[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. syzkaller login: [ 358.915938] IPVS: ftp: loaded support on port[0] = 21 executing program [ 359.034345] ================================================================== [ 359.041789] BUG: KASAN: use-after-free in dbJoin+0x1ee/0x200 [ 359.047581] Read of size 1 at addr ffff8881a9008a4c by task jfsCommit/1964 [ 359.054574] [ 359.056226] CPU: 1 PID: 1964 Comm: jfsCommit Not tainted 4.14.295-syzkaller #0 [ 359.063572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 359.072909] Call Trace: [ 359.075478] dump_stack+0x1b2/0x281 [ 359.079088] print_address_description.cold+0x54/0x1d3 [ 359.084347] kasan_report_error.cold+0x8a/0x191 [ 359.088994] ? dbJoin+0x1ee/0x200 [ 359.092427] __asan_report_load1_noabort+0x68/0x70 [ 359.097334] ? dbJoin+0x1ee/0x200 [ 359.100764] dbJoin+0x1ee/0x200 [ 359.104023] dbFreeBits+0xd4/0x660 [ 359.107546] dbFreeDmap+0x61/0x180 [ 359.111064] dbFree+0x20c/0x4b0 [ 359.114323] txFreeMap+0x691/0xa00 [ 359.117849] txUpdateMap+0x2e3/0xe30 [ 359.121544] ? lock_downgrade+0x740/0x740 [ 359.125672] jfs_lazycommit+0x48b/0x8c0 [ 359.129628] ? __schedule+0x893/0x1de0 [ 359.133493] ? txCommit+0x3580/0x3580 [ 359.137273] ? wake_up_q+0xd0/0xd0 [ 359.140790] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 359.145871] ? txCommit+0x3580/0x3580 [ 359.149653] kthread+0x30d/0x420 [ 359.152996] ? kthread_create_on_node+0xd0/0xd0 [ 359.157642] ret_from_fork+0x24/0x30 [ 359.161339] [ 359.162945] The buggy address belongs to the page: [ 359.167850] page:ffffea0006a40200 count:0 mapcount:0 mapping: (null) index:0x0 [ 359.175967] flags: 0x57ff00000000000() [ 359.179834] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 359.187696] raw: ffffea0006a40220 ffffea0006a40220 0000000000000000 0000000000000000 [ 359.195550] page dumped because: kasan: bad access detected [ 359.201234] [ 359.202849] Memory state around the buggy address: [ 359.207757] ffff8881a9008900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 359.215093] ffff8881a9008980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 359.222435] >ffff8881a9008a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 359.229776] ^ [ 359.235468] ffff8881a9008a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 359.242810] ffff8881a9008b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 359.250146] ================================================================== [ 359.257483] Disabling lock debugging due to kernel taint [ 359.263839] Kernel panic - not syncing: panic_on_warn set ... [ 359.263839] [ 359.271202] CPU: 0 PID: 1964 Comm: jfsCommit Tainted: G B 4.14.295-syzkaller #0 [ 359.279760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 359.289093] Call Trace: [ 359.291660] dump_stack+0x1b2/0x281 [ 359.295269] panic+0x1f9/0x42d [ 359.298436] ? add_taint.cold+0x16/0x16 [ 359.302390] ? ___preempt_schedule+0x16/0x18 [ 359.306780] kasan_end_report+0x43/0x49 [ 359.310729] kasan_report_error.cold+0xa7/0x191 [ 359.315373] ? dbJoin+0x1ee/0x200 [ 359.318805] __asan_report_load1_noabort+0x68/0x70 [ 359.323709] ? dbJoin+0x1ee/0x200 [ 359.327138] dbJoin+0x1ee/0x200 [ 359.330392] dbFreeBits+0xd4/0x660 [ 359.333909] dbFreeDmap+0x61/0x180 [ 359.337425] dbFree+0x20c/0x4b0 [ 359.340684] txFreeMap+0x691/0xa00 [ 359.344203] txUpdateMap+0x2e3/0xe30 [ 359.347895] ? lock_downgrade+0x740/0x740 [ 359.352020] jfs_lazycommit+0x48b/0x8c0 [ 359.355970] ? __schedule+0x893/0x1de0 [ 359.359835] ? txCommit+0x3580/0x3580 [ 359.363614] ? wake_up_q+0xd0/0xd0 [ 359.367130] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 359.372210] ? txCommit+0x3580/0x3580 [ 359.375990] kthread+0x30d/0x420 [ 359.379333] ? kthread_create_on_node+0xd0/0xd0 [ 359.383978] ret_from_fork+0x24/0x30 [ 359.387823] Kernel Offset: disabled [ 359.391430] Rebooting in 86400 seconds..