[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. syzkaller login: [ 548.082977] IPVS: ftp: loaded support on port[0] = 21 executing program [ 548.211607] ================================================================== [ 548.219073] BUG: KASAN: use-after-free in dbJoin+0x1ee/0x200 [ 548.224871] Read of size 1 at addr ffff8881a91f7a4c by task jfsCommit/1963 [ 548.231875] [ 548.233575] CPU: 1 PID: 1963 Comm: jfsCommit Not tainted 4.14.294-syzkaller #0 [ 548.240937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 548.250304] Call Trace: [ 548.252888] dump_stack+0x1b2/0x281 [ 548.256506] print_address_description.cold+0x54/0x1d3 [ 548.261780] kasan_report_error.cold+0x8a/0x191 [ 548.266435] ? dbJoin+0x1ee/0x200 [ 548.269876] __asan_report_load1_noabort+0x68/0x70 [ 548.274794] ? dbJoin+0x1ee/0x200 [ 548.278229] dbJoin+0x1ee/0x200 [ 548.281494] dbFreeBits+0xd4/0x660 [ 548.285034] dbFreeDmap+0x61/0x180 [ 548.288592] dbFree+0x20c/0x4b0 [ 548.291858] txFreeMap+0x691/0xa00 [ 548.295386] txUpdateMap+0x2e3/0xe30 [ 548.299109] ? lock_downgrade+0x740/0x740 [ 548.303244] jfs_lazycommit+0x48b/0x8c0 [ 548.307209] ? __schedule+0x893/0x1de0 [ 548.311079] ? txCommit+0x3580/0x3580 [ 548.314860] ? wake_up_q+0xd0/0xd0 [ 548.318385] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 548.323597] ? txCommit+0x3580/0x3580 [ 548.327383] kthread+0x30d/0x420 [ 548.330732] ? kthread_create_on_node+0xd0/0xd0 [ 548.335416] ret_from_fork+0x24/0x30 [ 548.339129] [ 548.340736] The buggy address belongs to the page: [ 548.345645] page:ffffea0006a47dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 548.353854] flags: 0x57ff00000000000() [ 548.357726] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 548.365588] raw: ffffea0006a47de0 ffffea0006a47de0 0000000000000000 0000000000000000 [ 548.373453] page dumped because: kasan: bad access detected [ 548.379145] [ 548.380751] Memory state around the buggy address: [ 548.385660] ffff8881a91f7900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 548.393086] ffff8881a91f7980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 548.400432] >ffff8881a91f7a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 548.407767] ^ [ 548.413455] ffff8881a91f7a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 548.420807] ffff8881a91f7b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 548.428149] ================================================================== [ 548.435484] Disabling lock debugging due to kernel taint [ 548.443423] Kernel panic - not syncing: panic_on_warn set ... [ 548.443423] [ 548.450798] CPU: 0 PID: 1963 Comm: jfsCommit Tainted: G B 4.14.294-syzkaller #0 [ 548.459362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 548.468690] Call Trace: [ 548.471254] dump_stack+0x1b2/0x281 [ 548.474855] panic+0x1f9/0x42d [ 548.478026] ? add_taint.cold+0x16/0x16 [ 548.481976] ? ___preempt_schedule+0x16/0x18 [ 548.486362] kasan_end_report+0x43/0x49 [ 548.490310] kasan_report_error.cold+0xa7/0x191 [ 548.494960] ? dbJoin+0x1ee/0x200 [ 548.498389] __asan_report_load1_noabort+0x68/0x70 [ 548.503305] ? dbJoin+0x1ee/0x200 [ 548.506741] dbJoin+0x1ee/0x200 [ 548.510002] dbFreeBits+0xd4/0x660 [ 548.513522] dbFreeDmap+0x61/0x180 [ 548.517044] dbFree+0x20c/0x4b0 [ 548.520304] txFreeMap+0x691/0xa00 [ 548.523836] txUpdateMap+0x2e3/0xe30 [ 548.527527] ? lock_downgrade+0x740/0x740 [ 548.531681] jfs_lazycommit+0x48b/0x8c0 [ 548.535634] ? __schedule+0x893/0x1de0 [ 548.539512] ? txCommit+0x3580/0x3580 [ 548.543739] ? wake_up_q+0xd0/0xd0 [ 548.547256] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 548.552339] ? txCommit+0x3580/0x3580 [ 548.556116] kthread+0x30d/0x420 [ 548.559456] ? kthread_create_on_node+0xd0/0xd0 [ 548.564098] ret_from_fork+0x24/0x30 [ 548.567971] Kernel Offset: disabled [ 548.571576] Rebooting in 86400 seconds..