Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts.
executing program
[   72.285590][ T4248] loop0: detected capacity change from 0 to 128
[   72.302161][ T4248] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   72.313339][ T4248] syz-executor139: attempt to access beyond end of device
[   72.313339][ T4248] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   72.327946][ T4248] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   72.352615][ T4246] sysv_free_block: flc_count > flc_size
[   72.358395][ T4246] sysv_free_block: flc_count > flc_size
[   72.364118][ T4246] sysv_free_block: flc_count > flc_size
[   72.369681][ T4246] sysv_free_block: flc_count > flc_size
[   72.375345][ T4246] sysv_free_block: flc_count > flc_size
executing program
[   72.381173][ T4246] sysv_free_block: flc_count > flc_size
[   72.386708][ T4246] sysv_free_block: flc_count > flc_size
[   72.392295][ T4246] sysv_free_block: flc_count > flc_size
[   72.397844][ T4246] sysv_free_block: flc_count > flc_size
[   72.403452][ T4246] sysv_free_block: flc_count > flc_size
[   72.409616][ T4246] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   72.436498][ T4251] loop0: detected capacity change from 0 to 128
[   72.445449][ T4251] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   72.456588][ T4251] syz-executor139: attempt to access beyond end of device
[   72.456588][ T4251] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   72.471624][ T4251] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   72.480544][ T4251] ==================================================================
[   72.488667][ T4251] BUG: KASAN: use-after-free in sysv_new_inode+0x107e/0x1210
[   72.496062][ T4251] Read of size 2 at addr ffff88806f4e91ce by task syz-executor139/4251
[   72.504293][ T4251] 
[   72.506617][ T4251] CPU: 1 PID: 4251 Comm: syz-executor139 Not tainted 6.1.123-syzkaller #0
[   72.515105][ T4251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.525159][ T4251] Call Trace:
[   72.528439][ T4251]  <TASK>
[   72.531453][ T4251]  dump_stack_lvl+0x1e3/0x2cb
[   72.536145][ T4251]  ? nf_tcp_handle_invalid+0x642/0x642
[   72.541612][ T4251]  ? panic+0x764/0x764
[   72.545705][ T4251]  ? _printk+0xd1/0x111
[   72.549858][ T4251]  ? __virt_addr_valid+0x17f/0x530
[   72.554972][ T4251]  ? __virt_addr_valid+0x17f/0x530
[   72.560525][ T4251]  print_report+0x15f/0x4f0
[   72.565027][ T4251]  ? __virt_addr_valid+0x17f/0x530
[   72.570158][ T4251]  ? __virt_addr_valid+0x17f/0x530
[   72.575273][ T4251]  ? __virt_addr_valid+0x45b/0x530
[   72.580405][ T4251]  ? __phys_addr+0xb6/0x170
[   72.584907][ T4251]  ? sysv_new_inode+0x107e/0x1210
[   72.589939][ T4251]  kasan_report+0x136/0x160
[   72.594441][ T4251]  ? sysv_new_inode+0x107e/0x1210
[   72.599467][ T4251]  sysv_new_inode+0x107e/0x1210
[   72.604322][ T4251]  ? from_kgid+0x1a3/0x730
[   72.608740][ T4251]  ? make_kgid+0x6f0/0x6f0
[   72.613161][ T4251]  ? sysv_free_inode+0x840/0x840
[   72.618104][ T4251]  ? generic_permission+0x27c/0x4f0
[   72.623306][ T4251]  sysv_symlink+0x9b/0x180
[   72.627729][ T4251]  vfs_symlink+0x247/0x3d0
[   72.632148][ T4251]  do_symlinkat+0x21e/0x390
[   72.636653][ T4251]  ? __check_object_size+0x4dd/0xa30
[   72.641950][ T4251]  ? vfs_symlink+0x3d0/0x3d0
[   72.646545][ T4251]  ? getname_flags+0x1f9/0x4f0
[   72.651327][ T4251]  ? lockdep_hardirqs_on+0x94/0x130
[   72.656521][ T4251]  __x64_sys_symlink+0x7a/0x90
[   72.661290][ T4251]  do_syscall_64+0x3b/0xb0
[   72.665708][ T4251]  ? clear_bhb_loop+0x45/0xa0
[   72.670377][ T4251]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.676300][ T4251] RIP: 0033:0x7f4256df2a59
[   72.680720][ T4251] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   72.700329][ T4251] RSP: 002b:00007f4256daf228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   72.708738][ T4251] RAX: ffffffffffffffda RBX: 00007f4256e846a8 RCX: 00007f4256df2a59
[   72.716708][ T4251] RDX: 00007f4256df2a59 RSI: 00000000200059c0 RDI: 00000000200049c0
[   72.724677][ T4251] RBP: 00007f4256e846a0 R08: 00007f4256daf6c0 R09: 00007f4256daf6c0
[   72.732662][ T4251] R10: 00007f4256daf6c0 R11: 0000000000000246 R12: 00007f4256e846ac
[   72.740632][ T4251] R13: 0031656c69662f2e R14: 00007f4256e470c0 R15: 00007ffec7c303b8
[   72.748673][ T4251]  </TASK>
[   72.751684][ T4251] 
[   72.753997][ T4251] The buggy address belongs to the physical page:
[   72.760408][ T4251] page:ffffea0001bd3a40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6f4e9
[   72.770549][ T4251] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   72.777663][ T4251] raw: 00fff00000000000 ffffea0001bd3a88 ffffea0001bd3a08 0000000000000000
[   72.786238][ T4251] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   72.794896][ T4251] page dumped because: kasan: bad access detected
[   72.801306][ T4251] page_owner tracks the page as freed
[   72.806679][ T4251] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4189, tgid 4189 (sshd), ts 64976535033, free_ts 65026876136
[   72.824774][ T4251]  post_alloc_hook+0x18d/0x1b0
[   72.829543][ T4251]  get_page_from_freelist+0x3731/0x38d0
[   72.835089][ T4251]  __alloc_pages+0x28d/0x770
[   72.839771][ T4251]  __folio_alloc+0xf/0x30
[   72.844123][ T4251]  vma_alloc_folio+0x486/0x990
[   72.848886][ T4251]  handle_mm_fault+0x2e8e/0x5340
[   72.853821][ T4251]  exc_page_fault+0x26f/0x620
[   72.858492][ T4251]  asm_exc_page_fault+0x22/0x30
[   72.863345][ T4251] page last free stack trace:
[   72.868007][ T4251]  free_unref_page_prepare+0x12a6/0x15b0
[   72.873635][ T4251]  free_unref_page_list+0x663/0x900
[   72.878838][ T4251]  release_pages+0x24c4/0x27a0
[   72.883638][ T4251]  tlb_flush_mmu+0xfc/0x210
[   72.888142][ T4251]  tlb_finish_mmu+0xce/0x1f0
[   72.892739][ T4251]  unmap_region+0x29f/0x2f0
[   72.897240][ T4251]  do_mas_align_munmap+0xef5/0x15a0
[   72.902432][ T4251]  do_mas_munmap+0x246/0x2b0
[   72.907013][ T4251]  __vm_munmap+0x268/0x370
[   72.911420][ T4251]  __x64_sys_munmap+0x5c/0x70
[   72.916088][ T4251]  do_syscall_64+0x3b/0xb0
[   72.920559][ T4251]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.926459][ T4251] 
[   72.928771][ T4251] Memory state around the buggy address:
[   72.934390][ T4251]  ffff88806f4e9080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.942454][ T4251]  ffff88806f4e9100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.950547][ T4251] >ffff88806f4e9180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.958605][ T4251]                                               ^
[   72.965011][ T4251]  ffff88806f4e9200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.973064][ T4251]  ffff88806f4e9280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.981110][ T4251] ==================================================================
[   72.989681][ T4251] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.996904][ T4251] CPU: 0 PID: 4251 Comm: syz-executor139 Not tainted 6.1.123-syzkaller #0
[   73.005412][ T4251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   73.015472][ T4251] Call Trace:
[   73.018756][ T4251]  <TASK>
[   73.021690][ T4251]  dump_stack_lvl+0x1e3/0x2cb
[   73.026384][ T4251]  ? nf_tcp_handle_invalid+0x642/0x642
[   73.031853][ T4251]  ? panic+0x764/0x764
[   73.035923][ T4251]  ? preempt_schedule_common+0xa6/0xd0
[   73.041387][ T4251]  ? vscnprintf+0x59/0x80
[   73.045722][ T4251]  panic+0x318/0x764
[   73.049623][ T4251]  ? check_panic_on_warn+0x1d/0xa0
[   73.054742][ T4251]  ? memcpy_page_flushcache+0xfc/0xfc
[   73.060137][ T4251]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   73.066230][ T4251]  ? _raw_spin_unlock+0x40/0x40
[   73.071097][ T4251]  ? print_report+0x4a3/0x4f0
[   73.075786][ T4251]  check_panic_on_warn+0x7e/0xa0
[   73.080732][ T4251]  ? sysv_new_inode+0x107e/0x1210
[   73.085760][ T4251]  end_report+0x66/0x110
[   73.090005][ T4251]  kasan_report+0x143/0x160
[   73.094510][ T4251]  ? sysv_new_inode+0x107e/0x1210
[   73.099552][ T4251]  sysv_new_inode+0x107e/0x1210
[   73.104415][ T4251]  ? from_kgid+0x1a3/0x730
[   73.108838][ T4251]  ? make_kgid+0x6f0/0x6f0
[   73.113260][ T4251]  ? sysv_free_inode+0x840/0x840
[   73.118209][ T4251]  ? generic_permission+0x27c/0x4f0
[   73.123421][ T4251]  sysv_symlink+0x9b/0x180
[   73.127850][ T4251]  vfs_symlink+0x247/0x3d0
[   73.132312][ T4251]  do_symlinkat+0x21e/0x390
[   73.136821][ T4251]  ? __check_object_size+0x4dd/0xa30
[   73.142112][ T4251]  ? vfs_symlink+0x3d0/0x3d0
[   73.146710][ T4251]  ? getname_flags+0x1f9/0x4f0
[   73.151473][ T4251]  ? lockdep_hardirqs_on+0x94/0x130
[   73.156715][ T4251]  __x64_sys_symlink+0x7a/0x90
[   73.161491][ T4251]  do_syscall_64+0x3b/0xb0
[   73.165953][ T4251]  ? clear_bhb_loop+0x45/0xa0
[   73.170629][ T4251]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   73.176543][ T4251] RIP: 0033:0x7f4256df2a59
[   73.180959][ T4251] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   73.200569][ T4251] RSP: 002b:00007f4256daf228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   73.208985][ T4251] RAX: ffffffffffffffda RBX: 00007f4256e846a8 RCX: 00007f4256df2a59
[   73.216981][ T4251] RDX: 00007f4256df2a59 RSI: 00000000200059c0 RDI: 00000000200049c0
[   73.224952][ T4251] RBP: 00007f4256e846a0 R08: 00007f4256daf6c0 R09: 00007f4256daf6c0
[   73.232926][ T4251] R10: 00007f4256daf6c0 R11: 0000000000000246 R12: 00007f4256e846ac
[   73.240900][ T4251] R13: 0031656c69662f2e R14: 00007f4256e470c0 R15: 00007ffec7c303b8
[   73.248879][ T4251]  </TASK>
[   73.252208][ T4251] Kernel Offset: disabled
[   73.256551][ T4251] Rebooting in 86400 seconds..