Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs [ 33.026584][ T4326] cgroup: Unknown subsys name 'net' [ 33.325641][ T4326] cgroup: Unknown subsys name 'rlimit' [ 33.584586][ T4326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 37.785539][ T4365] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 37.787063][ T4365] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 37.788374][ T4365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 37.789897][ T4365] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 37.791325][ T4365] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 37.792547][ T4365] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 37.891171][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.892424][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.894636][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.900819][ T269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.902053][ T269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.903904][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.981199][ T4375] chnl_net:caif_netlink_parms(): no params data found [ 38.001153][ T4375] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.002490][ T4375] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.004996][ T4375] device bridge_slave_0 entered promiscuous mode [ 38.007119][ T4375] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.008296][ T4375] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.009795][ T4375] device bridge_slave_1 entered promiscuous mode [ 38.019539][ T4375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.022532][ T4375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.032656][ T4375] team0: Port device team_slave_0 added [ 38.034889][ T4375] team0: Port device team_slave_1 added [ 38.040856][ T4375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.041896][ T4375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.046618][ T4375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.049217][ T4375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.050285][ T4375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.054206][ T4375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.143799][ T4375] device hsr_slave_0 entered promiscuous mode [ 38.172904][ T4375] device hsr_slave_1 entered promiscuous mode [ 38.258346][ T4375] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.304198][ T4375] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.343802][ T4375] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.373895][ T4375] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.421412][ T4375] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.422796][ T4375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.424188][ T4375] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.425440][ T4375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.444661][ T4375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.448585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.450713][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.452610][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.457856][ T4375] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.461006][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.462539][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.463725][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.466948][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.468468][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.469493][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.475542][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.477437][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.479915][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.484387][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.487717][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.490082][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 38.540550][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 38.541797][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 38.546558][ T4375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.552419][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.558722][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.560514][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.561887][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.565025][ T4375] device veth0_vlan entered promiscuous mode [ 38.568453][ T4375] device veth1_vlan entered promiscuous mode [ 38.575880][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 38.577402][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 38.578935][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.581182][ T4375] device veth0_macvtap entered promiscuous mode [ 38.583808][ T4375] device veth1_macvtap entered promiscuous mode [ 38.588982][ T4375] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.590216][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.592064][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 38.595410][ T4375] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.596752][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.599087][ T4375] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.600521][ T4375] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.601751][ T4375] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.604009][ T4375] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:39 executed programs: 0 [ 39.624410][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.625955][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.627420][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.629207][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.630561][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.632004][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.989089][ T4443] chnl_net:caif_netlink_parms(): no params data found [ 40.065387][ T4443] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.066578][ T4443] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.068328][ T4443] device bridge_slave_0 entered promiscuous mode [ 40.070351][ T4443] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.071488][ T4443] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.073389][ T4443] device bridge_slave_1 entered promiscuous mode [ 40.079715][ T4443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.082051][ T4443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.089606][ T4443] team0: Port device team_slave_0 added [ 40.091252][ T4443] team0: Port device team_slave_1 added [ 40.100101][ T4443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.101312][ T4443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.105541][ T4443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.107670][ T4443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.108841][ T4443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.113023][ T4443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.533832][ T4443] device hsr_slave_0 entered promiscuous mode [ 40.583212][ T4443] device hsr_slave_1 entered promiscuous mode [ 40.622826][ T4443] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.624106][ T4443] Cannot create hsr debugfs directory [ 40.763782][ T4443] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.693045][ T4365] Bluetooth: hci0: command 0x0409 tx timeout [ 43.773112][ T4365] Bluetooth: hci0: command 0x041b tx timeout [ 43.994588][ T4443] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.093976][ T4443] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.194831][ T4443] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.460594][ T4443] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.503960][ T4443] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.595172][ T4443] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.684825][ T4443] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.793528][ T4443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.796799][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.798283][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.800634][ T4443] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.865640][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.867271][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.868737][ T269] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.869841][ T269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.871089][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.872614][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.874105][ T269] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.875185][ T269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.876770][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.879546][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.883146][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.885877][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.887634][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.889272][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.891714][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.893607][ T269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.897444][ T253] device hsr_slave_0 left promiscuous mode [ 44.923054][ T253] device hsr_slave_1 left promiscuous mode [ 45.022808][ T253] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.024163][ T253] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.025857][ T253] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.026998][ T253] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.028393][ T253] device bridge_slave_1 left promiscuous mode [ 45.029468][ T253] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.074153][ T253] device bridge_slave_0 left promiscuous mode [ 45.075225][ T253] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.202889][ T253] device veth1_macvtap left promiscuous mode [ 45.204062][ T253] device veth0_macvtap left promiscuous mode [ 45.205056][ T253] device veth1_vlan left promiscuous mode [ 45.206033][ T253] device veth0_vlan left promiscuous mode [ 45.852726][ T4365] Bluetooth: hci0: command 0x040f tx timeout [ 46.913765][ T253] team0 (unregistering): Port device team_slave_1 removed [ 47.073682][ T253] team0 (unregistering): Port device team_slave_0 removed [ 47.233085][ T253] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 47.463107][ T253] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 47.942721][ T4365] Bluetooth: hci0: command 0x0419 tx timeout [ 49.964046][ T253] bond0 (unregistering): Released all slaves [ 50.167020][ T4443] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.168889][ T4443] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.172234][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.173995][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.175543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.176871][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.178339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.224346][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.225701][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.228531][ T4443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.234898][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.236639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.241594][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.244138][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.248689][ T4443] device veth0_vlan entered promiscuous mode [ 50.250527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.251901][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.254531][ T4443] device veth1_vlan entered promiscuous mode [ 50.261144][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.262583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 50.265277][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.266817][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.269098][ T4443] device veth0_macvtap entered promiscuous mode [ 50.271256][ T4443] device veth1_macvtap entered promiscuous mode [ 50.276229][ T4443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.277453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 50.278936][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.280354][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.281732][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.284897][ T4443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.286459][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.288126][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.290312][ T4443] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.291792][ T4443] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.293794][ T4443] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.295233][ T4443] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.318731][ T4445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.320084][ T4445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.321739][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 50.324467][ T269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.325679][ T269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.327103][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 50.381317][ T4467] loop0: detected capacity change from 0 to 128 [ 50.386960][ T4467] syz.0.17: attempt to access beyond end of device [ 50.386960][ T4467] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128 [ 50.389106][ T4467] Buffer I/O error on dev loop0, logical block 3245768, async page read [ 50.390412][ T4467] ------------[ cut here ]------------ [ 50.391218][ T4467] WARNING: CPU: 0 PID: 4467 at fs/inode.c:389 inc_nlink+0x128/0x154 [ 50.392369][ T4467] Modules linked in: [ 50.393000][ T4467] CPU: 0 PID: 4467 Comm: syz.0.17 Not tainted 6.1.148-syzkaller #0 [ 50.394390][ T4467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 50.396107][ T4467] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 50.397555][ T4467] pc : inc_nlink+0x128/0x154 [ 50.398374][ T4467] lr : inc_nlink+0x128/0x154 [ 50.399137][ T4467] sp : ffff800020ca7b90 [ 50.399871][ T4467] x29: ffff800020ca7b90 x28: dfff800000000000 x27: 0000000000000000 [ 50.401237][ T4467] x26: 1fffe0001d3d880c x25: ffff800011d35208 x24: 0000000000000000 [ 50.402623][ T4467] x23: 1fffe0001d3d8810 x22: dfff800000000000 x21: 0000000000000000 [ 50.404045][ T4467] x20: ffff0000e9ec4038 x19: ffff0000e9ec4080 x18: 0000000000000000 [ 50.405418][ T4467] x17: ffff8000181e7000 x16: ffff8000082d2370 x15: 0000000000000000 [ 50.406829][ T4467] x14: 00000000ffff8000 x13: 000000003bcdb8d7 x12: 0000000000ff0100 [ 50.408165][ T4467] x11: ff008000089fbf80 x10: 0000000000000000 x9 : ffff8000089fbf80 [ 50.409523][ T4467] x8 : ffff0000d3cf8000 x7 : 0000000000000000 x6 : 000000000000003f [ 50.410791][ T4467] x5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000 [ 50.412101][ T4467] x2 : ffff0000e9f2c758 x1 : 0000000000000000 x0 : 0000000000000000 [ 50.413343][ T4467] Call trace: [ 50.413851][ T4467] inc_nlink+0x128/0x154 [ 50.414483][ T4467] sysv_mkdir+0x2c/0x138 [ 50.415162][ T4467] vfs_mkdir+0x314/0x4d4 [ 50.415807][ T4467] do_mkdirat+0x1b4/0x3e0 [ 50.416469][ T4467] __arm64_sys_mkdirat+0x90/0xa8 [ 50.417253][ T4467] invoke_syscall+0x98/0x2bc [ 50.417926][ T4467] el0_svc_common+0x138/0x258 [ 50.418700][ T4467] do_el0_svc+0x58/0x13c [ 50.419383][ T4467] el0_svc+0x58/0x138 [ 50.420012][ T4467] el0t_64_sync_handler+0x84/0xf0 [ 50.420808][ T4467] el0t_64_sync+0x18c/0x190 [ 50.421516][ T4467] irq event stamp: 3074 [ 50.422167][ T4467] hardirqs last enabled at (3073): [] kasan_quarantine_put+0xc4/0x204 [ 50.423823][ T4467] hardirqs last disabled at (3074): [] el1_dbg+0x24/0x80 [ 50.425205][ T4467] softirqs last enabled at (2976): [] local_bh_enable+0x10/0x34 [ 50.426706][ T4467] softirqs last disabled at (2974): [] local_bh_disable+0x10/0x34 [ 50.428274][ T4467] ---[ end trace 0000000000000000 ]--- [ 50.431831][ T4467] ================================================================== [ 50.433203][ T4467] BUG: KASAN: use-after-free in sysv_new_inode+0xd8c/0xf04 [ 50.434277][ T4467] Read of size 2 at addr ffff0000e94fd1ce by task syz.0.17/4467 [ 50.435427][ T4467] [ 50.435760][ T4467] CPU: 1 PID: 4467 Comm: syz.0.17 Tainted: G W 6.1.148-syzkaller #0 [ 50.437326][ T4467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 50.438994][ T4467] Call trace: [ 50.439501][ T4467] dump_backtrace+0x1c8/0x1f4 [ 50.440234][ T4467] show_stack+0x2c/0x3c [ 50.440950][ T4467] __dump_stack+0x30/0x40 [ 50.441598][ T4467] dump_stack_lvl+0xf8/0x160 [ 50.442343][ T4467] print_address_description+0x88/0x218 [ 50.443142][ T4467] print_report+0x50/0x68 [ 50.443818][ T4467] kasan_report+0xa8/0x100 [ 50.444529][ T4467] __asan_report_load2_noabort+0x2c/0x38 [ 50.445491][ T4467] sysv_new_inode+0xd8c/0xf04 [ 50.446192][ T4467] sysv_mkdir+0x44/0x138 [ 50.446777][ T4467] vfs_mkdir+0x314/0x4d4 [ 50.447414][ T4467] do_mkdirat+0x1b4/0x3e0 [ 50.448138][ T4467] __arm64_sys_mkdirat+0x90/0xa8 [ 50.448948][ T4467] invoke_syscall+0x98/0x2bc [ 50.449741][ T4467] el0_svc_common+0x138/0x258 [ 50.450498][ T4467] do_el0_svc+0x58/0x13c [ 50.451176][ T4467] el0_svc+0x58/0x138 [ 50.451760][ T4467] el0t_64_sync_handler+0x84/0xf0 [ 50.452512][ T4467] el0t_64_sync+0x18c/0x190 [ 50.453276][ T4467] [ 50.453645][ T4467] The buggy address belongs to the physical page: [ 50.454663][ T4467] page:00000000d28c05d1 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1294fd [ 50.456188][ T4467] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 50.457249][ T4467] raw: 05ffc00000000000 dead000000000100 dead000000000122 0000000000000000 [ 50.458483][ T4467] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 50.459756][ T4467] page dumped because: kasan: bad access detected [ 50.460811][ T4467] [ 50.461153][ T4467] Memory state around the buggy address: [ 50.462062][ T4467] ffff0000e94fd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.463290][ T4467] ffff0000e94fd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.464545][ T4467] >ffff0000e94fd180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.465834][ T4467] ^ [ 50.466898][ T4467] ffff0000e94fd200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.468207][ T4467] ffff0000e94fd280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.469420][ T4467] ================================================================== [ 50.472341][ T4467] Disabling lock debugging due to kernel taint [ 50.477601][ T4443] sysv_free_block: flc_count > flc_size [ 50.478551][ T4443] sysv_free_block: flc_count > flc_size [ 50.479417][ T4443] sysv_free_block: flc_count > flc_size [ 50.480714][ T4443] sysv_free_block: flc_count > flc_size [ 50.481610][ T4443] sysv_free_block: flc_count > flc_size [ 50.482436][ T4443] sysv_free_block: flc_count > flc_size [ 50.483502][ T4443] sysv_free_block: flc_count > flc_size [ 50.484382][ T4443] sysv_free_block: flc_count > flc_size [ 50.485269][ T4443] sysv_free_block: flc_count > flc_size [ 50.486308][ T4443] sysv_free_block: flc_count > flc_size [ 50.487668][ T4443] sysv_free_inode: inode 0,1,2 or nonexistent inode