[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 853.031201] ================================================================== [ 853.038656] BUG: KASAN: use-after-free in dbNextAG+0x2ff/0x370 [ 853.044620] Read of size 4 at addr ffff8881bf92ee80 by task syz-executor176/8001 [ 853.052142] [ 853.053788] CPU: 1 PID: 8001 Comm: syz-executor176 Not tainted 4.14.294-syzkaller #0 [ 853.061642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 853.071011] Call Trace: [ 853.073584] dump_stack+0x1b2/0x281 [ 853.077198] print_address_description.cold+0x54/0x1d3 [ 853.082466] kasan_report_error.cold+0x8a/0x191 [ 853.087113] ? dbNextAG+0x2ff/0x370 [ 853.090716] __asan_report_load4_noabort+0x68/0x70 [ 853.095625] ? dbNextAG+0x2ff/0x370 [ 853.099226] dbNextAG+0x2ff/0x370 [ 853.102655] diAlloc+0x87a/0x1230 [ 853.106083] ? do_raw_spin_unlock+0x164/0x220 [ 853.110567] ialloc+0x7b/0x940 [ 853.113739] jfs_mkdir.part.0+0xfd/0x7e0 [ 853.117775] ? lock_acquire+0x170/0x3f0 [ 853.121723] ? lock_downgrade+0x740/0x740 [ 853.125845] ? jfs_mknod+0x60/0x60 [ 853.129361] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 853.134439] ? debug_check_no_obj_freed+0x2c0/0x680 [ 853.139431] ? lock_acquire+0x170/0x3f0 [ 853.143384] ? lock_downgrade+0x740/0x740 [ 853.147527] ? __dquot_initialize+0x228/0xa70 [ 853.152000] ? common_perm+0x3b9/0x560 [ 853.155862] ? dquot_initialize_needed+0x240/0x240 [ 853.160786] ? map_id_up+0xe9/0x180 [ 853.164392] ? security_inode_permission+0xb5/0xf0 [ 853.169298] jfs_mkdir+0x35/0x50 [ 853.172643] vfs_mkdir+0x463/0x6e0 [ 853.176162] SyS_mkdirat+0x1fd/0x270 [ 853.179852] ? SyS_mknod+0x30/0x30 [ 853.183367] ? __close_fd+0x159/0x230 [ 853.187142] ? do_syscall_64+0x4c/0x640 [ 853.191091] ? SyS_mkdirat+0x270/0x270 [ 853.194972] do_syscall_64+0x1d5/0x640 [ 853.198839] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 853.204004] RIP: 0033:0x7f4965e24397 [ 853.207692] RSP: 002b:00007ffe5a546848 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 853.215396] RAX: ffffffffffffffda RBX: 00007ffe5a5468f0 RCX: 00007f4965e24397 [ 853.222643] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000200001c0 [ 853.229892] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 853.237138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.244385] R13: 00000000ffffffff R14: 00000000200001c0 R15: 0000000000000000 [ 853.251636] [ 853.253246] The buggy address belongs to the page: [ 853.258150] page:ffffea0006fe4b80 count:0 mapcount:0 mapping: (null) index:0x0 [ 853.266264] flags: 0x57ff00000000000() [ 853.270133] raw: 057ff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 853.277991] raw: ffffea0006fe4ba0 ffffea0006fe4ba0 0000000000000000 0000000000000000 [ 853.285841] page dumped because: kasan: bad access detected [ 853.291524] [ 853.293128] Memory state around the buggy address: [ 853.298031] ffff8881bf92ed80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 853.305361] ffff8881bf92ee00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 853.312697] >ffff8881bf92ee80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 853.320030] ^ [ 853.323370] ffff8881bf92ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 853.330703] ffff8881bf92ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 853.338033] ================================================================== [ 853.345364] Disabling lock debugging due to kernel taint [ 853.351290] Kernel panic - not syncing: panic_on_warn set ... [ 853.351290] [ 853.358652] CPU: 1 PID: 8001 Comm: syz-executor176 Tainted: G B 4.14.294-syzkaller #0 [ 853.367748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 853.377092] Call Trace: [ 853.379674] dump_stack+0x1b2/0x281 [ 853.383289] panic+0x1f9/0x42d [ 853.386497] ? add_taint.cold+0x16/0x16 [ 853.390458] ? ___preempt_schedule+0x16/0x18 [ 853.394847] kasan_end_report+0x43/0x49 [ 853.398810] kasan_report_error.cold+0xa7/0x191 [ 853.403460] ? dbNextAG+0x2ff/0x370 [ 853.407068] __asan_report_load4_noabort+0x68/0x70 [ 853.411996] ? dbNextAG+0x2ff/0x370 [ 853.415602] dbNextAG+0x2ff/0x370 [ 853.419035] diAlloc+0x87a/0x1230 [ 853.422466] ? do_raw_spin_unlock+0x164/0x220 [ 853.426958] ialloc+0x7b/0x940 [ 853.430142] jfs_mkdir.part.0+0xfd/0x7e0 [ 853.434180] ? lock_acquire+0x170/0x3f0 [ 853.438127] ? lock_downgrade+0x740/0x740 [ 853.442247] ? jfs_mknod+0x60/0x60 [ 853.445775] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 853.450869] ? debug_check_no_obj_freed+0x2c0/0x680 [ 853.455868] ? lock_acquire+0x170/0x3f0 [ 853.459819] ? lock_downgrade+0x740/0x740 [ 853.463945] ? __dquot_initialize+0x228/0xa70 [ 853.468507] ? common_perm+0x3b9/0x560 [ 853.472369] ? dquot_initialize_needed+0x240/0x240 [ 853.477274] ? map_id_up+0xe9/0x180 [ 853.480877] ? security_inode_permission+0xb5/0xf0 [ 853.485781] jfs_mkdir+0x35/0x50 [ 853.489124] vfs_mkdir+0x463/0x6e0 [ 853.492638] SyS_mkdirat+0x1fd/0x270 [ 853.496333] ? SyS_mknod+0x30/0x30 [ 853.499846] ? __close_fd+0x159/0x230 [ 853.503620] ? do_syscall_64+0x4c/0x640 [ 853.507566] ? SyS_mkdirat+0x270/0x270 [ 853.511426] do_syscall_64+0x1d5/0x640 [ 853.515288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 853.520455] RIP: 0033:0x7f4965e24397 [ 853.524138] RSP: 002b:00007ffe5a546848 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 853.531819] RAX: ffffffffffffffda RBX: 00007ffe5a5468f0 RCX: 00007f4965e24397 [ 853.539062] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 00000000200001c0 [ 853.546308] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 853.553551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.560794] R13: 00000000ffffffff R14: 00000000200001c0 R15: 0000000000000000 [ 853.568115] Kernel Offset: disabled [ 853.571721] Rebooting in 86400 seconds..