Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 550.054152] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.065830] sysv_free_block: flc_count > flc_size [ 550.070833] sysv_free_block: flc_count > flc_size [ 550.075772] sysv_free_block: flc_count > flc_size [ 550.080851] sysv_free_block: flc_count > flc_size [ 550.086324] sysv_free_block: flc_count > flc_size [ 550.091163] sysv_free_block: flc_count > flc_size [ 550.096145] sysv_free_block: flc_count > flc_size [ 550.100974] sysv_free_block: flc_count > flc_size [ 550.105849] sysv_free_block: flc_count > flc_size [ 550.110673] sysv_free_block: flc_count > flc_size [ 550.116311] sysv_new_block: new block -858993460 is not in data zone [ 550.122924] sysv_free_block: flc_count > flc_size [ 550.127750] sysv_free_block: flc_count > flc_size [ 550.132633] sysv_free_block: flc_count > flc_size executing program [ 550.197993] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.218371] sysv_free_block: flc_count > flc_size [ 550.223343] sysv_free_block: flc_count > flc_size [ 550.228832] sysv_free_block: flc_count > flc_size [ 550.234556] sysv_free_block: flc_count > flc_size [ 550.239411] sysv_free_block: flc_count > flc_size executing program [ 550.245007] sysv_free_block: flc_count > flc_size [ 550.249833] sysv_free_block: flc_count > flc_size [ 550.254705] sysv_free_block: flc_count > flc_size [ 550.259528] sysv_free_block: flc_count > flc_size [ 550.264390] sysv_free_block: flc_count > flc_size [ 550.312683] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.319687] sysv_free_block: flc_count > flc_size [ 550.326222] sysv_free_block: flc_count > flc_size [ 550.331180] sysv_free_block: flc_count > flc_size [ 550.336871] sysv_free_block: flc_count > flc_size [ 550.342174] sysv_free_block: flc_count > flc_size [ 550.347003] sysv_free_block: flc_count > flc_size [ 550.351966] sysv_free_block: flc_count > flc_size [ 550.356790] sysv_free_block: flc_count > flc_size executing program [ 550.361687] sysv_free_block: flc_count > flc_size [ 550.366508] sysv_free_block: flc_count > flc_size [ 550.371591] sysv_new_block: new block -1991496668 is not in data zone [ 550.418995] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.433007] sysv_free_block: flc_count > flc_size [ 550.440059] sysv_free_block: flc_count > flc_size [ 550.445173] sysv_free_block: flc_count > flc_size [ 550.450004] sysv_free_block: flc_count > flc_size [ 550.455553] sysv_free_block: flc_count > flc_size [ 550.460407] sysv_free_block: flc_count > flc_size executing program [ 550.465486] sysv_free_block: flc_count > flc_size [ 550.470314] sysv_free_block: flc_count > flc_size [ 550.475178] sysv_free_block: flc_count > flc_size [ 550.480002] sysv_free_block: flc_count > flc_size [ 550.485254] sysv_new_block: new block -1279612355 is not in data zone [ 550.491938] sysv_free_block: flc_count > flc_size [ 550.496760] sysv_free_block: flc_count > flc_size [ 550.548939] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.556429] sysv_free_block: flc_count > flc_size [ 550.561329] sysv_free_block: flc_count > flc_size [ 550.566985] sysv_free_block: flc_count > flc_size [ 550.572360] sysv_free_block: flc_count > flc_size [ 550.577393] sysv_free_block: flc_count > flc_size [ 550.583292] sysv_free_block: flc_count > flc_size [ 550.588127] sysv_free_block: flc_count > flc_size [ 550.593004] sysv_free_block: flc_count > flc_size [ 550.597823] sysv_free_block: flc_count > flc_size [ 550.602694] sysv_free_block: flc_count > flc_size [ 550.607760] sysv_new_block: new block -1924661248 is not in data zone [ 550.614448] sysv_free_block: flc_count > flc_size executing program [ 550.667075] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.674082] sysv_free_block: flc_count > flc_size [ 550.678981] sysv_free_block: flc_count > flc_size [ 550.683926] sysv_free_block: flc_count > flc_size [ 550.688810] sysv_free_block: flc_count > flc_size [ 550.694090] sysv_free_block: flc_count > flc_size [ 550.699330] sysv_free_block: flc_count > flc_size [ 550.704265] sysv_free_block: flc_count > flc_size [ 550.709113] sysv_free_block: flc_count > flc_size [ 550.713991] sysv_free_block: flc_count > flc_size [ 550.718812] sysv_free_block: flc_count > flc_size [ 550.724061] sysv_new_block: new block -1989503057 is not in data zone executing program [ 550.792590] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 550.799608] sysv_free_block: flc_count > flc_size [ 550.805538] sysv_free_block: flc_count > flc_size [ 550.810587] sysv_free_block: flc_count > flc_size [ 550.816398] sysv_free_block: flc_count > flc_size [ 550.821255] sysv_free_block: flc_count > flc_size [ 550.826911] sysv_free_block: flc_count > flc_size [ 550.832141] sysv_free_block: flc_count > flc_size [ 550.836967] sysv_free_block: flc_count > flc_size [ 550.842967] sysv_free_block: flc_count > flc_size [ 550.847822] sysv_free_block: flc_count > flc_size [ 550.853297] ================================================================== [ 550.860708] BUG: KASAN: use-after-free in sysv_new_block+0x6e2/0x8c0 [ 550.867174] Read of size 4 at addr ffff88808bf700c8 by task syz-executor367/8020 [ 550.874766] [ 550.876371] CPU: 0 PID: 8020 Comm: syz-executor367 Not tainted 4.14.300-syzkaller #0 [ 550.884234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 550.893568] Call Trace: [ 550.896137] dump_stack+0x1b2/0x281 [ 550.899741] print_address_description.cold+0x54/0x1d3 [ 550.904998] kasan_report_error.cold+0x8a/0x191 [ 550.909641] ? sysv_new_block+0x6e2/0x8c0 [ 550.913765] __asan_report_load4_noabort+0x68/0x70 [ 550.918668] ? sysv_new_block+0x6e2/0x8c0 [ 550.922787] sysv_new_block+0x6e2/0x8c0 [ 550.926737] get_block+0x379/0x1230 [ 550.930350] ? block_to_path.isra.0+0x420/0x420 [ 550.934991] ? create_page_buffers+0x14d/0x1c0 [ 550.939552] ? create_empty_buffers+0x282/0x470 [ 550.944368] ? do_raw_spin_unlock+0x164/0x220 [ 550.948840] ? _raw_spin_unlock+0x29/0x40 [ 550.952967] ? create_page_buffers+0xce/0x1c0 [ 550.957440] __block_write_begin_int+0x35c/0x11d0 [ 550.962262] ? block_to_path.isra.0+0x420/0x420 [ 550.966909] ? __breadahead_gfp+0x150/0x150 [ 550.971204] ? wait_for_stable_page+0xe3/0x260 [ 550.975766] ? block_to_path.isra.0+0x420/0x420 [ 550.980410] block_write_begin+0x58/0x270 [ 550.984545] sysv_write_begin+0x35/0xc0 [ 550.988502] generic_perform_write+0x1d5/0x430 [ 550.993062] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 550.997706] ? current_time+0xb0/0xb0 [ 551.001481] ? lock_acquire+0x170/0x3f0 [ 551.005430] __generic_file_write_iter+0x227/0x590 [ 551.010338] generic_file_write_iter+0x36f/0x650 [ 551.015076] ? iov_iter_init+0xa6/0x1c0 [ 551.019040] __vfs_write+0x44c/0x630 [ 551.022734] ? kernel_read+0x110/0x110 [ 551.026728] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 551.031736] vfs_write+0x17f/0x4d0 [ 551.035253] SyS_write+0xf2/0x210 [ 551.038690] ? SyS_read+0x210/0x210 [ 551.042296] ? __do_page_fault+0x159/0xad0 [ 551.046509] ? do_syscall_64+0x4c/0x640 [ 551.050506] ? SyS_read+0x210/0x210 [ 551.054118] do_syscall_64+0x1d5/0x640 [ 551.057986] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 551.063151] [ 551.064752] The buggy address belongs to the page: [ 551.069655] page:ffffea00022fdc00 count:0 mapcount:0 mapping: (null) index:0x1 [ 551.077776] flags: 0xfff00000000000() [ 551.081556] raw: 00fff00000000000 0000000000000000 0000000000000001 00000000ffffffff [ 551.089424] raw: ffffea00022fdc60 ffffea00022fdbe0 0000000000000000 0000000000000000 [ 551.097282] page dumped because: kasan: bad access detected [ 551.103661] [ 551.105261] Memory state around the buggy address: [ 551.110162] ffff88808bf6ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 551.117499] ffff88808bf70000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 551.124941] >ffff88808bf70080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 551.132272] ^ [ 551.137956] ffff88808bf70100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 551.145288] ffff88808bf70180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 551.152626] ================================================================== [ 551.159964] Disabling lock debugging due to kernel taint [ 551.165897] Kernel panic - not syncing: panic_on_warn set ... [ 551.165897] [ 551.173257] CPU: 0 PID: 8020 Comm: syz-executor367 Tainted: G B 4.14.300-syzkaller #0 [ 551.182335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 551.191669] Call Trace: [ 551.194234] dump_stack+0x1b2/0x281 [ 551.197836] panic+0x1f9/0x42d [ 551.200997] ? add_taint.cold+0x16/0x16 [ 551.204947] ? ___preempt_schedule+0x16/0x18 [ 551.209328] kasan_end_report+0x43/0x49 [ 551.213272] kasan_report_error.cold+0xa7/0x191 [ 551.217914] ? sysv_new_block+0x6e2/0x8c0 [ 551.222034] __asan_report_load4_noabort+0x68/0x70 [ 551.226935] ? sysv_new_block+0x6e2/0x8c0 [ 551.231052] sysv_new_block+0x6e2/0x8c0 [ 551.235000] get_block+0x379/0x1230 [ 551.238607] ? block_to_path.isra.0+0x420/0x420 [ 551.243246] ? create_page_buffers+0x14d/0x1c0 [ 551.247799] ? create_empty_buffers+0x282/0x470 [ 551.252436] ? do_raw_spin_unlock+0x164/0x220 [ 551.256901] ? _raw_spin_unlock+0x29/0x40 [ 551.261020] ? create_page_buffers+0xce/0x1c0 [ 551.265483] __block_write_begin_int+0x35c/0x11d0 [ 551.270299] ? block_to_path.isra.0+0x420/0x420 [ 551.274940] ? __breadahead_gfp+0x150/0x150 [ 551.279233] ? wait_for_stable_page+0xe3/0x260 [ 551.283786] ? block_to_path.isra.0+0x420/0x420 [ 551.288424] block_write_begin+0x58/0x270 [ 551.292545] sysv_write_begin+0x35/0xc0 [ 551.296491] generic_perform_write+0x1d5/0x430 [ 551.301044] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 551.305685] ? current_time+0xb0/0xb0 [ 551.309457] ? lock_acquire+0x170/0x3f0 [ 551.313405] __generic_file_write_iter+0x227/0x590 [ 551.318323] generic_file_write_iter+0x36f/0x650 [ 551.323048] ? iov_iter_init+0xa6/0x1c0 [ 551.326992] __vfs_write+0x44c/0x630 [ 551.330675] ? kernel_read+0x110/0x110 [ 551.334543] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 551.339530] vfs_write+0x17f/0x4d0 [ 551.343041] SyS_write+0xf2/0x210 [ 551.346463] ? SyS_read+0x210/0x210 [ 551.350059] ? __do_page_fault+0x159/0xad0 [ 551.354267] ? do_syscall_64+0x4c/0x640 [ 551.358210] ? SyS_read+0x210/0x210 [ 551.361809] do_syscall_64+0x1d5/0x640 [ 551.365671] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 551.370995] Kernel Offset: disabled [ 551.374604] Rebooting in 86400 seconds..