Warning: Permanently added '10.128.0.167' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   41.036127][ T3499] loop0: detected capacity change from 0 to 4096
[   41.143991][ T3501] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
executing program
[   41.281573][ T3502] loop0: detected capacity change from 0 to 4096
[   41.432035][ T3503] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   41.435200][ T3502] ==================================================================
[   41.450645][ T3502] BUG: KASAN: use-after-free in nilfs_set_link+0x397/0x530
[   41.457839][ T3502] Read of size 2 at addr ffff88807acc8008 by task syz-executor354/3502
[   41.466053][ T3502] 
[   41.468504][ T3502] CPU: 0 PID: 3502 Comm: syz-executor354 Not tainted 5.15.162-syzkaller #0
[   41.477073][ T3502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   41.487104][ T3502] Call Trace:
[   41.490361][ T3502]  <TASK>
[   41.493267][ T3502]  dump_stack_lvl+0x1e3/0x2d0
[   41.497924][ T3502]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   41.503529][ T3502]  ? _printk+0xd1/0x120
[   41.507660][ T3502]  ? __wake_up_klogd+0xcc/0x100
[   41.512491][ T3502]  ? panic+0x860/0x860
[   41.516545][ T3502]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   41.521988][ T3502]  print_address_description+0x63/0x3b0
[   41.527508][ T3502]  ? nilfs_set_link+0x397/0x530
[   41.532331][ T3502]  kasan_report+0x16b/0x1c0
[   41.536807][ T3502]  ? nilfs_set_link+0x397/0x530
[   41.541627][ T3502]  ? nilfs_delete_entry+0x3bd/0x620
[   41.546799][ T3502]  nilfs_set_link+0x397/0x530
[   41.551449][ T3502]  ? nilfs_delete_entry+0x495/0x620
[   41.556621][ T3502]  nilfs_rename+0x844/0xb80
[   41.561103][ T3502]  ? nilfs_mknod+0x290/0x290
[   41.565665][ T3502]  ? rwsem_write_trylock+0x166/0x210
[   41.570928][ T3502]  ? generic_permission+0x21c/0x4f0
[   41.576101][ T3502]  ? do_raw_spin_unlock+0x137/0x8b0
[   41.581288][ T3502]  ? memcpy+0x3c/0x60
[   41.585256][ T3502]  vfs_rename+0xd32/0x10f0
[   41.589661][ T3502]  ? __ia32_sys_link+0x90/0x90
[   41.594402][ T3502]  ? security_path_rename+0x207/0x2a0
[   41.599751][ T3502]  do_renameat2+0xe0f/0x1700
[   41.604334][ T3502]  ? fsnotify_move+0x4f0/0x4f0
[   41.609078][ T3502]  ? __virt_addr_valid+0x39e/0x450
[   41.614161][ T3502]  ? __phys_addr_symbol+0x2b/0x70
[   41.619156][ T3502]  ? 0xffffffff81000000
[   41.623292][ T3502]  ? getname_flags+0x1ec/0x4e0
[   41.628032][ T3502]  __x64_sys_renameat2+0xce/0xe0
[   41.632943][ T3502]  do_syscall_64+0x3b/0xb0
[   41.637332][ T3502]  ? clear_bhb_loop+0x15/0x70
[   41.641982][ T3502]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   41.647863][ T3502] RIP: 0033:0x7f3109bb71e9
[   41.652262][ T3502] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   41.671841][ T3502] RSP: 002b:00007fff4ea4d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   41.680231][ T3502] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f3109bb71e9
[   41.688176][ T3502] RDX: 0000000000000005 RSI: 00000000200001c0 RDI: 0000000000000005
[   41.696119][ T3502] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff4ea4d230
[   41.704064][ T3502] R10: 0000000020000200 R11: 0000000000000246 R12: 00007fff4ea4d21c
[   41.712009][ T3502] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007fff4ea4d250
[   41.719968][ T3502]  </TASK>
[   41.722965][ T3502] 
[   41.725257][ T3502] The buggy address belongs to the page:
[   41.730862][ T3502] page:ffffea0001eb3200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7acc8
[   41.740985][ T3502] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   41.748070][ T3502] raw: 00fff00000000000 ffffea0001eb02c8 ffffea0002ff9688 0000000000000000
[   41.756630][ T3502] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   41.765183][ T3502] page dumped because: kasan: bad access detected
[   41.771567][ T3502] page_owner tracks the page as freed
[   41.776903][ T3502] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 3499, ts 41030921720, free_ts 41255446881
[   41.791454][ T3502]  get_page_from_freelist+0x322a/0x33c0
[   41.796979][ T3502]  __alloc_pages+0x272/0x700
[   41.801539][ T3502]  alloc_pages_vma+0x39a/0x800
[   41.806275][ T3502]  shmem_alloc_and_acct_page+0x4d1/0xd10
[   41.811877][ T3502]  shmem_getpage_gfp+0x17b1/0x3190
[   41.816962][ T3502]  shmem_write_begin+0xce/0x1a0
[   41.821781][ T3502]  generic_perform_write+0x2bf/0x5b0
[   41.827038][ T3502]  __generic_file_write_iter+0x243/0x4f0
[   41.832640][ T3502]  generic_file_write_iter+0xa7/0x1b0
[   41.837980][ T3502]  vfs_write+0xacf/0xe50
[   41.842196][ T3502]  ksys_write+0x1a2/0x2c0
[   41.846496][ T3502]  do_syscall_64+0x3b/0xb0
[   41.850885][ T3502]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   41.856752][ T3502] page last free stack trace:
[   41.861395][ T3502]  free_unref_page_prepare+0xc34/0xcf0
[   41.866825][ T3502]  free_unref_page_list+0x1f7/0x8e0
[   41.871990][ T3502]  release_pages+0x1bb9/0x1f40
[   41.876721][ T3502]  __pagevec_release+0x80/0xf0
[   41.881457][ T3502]  shmem_undo_range+0x67a/0x1b50
[   41.886365][ T3502]  shmem_evict_inode+0x21b/0xa00
[   41.891269][ T3502]  evict+0x2a4/0x620
[   41.895135][ T3502]  __dentry_kill+0x436/0x650
[   41.899695][ T3502]  dentry_kill+0xbb/0x290
[   41.903997][ T3502]  dput+0xd8/0x1a0
[   41.907688][ T3502]  __fput+0x5ec/0x890
[   41.911641][ T3502]  task_work_run+0x129/0x1a0
[   41.916201][ T3502]  exit_to_user_mode_loop+0x106/0x130
[   41.921542][ T3502]  exit_to_user_mode_prepare+0xb1/0x140
[   41.927055][ T3502]  syscall_exit_to_user_mode+0x5d/0x240
[   41.932569][ T3502]  do_syscall_64+0x47/0xb0
[   41.936955][ T3502] 
[   41.939251][ T3502] Memory state around the buggy address:
[   41.944921][ T3502]  ffff88807acc7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.952952][ T3502]  ffff88807acc7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.960982][ T3502] >ffff88807acc8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.969013][ T3502]                       ^
[   41.973312][ T3502]  ffff88807acc8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.981342][ T3502]  ffff88807acc8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   41.989368][ T3502] ==================================================================
[   41.997395][ T3502] Disabling lock debugging due to kernel taint
[   42.003713][ T3502] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   42.010892][ T3502] CPU: 0 PID: 3502 Comm: syz-executor354 Tainted: G    B             5.15.162-syzkaller #0
[   42.020854][ T3502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   42.030880][ T3502] Call Trace:
[   42.034131][ T3502]  <TASK>
[   42.037034][ T3502]  dump_stack_lvl+0x1e3/0x2d0
[   42.041682][ T3502]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   42.047284][ T3502]  ? panic+0x860/0x860
[   42.051323][ T3502]  ? preempt_schedule_common+0xa6/0xd0
[   42.056756][ T3502]  ? preempt_schedule+0xd9/0xe0
[   42.061575][ T3502]  panic+0x318/0x860
[   42.065443][ T3502]  ? check_panic_on_warn+0x1d/0xa0
[   42.070526][ T3502]  ? fb_is_primary_device+0xd0/0xd0
[   42.075692][ T3502]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   42.081641][ T3502]  ? _raw_spin_unlock+0x40/0x40
[   42.086462][ T3502]  ? print_memory_metadata+0xe2/0x140
[   42.091806][ T3502]  check_panic_on_warn+0x7e/0xa0
[   42.096713][ T3502]  ? nilfs_set_link+0x397/0x530
[   42.101535][ T3502]  end_report+0x6d/0xf0
[   42.105659][ T3502]  kasan_report+0x18e/0x1c0
[   42.110131][ T3502]  ? nilfs_set_link+0x397/0x530
[   42.114951][ T3502]  ? nilfs_delete_entry+0x3bd/0x620
[   42.120117][ T3502]  nilfs_set_link+0x397/0x530
[   42.124766][ T3502]  ? nilfs_delete_entry+0x495/0x620
[   42.129937][ T3502]  nilfs_rename+0x844/0xb80
[   42.134411][ T3502]  ? nilfs_mknod+0x290/0x290
[   42.138969][ T3502]  ? rwsem_write_trylock+0x166/0x210
[   42.144224][ T3502]  ? generic_permission+0x21c/0x4f0
[   42.149390][ T3502]  ? do_raw_spin_unlock+0x137/0x8b0
[   42.154558][ T3502]  ? memcpy+0x3c/0x60
[   42.158512][ T3502]  vfs_rename+0xd32/0x10f0
[   42.162910][ T3502]  ? __ia32_sys_link+0x90/0x90
[   42.167648][ T3502]  ? security_path_rename+0x207/0x2a0
[   42.172990][ T3502]  do_renameat2+0xe0f/0x1700
[   42.177554][ T3502]  ? fsnotify_move+0x4f0/0x4f0
[   42.182287][ T3502]  ? __virt_addr_valid+0x39e/0x450
[   42.187367][ T3502]  ? __phys_addr_symbol+0x2b/0x70
[   42.192359][ T3502]  ? 0xffffffff81000000
[   42.196497][ T3502]  ? getname_flags+0x1ec/0x4e0
[   42.201233][ T3502]  __x64_sys_renameat2+0xce/0xe0
[   42.206142][ T3502]  do_syscall_64+0x3b/0xb0
[   42.210533][ T3502]  ? clear_bhb_loop+0x15/0x70
[   42.215177][ T3502]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   42.221038][ T3502] RIP: 0033:0x7f3109bb71e9
[   42.225421][ T3502] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   42.244994][ T3502] RSP: 002b:00007fff4ea4d1f8 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   42.253380][ T3502] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f3109bb71e9
[   42.261324][ T3502] RDX: 0000000000000005 RSI: 00000000200001c0 RDI: 0000000000000005
[   42.269263][ T3502] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff4ea4d230
[   42.277205][ T3502] R10: 0000000020000200 R11: 0000000000000246 R12: 00007fff4ea4d21c
[   42.285146][ T3502] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007fff4ea4d250
[   42.293094][ T3502]  </TASK>
[   42.296270][ T3502] Kernel Offset: disabled
[   42.300575][ T3502] Rebooting in 86400 seconds..