[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 28.835770] JFS: discard option not supported on device [ 28.902920] overlayfs: fs on '.' does not support file handles, falling back to index=off. [ 28.923188] JFS: discard option not supported on device [ 28.947045] overlayfs: upper fs needs to support d_type. [ 28.955820] overlayfs: fs on '.' does not support file handles, falling back to index=off. [ 28.970487] ====================================================== [ 28.970487] WARNING: the mand mount option is being deprecated and [ 28.970487] will be removed in v5.15! [ 28.970487] ====================================================== [ 28.987955] overlayfs: upper fs does not support tmpfile. [ 28.995539] JFS: discard option not supported on device [ 29.007043] JFS: discard option not supported on device [ 29.009014] JFS: discard option not supported on device [ 29.015121] JFS: discard option not supported on device [ 29.020019] overlayfs: failed to create directory ./file1/work (errno: 30); mounting read-only [ 29.042261] [ 29.043904] ===================================== [ 29.048905] WARNING: bad unlock balance detected! [ 29.049349] overlayfs: fs on '.' does not support file handles, falling back to index=off. [ 29.053740] 4.14.302-syzkaller #0 Not tainted [ 29.053742] ------------------------------------- [ 29.053746] syz-executor710/8010 is trying to release lock (sb_writers) at: [ 29.053767] [] ovl_workdir_create.cold+0xeb/0xf7 [ 29.053772] but there are no more locks to release! [ 29.089827] [ 29.089827] other info that might help us debug this: [ 29.095299] overlayfs: upper fs needs to support d_type. [ 29.096492] 1 lock held by syz-executor710/8010: [ 29.096494] #0: (&type->s_umount_key#47/1){+.+.}, at: [] sget_userns+0x556/0xc10 [ 29.096518] [ 29.096518] stack backtrace: [ 29.111725] overlayfs: upper fs does not support tmpfile. [ 29.116121] CPU: 0 PID: 8010 Comm: syz-executor710 Not tainted 4.14.302-syzkaller #0 [ 29.116125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.116128] Call Trace: [ 29.116143] dump_stack+0x1b2/0x281 [ 29.149507] ? ovl_workdir_create.cold+0xeb/0xf7 [ 29.154346] lock_release.cold+0x70/0xbf [ 29.158382] ? lock_downgrade+0x740/0x740 [ 29.162507] ovl_workdir_create.cold+0xeb/0xf7 [ 29.167069] ? clone_private_mount+0x24f/0x2f0 [ 29.171626] ? ovl_mount_dir+0x190/0x190 [ 29.175658] ? lock_downgrade+0x740/0x740 [ 29.179777] ? up_read+0x17/0x30 [ 29.183118] ? clone_private_mount+0x113/0x2f0 [ 29.187680] ovl_fill_super+0xfe9/0x2610 [ 29.191722] ? ovl_put_super+0x4a0/0x4a0 [ 29.195843] ? sget_userns+0x768/0xc10 [ 29.199704] ? get_anon_bdev+0x1c0/0x1c0 [ 29.203738] ? sget+0xd9/0x110 [ 29.206907] ? ovl_put_super+0x4a0/0x4a0 [ 29.210939] mount_nodev+0x4c/0xf0 [ 29.214459] mount_fs+0x92/0x2a0 [ 29.217797] vfs_kern_mount.part.0+0x5b/0x470 [ 29.222267] do_mount+0xe65/0x2a30 [ 29.225784] ? copy_mount_string+0x40/0x40 [ 29.229995] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.234983] ? copy_mnt_ns+0xa30/0xa30 [ 29.238842] ? copy_mount_options+0x1fa/0x2f0 [ 29.243309] ? copy_mnt_ns+0xa30/0xa30 [ 29.247168] SyS_mount+0xa8/0x120 [ 29.250602] ? copy_mnt_ns+0xa30/0xa30 [ 29.254554] do_syscall_64+0x1d5/0x640 [ 29.258417] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.263579] RIP: 0033:0x7f7198a812c9 [ 29.267264] RSP: 002b:00007f7198a2d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 29.274959] RAX: ffffffffffffffda RBX: 00007f7198b0b7a0 RCX: 00007f7198a812c9 [ 29.282220] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 29.289461] RBP: 00007f7198ad8118 R08: 0000000020000340 R09: 0000000000000000 [ 29.296722] R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e [ 29.303978] R13: 3d7269647265776f R14: 0079616c7265766f R15: 00007f7198b0b7a8 [ 29.319634] kasan: CONFIG_KASAN_INLINE enabled [ 29.324333] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 29.332390] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 29.338592] Modules linked in: [ 29.341791] CPU: 1 PID: 8013 Comm: syz-executor710 Not tainted 4.14.302-syzkaller #0 [ 29.349638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.358961] task: ffff8880925c66c0 task.stack: ffff8880b3208000 [ 29.364993] RIP: 0010:txBegin+0x12c/0x800 [ 29.369108] RSP: 0018:ffff8880b320f7c8 EFLAGS: 00010202 [ 29.374449] RAX: dffffc0000000000 RBX: ffff8880925c66c0 RCX: 0000000000000000 [ 29.381701] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000040 [ 29.388948] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 29.396194] R10: 0000000000000000 R11: ffff8880925c66c0 R12: 0000000000000000 [ 29.403436] R13: ffffffff87b54600 R14: 0000000000000001 R15: ffff8880963cc380 [ 29.410677] FS: 00007f7198a2d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 29.419654] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.425506] CR2: 0000559732a9c2f8 CR3: 00000000a1f6f000 CR4: 00000000003406e0 [ 29.432749] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.439996] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.447236] Call Trace: [ 29.449805] ? txExit+0x40/0x40 [ 29.453056] ? __switch_to_asm+0x25/0x60 [ 29.457089] ? lock_downgrade+0x740/0x740 [ 29.461205] ? finish_task_switch+0x14d/0x610 [ 29.465671] ? do_raw_spin_unlock+0x164/0x220 [ 29.470919] ? _raw_spin_unlock_irq+0x5a/0x80 [ 29.475387] ? finish_task_switch+0x178/0x610 [ 29.479853] ? finish_task_switch+0x14d/0x610 [ 29.484316] ? __switch_to_asm+0x31/0x60 [ 29.488349] ? __switch_to_asm+0x25/0x60 [ 29.492385] __jfs_xattr_set+0x91/0x130 [ 29.496419] ? __jfs_setxattr+0xdb0/0xdb0 [ 29.500540] ? xattr_full_name+0x40/0x90 [ 29.504574] ? jfs_xattr_set+0x2d/0x50 [ 29.508432] ? __jfs_xattr_set+0x130/0x130 [ 29.512635] __vfs_setxattr+0xdc/0x130 [ 29.516494] ? xattr_resolve_name+0x370/0x370 [ 29.520960] ? evm_protect_xattr.constprop.0+0x6c/0x350 [ 29.526297] __vfs_setxattr_noperm+0xfd/0x3d0 [ 29.530778] __vfs_setxattr_locked+0x14d/0x250 [ 29.535429] vfs_setxattr+0xcf/0x230 [ 29.539116] ? __vfs_setxattr_locked+0x250/0x250 [ 29.543873] ? dput+0x9/0x30 [ 29.546862] ? vfs_tmpfile+0x11b/0x3c0 [ 29.552286] ovl_fill_super+0x1127/0x2610 [ 29.557199] ? ovl_put_super+0x4a0/0x4a0 [ 29.561241] ? sget_userns+0x768/0xc10 [ 29.565104] ? get_anon_bdev+0x1c0/0x1c0 [ 29.569145] ? sget+0xd9/0x110 [ 29.572309] ? ovl_put_super+0x4a0/0x4a0 [ 29.576345] mount_nodev+0x4c/0xf0 [ 29.579856] mount_fs+0x92/0x2a0 [ 29.583194] vfs_kern_mount.part.0+0x5b/0x470 [ 29.587662] do_mount+0xe65/0x2a30 [ 29.591176] ? retint_kernel+0x2d/0x2d [ 29.595039] ? copy_mount_string+0x40/0x40 [ 29.599247] ? copy_mount_options+0x14b/0x2f0 [ 29.603713] ? copy_mount_options+0x1fa/0x2f0 [ 29.608183] ? copy_mnt_ns+0xa30/0xa30 [ 29.612053] SyS_mount+0xa8/0x120 [ 29.615478] ? copy_mnt_ns+0xa30/0xa30 [ 29.619337] do_syscall_64+0x1d5/0x640 [ 29.623198] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.628454] RIP: 0033:0x7f7198a812c9 [ 29.632136] RSP: 002b:00007f7198a2d2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 29.639814] RAX: ffffffffffffffda RBX: 00007f7198b0b7a0 RCX: 00007f7198a812c9 [ 29.647061] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 29.654306] RBP: 00007f7198ad8118 R08: 0000000020000340 R09: 0000000000000000 [ 29.661547] R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e [ 29.668788] R13: 3d7269647265776f R14: 0079616c7265766f R15: 00007f7198b0b7a8 [ 29.676034] Code: 83 e4 02 48 89 04 24 e8 23 05 17 ff 45 85 e4 75 65 e8 19 05 17 ff 48 8d 7d 40 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 26 06 00 00 48 8b 45 40 a8 04 0f 85 8a 01 00 [ 29.695181] RIP: txBegin+0x12c/0x800 RSP: ffff8880b320f7c8 [ 29.700824] ---[ end trace 6ecb9adf195a2b76 ]--- [ 29.705558] Kernel panic - not syncing: Fatal exception [ 29.711083] Kernel Offset: disabled [ 29.714706] Rebooting in 86400 seconds..