Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts.
executing program
[  270.009555][ T5853] loop0: detected capacity change from 0 to 512
[  270.018368][ T5853] =======================================================
[  270.018368][ T5853] WARNING: The mand mount option has been deprecated and
[  270.018368][ T5853]          and is ignored by this kernel. Remove the mand
[  270.018368][ T5853]          option from the mount to silence this warning.
[  270.018368][ T5853] =======================================================
[  270.058135][ T5853] EXT4-fs (loop0): blocks per group (71) and clusters per group (20800) inconsistent
[  270.075845][ T5853] loop0: detected capacity change from 0 to 128
[  270.092238][ T5853] syz-executor140: attempt to access beyond end of device
[  270.092238][ T5853] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  270.106498][ T5853] Buffer I/O error on dev loop0, logical block 3245768, async page read
[  270.115486][ T5853] syz-executor140: attempt to access beyond end of device
[  270.115486][ T5853] loop0: rw=0, sector=17666806, nr_sectors = 2 limit=128
[  270.129985][ T5853] Buffer I/O error on dev loop0, logical block 8833403, async page read
[  270.138399][ T5853] syz-executor140: attempt to access beyond end of device
[  270.138399][ T5853] loop0: rw=0, sector=26539618, nr_sectors = 2 limit=128
[  270.153076][ T5853] Buffer I/O error on dev loop0, logical block 13269809, async page read
[  270.162342][ T5853] syz-executor140: attempt to access beyond end of device
[  270.162342][ T5853] loop0: rw=0, sector=16147212, nr_sectors = 2 limit=128
[  270.176366][ T5853] Buffer I/O error on dev loop0, logical block 8073606, async page read
[  270.184908][ T5853] syz-executor140: attempt to access beyond end of device
[  270.184908][ T5853] loop0: rw=0, sector=6491542, nr_sectors = 2 limit=128
[  270.198875][ T5853] Buffer I/O error on dev loop0, logical block 3245771, async page read
[  270.207284][ T5853] syz-executor140: attempt to access beyond end of device
[  270.207284][ T5853] loop0: rw=0, sector=17668342, nr_sectors = 2 limit=128
[  270.221323][ T5853] Buffer I/O error on dev loop0, logical block 8834171, async page read
[  270.229752][ T5853] syz-executor140: attempt to access beyond end of device
[  270.229752][ T5853] loop0: rw=0, sector=26932834, nr_sectors = 2 limit=128
[  270.243770][ T5853] Buffer I/O error on dev loop0, logical block 13466417, async page read
[  270.252279][ T5853] syz-executor140: attempt to access beyond end of device
[  270.252279][ T5853] loop0: rw=0, sector=16147212, nr_sectors = 2 limit=128
[  270.266299][ T5853] Buffer I/O error on dev loop0, logical block 8073606, async page read
[  270.275538][ T5853] syz-executor140: attempt to access beyond end of device
[  270.275538][ T5853] loop0: rw=0, sector=6491548, nr_sectors = 2 limit=128
[  270.289531][ T5853] Buffer I/O error on dev loop0, logical block 3245774, async page read
[  270.297987][ T5853] syz-executor140: attempt to access beyond end of device
[  270.297987][ T5853] loop0: rw=0, sector=17669878, nr_sectors = 2 limit=128
[  270.312012][ T5853] Buffer I/O error on dev loop0, logical block 8834939, async page read
[  306.652159][ T5853] ==================================================================
[  306.660238][ T5853] BUG: KASAN: slab-use-after-free in sysv_new_inode+0xfc7/0x1160
[  306.667984][ T5853] Read of size 2 at addr ffff888078fb61ce by task syz-executor140/5853
[  306.676197][ T5853] 
[  306.678510][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor140 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0
[  306.678526][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  306.678535][ T5853] Call Trace:
[  306.678540][ T5853]  <TASK>
[  306.678544][ T5853]  dump_stack_lvl+0x241/0x360
[  306.678557][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  306.678567][ T5853]  ? __pfx__printk+0x10/0x10
[  306.678583][ T5853]  ? _printk+0xd5/0x120
[  306.678597][ T5853]  ? __virt_addr_valid+0x183/0x530
[  306.678611][ T5853]  ? __virt_addr_valid+0x183/0x530
[  306.678625][ T5853]  print_report+0x169/0x550
[  306.678641][ T5853]  ? __virt_addr_valid+0x183/0x530
[  306.678654][ T5853]  ? __virt_addr_valid+0x183/0x530
[  306.678668][ T5853]  ? __virt_addr_valid+0x45f/0x530
[  306.678681][ T5853]  ? __phys_addr+0xba/0x170
[  306.678695][ T5853]  ? sysv_new_inode+0xfc7/0x1160
[  306.678706][ T5853]  kasan_report+0x143/0x180
[  306.678721][ T5853]  ? sysv_new_inode+0xfc7/0x1160
[  306.678734][ T5853]  sysv_new_inode+0xfc7/0x1160
[  306.678749][ T5853]  ? __pfx_sysv_new_inode+0x10/0x10
[  306.678767][ T5853]  ? _raw_spin_unlock+0x28/0x50
[  306.678812][ T5853]  ? __d_add+0x500/0x800
[  306.678827][ T5853]  sysv_mknod+0x4e/0xe0
[  306.678840][ T5853]  ? __pfx_sysv_create+0x10/0x10
[  306.678854][ T5853]  path_openat+0x192f/0x3580
[  306.678871][ T5853]  ? __pfx_path_openat+0x10/0x10
[  306.678886][ T5853]  do_filp_open+0x27f/0x4e0
[  306.678899][ T5853]  ? __pfx_do_filp_open+0x10/0x10
[  306.678910][ T5853]  ? do_raw_spin_lock+0x14f/0x370
[  306.678927][ T5853]  do_sys_openat2+0x13e/0x1d0
[  306.678938][ T5853]  ? __pfx_do_sys_openat2+0x10/0x10
[  306.678948][ T5853]  ? __sys_bind+0x20a/0x290
[  306.678984][ T5853]  ? __pfx___sys_bind+0x10/0x10
[  306.678998][ T5853]  __x64_sys_openat+0x247/0x2a0
[  306.679008][ T5853]  ? __pfx___x64_sys_openat+0x10/0x10
[  306.679019][ T5853]  ? do_syscall_64+0x100/0x230
[  306.679029][ T5853]  ? do_syscall_64+0xb6/0x230
[  306.679038][ T5853]  do_syscall_64+0xf3/0x230
[  306.679047][ T5853]  ? clear_bhb_loop+0x35/0x90
[  306.679062][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.679075][ T5853] RIP: 0033:0x7faa32146f79
[  306.679090][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  306.679101][ T5853] RSP: 002b:00007ffdceb58658 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  306.679116][ T5853] RAX: ffffffffffffffda RBX: 00007faa3218f095 RCX: 00007faa32146f79
[  306.679123][ T5853] RDX: 000000000000275a RSI: 00000000200000c0 RDI: 00000000ffffff9c
[  306.679130][ T5853] RBP: 00007faa321c45f0 R08: 000055557ead04c0 R09: 000055557ead04c0
[  306.679137][ T5853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdceb58680
[  306.679144][ T5853] R13: 00007ffdceb588a8 R14: 431bde82d7b634db R15: 00007faa3218f03b
[  306.679154][ T5853]  </TASK>
[  306.679158][ T5853] 
[  306.956108][ T5853] Allocated by task 5841:
[  306.960478][ T5853]  kasan_save_track+0x3f/0x80
[  306.965165][ T5853]  __kasan_slab_alloc+0x66/0x80
[  306.970018][ T5853]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  306.975899][ T5853]  kmalloc_reserve+0xa8/0x2a0
[  306.980768][ T5853]  __alloc_skb+0x1f3/0x440
[  306.985180][ T5853]  __tcp_send_ack+0xa2/0x600
[  306.989788][ T5853]  tcp_recvmsg_locked+0x330f/0x3c80
[  306.994978][ T5853]  tcp_recvmsg+0x25d/0x920
[  306.999393][ T5853]  inet_recvmsg+0x150/0x2d0
[  307.003888][ T5853]  sock_recvmsg+0x1ae/0x280
[  307.008381][ T5853]  sock_read_iter+0x2c4/0x3d0
[  307.013050][ T5853]  vfs_read+0x975/0xb40
[  307.017214][ T5853]  ksys_read+0x18f/0x2b0
[  307.021452][ T5853]  do_syscall_64+0xf3/0x230
[  307.025944][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.031828][ T5853] 
[  307.034137][ T5853] Freed by task 5841:
[  307.038101][ T5853]  kasan_save_track+0x3f/0x80
[  307.042771][ T5853]  kasan_save_free_info+0x40/0x50
[  307.047784][ T5853]  __kasan_slab_free+0x59/0x70
[  307.052539][ T5853]  kmem_cache_free+0x195/0x410
[  307.057293][ T5853]  skb_release_data+0x677/0x8a0
[  307.062132][ T5853]  sk_skb_reason_drop+0x1c9/0x380
[  307.067142][ T5853]  dev_kfree_skb_any_reason+0x153/0x170
[  307.072680][ T5853]  __free_old_xmit+0x2f3/0x6f0
[  307.077472][ T5853]  start_xmit+0x278/0x23d0
[  307.081876][ T5853]  dev_hard_start_xmit+0x27a/0x7d0
[  307.086973][ T5853]  sch_direct_xmit+0x29c/0x5d0
[  307.091743][ T5853]  __dev_queue_xmit+0x1a8f/0x3f50
[  307.096755][ T5853]  ip_finish_output2+0xdc9/0x12b0
[  307.101769][ T5853]  __ip_queue_xmit+0x12ca/0x1ef0
[  307.106697][ T5853]  __tcp_transmit_skb+0x2582/0x3ba0
[  307.111884][ T5853]  tcp_write_xmit+0x17b5/0x6bf0
[  307.116723][ T5853]  __tcp_push_pending_frames+0x9b/0x360
[  307.122262][ T5853]  tcp_sendmsg_locked+0x47ce/0x5330
[  307.127450][ T5853]  tcp_sendmsg+0x30/0x50
[  307.131680][ T5853]  __sock_sendmsg+0x1a6/0x270
[  307.136345][ T5853]  sock_write_iter+0x2d7/0x3f0
[  307.141098][ T5853]  vfs_write+0xacf/0xd10
[  307.145333][ T5853]  ksys_write+0x18f/0x2b0
[  307.149656][ T5853]  do_syscall_64+0xf3/0x230
[  307.154148][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.160030][ T5853] 
[  307.162339][ T5853] The buggy address belongs to the object at ffff888078fb6100
[  307.162339][ T5853]  which belongs to the cache skbuff_small_head of size 640
[  307.176907][ T5853] The buggy address is located 206 bytes inside of
[  307.176907][ T5853]  freed 640-byte region [ffff888078fb6100, ffff888078fb6380)
[  307.190689][ T5853] 
[  307.192999][ T5853] The buggy address belongs to the physical page:
[  307.199398][ T5853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78fb4
[  307.208148][ T5853] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  307.216637][ T5853] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  307.224172][ T5853] page_type: f5(slab)
[  307.228143][ T5853] raw: 00fff00000000040 ffff88801e6c9a00 dead000000000122 0000000000000000
[  307.236710][ T5853] raw: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[  307.245282][ T5853] head: 00fff00000000040 ffff88801e6c9a00 dead000000000122 0000000000000000
[  307.253937][ T5853] head: 0000000000000000 0000000000150015 00000000f5000000 0000000000000000
[  307.262592][ T5853] head: 00fff00000000002 ffffea0001e3ed01 ffffffffffffffff 0000000000000000
[  307.271257][ T5853] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  307.279910][ T5853] page dumped because: kasan: bad access detected
[  307.286312][ T5853] page_owner tracks the page as allocated
[  307.292010][ T5853] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5841, tgid 5841 (sshd), ts 260155072443, free_ts 260007288192
[  307.312227][ T5853]  post_alloc_hook+0x1f4/0x240
[  307.316987][ T5853]  get_page_from_freelist+0x365c/0x37a0
[  307.322521][ T5853]  __alloc_frozen_pages_noprof+0x292/0x710
[  307.328320][ T5853]  alloc_pages_mpol+0x30e/0x550
[  307.333160][ T5853]  allocate_slab+0x8f/0x3a0
[  307.337651][ T5853]  ___slab_alloc+0xc27/0x14a0
[  307.342314][ T5853]  __slab_alloc+0x58/0xa0
[  307.346631][ T5853]  kmem_cache_alloc_node_noprof+0x269/0x380
[  307.352507][ T5853]  kmalloc_reserve+0xa8/0x2a0
[  307.357177][ T5853]  __alloc_skb+0x1f3/0x440
[  307.361583][ T5853]  __tcp_send_ack+0xa2/0x600
[  307.366172][ T5853]  tcp_recvmsg_locked+0x330f/0x3c80
[  307.371357][ T5853]  tcp_recvmsg+0x25d/0x920
[  307.375757][ T5853]  inet_recvmsg+0x150/0x2d0
[  307.380244][ T5853]  sock_recvmsg+0x1ae/0x280
[  307.384733][ T5853]  sock_read_iter+0x2c4/0x3d0
[  307.389396][ T5853] page last free pid 5843 tgid 5843 stack trace:
[  307.395705][ T5853]  free_frozen_pages+0xe0d/0x10e0
[  307.400716][ T5853]  __folio_put+0x2b3/0x360
[  307.405117][ T5853]  pipe_read+0x6ed/0x13e0
[  307.409437][ T5853]  vfs_read+0x975/0xb40
[  307.413580][ T5853]  ksys_read+0x18f/0x2b0
[  307.417816][ T5853]  do_syscall_64+0xf3/0x230
[  307.422305][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.428190][ T5853] 
[  307.430501][ T5853] Memory state around the buggy address:
[  307.436116][ T5853]  ffff888078fb6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  307.444160][ T5853]  ffff888078fb6100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.452209][ T5853] >ffff888078fb6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.460252][ T5853]                                               ^
[  307.466647][ T5853]  ffff888078fb6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.474690][ T5853]  ffff888078fb6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  307.482731][ T5853] ==================================================================
[  307.492400][ T5853] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  307.499606][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor140 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0
[  307.510213][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  307.520251][ T5853] Call Trace:
[  307.523511][ T5853]  <TASK>
[  307.526424][ T5853]  dump_stack_lvl+0x241/0x360
[  307.531084][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  307.536261][ T5853]  ? __pfx__printk+0x10/0x10
[  307.540834][ T5853]  ? preempt_schedule+0xe1/0xf0
[  307.545666][ T5853]  ? vscnprintf+0x5d/0x90
[  307.549981][ T5853]  panic+0x349/0x880
[  307.553861][ T5853]  ? check_panic_on_warn+0x21/0xb0
[  307.558958][ T5853]  ? __pfx_panic+0x10/0x10
[  307.563358][ T5853]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  307.569318][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  307.575624][ T5853]  ? print_report+0x502/0x550
[  307.580285][ T5853]  check_panic_on_warn+0x86/0xb0
[  307.585203][ T5853]  ? sysv_new_inode+0xfc7/0x1160
[  307.590146][ T5853]  end_report+0x77/0x160
[  307.594377][ T5853]  kasan_report+0x154/0x180
[  307.598861][ T5853]  ? sysv_new_inode+0xfc7/0x1160
[  307.603788][ T5853]  sysv_new_inode+0xfc7/0x1160
[  307.608546][ T5853]  ? __pfx_sysv_new_inode+0x10/0x10
[  307.613758][ T5853]  ? _raw_spin_unlock+0x28/0x50
[  307.618606][ T5853]  ? __d_add+0x500/0x800
[  307.622841][ T5853]  sysv_mknod+0x4e/0xe0
[  307.626987][ T5853]  ? __pfx_sysv_create+0x10/0x10
[  307.631917][ T5853]  path_openat+0x192f/0x3580
[  307.636504][ T5853]  ? __pfx_path_openat+0x10/0x10
[  307.641434][ T5853]  do_filp_open+0x27f/0x4e0
[  307.645928][ T5853]  ? __pfx_do_filp_open+0x10/0x10
[  307.650938][ T5853]  ? do_raw_spin_lock+0x14f/0x370
[  307.655961][ T5853]  do_sys_openat2+0x13e/0x1d0
[  307.660628][ T5853]  ? __pfx_do_sys_openat2+0x10/0x10
[  307.665813][ T5853]  ? __sys_bind+0x20a/0x290
[  307.670311][ T5853]  ? __pfx___sys_bind+0x10/0x10
[  307.675152][ T5853]  __x64_sys_openat+0x247/0x2a0
[  307.679990][ T5853]  ? __pfx___x64_sys_openat+0x10/0x10
[  307.685349][ T5853]  ? do_syscall_64+0x100/0x230
[  307.690101][ T5853]  ? do_syscall_64+0xb6/0x230
[  307.694762][ T5853]  do_syscall_64+0xf3/0x230
[  307.699252][ T5853]  ? clear_bhb_loop+0x35/0x90
[  307.703921][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.709807][ T5853] RIP: 0033:0x7faa32146f79
[  307.714210][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  307.733812][ T5853] RSP: 002b:00007ffdceb58658 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  307.742221][ T5853] RAX: ffffffffffffffda RBX: 00007faa3218f095 RCX: 00007faa32146f79
[  307.750184][ T5853] RDX: 000000000000275a RSI: 00000000200000c0 RDI: 00000000ffffff9c
[  307.758141][ T5853] RBP: 00007faa321c45f0 R08: 000055557ead04c0 R09: 000055557ead04c0
[  307.766101][ T5853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdceb58680
[  307.774064][ T5853] R13: 00007ffdceb588a8 R14: 431bde82d7b634db R15: 00007faa3218f03b
[  307.782035][ T5853]  </TASK>
[  307.785197][ T5853] Kernel Offset: disabled
[  307.789521][ T5853] Rebooting in 86400 seconds..