Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[   69.297444][ T4249] loop0: detected capacity change from 0 to 128
[   69.308799][ T4250] loop2: detected capacity change from 0 to 128
[   69.336192][ T4255] loop1: detected capacity change from 0 to 128
[   69.336223][ T4254] loop4: detected capacity change from 0 to 128
[   69.345813][ T4249] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   69.356521][ T4253] loop3: detected capacity change from 0 to 128
[   69.363457][ T4250] VFS: Found a Xenix FS (block size = 1024) on device loop2
[   69.370787][ T4254] VFS: Found a Xenix FS (block size = 1024) on device loop4
[   69.379999][ T4253] VFS: Found a Xenix FS (block size = 1024) on device loop3
[   69.381817][ T4254] ==================================================================
[   69.387472][ T4255] VFS: Found a Xenix FS (block size = 1024) on device loop1
[   69.395447][ T4254] BUG: KASAN: use-after-free in sysv_new_inode+0x107e/0x1210
[   69.395501][ T4254] Read of size 2 at addr ffff88806eab31ce by task syz-executor403/4254
[   69.418377][ T4254] 
[   69.420731][ T4254] CPU: 1 PID: 4254 Comm: syz-executor403 Not tainted 6.1.126-syzkaller #0
[   69.429251][ T4254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   69.439345][ T4254] Call Trace:
[   69.442645][ T4254]  <TASK>
[   69.445595][ T4254]  dump_stack_lvl+0x1e3/0x2cb
[   69.450588][ T4254]  ? nf_tcp_handle_invalid+0x642/0x642
[   69.456097][ T4254]  ? panic+0x764/0x764
[   69.460198][ T4254]  ? _printk+0xd1/0x111
[   69.464378][ T4254]  ? __virt_addr_valid+0x17f/0x530
[   69.469523][ T4254]  ? __virt_addr_valid+0x17f/0x530
[   69.474670][ T4254]  print_report+0x15f/0x4f0
[   69.479200][ T4254]  ? __virt_addr_valid+0x17f/0x530
[   69.484347][ T4254]  ? __virt_addr_valid+0x17f/0x530
[   69.489486][ T4254]  ? __virt_addr_valid+0x45b/0x530
[   69.494632][ T4254]  ? __phys_addr+0xb6/0x170
[   69.499174][ T4254]  ? sysv_new_inode+0x107e/0x1210
[   69.504228][ T4254]  kasan_report+0x136/0x160
[   69.508784][ T4254]  ? sysv_new_inode+0x107e/0x1210
[   69.513869][ T4254]  sysv_new_inode+0x107e/0x1210
[   69.518745][ T4254]  ? mark_lock+0x9a/0x340
[   69.523107][ T4254]  ? sysv_free_inode+0x840/0x840
[   69.528067][ T4254]  ? _raw_spin_unlock_irq+0x1f/0x40
[   69.533303][ T4254]  ? lockdep_hardirqs_on+0x94/0x130
[   69.538547][ T4254]  sysv_mkdir+0x3a/0x120
[   69.542844][ T4254]  vfs_mkdir+0x3b6/0x590
[   69.547121][ T4254]  do_mkdirat+0x225/0x360
[   69.551493][ T4254]  ? vfs_mkdir+0x590/0x590
[   69.555979][ T4254]  ? getname_flags+0x1f9/0x4f0
[   69.560774][ T4254]  ? lockdep_hardirqs_on+0x94/0x130
[   69.566012][ T4254]  __x64_sys_mkdir+0x6a/0x80
[   69.570635][ T4254]  do_syscall_64+0x3b/0xb0
[   69.575090][ T4254]  ? clear_bhb_loop+0x45/0xa0
[   69.579787][ T4254]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   69.585703][ T4254] RIP: 0033:0x7f30d6065549
[   69.590139][ T4254] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.609753][ T4254] RSP: 002b:00007ffc7b9af888 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   69.618173][ T4254] RAX: ffffffffffffffda RBX: 00007ffc7b9af8d0 RCX: 00007f30d6065549
[   69.626142][ T4254] RDX: 00007f30d60647a0 RSI: 0000000000000040 RDI: 0000000020000100
[   69.634110][ T4254] RBP: 00007ffc7b9af8b0 R08: 0000000000009e84 R09: 0000000000000000
[   69.642079][ T4254] R10: 00007ffc7b9af750 R11: 0000000000000246 R12: 0000000000000000
[   69.650047][ T4254] R13: 00000000000f4240 R14: 00007ffc7b9af9b0 R15: 0000000000000001
[   69.658032][ T4254]  </TASK>
[   69.661045][ T4254] 
[   69.663357][ T4254] The buggy address belongs to the physical page:
[   69.669766][ T4254] page:ffffea0001baacc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6eab3
[   69.679985][ T4254] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   69.687120][ T4254] raw: 00fff00000000000 ffffea0001baad08 ffffea0001c84c48 0000000000000000
[   69.695701][ T4254] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   69.704276][ T4254] page dumped because: kasan: bad access detected
[   69.710685][ T4254] page_owner tracks the page as freed
[   69.716041][ T4254] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4234, tgid 4234 (sshd), ts 62794387054, free_ts 62832690610
[   69.734023][ T4254]  post_alloc_hook+0x18d/0x1b0
[   69.738791][ T4254]  get_page_from_freelist+0x3731/0x38d0
[   69.744336][ T4254]  __alloc_pages+0x28d/0x770
[   69.748919][ T4254]  __folio_alloc+0xf/0x30
[   69.753244][ T4254]  vma_alloc_folio+0x486/0x990
[   69.758029][ T4254]  handle_mm_fault+0x2e8e/0x5340
[   69.762972][ T4254]  exc_page_fault+0x26f/0x620
[   69.767654][ T4254]  asm_exc_page_fault+0x22/0x30
[   69.772551][ T4254] page last free stack trace:
[   69.777215][ T4254]  free_unref_page_prepare+0x12a6/0x15b0
[   69.782842][ T4254]  free_unref_page_list+0x663/0x900
[   69.788034][ T4254]  release_pages+0x24c4/0x27a0
[   69.792826][ T4254]  tlb_flush_mmu+0xfc/0x210
[   69.797327][ T4254]  tlb_finish_mmu+0xce/0x1f0
[   69.801933][ T4254]  unmap_region+0x29f/0x2f0
[   69.806438][ T4254]  do_mas_align_munmap+0xef5/0x15a0
[   69.811650][ T4254]  do_mas_munmap+0x246/0x2b0
[   69.816233][ T4254]  __vm_munmap+0x268/0x370
[   69.820641][ T4254]  __x64_sys_munmap+0x5c/0x70
[   69.825317][ T4254]  do_syscall_64+0x3b/0xb0
[   69.829760][ T4254]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   69.835663][ T4254] 
[   69.837978][ T4254] Memory state around the buggy address:
[   69.843630][ T4254]  ffff88806eab3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.851685][ T4254]  ffff88806eab3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.859739][ T4254] >ffff88806eab3180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.867798][ T4254]                                               ^
[   69.874206][ T4254]  ffff88806eab3200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.882262][ T4254]  ffff88806eab3280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.890312][ T4254] ==================================================================
[   69.898924][ T4254] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.906144][ T4254] CPU: 1 PID: 4254 Comm: syz-executor403 Not tainted 6.1.126-syzkaller #0
[   69.914646][ T4254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   69.924700][ T4254] Call Trace:
[   69.927980][ T4254]  <TASK>
[   69.930915][ T4254]  dump_stack_lvl+0x1e3/0x2cb
[   69.935606][ T4254]  ? nf_tcp_handle_invalid+0x642/0x642
[   69.941075][ T4254]  ? panic+0x764/0x764
[   69.945148][ T4254]  ? preempt_schedule_common+0xa6/0xd0
[   69.951043][ T4254]  ? vscnprintf+0x59/0x80
[   69.955377][ T4254]  panic+0x318/0x764
[   69.959278][ T4254]  ? check_panic_on_warn+0x1d/0xa0
[   69.964397][ T4254]  ? memcpy_page_flushcache+0xfc/0xfc
[   69.969777][ T4254]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   69.975771][ T4254]  ? _raw_spin_unlock+0x40/0x40
[   69.980630][ T4254]  ? print_report+0x4a3/0x4f0
[   69.985348][ T4254]  check_panic_on_warn+0x7e/0xa0
[   69.990290][ T4254]  ? sysv_new_inode+0x107e/0x1210
[   69.995321][ T4254]  end_report+0x66/0x110
[   69.999563][ T4254]  kasan_report+0x143/0x160
[   70.004071][ T4254]  ? sysv_new_inode+0x107e/0x1210
[   70.009105][ T4254]  sysv_new_inode+0x107e/0x1210
[   70.013965][ T4254]  ? mark_lock+0x9a/0x340
[   70.018316][ T4254]  ? sysv_free_inode+0x840/0x840
[   70.023272][ T4254]  ? _raw_spin_unlock_irq+0x1f/0x40
[   70.028479][ T4254]  ? lockdep_hardirqs_on+0x94/0x130
[   70.033682][ T4254]  sysv_mkdir+0x3a/0x120
[   70.037937][ T4254]  vfs_mkdir+0x3b6/0x590
[   70.042188][ T4254]  do_mkdirat+0x225/0x360
[   70.046528][ T4254]  ? vfs_mkdir+0x590/0x590
[   70.050969][ T4254]  ? getname_flags+0x1f9/0x4f0
[   70.055755][ T4254]  ? lockdep_hardirqs_on+0x94/0x130
[   70.060965][ T4254]  __x64_sys_mkdir+0x6a/0x80
[   70.065563][ T4254]  do_syscall_64+0x3b/0xb0
[   70.070013][ T4254]  ? clear_bhb_loop+0x45/0xa0
[   70.074689][ T4254]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   70.080590][ T4254] RIP: 0033:0x7f30d6065549
[   70.085115][ T4254] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.104735][ T4254] RSP: 002b:00007ffc7b9af888 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   70.113171][ T4254] RAX: ffffffffffffffda RBX: 00007ffc7b9af8d0 RCX: 00007f30d6065549
[   70.121144][ T4254] RDX: 00007f30d60647a0 RSI: 0000000000000040 RDI: 0000000020000100
[   70.129165][ T4254] RBP: 00007ffc7b9af8b0 R08: 0000000000009e84 R09: 0000000000000000
[   70.137142][ T4254] R10: 00007ffc7b9af750 R11: 0000000000000246 R12: 0000000000000000
[   70.145117][ T4254] R13: 00000000000f4240 R14: 00007ffc7b9af9b0 R15: 0000000000000001
[   70.153097][ T4254]  </TASK>
[   70.156468][ T4254] Kernel Offset: disabled
[   70.160795][ T4254] Rebooting in 86400 seconds..