[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  391.970782] audit: type=1800 audit(1664628890.821:2): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor568" name="bus" dev="loop0" ino=7 res=0
[  391.993793] ==================================================================
[  392.001288] BUG: KASAN: use-after-free in dbAllocBits+0x4d3/0x520
[  392.007524] Read of size 8 at addr ffff8880952411b8 by task syz-executor568/8099
[  392.015140] 
[  392.016777] CPU: 0 PID: 8099 Comm: syz-executor568 Not tainted 4.19.211-syzkaller #0
[  392.024644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[  392.034076] Call Trace:
[  392.037356]  dump_stack+0x1fc/0x2ef
[  392.040979]  print_address_description.cold+0x54/0x219
[  392.046330]  kasan_report_error.cold+0x8a/0x1b9
[  392.050992]  ? dbAllocBits+0x4d3/0x520
[  392.054889]  __asan_report_load8_noabort+0x88/0x90
[  392.060609]  ? dbAllocBits+0x4d3/0x520
[  392.064566]  dbAllocBits+0x4d3/0x520
[  392.068355]  dbAllocDmap+0x61/0x110
[  392.072401]  dbAllocDmapLev+0x159/0x330
[  392.077749]  ? dbAllocNext+0x400/0x400
[  392.081932]  ? dbFindCtl+0x2f7/0x4c0
[  392.086167]  dbAllocCtl+0x4a2/0x700
[  392.089889]  ? do_raw_spin_unlock+0x171/0x230
[  392.094720]  dbAllocAny+0x10e/0x1a0
[  392.098537]  ? dbAllocAG+0xb90/0xb90
[  392.102504]  dbAlloc+0x4e6/0xb00
[  392.105863]  extAlloc+0x4cb/0xdb0
[  392.109592]  ? jfs_ioc_trim+0x430/0x430
[  392.114424]  ? jfs_get_block+0x109/0xae0
[  392.118493]  jfs_get_block+0x1f5/0xae0
[  392.122908]  ? jfs_open+0x330/0x330
[  392.127498]  ? iov_iter_zero+0xd90/0xd90
[  392.131604]  __blockdev_direct_IO+0x424b/0xef40
[  392.136696]  ? sb_init_dio_done_wq+0x90/0x90
[  392.142395]  ? invalidate_inode_pages2_range+0xd19/0x1110
[  392.149255]  ? clear_shadow_entry+0x170/0x170
[  392.154699]  ? jfs_open+0x330/0x330
[  392.160400]  ? __mark_inode_dirty+0x23f/0x1140
[  392.165499]  ? security_inode_need_killpriv+0x73/0x90
[  392.172020]  jfs_direct_IO+0x10a/0x370
[  392.177776]  generic_file_direct_write+0x208/0x4a0
[  392.184884]  __generic_file_write_iter+0x2d0/0x610
[  392.190236]  generic_file_write_iter+0x3f8/0x730
[  392.195261]  ? common_file_perm+0x4e5/0x850
[  392.199676]  do_iter_readv_writev+0x668/0x790
[  392.204419]  ? clone_verify_area+0x240/0x240
[  392.208923]  ? security_file_permission+0x1c0/0x220
[  392.214563]  do_iter_write+0x182/0x5d0
[  392.218543]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.223572]  vfs_writev+0x153/0x2e0
[  392.227545]  ? vfs_iter_write+0xa0/0xa0
[  392.231606]  ? lock_downgrade+0x720/0x720
[  392.236549]  ? debug_check_no_obj_freed+0xb5/0x490
[  392.242911]  ? trace_hardirqs_off+0x64/0x200
[  392.249081]  ? debug_check_no_obj_freed+0x201/0x490
[  392.255413]  ? check_preemption_disabled+0x41/0x280
[  392.261554]  ? putname+0xe1/0x120
[  392.265213]  ? putname+0xe1/0x120
[  392.269469]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.276250]  ? kmem_cache_free+0x226/0x260
[  392.281623]  do_pwritev+0x1b6/0x270
[  392.286032]  ? do_writev+0x330/0x330
[  392.290106]  ? filp_open+0x70/0x70
[  392.293926]  ? fput+0x2b/0x190
[  392.297392]  __x64_sys_pwritev2+0xeb/0x150
[  392.301803]  do_syscall_64+0xf9/0x620
[  392.305852]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.311235] RIP: 0033:0x7f0be5b56dd9
[  392.315746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  392.337066] RSP: 002b:00007ffe6b2d2bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  392.346609] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0be5b56dd9
[  392.354944] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
[  392.363829] RBP: 00007f0be5b16640 R08: 0000000000000000 R09: 0000000000000003
[  392.372274] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000200000004
[  392.379528] R13: 0000000000000000 R14: 00080000000000fc R15: 0000000000000000
[  392.386790] 
[  392.388405] The buggy address belongs to the page:
[  392.393430] page:ffffea0002549040 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[  392.401557] flags: 0xfff00000000000()
[  392.405349] raw: 00fff00000000000 0000000000000000 ffffffff02540101 0000000000000000
[  392.413209] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  392.421066] page dumped because: kasan: bad access detected
[  392.426752] 
[  392.428364] Memory state around the buggy address:
[  392.433286]  ffff888095241080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  392.440843]  ffff888095241100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  392.448196] >ffff888095241180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  392.455544]                                         ^
[  392.460718]  ffff888095241200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  392.468071]  ffff888095241280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  392.475414] ==================================================================
[  392.482847] Disabling lock debugging due to kernel taint
[  392.488844] Kernel panic - not syncing: panic_on_warn set ...
[  392.488844] 
[  392.496219] CPU: 0 PID: 8099 Comm: syz-executor568 Tainted: G    B             4.19.211-syzkaller #0
[  392.505486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[  392.514866] Call Trace:
[  392.517455]  dump_stack+0x1fc/0x2ef
[  392.521087]  panic+0x26a/0x50e
[  392.524544]  ? __warn_printk+0xf3/0xf3
[  392.528428]  ? preempt_schedule_common+0x45/0xc0
[  392.533175]  ? ___preempt_schedule+0x16/0x18
[  392.537582]  ? trace_hardirqs_on+0x55/0x210
[  392.541893]  kasan_end_report+0x43/0x49
[  392.545858]  kasan_report_error.cold+0xa7/0x1b9
[  392.551128]  ? dbAllocBits+0x4d3/0x520
[  392.554996]  __asan_report_load8_noabort+0x88/0x90
[  392.559906]  ? dbAllocBits+0x4d3/0x520
[  392.563769]  dbAllocBits+0x4d3/0x520
[  392.567477]  dbAllocDmap+0x61/0x110
[  392.571081]  dbAllocDmapLev+0x159/0x330
[  392.575034]  ? dbAllocNext+0x400/0x400
[  392.578900]  ? dbFindCtl+0x2f7/0x4c0
[  392.582714]  dbAllocCtl+0x4a2/0x700
[  392.586330]  ? do_raw_spin_unlock+0x171/0x230
[  392.593324]  dbAllocAny+0x10e/0x1a0
[  392.596938]  ? dbAllocAG+0xb90/0xb90
[  392.600635]  dbAlloc+0x4e6/0xb00
[  392.603984]  extAlloc+0x4cb/0xdb0
[  392.607416]  ? jfs_ioc_trim+0x430/0x430
[  392.612407]  ? jfs_get_block+0x109/0xae0
[  392.616449]  jfs_get_block+0x1f5/0xae0
[  392.620316]  ? jfs_open+0x330/0x330
[  392.623921]  ? iov_iter_zero+0xd90/0xd90
[  392.627975]  __blockdev_direct_IO+0x424b/0xef40
[  392.632713]  ? sb_init_dio_done_wq+0x90/0x90
[  392.637100]  ? invalidate_inode_pages2_range+0xd19/0x1110
[  392.642643]  ? clear_shadow_entry+0x170/0x170
[  392.647116]  ? jfs_open+0x330/0x330
[  392.650724]  ? __mark_inode_dirty+0x23f/0x1140
[  392.655283]  ? security_inode_need_killpriv+0x73/0x90
[  392.660452]  jfs_direct_IO+0x10a/0x370
[  392.664317]  generic_file_direct_write+0x208/0x4a0
[  392.669223]  __generic_file_write_iter+0x2d0/0x610
[  392.674225]  generic_file_write_iter+0x3f8/0x730
[  392.678961]  ? common_file_perm+0x4e5/0x850
[  392.683357]  do_iter_readv_writev+0x668/0x790
[  392.687830]  ? clone_verify_area+0x240/0x240
[  392.692216]  ? security_file_permission+0x1c0/0x220
[  392.697208]  do_iter_write+0x182/0x5d0
[  392.701077]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.706067]  vfs_writev+0x153/0x2e0
[  392.709670]  ? vfs_iter_write+0xa0/0xa0
[  392.713622]  ? lock_downgrade+0x720/0x720
[  392.717748]  ? debug_check_no_obj_freed+0xb5/0x490
[  392.722747]  ? trace_hardirqs_off+0x64/0x200
[  392.727146]  ? debug_check_no_obj_freed+0x201/0x490
[  392.732149]  ? check_preemption_disabled+0x41/0x280
[  392.737155]  ? putname+0xe1/0x120
[  392.740589]  ? putname+0xe1/0x120
[  392.744020]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.749021]  ? kmem_cache_free+0x226/0x260
[  392.753237]  do_pwritev+0x1b6/0x270
[  392.756858]  ? do_writev+0x330/0x330
[  392.760547]  ? filp_open+0x70/0x70
[  392.764065]  ? fput+0x2b/0x190
[  392.767237]  __x64_sys_pwritev2+0xeb/0x150
[  392.771450]  do_syscall_64+0xf9/0x620
[  392.775233]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.780401] RIP: 0033:0x7f0be5b56dd9
[  392.784095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  392.802973] RSP: 002b:00007ffe6b2d2bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  392.810673] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0be5b56dd9
[  392.818025] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
[  392.825276] RBP: 00007f0be5b16640 R08: 0000000000000000 R09: 0000000000000003
[  392.832521] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000200000004
[  392.839776] R13: 0000000000000000 R14: 00080000000000fc R15: 0000000000000000
[  392.847298] Kernel Offset: disabled
[  392.850907] Rebooting in 86400 seconds..