[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.127' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 33.703881] FAULT_INJECTION: forcing a failure.
[ 33.703881] name failslab, interval 1, probability 0, space 0, times 1
[ 33.715394] CPU: 0 PID: 7983 Comm: syz-executor287 Not tainted 4.14.290-syzkaller #0
[ 33.723285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 33.732624] Call Trace:
[ 33.735199] dump_stack+0x1b2/0x281
[ 33.738807] should_fail.cold+0x10a/0x149
[ 33.742936] should_failslab+0xd6/0x130
[ 33.746890] kmem_cache_alloc_trace+0x29a/0x3d0
[ 33.751539] wb_congested_get_create+0x15b/0x360
[ 33.756280] wb_init+0x4f6/0x7c0
[ 33.759629] ? __raw_spin_lock_init+0x28/0x100
[ 33.764193] cgwb_bdi_init+0xe2/0x1e0
[ 33.767974] bdi_alloc_node+0x224/0x2e0
[ 33.771936] super_setup_bdi_name+0x8b/0x220
[ 33.776340] ? kill_block_super+0xe0/0xe0
[ 33.780615] ? v9fs_kill_super+0x90/0x90
[ 33.784671] v9fs_mount+0x1fc/0x860
[ 33.788287] ? alloc_pages_current+0x15d/0x260
[ 33.792855] ? __lockdep_init_map+0x100/0x560
[ 33.797342] mount_fs+0x92/0x2a0
[ 33.800722] vfs_kern_mount.part.0+0x5b/0x470
[ 33.805202] do_mount+0xe65/0x2a30
[ 33.808744] ? copy_mount_string+0x40/0x40
[ 33.812968] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 33.817976] ? copy_mnt_ns+0xa30/0xa30
[ 33.821850] ? copy_mount_options+0x1fa/0x2f0
[ 33.826327] ? copy_mnt_ns+0xa30/0xa30
[ 33.830196] SyS_mount+0xa8/0x120
[ 33.833657] ? copy_mnt_ns+0xa30/0xa30
[ 33.837527] do_syscall_64+0x1d5/0x640
[ 33.841415] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 33.846586] RIP: 0033:0x7f313f0bff29
executing program
[ 33.850277] RSP: 002b:00007fff0db1e758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 33.857963] RAX: ffffffffffffffda RBX: 00007fff0db1e7b8 RCX: 00007f313f0bff29
[ 33.865323] RDX: 0000000020000500 RSI: 0000000020000000 RDI: 0000000000000000
[ 33.872569] RBP: 00007fff0db1e760 R08: 0000000020000640 R09: 0000000000003034
[ 33.879840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 33.887108] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[ 33.901984] FAULT_INJECTION: forcing a failure.
[ 33.901984] name failslab, interval 1, probability 0, space 0, times 0
[ 33.913443] CPU: 0 PID: 7986 Comm: syz-executor287 Not tainted 4.14.290-syzkaller #0
[ 33.921325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 33.930675] Call Trace:
[ 33.933247] dump_stack+0x1b2/0x281
[ 33.936858] should_fail.cold+0x10a/0x149
[ 33.940991] should_failslab+0xd6/0x130
[ 33.945044] kmem_cache_alloc_node_trace+0x25a/0x400
[ 33.950127] bdi_alloc_node+0x5d/0x2e0
[ 33.953999] super_setup_bdi_name+0x8b/0x220
[ 33.958401] ? kill_block_super+0xe0/0xe0
[ 33.962541] ? v9fs_kill_super+0x90/0x90
[ 33.966598] v9fs_mount+0x1fc/0x860
[ 33.970324] ? alloc_pages_current+0x15d/0x260
[ 33.974905] ? __lockdep_init_map+0x100/0x560
[ 33.979421] mount_fs+0x92/0x2a0
[ 33.982777] vfs_kern_mount.part.0+0x5b/0x470
[ 33.987255] do_mount+0xe65/0x2a30
[ 33.990803] ? copy_mount_string+0x40/0x40
[ 33.995034] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 34.000039] ? copy_mnt_ns+0xa30/0xa30
[ 34.003908] ? copy_mount_options+0x1fa/0x2f0
[ 34.008380] ? copy_mnt_ns+0xa30/0xa30
[ 34.012247] SyS_mount+0xa8/0x120
[ 34.015693] ? copy_mnt_ns+0xa30/0xa30
[ 34.019559] do_syscall_64+0x1d5/0x640
[ 34.023432] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.028599] RIP: 0033:0x7f313f0bff29
[ 34.032291] RSP: 002b:00007fff0db1e758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 34.039974] RAX: ffffffffffffffda RBX: 00000000000083be RCX: 00007f313f0bff29
[ 34.047223] RDX: 0000000020000500 RSI: 0000000020000000 RDI: 0000000000000000
executing program
[ 34.054471] RBP: 00007fff0db1e760 R08: 0000000020000640 R09: 0000000000003034
[ 34.061716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 34.068965] R13: 00007fff0db1e79c R14: 431bde82d7b634db R15: 0000000000000000
[ 34.082761] FAULT_INJECTION: forcing a failure.
[ 34.082761] name failslab, interval 1, probability 0, space 0, times 0
[ 34.094101] CPU: 0 PID: 7989 Comm: syz-executor287 Not tainted 4.14.290-syzkaller #0
[ 34.101985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 34.111335] Call Trace:
[ 34.113906] dump_stack+0x1b2/0x281
[ 34.117514] should_fail.cold+0x10a/0x149
[ 34.121643] should_failslab+0xd6/0x130
[ 34.125600] __kmalloc+0x2c1/0x400
[ 34.129117] ? register_shrinker+0x1ab/0x220
[ 34.133502] register_shrinker+0x1ab/0x220
[ 34.137711] sget_userns+0x9aa/0xc10
[ 34.141405] ? v9fs_kill_super+0x90/0x90
[ 34.145445] ? v9fs_kill_super+0x90/0x90
[ 34.149483] sget+0xd1/0x110
[ 34.152495] v9fs_mount+0x9e/0x860
[ 34.156021] ? alloc_pages_current+0x15d/0x260
[ 34.160594] ? __lockdep_init_map+0x100/0x560
[ 34.165073] mount_fs+0x92/0x2a0
[ 34.168422] vfs_kern_mount.part.0+0x5b/0x470
[ 34.172897] do_mount+0xe65/0x2a30
[ 34.176419] ? copy_mount_string+0x40/0x40
[ 34.180635] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 34.185630] ? copy_mnt_ns+0xa30/0xa30
[ 34.189493] ? copy_mount_options+0x1fa/0x2f0
[ 34.193964] ? copy_mnt_ns+0xa30/0xa30
[ 34.197827] SyS_mount+0xa8/0x120
[ 34.201256] ? copy_mnt_ns+0xa30/0xa30
[ 34.205121] do_syscall_64+0x1d5/0x640
[ 34.208991] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.214155] RIP: 0033:0x7f313f0bff29
[ 34.217840] RSP: 002b:00007fff0db1e758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 34.225525] RAX: ffffffffffffffda RBX: 0000000000008487 RCX: 00007f313f0bff29
[ 34.232772] RDX: 0000000020000500 RSI: 0000000020000000 RDI: 0000000000000000
[ 34.240017] RBP: 00007fff0db1e760 R08: 0000000020000640 R09: 0000000000003034
[ 34.247263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 34.254510] R13: 00007fff0db1e79c R14: 431bde82d7b634db R15: 0000000000000000
[ 34.262243] 9pnet: Found fid 0 not clunked
[ 34.266896] ==================================================================
[ 34.274379] BUG: KASAN: use-after-free in p9_client_clunk+0x1fc/0x240
[ 34.280949] Read of size 8 at addr ffff8880aadbfa00 by task syz-executor287/7989
[ 34.288456]
[ 34.290067] CPU: 0 PID: 7989 Comm: syz-executor287 Not tainted 4.14.290-syzkaller #0
[ 34.297930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 34.307274] Call Trace:
[ 34.309844] dump_stack+0x1b2/0x281
[ 34.313457] print_address_description.cold+0x54/0x1d3
[ 34.318716] kasan_report_error.cold+0x8a/0x191
[ 34.323364] ? p9_client_clunk+0x1fc/0x240
[ 34.327577] __asan_report_load8_noabort+0x68/0x70
[ 34.332484] ? p9_client_clunk+0x1fc/0x240
[ 34.336697] p9_client_clunk+0x1fc/0x240
[ 34.340739] v9fs_mount+0x69f/0x860
[ 34.344346] ? alloc_pages_current+0x15d/0x260
[ 34.348907] ? __lockdep_init_map+0x100/0x560
[ 34.353380] mount_fs+0x92/0x2a0
[ 34.356728] vfs_kern_mount.part.0+0x5b/0x470
[ 34.361201] do_mount+0xe65/0x2a30
[ 34.364722] ? copy_mount_string+0x40/0x40
[ 34.368939] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 34.373931] ? copy_mnt_ns+0xa30/0xa30
[ 34.377798] ? copy_mount_options+0x1fa/0x2f0
[ 34.382271] ? copy_mnt_ns+0xa30/0xa30
[ 34.386134] SyS_mount+0xa8/0x120
[ 34.389568] ? copy_mnt_ns+0xa30/0xa30
[ 34.393433] do_syscall_64+0x1d5/0x640
[ 34.397299] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.402470] RIP: 0033:0x7f313f0bff29
[ 34.406158] RSP: 002b:00007fff0db1e758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 34.413859] RAX: ffffffffffffffda RBX: 0000000000008487 RCX: 00007f313f0bff29
[ 34.421106] RDX: 0000000020000500 RSI: 0000000020000000 RDI: 0000000000000000
[ 34.428354] RBP: 00007fff0db1e760 R08: 0000000020000640 R09: 0000000000003034
[ 34.435601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 34.442849] R13: 00007fff0db1e79c R14: 431bde82d7b634db R15: 0000000000000000
[ 34.450105]
[ 34.451712] Allocated by task 7989:
[ 34.455320] kasan_kmalloc+0xeb/0x160
[ 34.459100] kmem_cache_alloc_trace+0x131/0x3d0
[ 34.463744] p9_fid_create+0x47/0x3a0
[ 34.467525] p9_client_attach+0x6d/0x750
[ 34.471575] v9fs_session_init+0xc03/0x1540
[ 34.475874] v9fs_mount+0x73/0x860
[ 34.479392] mount_fs+0x92/0x2a0
[ 34.482735] vfs_kern_mount.part.0+0x5b/0x470
[ 34.487207] do_mount+0xe65/0x2a30
[ 34.490726] SyS_mount+0xa8/0x120
[ 34.494158] do_syscall_64+0x1d5/0x640
[ 34.498042] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.503209]
[ 34.504812] Freed by task 7989:
[ 34.508074] kasan_slab_free+0xc3/0x1a0
[ 34.512025] kfree+0xc9/0x250
[ 34.515108] p9_client_destroy.cold+0x67/0xaa
[ 34.519585] v9fs_session_close+0x45/0x2c0
[ 34.523796] v9fs_kill_super+0x49/0x90
[ 34.527663] deactivate_locked_super+0x6c/0xd0
[ 34.532219] sget_userns+0x9c4/0xc10
[ 34.535913] sget+0xd1/0x110
[ 34.538909] v9fs_mount+0x9e/0x860
[ 34.542423] mount_fs+0x92/0x2a0
[ 34.545767] vfs_kern_mount.part.0+0x5b/0x470
[ 34.550241] do_mount+0xe65/0x2a30
[ 34.553762] SyS_mount+0xa8/0x120
[ 34.557203] do_syscall_64+0x1d5/0x640
[ 34.561069] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.566232]
[ 34.567838] The buggy address belongs to the object at ffff8880aadbfa00
[ 34.567838] which belongs to the cache kmalloc-96 of size 96
[ 34.580296] The buggy address is located 0 bytes inside of
[ 34.580296] 96-byte region [ffff8880aadbfa00, ffff8880aadbfa60)
[ 34.591895] The buggy address belongs to the page:
[ 34.596806] page:ffffea0002ab6fc0 count:1 mapcount:0 mapping:ffff8880aadbf000 index:0x0
[ 34.604923] flags: 0xfff00000000100(slab)
[ 34.609048] raw: 00fff00000000100 ffff8880aadbf000 0000000000000000 0000000100000020
[ 34.618395] raw: ffffea0002a25060 ffffea0002ad90a0 ffff88813fe744c0 0000000000000000
[ 34.626252] page dumped because: kasan: bad access detected
[ 34.631934]
[ 34.633540] Memory state around the buggy address:
[ 34.638446] ffff8880aadbf900: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 34.645782] ffff8880aadbf980: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 34.653118] >ffff8880aadbfa00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 34.660459] ^
[ 34.663824] ffff8880aadbfa80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 34.671244] ffff8880aadbfb00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 34.678578] ==================================================================
[ 34.685998] Disabling lock debugging due to kernel taint
[ 34.691666] Kernel panic - not syncing: panic_on_warn set ...
[ 34.691666]
[ 34.699035] CPU: 0 PID: 7989 Comm: syz-executor287 Tainted: G B 4.14.290-syzkaller #0
[ 34.708129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 34.717475] Call Trace:
[ 34.720055] dump_stack+0x1b2/0x281
[ 34.723663] panic+0x1f9/0x42d
[ 34.726832] ? add_taint.cold+0x16/0x16
[ 34.730784] ? ___preempt_schedule+0x16/0x18
[ 34.735181] kasan_end_report+0x43/0x49
[ 34.739155] kasan_report_error.cold+0xa7/0x191
[ 34.743804] ? p9_client_clunk+0x1fc/0x240
[ 34.748022] __asan_report_load8_noabort+0x68/0x70
[ 34.752929] ? p9_client_clunk+0x1fc/0x240
[ 34.757161] p9_client_clunk+0x1fc/0x240
[ 34.761201] v9fs_mount+0x69f/0x860
[ 34.764807] ? alloc_pages_current+0x15d/0x260
[ 34.769364] ? __lockdep_init_map+0x100/0x560
[ 34.773834] mount_fs+0x92/0x2a0
[ 34.777178] vfs_kern_mount.part.0+0x5b/0x470
[ 34.781652] do_mount+0xe65/0x2a30
[ 34.785200] ? copy_mount_string+0x40/0x40
[ 34.789417] ? rcu_read_lock_sched_held+0x16c/0x1d0
[ 34.794413] ? copy_mnt_ns+0xa30/0xa30
[ 34.798281] ? copy_mount_options+0x1fa/0x2f0
[ 34.802759] ? copy_mnt_ns+0xa30/0xa30
[ 34.806670] SyS_mount+0xa8/0x120
[ 34.810109] ? copy_mnt_ns+0xa30/0xa30
[ 34.813984] do_syscall_64+0x1d5/0x640
[ 34.817859] entry_SYSCALL_64_after_hwframe+0x46/0xbb
[ 34.823025] RIP: 0033:0x7f313f0bff29
[ 34.826716] RSP: 002b:00007fff0db1e758 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 34.834402] RAX: ffffffffffffffda RBX: 0000000000008487 RCX: 00007f313f0bff29
[ 34.841650] RDX: 0000000020000500 RSI: 0000000020000000 RDI: 0000000000000000
[ 34.848941] RBP: 00007fff0db1e760 R08: 0000000020000640 R09: 0000000000003034
[ 34.856186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 34.863443] R13: 00007fff0db1e79c R14: 431bde82d7b634db R15: 0000000000000000
[ 34.870880] Kernel Offset: disabled
[ 34.874489] Rebooting in 86400 seconds..