Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 401.900635] blkno = 400000, nblocks = 0 [ 401.904641] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 401.904641] [ 401.914740] blkno = 400000, nblocks = 0 [ 401.919200] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 401.919200] executing program executing program [ 402.260466] blkno = 400000, nblocks = 0 [ 402.264540] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 402.264540] [ 402.275250] blkno = 400000, nblocks = 0 [ 402.280758] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 402.280758] executing program [ 402.351261] blkno = 400000, nblocks = 0 [ 402.355519] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 402.355519] [ 402.365595] blkno = 400000, nblocks = 0 [ 402.370627] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 402.370627] [ 402.461090] blkno = 400000, nblocks = 0 [ 402.465158] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 402.465158] [ 402.475296] blkno = 400000, nblocks = 0 [ 402.480810] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 402.480810] executing program executing program [ 402.835003] blkno = 400000, nblocks = 0 [ 402.839567] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 402.839567] [ 402.849015] blkno = 400000, nblocks = 0 [ 402.853019] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 402.853019] [ 402.908580] blkno = 400000, nblocks = 0 [ 402.912652] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 402.912652] [ 402.922819] blkno = 400000, nblocks = 0 [ 402.926866] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 402.926866] executing program [ 403.271329] blkno = 400000, nblocks = 0 [ 403.275437] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 403.275437] [ 403.285674] blkno = 400000, nblocks = 0 [ 403.290437] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 403.290437] executing program [ 403.367893] blkno = 400000, nblocks = 0 [ 403.372093] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 403.372093] [ 403.382225] blkno = 400000, nblocks = 0 [ 403.386373] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 403.386373] executing program [ 403.738237] blkno = 400000, nblocks = 0 [ 403.742295] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 403.742295] [ 403.753395] blkno = 400000, nblocks = 0 [ 403.757429] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 403.757429] executing program [ 404.097731] blkno = 400000, nblocks = 0 [ 404.101856] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 404.101856] [ 404.112286] blkno = 400000, nblocks = 0 [ 404.116431] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 404.116431] executing program [ 404.458628] blkno = 400000, nblocks = 0 [ 404.462639] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 404.462639] [ 404.472990] blkno = 400000, nblocks = 0 [ 404.477066] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 404.477066] executing program [ 404.827205] blkno = 400000, nblocks = 0 [ 404.831309] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 404.831309] [ 404.842316] blkno = 400000, nblocks = 0 [ 404.846449] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 404.846449] executing program [ 405.189079] blkno = 400000, nblocks = 0 [ 405.193090] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 405.193090] [ 405.204071] blkno = 400000, nblocks = 0 [ 405.208671] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 405.208671] executing program executing program [ 405.560404] blkno = 400000, nblocks = 0 [ 405.564459] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 405.564459] [ 405.574720] blkno = 400000, nblocks = 0 [ 405.579375] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 405.579375] [ 405.664409] blkno = 400000, nblocks = 0 [ 405.668802] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 405.668802] [ 405.682394] blkno = 400000, nblocks = 0 [ 405.686391] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 405.686391] executing program [ 405.767846] blkno = 400000, nblocks = 0 [ 405.772155] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 405.772155] [ 405.789904] blkno = 400000, nblocks = 0 [ 405.793926] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 405.793926] executing program [ 406.126869] blkno = 400000, nblocks = 0 [ 406.130954] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 406.130954] [ 406.141234] blkno = 400000, nblocks = 0 [ 406.145362] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 406.145362] executing program [ 406.486698] blkno = 400000, nblocks = 0 [ 406.490785] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 406.490785] [ 406.500943] blkno = 400000, nblocks = 0 [ 406.504982] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 406.504982] executing program [ 406.847324] blkno = 400000, nblocks = 0 [ 406.851544] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 406.851544] [ 406.861848] blkno = 400000, nblocks = 0 [ 406.865987] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 406.865987] executing program [ 406.963510] blkno = 400000, nblocks = 0 [ 406.967510] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 406.967510] [ 406.977621] blkno = 400000, nblocks = 0 [ 406.981964] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 406.981964] executing program [ 407.329043] blkno = 400000, nblocks = 0 [ 407.333045] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 407.333045] [ 407.343984] blkno = 400000, nblocks = 0 [ 407.348448] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 407.348448] executing program [ 407.701235] blkno = 400000, nblocks = 0 [ 407.705294] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 407.705294] [ 407.715510] blkno = 400000, nblocks = 0 [ 407.720279] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 407.720279] executing program [ 407.800767] blkno = 400000, nblocks = 0 [ 407.804771] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 407.804771] [ 407.815053] blkno = 400000, nblocks = 0 [ 407.819737] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 407.819737] executing program [ 408.156462] blkno = 400000, nblocks = 0 [ 408.160545] ERROR: (device loop0): dbUpdatePMap.cold: blocks are outside the map [ 408.160545] [ 408.171035] blkno = 400000, nblocks = 0 [ 408.175073] ERROR: (device loop0): dbFree: block to be freed is outside the map [ 408.175073] [ 408.190838] ================================================================== [ 408.198309] BUG: KASAN: use-after-free in jfs_lazycommit+0x7c5/0x8c0 [ 408.204777] Read of size 4 at addr ffff8880a4159c54 by task jfsCommit/1963 [ 408.211762] [ 408.213390] CPU: 1 PID: 1963 Comm: jfsCommit Not tainted 4.14.295-syzkaller #0 [ 408.220727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 408.230057] Call Trace: [ 408.232625] dump_stack+0x1b2/0x281 [ 408.236240] print_address_description.cold+0x54/0x1d3 [ 408.241497] kasan_report_error.cold+0x8a/0x191 [ 408.246144] ? jfs_lazycommit+0x7c5/0x8c0 [ 408.250269] __asan_report_load4_noabort+0x68/0x70 [ 408.255176] ? _raw_spin_lock_irqsave+0x10/0xc0 [ 408.259841] ? jfs_lazycommit+0x7c5/0x8c0 [ 408.263964] jfs_lazycommit+0x7c5/0x8c0 [ 408.267918] ? __schedule+0x893/0x1de0 [ 408.271788] ? txCommit+0x3580/0x3580 [ 408.275574] ? wake_up_q+0xd0/0xd0 [ 408.279096] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 408.284176] ? txCommit+0x3580/0x3580 [ 408.287957] kthread+0x30d/0x420 [ 408.291296] ? kthread_create_on_node+0xd0/0xd0 [ 408.295940] ret_from_fork+0x24/0x30 [ 408.299632] [ 408.301240] Allocated by task 8164: [ 408.304842] kasan_kmalloc+0xeb/0x160 [ 408.308620] kmem_cache_alloc_trace+0x131/0x3d0 [ 408.313263] jfs_fill_super+0x94/0xab0 [ 408.317123] mount_bdev+0x2b3/0x360 [ 408.320723] mount_fs+0x92/0x2a0 [ 408.324062] vfs_kern_mount.part.0+0x5b/0x470 [ 408.328534] do_mount+0xe65/0x2a30 [ 408.332231] SyS_mount+0xa8/0x120 [ 408.335658] do_syscall_64+0x1d5/0x640 [ 408.339521] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 408.344772] [ 408.346373] Freed by task 8012: [ 408.349641] kasan_slab_free+0xc3/0x1a0 [ 408.353587] kfree+0xc9/0x250 [ 408.356672] generic_shutdown_super+0x144/0x370 [ 408.361317] kill_block_super+0x95/0xe0 [ 408.365266] deactivate_locked_super+0x6c/0xd0 [ 408.369826] deactivate_super+0x7f/0xa0 [ 408.373773] cleanup_mnt+0x186/0x2c0 [ 408.377463] task_work_run+0x11f/0x190 [ 408.381328] exit_to_usermode_loop+0x1ad/0x200 [ 408.385885] do_syscall_64+0x4a3/0x640 [ 408.389747] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 408.394912] [ 408.396516] The buggy address belongs to the object at ffff8880a4159bc0 [ 408.396516] which belongs to the cache kmalloc-256 of size 256 [ 408.409147] The buggy address is located 148 bytes inside of [ 408.409147] 256-byte region [ffff8880a4159bc0, ffff8880a4159cc0) [ 408.420990] The buggy address belongs to the page: [ 408.425892] page:ffffea0002905640 count:1 mapcount:0 mapping:ffff8880a4159080 index:0xffff8880a4159080 [ 408.435311] flags: 0xfff00000000100(slab) [ 408.439434] raw: 00fff00000000100 ffff8880a4159080 ffff8880a4159080 0000000100000005 [ 408.447288] raw: ffffea0002a57da0 ffffea0002787fa0 ffff88813fe747c0 0000000000000000 [ 408.455140] page dumped because: kasan: bad access detected [ 408.460823] [ 408.462424] Memory state around the buggy address: [ 408.467324] ffff8880a4159b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 408.474658] ffff8880a4159b80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 408.481989] >ffff8880a4159c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 408.489321] ^ [ 408.495266] ffff8880a4159c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 408.502598] ffff8880a4159d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 408.509929] ================================================================== [ 408.517260] Disabling lock debugging due to kernel taint [ 408.522683] Kernel panic - not syncing: panic_on_warn set ... [ 408.522683] [ 408.530026] CPU: 1 PID: 1963 Comm: jfsCommit Tainted: G B 4.14.295-syzkaller #0 [ 408.538575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 408.547926] Call Trace: [ 408.550499] dump_stack+0x1b2/0x281 [ 408.554103] panic+0x1f9/0x42d [ 408.557266] ? add_taint.cold+0x16/0x16 [ 408.561218] ? lock_downgrade+0x740/0x740 [ 408.565341] kasan_end_report+0x43/0x49 [ 408.569288] kasan_report_error.cold+0xa7/0x191 [ 408.573934] ? jfs_lazycommit+0x7c5/0x8c0 [ 408.578055] __asan_report_load4_noabort+0x68/0x70 [ 408.582960] ? _raw_spin_lock_irqsave+0x10/0xc0 [ 408.587603] ? jfs_lazycommit+0x7c5/0x8c0 [ 408.591723] jfs_lazycommit+0x7c5/0x8c0 [ 408.595671] ? __schedule+0x893/0x1de0 [ 408.599532] ? txCommit+0x3580/0x3580 [ 408.603306] ? wake_up_q+0xd0/0xd0 [ 408.606817] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 408.611893] ? txCommit+0x3580/0x3580 [ 408.615672] kthread+0x30d/0x420 [ 408.619014] ? kthread_create_on_node+0xd0/0xd0 [ 408.623655] ret_from_fork+0x24/0x30 [ 408.627616] Kernel Offset: disabled [ 408.631342] Rebooting in 86400 seconds..