[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 328.209505] ================================================================== [ 328.217026] BUG: KASAN: slab-out-of-bounds in extAlloc+0xb8e/0xdb0 [ 328.223338] Write of size 4 at addr ffff8880b2d61a18 by task syz-executor237/8076 [ 328.230937] [ 328.232555] CPU: 0 PID: 8076 Comm: syz-executor237 Not tainted 4.19.211-syzkaller #0 [ 328.240416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 328.249748] Call Trace: [ 328.252340] dump_stack+0x1fc/0x2ef [ 328.255964] print_address_description.cold+0x54/0x219 [ 328.261225] kasan_report_error.cold+0x8a/0x1b9 [ 328.265875] ? extAlloc+0xb8e/0xdb0 [ 328.269485] kasan_report+0x8f/0xa0 [ 328.273094] ? extAlloc+0xb8e/0xdb0 [ 328.276709] extAlloc+0xb8e/0xdb0 [ 328.280149] ? jfs_ioc_trim+0x430/0x430 [ 328.284108] jfs_get_block+0x1f5/0xae0 [ 328.287977] ? jfs_open+0x330/0x330 [ 328.291583] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 328.296597] ? alloc_page_buffers+0x2da/0x5c0 [ 328.301071] nobh_write_begin+0x446/0x1030 [ 328.305292] jfs_write_begin+0x3e/0x1a0 [ 328.309508] ? jfs_open+0x330/0x330 [ 328.313116] generic_perform_write+0x1f8/0x4d0 [ 328.317679] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 328.322324] ? current_time+0x1c0/0x1c0 [ 328.326278] ? lock_acquire+0x170/0x3c0 [ 328.330233] __generic_file_write_iter+0x24b/0x610 [ 328.335148] generic_file_write_iter+0x3f8/0x730 [ 328.339902] __vfs_write+0x51b/0x770 [ 328.343609] ? kernel_read+0x110/0x110 [ 328.347481] ? check_preemption_disabled+0x41/0x280 [ 328.352491] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 328.357484] vfs_write+0x1f3/0x540 [ 328.361015] ksys_write+0x12b/0x2a0 [ 328.364639] ? __ia32_sys_read+0xb0/0xb0 [ 328.368678] ? trace_hardirqs_off_caller+0x6e/0x210 [ 328.373674] ? do_syscall_64+0x21/0x620 [ 328.377633] do_syscall_64+0xf9/0x620 [ 328.381416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.386583] RIP: 0033:0x7fa7ba642e39 [ 328.390276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 328.409163] RSP: 002b:00007fff63f7c418 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 328.416850] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7ba642e39 [ 328.424110] RDX: 000000000208e24b RSI: 0000000020000480 RDI: 0000000000000003 [ 328.431366] RBP: 00007fa7ba6026a0 R08: 0000000000000000 R09: 00007fa7ba6026a0 [ 328.438625] R10: 00005555556912c0 R11: 0000000000000246 R12: 0000000000000000 [ 328.445872] R13: 0000000000000000 R14: 00080000000000f8 R15: 0000000000000000 [ 328.453133] [ 328.454823] Allocated by task 8076: [ 328.458445] kmem_cache_alloc_trace+0x12f/0x380 [ 328.463095] dbMount+0x4d/0x880 [ 328.466353] jfs_mount+0x124/0x3d0 [ 328.469871] jfs_fill_super+0x55c/0xb50 [ 328.473826] mount_bdev+0x2fc/0x3b0 [ 328.477442] mount_fs+0xa3/0x310 [ 328.480785] vfs_kern_mount.part.0+0x68/0x470 [ 328.485270] do_mount+0x115c/0x2f50 [ 328.488874] ksys_mount+0xcf/0x130 [ 328.492411] __x64_sys_mount+0xba/0x150 [ 328.496370] do_syscall_64+0xf9/0x620 [ 328.500151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.505312] [ 328.506916] Freed by task 0: [ 328.509906] (stack is not available) [ 328.513591] [ 328.515212] The buggy address belongs to the object at ffff8880b2d61340 [ 328.515212] which belongs to the cache kmalloc-2048 of size 2048 [ 328.528029] The buggy address is located 1752 bytes inside of [ 328.528029] 2048-byte region [ffff8880b2d61340, ffff8880b2d61b40) [ 328.540065] The buggy address belongs to the page: [ 328.544981] page:ffffea0002cb5800 count:1 mapcount:0 mapping:ffff88813bff0c40 index:0x0 compound_mapcount: 0 [ 328.554925] flags: 0xfff00000008100(slab|head) [ 328.559500] raw: 00fff00000008100 ffffea0002651b08 ffff88813bff1948 ffff88813bff0c40 [ 328.567358] raw: 0000000000000000 ffff8880b2d60240 0000000100000003 0000000000000000 [ 328.575212] page dumped because: kasan: bad access detected [ 328.580893] [ 328.582498] Memory state around the buggy address: [ 328.587407] ffff8880b2d61900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 328.594742] ffff8880b2d61980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 328.602078] >ffff8880b2d61a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.609413] ^ [ 328.613544] ffff8880b2d61a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.620891] ffff8880b2d61b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 328.628229] ================================================================== [ 328.635566] Disabling lock debugging due to kernel taint [ 328.640996] Kernel panic - not syncing: panic_on_warn set ... [ 328.640996] [ 328.648356] CPU: 0 PID: 8076 Comm: syz-executor237 Tainted: G B 4.19.211-syzkaller #0 [ 328.657604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 328.666948] Call Trace: [ 328.669521] dump_stack+0x1fc/0x2ef [ 328.673132] panic+0x26a/0x50e [ 328.676302] ? __warn_printk+0xf3/0xf3 [ 328.680171] ? lock_downgrade+0x720/0x720 [ 328.684299] ? print_shadow_for_address+0xb8/0x114 [ 328.689208] ? trace_hardirqs_off+0x64/0x200 [ 328.693599] kasan_end_report+0x43/0x49 [ 328.697556] kasan_report_error.cold+0xa7/0x1b9 [ 328.702214] ? extAlloc+0xb8e/0xdb0 [ 328.705817] kasan_report+0x8f/0xa0 [ 328.709420] ? extAlloc+0xb8e/0xdb0 [ 328.713041] extAlloc+0xb8e/0xdb0 [ 328.716473] ? jfs_ioc_trim+0x430/0x430 [ 328.720426] jfs_get_block+0x1f5/0xae0 [ 328.724292] ? jfs_open+0x330/0x330 [ 328.727896] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 328.732890] ? alloc_page_buffers+0x2da/0x5c0 [ 328.737363] nobh_write_begin+0x446/0x1030 [ 328.741577] jfs_write_begin+0x3e/0x1a0 [ 328.745535] ? jfs_open+0x330/0x330 [ 328.749138] generic_perform_write+0x1f8/0x4d0 [ 328.753699] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 328.758351] ? current_time+0x1c0/0x1c0 [ 328.762301] ? lock_acquire+0x170/0x3c0 [ 328.766251] __generic_file_write_iter+0x24b/0x610 [ 328.771157] generic_file_write_iter+0x3f8/0x730 [ 328.775893] __vfs_write+0x51b/0x770 [ 328.779594] ? kernel_read+0x110/0x110 [ 328.783467] ? check_preemption_disabled+0x41/0x280 [ 328.788473] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 328.793477] vfs_write+0x1f3/0x540 [ 328.796994] ksys_write+0x12b/0x2a0 [ 328.800603] ? __ia32_sys_read+0xb0/0xb0 [ 328.804644] ? trace_hardirqs_off_caller+0x6e/0x210 [ 328.809638] ? do_syscall_64+0x21/0x620 [ 328.813588] do_syscall_64+0xf9/0x620 [ 328.817368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.822534] RIP: 0033:0x7fa7ba642e39 [ 328.826224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 328.845103] RSP: 002b:00007fff63f7c418 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 328.852789] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa7ba642e39 [ 328.860037] RDX: 000000000208e24b RSI: 0000000020000480 RDI: 0000000000000003 [ 328.867285] RBP: 00007fa7ba6026a0 R08: 0000000000000000 R09: 00007fa7ba6026a0 [ 328.874534] R10: 00005555556912c0 R11: 0000000000000246 R12: 0000000000000000 [ 328.881779] R13: 0000000000000000 R14: 00080000000000f8 R15: 0000000000000000 [ 328.889450] Kernel Offset: disabled [ 328.893066] Rebooting in 86400 seconds..