40.568063] ffff88809ca97580: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 40.575397] ffff88809ca97600: f1 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 40.582727] >ffff88809ca97680: 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 40.590056] ^ [ 40.594435] ffff88809ca97700: 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00 00 00 [ 40.601764] ffff88809ca97780: 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 [ 40.609090] ================================================================== [ 40.616419] Disabling lock debugging due to kernel taint [ 40.621953] Kernel panic - not syncing: panic_on_warn set ... [ 40.621953] [ 40.629306] CPU: 0 PID: 7967 Comm: syz-executor247 Tainted: G B 4.14.302-syzkaller #0 [ 40.638384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 40.647722] Call Trace: [ 40.650292] dump_stack+0x1b2/0x281 [ 40.653896] panic+0x1f9/0x42d [ 40.657060] ? add_taint.cold+0x16/0x16 [ 40.661008] ? ___preempt_schedule+0x16/0x18 [ 40.665391] kasan_end_report+0x43/0x49 [ 40.669337] kasan_report_error.cold+0xa7/0x191 [ 40.673980] ? gfs2_block_map+0x240b/0x2de0 [ 40.678272] __asan_report_store2_noabort+0x68/0x70 [ 40.683261] ? gfs2_block_map+0x240b/0x2de0 [ 40.687553] gfs2_block_map+0x240b/0x2de0 [ 40.691682] ? finish_task_switch+0x178/0x610 [ 40.696149] ? finish_task_switch+0x14d/0x610 [ 40.700616] ? trace_hardirqs_on+0x10/0x10 [ 40.704825] ? __schedule+0x893/0x1de0 [ 40.708688] ? gfs2_unstuff_dinode+0x10e0/0x10e0 [ 40.713414] ? io_schedule_timeout+0x140/0x140 [ 40.717971] ? gfs2_glock_nq+0x83a/0x1120 [ 40.722094] gfs2_write_alloc_required+0x2dc/0x3c0 [ 40.726995] ? gfs2_map_journal_extents+0x5c0/0x5c0 [ 40.731984] ? gfs2_glock_wait+0xd6/0x1b0 [ 40.736102] ? gfs2_glock_nq+0x871/0x1120 [ 40.740222] ? lock_downgrade+0x740/0x740 [ 40.744344] gfs2_jdesc_check+0x174/0x220 [ 40.748465] init_inodes+0x110b/0x18d0 [ 40.752325] ? gfs2_mount_meta+0x260/0x260 [ 40.756533] ? snprintf+0xa5/0xd0 [ 40.759957] ? vsprintf+0x30/0x30 [ 40.763384] ? check_journal_clean+0x180/0x180 [ 40.767937] ? init_inodes+0x682/0x18d0 [ 40.771885] fill_super+0x1721/0x2310 [ 40.775658] ? gfs2_online_uevent+0x1b0/0x1b0 [ 40.780128] ? pointer+0x9e0/0x9e0 [ 40.783640] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 40.787934] ? vsprintf+0x30/0x30 [ 40.791358] ? gfs2_open+0x160/0x160 [ 40.795045] ? set_blocksize+0x125/0x380 [ 40.799079] gfs2_mount+0x439/0x510 [ 40.802679] ? fill_super+0x2310/0x2310 [ 40.806626] ? _find_next_bit+0xdb/0x100 [ 40.810689] ? alloc_pages_current+0x15d/0x260 [ 40.815243] ? __lockdep_init_map+0x100/0x560 [ 40.819710] mount_fs+0x92/0x2a0 [ 40.823052] vfs_kern_mount.part.0+0x5b/0x470 [ 40.827519] do_mount+0xe65/0x2a30 [ 40.831031] ? do_raw_spin_unlock+0x164/0x220 [ 40.835497] ? copy_mount_string+0x40/0x40 [ 40.839707] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 40.844695] ? copy_mnt_ns+0xa30/0xa30 [ 40.848557] ? copy_mount_options+0x1fa/0x2f0 [ 40.853023] ? copy_mnt_ns+0xa30/0xa30 [ 40.856882] SyS_mount+0xa8/0x120 [ 40.860306] ? copy_mnt_ns+0xa30/0xa30 [ 40.864168] do_syscall_64+0x1d5/0x640 [ 40.868030] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 40.873200] RIP: 0033:0x7fdd19910ada [ 40.876888] RSP: 002b:00007fff18650f18 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 40.884576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdd19910ada [ 40.891826] RDX: 0000000020037f40 RSI: 0000000020037f80 RDI: 00007fff18650f20 [ 40.899071] RBP: 00007fff18650f20 R08: 00007fff18650f60 R09: 0000000000043350 [ 40.906311] R10: 0000000002000011 R11: 0000000000000282 R12: 0000000000000004 [ 40.913554] R13: 00005555559902c0 R14: 00007fff18650f60 R15: 0000000000000000 [ 40.921028] Kernel Offset: disabled [ 40.924655] Rebooting in 86400 seconds..