Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts.
executing program
[ 111.517370][ T4259] loop0: detected capacity change from 0 to 128
[ 111.527831][ T4259] VFS: Found a Xenix FS (block size = 1024) on device loop0
[ 111.537027][ T4259] syz-executor239: attempt to access beyond end of device
[ 111.537027][ T4259] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[ 111.553295][ T4259] Buffer I/O error on dev loop0, logical block 3245768, async page read
[ 111.563176][ T4259] unable to read i-node block
[ 111.568380][ T4259] syz-executor239: attempt to access beyond end of device
[ 111.568380][ T4259] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[ 111.582430][ T4259] Buffer I/O error on dev loop0, logical block 3245768, async page read
[ 111.591146][ T4259] sysv_free_block: flc_count > flc_size
[ 111.596779][ T4259] sysv_free_inode: unable to read inode block on device loop0
[ 111.608947][ T4258] sysv_free_block: flc_count > flc_size
[ 111.615013][ T4258] sysv_free_block: flc_count > flc_size
[ 111.620556][ T4258] sysv_free_block: flc_count > flc_size
[ 111.626149][ T4258] sysv_free_block: flc_count > flc_size
[ 111.631702][ T4258] sysv_free_block: flc_count > flc_size
[ 111.637307][ T4258] sysv_free_block: flc_count > flc_size
[ 111.642901][ T4258] sysv_free_block: flc_count > flc_size
[ 111.648452][ T4258] sysv_free_block: flc_count > flc_size
[ 111.654046][ T4258] sysv_free_block: flc_count > flc_size
[ 111.659608][ T4258] sysv_free_block: flc_count > flc_size
executing program
[ 111.666132][ T4258] sysv_free_inode: inode 0,1,2 or nonexistent inode
[ 111.692486][ T4260] loop0: detected capacity change from 0 to 128
[ 111.702355][ T4260] VFS: Found a Xenix FS (block size = 1024) on device loop0
[ 111.710826][ T4260] syz-executor239: attempt to access beyond end of device
[ 111.710826][ T4260] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[ 111.725115][ T4260] Buffer I/O error on dev loop0, logical block 3245768, async page read
[ 111.734448][ T4260] unable to read i-node block
[ 111.739313][ T4260] ==================================================================
[ 111.747381][ T4260] BUG: KASAN: use-after-free in sysv_new_block+0x788/0x960
[ 111.754596][ T4260] Read of size 4 at addr ffff88806f0d40c8 by task syz-executor239/4260
[ 111.762832][ T4260]
[ 111.765158][ T4260] CPU: 0 PID: 4260 Comm: syz-executor239 Not tainted 6.1.127-syzkaller #0
[ 111.773650][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 111.783729][ T4260] Call Trace:
[ 111.787004][ T4260]
[ 111.789928][ T4260] dump_stack_lvl+0x1e3/0x2cb
[ 111.794620][ T4260] ? nf_tcp_handle_invalid+0x642/0x642
[ 111.800083][ T4260] ? panic+0x764/0x764
[ 111.804169][ T4260] ? _printk+0xd1/0x111
[ 111.808322][ T4260] ? __virt_addr_valid+0x17f/0x530
[ 111.813438][ T4260] ? __virt_addr_valid+0x17f/0x530
[ 111.818548][ T4260] print_report+0x15f/0x4f0
[ 111.823049][ T4260] ? __virt_addr_valid+0x17f/0x530
[ 111.828193][ T4260] ? __virt_addr_valid+0x17f/0x530
[ 111.833314][ T4260] ? __virt_addr_valid+0x45b/0x530
[ 111.838519][ T4260] ? __phys_addr+0xb6/0x170
[ 111.843022][ T4260] ? sysv_new_block+0x788/0x960
[ 111.847875][ T4260] kasan_report+0x136/0x160
[ 111.852374][ T4260] ? sysv_new_block+0x788/0x960
[ 111.857248][ T4260] sysv_new_block+0x788/0x960
[ 111.861938][ T4260] get_block+0x2e7/0x1790
[ 111.866269][ T4260] ? create_page_buffers+0x1d2/0x4b0
[ 111.871554][ T4260] ? __rwlock_init+0x140/0x140
[ 111.876318][ T4260] ? sysv_truncate+0x1050/0x1050
[ 111.881254][ T4260] ? attach_page_private+0x110/0x300
[ 111.886542][ T4260] ? create_page_buffers+0x24e/0x4b0
[ 111.891826][ T4260] __block_write_begin_int+0x544/0x1a30
[ 111.897378][ T4260] ? rcu_is_watching+0x11/0xb0
[ 111.902133][ T4260] ? sysv_truncate+0x1050/0x1050
[ 111.907071][ T4260] ? page_zero_new_buffers+0x650/0x650
[ 111.912530][ T4260] ? sysv_truncate+0x1050/0x1050
[ 111.917465][ T4260] block_write_begin+0x98/0x1f0
[ 111.922310][ T4260] ? sysv_write_begin+0x16/0x60
[ 111.927159][ T4260] sysv_write_begin+0x2d/0x60
[ 111.931835][ T4260] page_symlink+0x2c1/0x4e0
[ 111.936341][ T4260] ? make_kgid+0x6f0/0x6f0
[ 111.940761][ T4260] ? page_readlink+0x1d0/0x1d0
[ 111.945528][ T4260] ? generic_permission+0x27c/0x4f0
[ 111.950725][ T4260] sysv_symlink+0xcb/0x180
[ 111.955143][ T4260] vfs_symlink+0x247/0x3d0
[ 111.959561][ T4260] do_symlinkat+0x21e/0x390
[ 111.964062][ T4260] ? __check_object_size+0x4dd/0xa30
[ 111.969348][ T4260] ? vfs_symlink+0x3d0/0x3d0
[ 111.973941][ T4260] ? getname_flags+0x1f9/0x4f0
[ 111.978703][ T4260] ? lockdep_hardirqs_on+0x94/0x130
[ 111.983901][ T4260] __x64_sys_symlink+0x7a/0x90
[ 111.988665][ T4260] do_syscall_64+0x3b/0xb0
[ 111.993073][ T4260] ? clear_bhb_loop+0x45/0xa0
[ 111.997747][ T4260] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 112.003646][ T4260] RIP: 0033:0x7f25f0c1e0e9
[ 112.008063][ T4260] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.027667][ T4260] RSP: 002b:00007ffe97f5e688 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 112.036080][ T4260] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25f0c1e0e9
[ 112.044049][ T4260] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80
[ 112.052014][ T4260] RBP: 0000000000000004 R08: 0000000000009e80 R09: 0000000000000000
[ 112.059977][ T4260] R10: 00007ffe97f5e710 R11: 0000000000000246 R12: 00007ffe97f5e6d0
[ 112.067942][ T4260] R13: 00007ffe97f5e710 R14: 0000000000010000 R15: 0000000000000003
[ 112.075913][ T4260]
[ 112.078924][ T4260]
[ 112.081237][ T4260] The buggy address belongs to the physical page:
[ 112.087643][ T4260] page:ffffea0001bc3500 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6f0d4
[ 112.097785][ T4260] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 112.104924][ T4260] raw: 00fff00000000000 ffffea0001bc3548 ffffea0001bc34c8 0000000000000000
[ 112.113501][ T4260] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 112.122073][ T4260] page dumped because: kasan: bad access detected
[ 112.128479][ T4260] page_owner tracks the page as freed
[ 112.133863][ T4260] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 20233614458, free_ts 21685061719
[ 112.148787][ T4260] post_alloc_hook+0x18d/0x1b0
[ 112.153547][ T4260] split_map_pages+0x246/0x510
[ 112.158310][ T4260] isolate_freepages_range+0x47c/0x4e0
[ 112.163767][ T4260] alloc_contig_range+0x62a/0x990
[ 112.168784][ T4260] alloc_contig_pages+0x3f0/0x4e0
[ 112.173803][ T4260] debug_vm_pgtable_alloc_huge_page+0xb9/0x108
[ 112.179952][ T4260] init_args+0xc92/0x1022
[ 112.184279][ T4260] debug_vm_pgtable+0xaa/0x46b
[ 112.189036][ T4260] do_one_initcall+0x265/0x8f0
[ 112.193795][ T4260] do_initcall_level+0x157/0x207
[ 112.198730][ T4260] do_initcalls+0x49/0x86
[ 112.203058][ T4260] kernel_init_freeable+0x45c/0x60f
[ 112.208279][ T4260] kernel_init+0x19/0x290
[ 112.212606][ T4260] ret_from_fork+0x1f/0x30
[ 112.217022][ T4260] page last free stack trace:
[ 112.221682][ T4260] free_unref_page_prepare+0x12a6/0x15b0
[ 112.227308][ T4260] free_unref_page+0x33/0x3e0
[ 112.231999][ T4260] free_contig_range+0x9a/0x150
[ 112.236847][ T4260] destroy_args+0xfe/0x997
[ 112.241266][ T4260] debug_vm_pgtable+0x416/0x46b
[ 112.246132][ T4260] do_one_initcall+0x265/0x8f0
[ 112.250895][ T4260] do_initcall_level+0x157/0x207
[ 112.255831][ T4260] do_initcalls+0x49/0x86
[ 112.260164][ T4260] kernel_init_freeable+0x45c/0x60f
[ 112.265374][ T4260] kernel_init+0x19/0x290
[ 112.269711][ T4260] ret_from_fork+0x1f/0x30
[ 112.274151][ T4260]
[ 112.276464][ T4260] Memory state around the buggy address:
[ 112.282104][ T4260] ffff88806f0d3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 112.290165][ T4260] ffff88806f0d4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 112.298220][ T4260] >ffff88806f0d4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 112.306275][ T4260] ^
[ 112.312698][ T4260] ffff88806f0d4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 112.320752][ T4260] ffff88806f0d4180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 112.328800][ T4260] ==================================================================
[ 112.337232][ T4260] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 112.344450][ T4260] CPU: 0 PID: 4260 Comm: syz-executor239 Not tainted 6.1.127-syzkaller #0
[ 112.352948][ T4260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 112.363000][ T4260] Call Trace:
[ 112.366281][ T4260]
[ 112.369216][ T4260] dump_stack_lvl+0x1e3/0x2cb
[ 112.373916][ T4260] ? nf_tcp_handle_invalid+0x642/0x642
[ 112.379442][ T4260] ? panic+0x764/0x764
[ 112.383516][ T4260] ? preempt_schedule_common+0xa6/0xd0
[ 112.388981][ T4260] ? vscnprintf+0x59/0x80
[ 112.393356][ T4260] panic+0x318/0x764
[ 112.397259][ T4260] ? check_panic_on_warn+0x1d/0xa0
[ 112.402380][ T4260] ? memcpy_page_flushcache+0xfc/0xfc
[ 112.407758][ T4260] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 112.413745][ T4260] ? _raw_spin_unlock+0x40/0x40
[ 112.418605][ T4260] ? print_report+0x4a3/0x4f0
[ 112.423286][ T4260] check_panic_on_warn+0x7e/0xa0
[ 112.428228][ T4260] ? sysv_new_block+0x788/0x960
[ 112.433088][ T4260] end_report+0x66/0x110
[ 112.437333][ T4260] kasan_report+0x143/0x160
[ 112.441837][ T4260] ? sysv_new_block+0x788/0x960
[ 112.446698][ T4260] sysv_new_block+0x788/0x960
[ 112.451383][ T4260] get_block+0x2e7/0x1790
[ 112.455749][ T4260] ? create_page_buffers+0x1d2/0x4b0
[ 112.461037][ T4260] ? __rwlock_init+0x140/0x140
[ 112.465824][ T4260] ? sysv_truncate+0x1050/0x1050
[ 112.470781][ T4260] ? attach_page_private+0x110/0x300
[ 112.476083][ T4260] ? create_page_buffers+0x24e/0x4b0
[ 112.481382][ T4260] __block_write_begin_int+0x544/0x1a30
[ 112.486968][ T4260] ? rcu_is_watching+0x11/0xb0
[ 112.491736][ T4260] ? sysv_truncate+0x1050/0x1050
[ 112.496678][ T4260] ? page_zero_new_buffers+0x650/0x650
[ 112.502163][ T4260] ? sysv_truncate+0x1050/0x1050
[ 112.507108][ T4260] block_write_begin+0x98/0x1f0
[ 112.511960][ T4260] ? sysv_write_begin+0x16/0x60
[ 112.516816][ T4260] sysv_write_begin+0x2d/0x60
[ 112.521501][ T4260] page_symlink+0x2c1/0x4e0
[ 112.526014][ T4260] ? make_kgid+0x6f0/0x6f0
[ 112.530455][ T4260] ? page_readlink+0x1d0/0x1d0
[ 112.535264][ T4260] ? generic_permission+0x27c/0x4f0
[ 112.540481][ T4260] sysv_symlink+0xcb/0x180
[ 112.544915][ T4260] vfs_symlink+0x247/0x3d0
[ 112.549348][ T4260] do_symlinkat+0x21e/0x390
[ 112.553865][ T4260] ? __check_object_size+0x4dd/0xa30
[ 112.559164][ T4260] ? vfs_symlink+0x3d0/0x3d0
[ 112.563766][ T4260] ? getname_flags+0x1f9/0x4f0
[ 112.568533][ T4260] ? lockdep_hardirqs_on+0x94/0x130
[ 112.573738][ T4260] __x64_sys_symlink+0x7a/0x90
[ 112.578514][ T4260] do_syscall_64+0x3b/0xb0
[ 112.582931][ T4260] ? clear_bhb_loop+0x45/0xa0
[ 112.587610][ T4260] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 112.593511][ T4260] RIP: 0033:0x7f25f0c1e0e9
[ 112.597928][ T4260] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.617534][ T4260] RSP: 002b:00007ffe97f5e688 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 112.625953][ T4260] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25f0c1e0e9
[ 112.633928][ T4260] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80
[ 112.641920][ T4260] RBP: 0000000000000004 R08: 0000000000009e80 R09: 0000000000000000
[ 112.649890][ T4260] R10: 00007ffe97f5e710 R11: 0000000000000246 R12: 00007ffe97f5e6d0
[ 112.657865][ T4260] R13: 00007ffe97f5e710 R14: 0000000000010000 R15: 0000000000000003
[ 112.665847][ T4260]
[ 112.669000][ T4260] Kernel Offset: disabled
[ 112.673341][ T4260] Rebooting in 86400 seconds..