Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 573.784443] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 573.795915] sysv_free_block: flc_count > flc_size [ 573.801717] sysv_free_block: flc_count > flc_size [ 573.806574] sysv_free_block: flc_count > flc_size [ 573.812465] sysv_free_block: flc_count > flc_size [ 573.817322] sysv_free_block: flc_count > flc_size [ 573.823243] sysv_free_block: flc_count > flc_size [ 573.828078] sysv_free_block: flc_count > flc_size [ 573.833809] sysv_free_block: flc_count > flc_size [ 573.838658] sysv_free_block: flc_count > flc_size [ 573.844195] sysv_free_block: flc_count > flc_size [ 573.849610] ================================================================== [ 573.857048] BUG: KASAN: use-after-free in sysv_new_block+0x79f/0x990 [ 573.863521] Read of size 4 at addr ffff88808c01d0c8 by task syz-executor420/8100 [ 573.871029] [ 573.872641] CPU: 1 PID: 8100 Comm: syz-executor420 Not tainted 4.19.211-syzkaller #0 [ 573.880503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 573.889837] Call Trace: [ 573.892416] dump_stack+0x1fc/0x2ef [ 573.896031] print_address_description.cold+0x54/0x219 [ 573.901298] kasan_report_error.cold+0x8a/0x1b9 [ 573.905975] ? sysv_new_block+0x79f/0x990 [ 573.910111] __asan_report_load4_noabort+0x88/0x90 [ 573.915021] ? sysv_new_block+0x79f/0x990 [ 573.919150] sysv_new_block+0x79f/0x990 [ 573.923123] get_block+0x3fa/0x1510 [ 573.926743] ? block_to_path.isra.0+0x440/0x440 [ 573.931395] ? create_page_buffers+0x212/0x350 [ 573.935963] ? alloc_page_buffers+0x2da/0x5c0 [ 573.940447] ? create_empty_buffers+0x4e7/0x760 [ 573.945100] ? do_raw_spin_unlock+0x171/0x230 [ 573.949579] ? _raw_spin_unlock+0x29/0x40 [ 573.953710] ? create_page_buffers+0x190/0x350 [ 573.958281] __block_write_begin_int+0x46c/0x17b0 [ 573.963108] ? block_to_path.isra.0+0x440/0x440 [ 573.967762] ? __breadahead_gfp+0x130/0x130 [ 573.972066] ? mark_held_locks+0xa6/0xf0 [ 573.976107] ? wait_for_stable_page+0x122/0x360 [ 573.980758] ? block_to_path.isra.0+0x440/0x440 [ 573.985407] block_write_begin+0x58/0x2e0 [ 573.989541] sysv_write_begin+0x35/0xe0 [ 573.993505] generic_perform_write+0x1f8/0x4d0 [ 573.998079] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 574.002741] ? current_time+0x1c0/0x1c0 [ 574.006697] ? lock_acquire+0x170/0x3c0 [ 574.010651] __generic_file_write_iter+0x24b/0x610 [ 574.015563] generic_file_write_iter+0x3f8/0x730 [ 574.020305] __vfs_write+0x51b/0x770 [ 574.024006] ? kernel_read+0x110/0x110 [ 574.027878] ? check_preemption_disabled+0x41/0x280 [ 574.032881] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 574.037888] vfs_write+0x1f3/0x540 [ 574.041412] ksys_write+0x12b/0x2a0 [ 574.045033] ? __ia32_sys_read+0xb0/0xb0 [ 574.049074] ? trace_hardirqs_off_caller+0x6e/0x210 [ 574.054252] ? do_syscall_64+0x21/0x620 [ 574.058207] do_syscall_64+0xf9/0x620 [ 574.061994] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 574.067168] RIP: 0033:0x7f605e78c6a9 [ 574.070869] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 574.089837] RSP: 002b:00007ffd68472268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 574.097529] RAX: ffffffffffffffda RBX: 00007ffd684722a8 RCX: 00007f605e78c6a9 [ 574.104783] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004 [ 574.112033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 574.119369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd684722a0 [ 574.126618] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 574.133873] [ 574.135480] The buggy address belongs to the page: [ 574.140388] page:ffffea0002300740 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 574.148506] flags: 0xfff00000000000() [ 574.152288] raw: 00fff00000000000 0000000000000000 ffffea0002300748 0000000000000000 [ 574.160147] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 574.168003] page dumped because: kasan: bad access detected [ 574.173690] [ 574.175295] Memory state around the buggy address: [ 574.180206] ffff88808c01cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 574.187551] ffff88808c01d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 574.194910] >ffff88808c01d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 574.202258] ^ [ 574.207949] ffff88808c01d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 574.215550] ffff88808c01d180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 574.222883] ================================================================== [ 574.230222] Disabling lock debugging due to kernel taint [ 574.238365] Kernel panic - not syncing: panic_on_warn set ... [ 574.238365] [ 574.245754] CPU: 0 PID: 8100 Comm: syz-executor420 Tainted: G B 4.19.211-syzkaller #0 [ 574.255111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 574.264452] Call Trace: [ 574.267026] dump_stack+0x1fc/0x2ef [ 574.270634] panic+0x26a/0x50e [ 574.273810] ? __warn_printk+0xf3/0xf3 [ 574.277675] ? preempt_schedule_common+0x45/0xc0 [ 574.282412] ? ___preempt_schedule+0x16/0x18 [ 574.286801] ? trace_hardirqs_on+0x55/0x210 [ 574.291104] kasan_end_report+0x43/0x49 [ 574.295069] kasan_report_error.cold+0xa7/0x1b9 [ 574.299739] ? sysv_new_block+0x79f/0x990 [ 574.303875] __asan_report_load4_noabort+0x88/0x90 [ 574.308792] ? sysv_new_block+0x79f/0x990 [ 574.312927] sysv_new_block+0x79f/0x990 [ 574.316892] get_block+0x3fa/0x1510 [ 574.320514] ? block_to_path.isra.0+0x440/0x440 [ 574.325177] ? create_page_buffers+0x212/0x350 [ 574.329750] ? alloc_page_buffers+0x2da/0x5c0 [ 574.334235] ? create_empty_buffers+0x4e7/0x760 [ 574.338893] ? do_raw_spin_unlock+0x171/0x230 [ 574.343369] ? _raw_spin_unlock+0x29/0x40 [ 574.347580] ? create_page_buffers+0x190/0x350 [ 574.352142] __block_write_begin_int+0x46c/0x17b0 [ 574.356965] ? block_to_path.isra.0+0x440/0x440 [ 574.361615] ? __breadahead_gfp+0x130/0x130 [ 574.365920] ? mark_held_locks+0xa6/0xf0 [ 574.370053] ? wait_for_stable_page+0x122/0x360 [ 574.374707] ? block_to_path.isra.0+0x440/0x440 [ 574.379353] block_write_begin+0x58/0x2e0 [ 574.383500] sysv_write_begin+0x35/0xe0 [ 574.387455] generic_perform_write+0x1f8/0x4d0 [ 574.392016] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 574.396660] ? current_time+0x1c0/0x1c0 [ 574.400611] ? lock_acquire+0x170/0x3c0 [ 574.404565] __generic_file_write_iter+0x24b/0x610 [ 574.409473] generic_file_write_iter+0x3f8/0x730 [ 574.414296] __vfs_write+0x51b/0x770 [ 574.417989] ? kernel_read+0x110/0x110 [ 574.421856] ? check_preemption_disabled+0x41/0x280 [ 574.426851] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 574.431844] vfs_write+0x1f3/0x540 [ 574.435362] ksys_write+0x12b/0x2a0 [ 574.438967] ? __ia32_sys_read+0xb0/0xb0 [ 574.443007] ? trace_hardirqs_off_caller+0x6e/0x210 [ 574.448005] ? do_syscall_64+0x21/0x620 [ 574.451957] do_syscall_64+0xf9/0x620 [ 574.455740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 574.460906] RIP: 0033:0x7f605e78c6a9 [ 574.464598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 574.483476] RSP: 002b:00007ffd68472268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 574.491166] RAX: ffffffffffffffda RBX: 00007ffd684722a8 RCX: 00007f605e78c6a9 [ 574.498415] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004 [ 574.505664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 574.512917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd684722a0 [ 574.520167] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 574.527586] Kernel Offset: disabled [ 574.531208] Rebooting in 86400 seconds..