Warning: Permanently added '10.128.15.210' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 38.712555][ T4295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 38.771624][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.773395][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.784248][ T1581] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 38.791464][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.793178][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.795573][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 38.813128][ T4299] loop0: detected capacity change from 0 to 128 [ 38.816789][ T4299] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 38.820145][ T4299] ================================================================== [ 38.821853][ T4299] BUG: KASAN: use-after-free in sysv_new_inode+0xd8c/0xf04 [ 38.823205][ T4299] Read of size 2 at addr ffff0001880001ce by task syz-executor417/4299 [ 38.824779][ T4299] [ 38.825222][ T4299] CPU: 1 PID: 4299 Comm: syz-executor417 Not tainted 6.1.127-syzkaller #0 [ 38.826998][ T4299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 38.828975][ T4299] Call trace: [ 38.829635][ T4299] dump_backtrace+0x1c8/0x1f4 [ 38.830564][ T4299] show_stack+0x2c/0x3c [ 38.831418][ T4299] dump_stack_lvl+0x108/0x170 [ 38.832394][ T4299] print_report+0x174/0x4c0 [ 38.833308][ T4299] kasan_report+0xd4/0x130 [ 38.834237][ T4299] __asan_report_load2_noabort+0x2c/0x38 [ 38.835384][ T4299] sysv_new_inode+0xd8c/0xf04 [ 38.836332][ T4299] sysv_mknod+0x5c/0x100 [ 38.837186][ T4299] sysv_create+0x38/0x4c [ 38.838115][ T4299] path_openat+0xeac/0x2548 [ 38.839054][ T4299] do_filp_open+0x1bc/0x3cc [ 38.839975][ T4299] do_sys_openat2+0x128/0x3e0 [ 38.840912][ T4299] __arm64_sys_openat+0x1f0/0x240 [ 38.841909][ T4299] invoke_syscall+0x98/0x2bc [ 38.842852][ T4299] el0_svc_common+0x138/0x258 [ 38.843756][ T4299] do_el0_svc+0x58/0x13c [ 38.844613][ T4299] el0_svc+0x58/0x168 [ 38.845408][ T4299] el0t_64_sync_handler+0x84/0xf0 [ 38.846447][ T4299] el0t_64_sync+0x18c/0x190 [ 38.847362][ T4299] [ 38.847838][ T4299] The buggy address belongs to the physical page: [ 38.849110][ T4299] page:00000000e2a228ae refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x1c8000 [ 38.851127][ T4299] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 38.852548][ T4299] raw: 05ffc00000000000 fffffc0006210008 fffffc00061e0008 0000000000000000 [ 38.854281][ T4299] raw: 0000000000000000 000000000000000a 00000000ffffff7f 0000000000000000 [ 38.855990][ T4299] page dumped because: kasan: bad access detected [ 38.857384][ T4299] [ 38.857853][ T4299] Memory state around the buggy address: [ 38.858960][ T4299] ffff000188000080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.860556][ T4299] ffff000188000100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.862188][ T4299] >ffff000188000180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.863790][ T4299] ^ [ 38.865036][ T4299] ffff000188000200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.866643][ T4299] ffff000188000280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.868229][ T4299] ================================================================== [ 38.871614][ T4299] Disabling lock debugging due to kernel taint [ 38.872967][ T4299] unable to read i-node block [ 38.879947][ T4299] sysv_free_block: flc_count > flc_size [ 38.881140][ T4299] sysv_free_block: flc_count > flc_size [ 38.882191][ T4299] sysv_free_block: flc_count > flc_size [ 38.883280][ T4299] sysv_free_block: flc_count > flc_size [ 38.884351][ T4299] sysv_free_block: flc_count > flc_size [ 38.885409][ T4299] sysv_free_block: flc_count > flc_size [ 38.886562]