Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts. executing program [ 46.139565][ T4021] loop0: detected capacity change from 0 to 128 [ 46.228250][ T4021] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 46.231927][ T4021] attempt to access beyond end of device [ 46.231927][ T4021] loop0: rw=0, want=6491538, limit=128 [ 46.234704][ T4021] Buffer I/O error on dev loop0, logical block 3245768, async page read [ 46.237642][ T4021] ------------[ cut here ]------------ [ 46.239018][ T4021] WARNING: CPU: 0 PID: 4021 at fs/inode.c:364 inc_nlink+0x130/0x168 [ 46.241022][ T4021] Modules linked in: [ 46.241976][ T4021] CPU: 0 PID: 4021 Comm: syz-executor394 Not tainted 5.15.178-syzkaller #0 [ 46.243904][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 46.246152][ T4021] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.248073][ T4021] pc : inc_nlink+0x130/0x168 [ 46.249239][ T4021] lr : inc_nlink+0x130/0x168 [ 46.250374][ T4021] sp : ffff80001d6a7b50 [ 46.251392][ T4021] x29: ffff80001d6a7b50 x28: dfff800000000000 x27: 0000000000000000 [ 46.253489][ T4021] x26: 1fffe0001950247a x25: ffff800011f12c88 x24: 00000000000001c0 [ 46.255468][ T4021] x23: 1fffe0001bceb010 x22: dfff800000000000 x21: 0000000000000000 [ 46.257380][ T4021] x20: ffff0000de758038 x19: ffff0000de758080 x18: 0000000000000000 [ 46.259367][ T4021] x17: 00000000000001c0 x16: ffff800011b4da70 x15: 0000000000000000 [ 46.261475][ T4021] x14: 00000000ffff8000 x13: 00000000f6c4c19a x12: 0000000000000001 [ 46.263456][ T4021] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000ca811b40 [ 46.265393][ T4021] x8 : ffff8000089ea214 x7 : 0000000000000000 x6 : 000000000000003f [ 46.267323][ T4021] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00000000000001c0 [ 46.269329][ T4021] x2 : ffff0000dc1d0bc0 x1 : 0000000000000000 x0 : 0000000000000000 [ 46.271403][ T4021] Call trace: [ 46.272271][ T4021] inc_nlink+0x130/0x168 [ 46.273420][ T4021] sysv_mkdir+0x2c/0x138 [ 46.274505][ T4021] vfs_mkdir+0x334/0x4e4 [ 46.275663][ T4021] do_mkdirat+0x20c/0x610 [ 46.276756][ T4021] __arm64_sys_mkdirat+0x90/0xa8 [ 46.277964][ T4021] invoke_syscall+0x98/0x2b8 [ 46.279069][ T4021] el0_svc_common+0x138/0x258 [ 46.280267][ T4021] do_el0_svc+0x58/0x14c [ 46.281337][ T4021] el0_svc+0x7c/0x1f0 [ 46.282363][ T4021] el0t_64_sync_handler+0x84/0xe4 [ 46.283633][ T4021] el0t_64_sync+0x1a0/0x1a4 [ 46.284751][ T4021] irq event stamp: 14806 [ 46.285868][ T4021] hardirqs last enabled at (14805): [] kasan_quarantine_put+0xdc/0x204 [ 46.288338][ T4021] hardirqs last disabled at (14806): [] el1_dbg+0x24/0x80 [ 46.290623][ T4021] softirqs last enabled at (14768): [] handle_softirqs+0xb88/0xdbc [ 46.292998][ T4021] softirqs last disabled at (14753): [] __irq_exit_rcu+0x268/0x4d8 [ 46.295378][ T4021] ---[ end trace d6291d0f4a50f151 ]--- [ 46.304731][ T4021] ================================================================== [ 46.306763][ T4021] BUG: KASAN: use-after-free in sysv_new_block+0x618/0x7e4 [ 46.308568][ T4021] Read of size 4 at addr ffff00017578b0c8 by task syz-executor394/4021 [ 46.310679][ T4021] [ 46.311261][ T4021] CPU: 0 PID: 4021 Comm: syz-executor394 Tainted: G W 5.15.178-syzkaller #0 [ 46.313671][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 46.316236][ T4021] Call trace: [ 46.317020][ T4021] dump_backtrace+0x0/0x530 [ 46.318100][ T4021] show_stack+0x2c/0x3c [ 46.319135][ T4021] dump_stack_lvl+0x108/0x170 [ 46.320244][ T4021] print_address_description+0x7c/0x3f0 [ 46.321595][ T4021] kasan_report+0x174/0x1e4 [ 46.322736][ T4021] __asan_report_load4_noabort+0x44/0x50 [ 46.324184][ T4021] sysv_new_block+0x618/0x7e4 [ 46.325312][ T4021] get_block+0x258/0x1390 [ 46.326428][ T4021] __block_write_begin_int+0x3ec/0x1608 [ 46.327816][ T4021] __block_write_begin+0x40/0x54 [ 46.329006][ T4021] sysv_prepare_chunk+0x3c/0x50 [ 46.330190][ T4021] sysv_make_empty+0x98/0x4f8 [ 46.331351][ T4021] sysv_mkdir+0x88/0x138 [ 46.332377][ T4021] vfs_mkdir+0x334/0x4e4 [ 46.333462][ T4021] do_mkdirat+0x20c/0x610 [ 46.334572][ T4021] __arm64_sys_mkdirat+0x90/0xa8 [ 46.335828][ T4021] invoke_syscall+0x98/0x2b8 [ 46.337032][ T4021] el0_svc_common+0x138/0x258 [ 46.338268][ T4021] do_el0_svc+0x58/0x14c [ 46.339317][ T4021] el0_svc+0x7c/0x1f0 [ 46.340357][ T4021] el0t_64_sync_handler+0x84/0xe4 [ 46.341616][ T4021] el0t_64_sync+0x1a0/0x1a4 [ 46.342779][ T4021] [ 46.343311][ T4021] The buggy address belongs to the page: [ 46.344677][ T4021] page:0000000011b5b901 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1b578b [ 46.347166][ T4021] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 46.348999][ T4021] raw: 05ffc00000000000 fffffc0005d5dbc8 fffffc0005d5e508 0000000000000000 [ 46.351141][ T4021] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 46.353291][ T4021] page dumped because: kasan: bad access detected [ 46.354923][ T4021] [ 46.355494][ T4021] Memory state around the buggy address: [ 46.356829][ T4021] ffff00017578af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.358849][ T4021] ffff00017578b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.360837][ T4021] >ffff00017578b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.362981][ T4021] ^ [ 46.364579][ T4021] ffff00017578b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.366532][ T4021] ffff00017578b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.368492][ T4021] ================================================================== [ 46.370373][ T4021] Disabling lock debugging due to kernel taint