Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program [ 845.011957] ================================================================== [ 845.019432] BUG: KASAN: use-after-free in dbNextAG+0x14f/0x530 [ 845.025405] Read of size 4 at addr ffff8881b8cbac80 by task syz-executor408/8078 [ 845.032943] [ 845.034616] CPU: 1 PID: 8078 Comm: syz-executor408 Not tainted 4.19.211-syzkaller #0 [ 845.042489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 845.051850] Call Trace: [ 845.054423] dump_stack+0x1fc/0x2ef [ 845.058049] print_address_description.cold+0x54/0x219 [ 845.063313] kasan_report_error.cold+0x8a/0x1b9 [ 845.067972] ? dbNextAG+0x14f/0x530 [ 845.071577] kasan_report+0x8f/0xa0 [ 845.075182] ? dbNextAG+0x14f/0x530 [ 845.078788] dbNextAG+0x14f/0x530 [ 845.082238] diAlloc+0x7ea/0x1440 [ 845.085670] ? do_raw_spin_unlock+0x171/0x230 [ 845.090145] ialloc+0x8c/0x970 [ 845.093320] jfs_mkdir.part.0+0x131/0x870 [ 845.097444] ? debug_check_no_obj_freed+0x201/0x490 [ 845.102463] ? jfs_mknod+0x60/0x60 [ 845.105991] ? lock_downgrade+0x720/0x720 [ 845.110116] ? lock_acquire+0x170/0x3c0 [ 845.114070] ? debug_check_no_obj_freed+0xb5/0x490 [ 845.118981] ? trace_hardirqs_off+0x64/0x200 [ 845.123371] ? common_perm+0x4be/0x800 [ 845.127237] ? __dquot_initialize+0x298/0xb70 [ 845.131718] ? userns_put+0xb0/0xb0 [ 845.135326] ? dquot_initialize_needed+0x290/0x290 [ 845.140250] ? generic_permission+0x116/0x4d0 [ 845.144726] ? security_inode_permission+0xc5/0xf0 [ 845.149636] jfs_mkdir+0x3f/0x60 [ 845.152981] vfs_mkdir+0x508/0x7a0 [ 845.156501] do_mkdirat+0x262/0x2d0 [ 845.160108] ? __ia32_sys_mknod+0x120/0x120 [ 845.164410] ? trace_hardirqs_off_caller+0x6e/0x210 [ 845.169408] ? do_syscall_64+0x21/0x620 [ 845.173365] do_syscall_64+0xf9/0x620 [ 845.177150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 845.182316] RIP: 0033:0x7faa817d7397 [ 845.186010] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 c0 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 845.204901] RSP: 002b:00007ffedfbfe818 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 845.212601] RAX: ffffffffffffffda RBX: 00007ffedfbfe8c0 RCX: 00007faa817d7397 [ 845.219874] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000200001c0 [ 845.227144] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 845.234397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.241647] R13: 00000000ffffffff R14: 00000000200001c0 R15: 0000000000000000 [ 845.248918] [ 845.250522] The buggy address belongs to the page: [ 845.255428] page:ffffea0006e32e80 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 845.263545] flags: 0x57ff00000000000() [ 845.267435] raw: 057ff00000000000 ffffea0006e32e88 ffffea0006e32e88 0000000000000000 [ 845.275317] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 845.283176] page dumped because: kasan: bad access detected [ 845.288872] [ 845.290479] Memory state around the buggy address: [ 845.295395] ffff8881b8cbab80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 845.302736] ffff8881b8cbac00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 845.310087] >ffff8881b8cbac80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 845.317419] ^ [ 845.320827] ffff8881b8cbad00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 845.328162] ffff8881b8cbad80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 845.335497] ================================================================== [ 845.342843] Disabling lock debugging due to kernel taint [ 845.351196] Kernel panic - not syncing: panic_on_warn set ... [ 845.351196] [ 845.358581] CPU: 0 PID: 8078 Comm: syz-executor408 Tainted: G B 4.19.211-syzkaller #0 [ 845.367837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 845.377166] Call Trace: [ 845.379754] dump_stack+0x1fc/0x2ef [ 845.383372] panic+0x26a/0x50e [ 845.386546] ? __warn_printk+0xf3/0xf3 [ 845.390413] ? preempt_schedule_common+0x45/0xc0 [ 845.395147] ? ___preempt_schedule+0x16/0x18 [ 845.399554] ? trace_hardirqs_on+0x55/0x210 [ 845.403856] kasan_end_report+0x43/0x49 [ 845.407820] kasan_report_error.cold+0xa7/0x1b9 [ 845.412465] ? dbNextAG+0x14f/0x530 [ 845.416074] kasan_report+0x8f/0xa0 [ 845.419694] ? dbNextAG+0x14f/0x530 [ 845.423308] dbNextAG+0x14f/0x530 [ 845.426756] diAlloc+0x7ea/0x1440 [ 845.430201] ? do_raw_spin_unlock+0x171/0x230 [ 845.434671] ialloc+0x8c/0x970 [ 845.437842] jfs_mkdir.part.0+0x131/0x870 [ 845.441978] ? debug_check_no_obj_freed+0x201/0x490 [ 845.446984] ? jfs_mknod+0x60/0x60 [ 845.450510] ? lock_downgrade+0x720/0x720 [ 845.454633] ? lock_acquire+0x170/0x3c0 [ 845.458585] ? debug_check_no_obj_freed+0xb5/0x490 [ 845.463492] ? trace_hardirqs_off+0x64/0x200 [ 845.467878] ? common_perm+0x4be/0x800 [ 845.471746] ? __dquot_initialize+0x298/0xb70 [ 845.476239] ? userns_put+0xb0/0xb0 [ 845.479847] ? dquot_initialize_needed+0x290/0x290 [ 845.484757] ? generic_permission+0x116/0x4d0 [ 845.489231] ? security_inode_permission+0xc5/0xf0 [ 845.494153] jfs_mkdir+0x3f/0x60 [ 845.497499] vfs_mkdir+0x508/0x7a0 [ 845.501019] do_mkdirat+0x262/0x2d0 [ 845.504624] ? __ia32_sys_mknod+0x120/0x120 [ 845.508941] ? trace_hardirqs_off_caller+0x6e/0x210 [ 845.513935] ? do_syscall_64+0x21/0x620 [ 845.517895] do_syscall_64+0xf9/0x620 [ 845.521689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 845.526867] RIP: 0033:0x7faa817d7397 [ 845.530560] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 c0 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 845.549449] RSP: 002b:00007ffedfbfe818 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 845.557136] RAX: ffffffffffffffda RBX: 00007ffedfbfe8c0 RCX: 00007faa817d7397 [ 845.564391] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000200001c0 [ 845.571647] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 845.578903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.586151] R13: 00000000ffffffff R14: 00000000200001c0 R15: 0000000000000000 [ 845.593500] Kernel Offset: disabled [ 845.597106] Rebooting in 86400 seconds..