Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   74.182265][ T5064] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5064 'syz-executor110'
[   74.195708][ T5064] loop0: detected capacity change from 0 to 128
[   74.204585][ T5064] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   74.213963][ T5064] sysv_free_block: flc_count > flc_size
[   74.220029][ T5064] sysv_free_block: flc_count > flc_size
[   74.226491][ T5064] sysv_free_block: flc_count > flc_size
[   74.232391][ T5064] sysv_free_block: flc_count > flc_size
[   74.237977][ T5064] sysv_free_block: flc_count > flc_size
[   74.243756][ T5064] sysv_free_block: flc_count > flc_size
[   74.249307][ T5064] sysv_free_block: flc_count > flc_size
[   74.255020][ T5064] sysv_free_block: flc_count > flc_size
[   74.261029][ T5064] sysv_free_block: flc_count > flc_size
[   74.266579][ T5064] sysv_free_block: flc_count > flc_size
[   74.273283][ T5064] ==================================================================
[   74.281342][ T5064] BUG: KASAN: use-after-free in sysv_new_block+0x78c/0x960
[   74.288538][ T5064] Read of size 4 at addr ffff8880733820c8 by task syz-executor110/5064
[   74.296752][ T5064] 
[   74.299059][ T5064] CPU: 0 PID: 5064 Comm: syz-executor110 Not tainted 6.3.0-rc4-syzkaller-00039-gffe78bbd5121 #0
[   74.309448][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   74.319484][ T5064] Call Trace:
[   74.322745][ T5064]  <TASK>
[   74.325660][ T5064]  dump_stack_lvl+0x1e7/0x2d0
[   74.330335][ T5064]  ? nf_tcp_handle_invalid+0x650/0x650
[   74.335788][ T5064]  ? panic+0x770/0x770
[   74.339850][ T5064]  ? _printk+0xd5/0x120
[   74.343990][ T5064]  print_report+0x163/0x540
[   74.348494][ T5064]  ? __virt_addr_valid+0x22f/0x2e0
[   74.353590][ T5064]  ? __phys_addr+0xba/0x170
[   74.358076][ T5064]  ? sysv_new_block+0x78c/0x960
[   74.362914][ T5064]  kasan_report+0x176/0x1b0
[   74.367402][ T5064]  ? sysv_new_block+0x78c/0x960
[   74.372241][ T5064]  sysv_new_block+0x78c/0x960
[   74.376906][ T5064]  get_block+0x2fc/0x16a0
[   74.381237][ T5064]  ? create_page_buffers+0x1d2/0x4c0
[   74.386508][ T5064]  ? sysv_truncate+0x1050/0x1050
[   74.391450][ T5064]  ? attach_page_private+0x110/0x300
[   74.396721][ T5064]  ? create_page_buffers+0x24e/0x4c0
[   74.401991][ T5064]  __block_write_begin_int+0x548/0x1a50
[   74.407526][ T5064]  ? sysv_truncate+0x1050/0x1050
[   74.412446][ T5064]  ? page_zero_new_buffers+0x660/0x660
[   74.417888][ T5064]  ? PageHeadHuge+0xa5/0x1d0
[   74.422465][ T5064]  ? sysv_truncate+0x1050/0x1050
[   74.427473][ T5064]  block_write_begin+0x9c/0x1f0
[   74.432315][ T5064]  ? sysv_write_begin+0x1a/0x70
[   74.437151][ T5064]  sysv_write_begin+0x31/0x70
[   74.441813][ T5064]  generic_perform_write+0x300/0x5e0
[   74.447086][ T5064]  ? generic_file_direct_write+0x460/0x460
[   74.452873][ T5064]  ? __file_remove_privs+0x640/0x640
[   74.458145][ T5064]  ? generic_write_checks+0x160/0x1c0
[   74.463497][ T5064]  __generic_file_write_iter+0x17a/0x400
[   74.469121][ T5064]  generic_file_write_iter+0xaf/0x310
[   74.474495][ T5064]  vfs_write+0x7b2/0xbb0
[   74.478734][ T5064]  ? file_end_write+0x250/0x250
[   74.483577][ T5064]  ? __fdget_pos+0x265/0x2f0
[   74.488152][ T5064]  ksys_write+0x1a0/0x2c0
[   74.492467][ T5064]  ? print_irqtrace_events+0x220/0x220
[   74.497905][ T5064]  ? __ia32_sys_read+0x90/0x90
[   74.502667][ T5064]  ? syscall_enter_from_user_mode+0x32/0x230
[   74.508630][ T5064]  ? lockdep_hardirqs_on+0x98/0x140
[   74.513811][ T5064]  ? syscall_enter_from_user_mode+0x32/0x230
[   74.519777][ T5064]  do_syscall_64+0x41/0xc0
[   74.524199][ T5064]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.530084][ T5064] RIP: 0033:0x7f5af5bed569
[   74.534500][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.554089][ T5064] RSP: 002b:00007ffd36acaab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.562487][ T5064] RAX: ffffffffffffffda RBX: 00007ffd36acab08 RCX: 00007f5af5bed569
[   74.570448][ T5064] RDX: 00000000fffffe45 RSI: 00000000200000c0 RDI: 0000000000000004
[   74.578411][ T5064] RBP: 0000000000000000 R08: 00007ffd36acabe0 R09: 00007ffd36acabe0
[   74.586362][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd36acab00
[   74.594315][ T5064] R13: 00007ffd36acabe0 R14: 431bde82d7b634db R15: 00007ffd36acaae0
[   74.602284][ T5064]  </TASK>
[   74.605299][ T5064] 
[   74.607620][ T5064] The buggy address belongs to the physical page:
[   74.614014][ T5064] page:ffffea0001cce080 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x73382
[   74.624160][ T5064] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   74.631259][ T5064] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[   74.639822][ T5064] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   74.648383][ T5064] page dumped because: kasan: bad access detected
[   74.654778][ T5064] page_owner tracks the page as freed
[   74.660129][ T5064] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 11440534476, free_ts 12536605105
[   74.675038][ T5064]  split_map_pages+0x24a/0x510
[   74.679791][ T5064]  isolate_freepages_range+0x480/0x4e0
[   74.685235][ T5064]  alloc_contig_range+0x62e/0x9a0
[   74.690244][ T5064]  alloc_contig_pages+0x3e8/0x4e0
[   74.695261][ T5064]  debug_vm_pgtable_alloc_huge_page+0xb9/0x110
[   74.701411][ T5064]  init_args+0x836/0xb10
[   74.705634][ T5064]  debug_vm_pgtable+0xa8/0x490
[   74.710383][ T5064]  do_one_initcall+0x23d/0x7d0
[   74.715143][ T5064]  do_initcall_level+0x157/0x210
[   74.720066][ T5064]  do_initcalls+0x3f/0x80
[   74.724384][ T5064]  kernel_init_freeable+0x477/0x630
[   74.729583][ T5064]  kernel_init+0x1d/0x2a0
[   74.733893][ T5064]  ret_from_fork+0x1f/0x30
[   74.738294][ T5064] page last free stack trace:
[   74.742943][ T5064]  free_unref_page_prepare+0xe2f/0xe70
[   74.748405][ T5064]  free_unref_page+0x37/0x3f0
[   74.753069][ T5064]  free_contig_range+0x9e/0x150
[   74.757901][ T5064]  destroy_args+0x102/0x9a0
[   74.762388][ T5064]  debug_vm_pgtable+0x405/0x490
[   74.767218][ T5064]  do_one_initcall+0x23d/0x7d0
[   74.771970][ T5064]  do_initcall_level+0x157/0x210
[   74.776894][ T5064]  do_initcalls+0x3f/0x80
[   74.781207][ T5064]  kernel_init_freeable+0x477/0x630
[   74.786395][ T5064]  kernel_init+0x1d/0x2a0
[   74.790706][ T5064]  ret_from_fork+0x1f/0x30
[   74.795112][ T5064] 
[   74.797419][ T5064] Memory state around the buggy address:
[   74.803025][ T5064]  ffff888073381f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.811065][ T5064]  ffff888073382000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.819108][ T5064] >ffff888073382080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.827147][ T5064]                                               ^
[   74.833537][ T5064]  ffff888073382100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.841575][ T5064]  ffff888073382180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   74.849627][ T5064] ==================================================================
[   74.858548][ T5064] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.865764][ T5064] CPU: 0 PID: 5064 Comm: syz-executor110 Not tainted 6.3.0-rc4-syzkaller-00039-gffe78bbd5121 #0
[   74.876184][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   74.886227][ T5064] Call Trace:
[   74.889493][ T5064]  <TASK>
[   74.892418][ T5064]  dump_stack_lvl+0x1e7/0x2d0
[   74.897102][ T5064]  ? nf_tcp_handle_invalid+0x650/0x650
[   74.902554][ T5064]  ? panic+0x770/0x770
[   74.906607][ T5064]  ? preempt_schedule_common+0x83/0xc0
[   74.912055][ T5064]  ? vscnprintf+0x5d/0x80
[   74.916370][ T5064]  panic+0x31c/0x770
[   74.920253][ T5064]  ? check_panic_on_warn+0x21/0xa0
[   74.925351][ T5064]  ? memcpy_page_flushcache+0x100/0x100
[   74.930882][ T5064]  ? _raw_spin_unlock_irqrestore+0x12c/0x140
[   74.936847][ T5064]  ? _raw_spin_unlock+0x40/0x40
[   74.941685][ T5064]  check_panic_on_warn+0x82/0xa0
[   74.946607][ T5064]  ? sysv_new_block+0x78c/0x960
[   74.951444][ T5064]  end_report+0x63/0x110
[   74.955671][ T5064]  kasan_report+0x183/0x1b0
[   74.960160][ T5064]  ? sysv_new_block+0x78c/0x960
[   74.965004][ T5064]  sysv_new_block+0x78c/0x960
[   74.969679][ T5064]  get_block+0x2fc/0x16a0
[   74.974009][ T5064]  ? create_page_buffers+0x1d2/0x4c0
[   74.979306][ T5064]  ? sysv_truncate+0x1050/0x1050
[   74.984237][ T5064]  ? attach_page_private+0x110/0x300
[   74.989517][ T5064]  ? create_page_buffers+0x24e/0x4c0
[   74.994797][ T5064]  __block_write_begin_int+0x548/0x1a50
[   75.000341][ T5064]  ? sysv_truncate+0x1050/0x1050
[   75.005277][ T5064]  ? page_zero_new_buffers+0x660/0x660
[   75.010725][ T5064]  ? PageHeadHuge+0xa5/0x1d0
[   75.015310][ T5064]  ? sysv_truncate+0x1050/0x1050
[   75.020237][ T5064]  block_write_begin+0x9c/0x1f0
[   75.025080][ T5064]  ? sysv_write_begin+0x1a/0x70
[   75.029920][ T5064]  sysv_write_begin+0x31/0x70
[   75.034588][ T5064]  generic_perform_write+0x300/0x5e0
[   75.039868][ T5064]  ? generic_file_direct_write+0x460/0x460
[   75.045662][ T5064]  ? __file_remove_privs+0x640/0x640
[   75.050935][ T5064]  ? generic_write_checks+0x160/0x1c0
[   75.056294][ T5064]  __generic_file_write_iter+0x17a/0x400
[   75.061920][ T5064]  generic_file_write_iter+0xaf/0x310
[   75.067283][ T5064]  vfs_write+0x7b2/0xbb0
[   75.071520][ T5064]  ? file_end_write+0x250/0x250
[   75.076365][ T5064]  ? __fdget_pos+0x265/0x2f0
[   75.080947][ T5064]  ksys_write+0x1a0/0x2c0
[   75.085270][ T5064]  ? print_irqtrace_events+0x220/0x220
[   75.090714][ T5064]  ? __ia32_sys_read+0x90/0x90
[   75.095469][ T5064]  ? syscall_enter_from_user_mode+0x32/0x230
[   75.101438][ T5064]  ? lockdep_hardirqs_on+0x98/0x140
[   75.106624][ T5064]  ? syscall_enter_from_user_mode+0x32/0x230
[   75.112594][ T5064]  do_syscall_64+0x41/0xc0
[   75.117003][ T5064]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   75.122890][ T5064] RIP: 0033:0x7f5af5bed569
[   75.127293][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   75.146889][ T5064] RSP: 002b:00007ffd36acaab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.155288][ T5064] RAX: ffffffffffffffda RBX: 00007ffd36acab08 RCX: 00007f5af5bed569
[   75.163244][ T5064] RDX: 00000000fffffe45 RSI: 00000000200000c0 RDI: 0000000000000004
[   75.171202][ T5064] RBP: 0000000000000000 R08: 00007ffd36acabe0 R09: 00007ffd36acabe0
[   75.179160][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd36acab00
[   75.187117][ T5064] R13: 00007ffd36acabe0 R14: 431bde82d7b634db R15: 00007ffd36acaae0
[   75.195088][ T5064]  </TASK>
[   75.198249][ T5064] Kernel Offset: disabled
[   75.202563][ T5064] Rebooting in 86400 seconds..