Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
[ 46.176881][ T3565] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
executing program
executing program
executing program
executing program
executing program
[ 46.406081][ T3581] loop2: detected capacity change from 0 to 128
[ 46.422545][ T3581] VFS: Found a Xenix FS (block size = 1024) on device loop2
[ 46.436291][ T3582] loop1: detected capacity change from 0 to 128
[ 46.457368][ T3587] loop0: detected capacity change from 0 to 128
[ 46.463910][ T3586] loop3: detected capacity change from 0 to 128
[ 46.470552][ T3581] attempt to access beyond end of device
[ 46.470552][ T3581] loop2: rw=0, want=6491538, limit=128
[ 46.479076][ T3588] loop4: detected capacity change from 0 to 128
[ 46.482303][ T3581] Buffer I/O error on dev loop2, logical block 3245768, async page read
[ 46.504542][ T3581] attempt to access beyond end of device
[ 46.504542][ T3581] loop2: rw=0, want=6491538, limit=128
[ 46.515666][ T3581] Buffer I/O error on dev loop2, logical block 3245768, async page read
[ 46.517630][ T3582] VFS: Found a Xenix FS (block size = 1024) on device loop1
[ 46.524571][ T3581] sysv_free_block: flc_count > flc_size
[ 46.531435][ T3587] VFS: Found a Xenix FS (block size = 1024) on device loop0
[ 46.546630][ T3588] VFS: Found a Xenix FS (block size = 1024) on device loop4
[ 46.547272][ T3586] VFS: Found a Xenix FS (block size = 1024) on device loop3
[ 46.555018][ T3582] attempt to access beyond end of device
[ 46.555018][ T3582] loop1: rw=0, want=6491538, limit=128
[ 46.561494][ T3587] attempt to access beyond end of device
[ 46.561494][ T3587] loop0: rw=0, want=6491538, limit=128
[ 46.587426][ T3588] attempt to access beyond end of device
[ 46.587426][ T3588] loop4: rw=0, want=6491538, limit=128
[ 46.592146][ T3586] attempt to access beyond end of device
[ 46.592146][ T3586] loop3: rw=0, want=6491538, limit=128
[ 46.599736][ T3582] Buffer I/O error on dev loop1, logical block 3245768, async page read
[ 46.609926][ T3587] Buffer I/O error on dev loop0, logical block 3245768, async page read
[ 46.624536][ T3588] Buffer I/O error on dev loop4, logical block 3245768, async page read
[ 46.628088][ T3586] Buffer I/O error on dev loop3, logical block 3245768, async page read
[ 46.644038][ T3587] unable to read i-node block
[ 46.644192][ T3577] sysv_free_block: flc_count > flc_size
[ 46.648978][ T3587] ==================================================================
[ 46.658202][ T3588] unable to read i-node block
[ 46.662462][ T3587] BUG: KASAN: use-after-free in sysv_new_block+0x788/0x960
[ 46.662511][ T3587] Read of size 4 at addr ffff888065def0c8 by task syz-executor296/3587
[ 46.662527][ T3587]
[ 46.662540][ T3587] CPU: 0 PID: 3587 Comm: syz-executor296 Not tainted 5.15.168-syzkaller #0
[ 46.670040][ T3582] unable to read i-node block
[ 46.674369][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 46.674390][ T3587] Call Trace:
[ 46.674398][ T3587]
[ 46.674406][ T3587] dump_stack_lvl+0x1e3/0x2d0
[ 46.682920][ T3577] sysv_free_block: flc_count > flc_size
[ 46.684929][ T3587] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 46.684951][ T3587] ? _printk+0xd1/0x120
[ 46.701662][ T3588] sysv_free_inode: unable to read inode block on device loop4
[ 46.708215][ T3587] ? __wake_up_klogd+0xcc/0x100
[ 46.708243][ T3587] ? panic+0x860/0x860
[ 46.708262][ T3587] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 46.716123][ T3577] sysv_free_block: flc_count > flc_size
[ 46.719106][ T3587] ? __block_write_begin_int+0x24c/0x1650
[ 46.719138][ T3587] print_address_description+0x63/0x3b0
[ 46.727224][ T3582] sysv_free_inode: unable to read inode block on device loop1
[ 46.730269][ T3587] ? sysv_new_block+0x788/0x960
[ 46.730297][ T3587] kasan_report+0x16b/0x1c0
[ 46.730315][ T3587] ? sysv_new_block+0x788/0x960
[ 46.730337][ T3587] sysv_new_block+0x788/0x960
[ 46.730366][ T3587] get_block+0x2e7/0x1790
[ 46.747442][ T3577] sysv_free_block: flc_count > flc_size
[ 46.750855][ T3587] ? create_page_buffers+0x1d4/0x330
[ 46.750882][ T3587] ? sysv_truncate+0x1050/0x1050
[ 46.750900][ T3587] ? alloc_buffer_head+0xd3/0xf0
[ 46.750933][ T3587] ? create_page_buffers+0x24b/0x330
[ 46.769310][ T3577] sysv_free_block: flc_count > flc_size
[ 46.773248][ T3587] __block_write_begin_int+0x60b/0x1650
[ 46.773294][ T3587] ? sysv_truncate+0x1050/0x1050
[ 46.773314][ T3587] ? page_zero_new_buffers+0x510/0x510
[ 46.796415][ T3577] sysv_free_block: flc_count > flc_size
[ 46.799535][ T3587] ? __mark_inode_dirty+0x3dd/0xd60
[ 46.799568][ T3587] ? wait_for_stable_page+0xe2/0x110
[ 46.804365][ T3577] sysv_free_block: flc_count > flc_size
[ 46.809388][ T3587] ? sysv_truncate+0x1050/0x1050
[ 46.809412][ T3587] block_write_begin+0x4f/0xc0
[ 46.815169][ T3577] sysv_free_block: flc_count > flc_size
[ 46.819576][ T3587] sysv_write_begin+0x36/0x70
[ 46.819603][ T3587] __page_symlink+0x15b/0x2a0
[ 46.824891][ T3577] sysv_free_block: flc_count > flc_size
[ 46.829771][ T3587] ? page_readlink+0x1d0/0x1d0
[ 46.829795][ T3587] ? generic_permission+0x27c/0x4f0
[ 46.829816][ T3587] ? page_symlink+0x22/0x90
[ 46.829840][ T3587] sysv_symlink+0xcb/0x180
[ 46.835879][ T3577] sysv_free_block: flc_count > flc_size
[ 46.840874][ T3587] vfs_symlink+0x247/0x3d0
[ 46.840902][ T3587] do_symlinkat+0x1fd/0x600
[ 46.840923][ T3587] ? vfs_symlink+0x3d0/0x3d0
[ 46.840940][ T3587] ? getname_flags+0x1ec/0x4e0
[ 46.840958][ T3587] ? lockdep_hardirqs_on+0x94/0x130
[ 46.840981][ T3587] __x64_sys_symlink+0x7a/0x90
[ 46.955045][ T3587] do_syscall_64+0x3b/0xb0
[ 46.959457][ T3587] ? clear_bhb_loop+0x15/0x70
[ 46.964116][ T3587] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 46.969991][ T3587] RIP: 0033:0x7f2ab20089e9
[ 46.974401][ T3587] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 46.993986][ T3587] RSP: 002b:00007f2ab1fba228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 47.002383][ T3587] RAX: ffffffffffffffda RBX: 00007f2ab2099468 RCX: 00007f2ab20089e9
[ 47.010339][ T3587] RDX: 00007f2ab20089e9 RSI: 00000000200059c0 RDI: 00000000200049c0
[ 47.018291][ T3587] RBP: 00007f2ab2099460 R08: 00007f2ab1fba6c0 R09: 00007f2ab1fba6c0
[ 47.026244][ T3587] R10: 00007f2ab1fba6c0 R11: 0000000000000246 R12: 00007f2ab209946c
[ 47.034196][ T3587] R13: 0030656c69662f2e R14: 00007f2ab2055340 R15: 00007ffeec4f1de8
[ 47.042162][ T3587]
[ 47.045163][ T3587]
[ 47.047465][ T3587] The buggy address belongs to the page:
[ 47.053084][ T3587] page:ffffea0001977bc0 refcount:1 mapcount:1 mapping:0000000000000000 index:0x7fffffffb pfn:0x65def
[ 47.063911][ T3587] memcg:ffff888017284000
[ 47.068130][ T3587] anon flags: 0xfff00000080014(uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[ 47.077754][ T3587] raw: 00fff00000080014 ffffea0001977b88 ffffea0001977c08 ffff88807d42a441
[ 47.086317][ T3587] raw: 00000007fffffffb 0000000000000000 0000000100000000 ffff888017284000
[ 47.094873][ T3587] page dumped because: kasan: bad access detected
[ 47.101267][ T3587] page_owner tracks the page as allocated
[ 47.106956][ T3587] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 3029, ts 46767703584, free_ts 10434344804
[ 47.121512][ T3587] get_page_from_freelist+0x322a/0x33c0
[ 47.127040][ T3587] __alloc_pages+0x272/0x700
[ 47.131613][ T3587] alloc_pages_vma+0x39a/0x800
[ 47.136356][ T3587] wp_page_copy+0x24e/0x2070
[ 47.140934][ T3587] handle_mm_fault+0x2a3d/0x5960
[ 47.145854][ T3587] exc_page_fault+0x271/0x700
[ 47.150511][ T3587] asm_exc_page_fault+0x22/0x30
[ 47.155350][ T3587] page last free stack trace:
[ 47.160000][ T3587] free_unref_page_prepare+0xc34/0xcf0
[ 47.165437][ T3587] free_unref_page+0x95/0x2d0
[ 47.170092][ T3587] free_contig_range+0x95/0xf0
[ 47.174837][ T3587] destroy_args+0xfe/0x980
[ 47.179232][ T3587] debug_vm_pgtable+0x40d/0x470
[ 47.184060][ T3587] do_one_initcall+0x22b/0x7a0
[ 47.188807][ T3587] do_initcall_level+0x157/0x210
[ 47.193722][ T3587] do_initcalls+0x49/0x90
[ 47.198033][ T3587] kernel_init_freeable+0x425/0x5c0
[ 47.203215][ T3587] kernel_init+0x19/0x290
[ 47.207527][ T3587] ret_from_fork+0x1f/0x30
[ 47.211922][ T3587]
[ 47.214230][ T3587] Memory state around the buggy address:
[ 47.219837][ T3587] ffff888065deef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.227874][ T3587] ffff888065def000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.235913][ T3587] >ffff888065def080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.243948][ T3587] ^
[ 47.250335][ T3587] ffff888065def100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.258372][ T3587] ffff888065def180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.266406][ T3587] ==================================================================
[ 47.274440][ T3587] Disabling lock debugging due to kernel taint
[ 47.281052][ T3575] sysv_free_block: flc_count > flc_size
[ 47.287106][ T3577] sysv_free_inode: inode 0,1,2 or nonexistent inode
[ 47.288898][ T3575] sysv_free_block: flc_count > flc_size
[ 47.302542][ T3575] sysv_free_block: flc_count > flc_size
[ 47.308089][ T3575] sysv_free_block: flc_count > flc_size
[ 47.308382][ T3576] sysv_free_block: flc_count > flc_size
[ 47.314112][ T3575] sysv_free_block: flc_count > flc_size
[ 47.325519][ T3576] sysv_free_block: flc_count > flc_size
[ 47.330115][ T3575] sysv_free_block: flc_count > flc_size
[ 47.331574][ T3576] sysv_free_block: flc_count > flc_size
[ 47.336643][ T3575] sysv_free_block: flc_count > flc_size
[ 47.342186][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342193][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342199][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342204][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342209][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342214][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342219][ T3576] sysv_free_block: flc_count > flc_size
[ 47.342476][ T3576] sysv_free_inode: inode 0,1,2 or nonexistent inode
[ 47.350599][ T3586] sysv_new_block: new block -1215951088 is not in data zone
[ 47.353486][ T3587] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 47.359112][ T3575] sysv_free_block: flc_count > flc_size
[ 47.364370][ T3587] CPU: 0 PID: 3587 Comm: syz-executor296 Tainted: G B 5.15.168-syzkaller #0
[ 47.364388][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 47.364396][ T3587] Call Trace:
[ 47.364402][ T3587]
[ 47.364407][ T3587] dump_stack_lvl+0x1e3/0x2d0
[ 47.370718][ T3575] sysv_free_block: flc_count > flc_size
[ 47.375440][ T3587] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 47.381226][ T3575] sysv_free_block: flc_count > flc_size
[ 47.386471][ T3587] ? panic+0x860/0x860
[ 47.393590][ T3575] sysv_free_inode: inode 0,1,2 or nonexistent inode
[ 47.400285][ T3587] ? preempt_schedule_common+0xa6/0xd0
[ 47.400307][ T3587] ? preempt_schedule+0xd9/0xe0
[ 47.400322][ T3587] panic+0x318/0x860
[ 47.485037][ T3587] ? check_panic_on_warn+0x1d/0xa0
[ 47.490127][ T3587] ? fb_is_primary_device+0xd0/0xd0
[ 47.495302][ T3587] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 47.501252][ T3587] ? _raw_spin_unlock+0x40/0x40
[ 47.506075][ T3587] ? print_memory_metadata+0xe2/0x140
[ 47.511434][ T3587] check_panic_on_warn+0x7e/0xa0
[ 47.516344][ T3587] ? sysv_new_block+0x788/0x960
[ 47.521167][ T3587] end_report+0x6d/0xf0
[ 47.525297][ T3587] kasan_report+0x18e/0x1c0
[ 47.529777][ T3587] ? sysv_new_block+0x788/0x960
[ 47.534618][ T3587] sysv_new_block+0x788/0x960
[ 47.539283][ T3587] get_block+0x2e7/0x1790
[ 47.543589][ T3587] ? create_page_buffers+0x1d4/0x330
[ 47.548849][ T3587] ? sysv_truncate+0x1050/0x1050
[ 47.553762][ T3587] ? alloc_buffer_head+0xd3/0xf0
[ 47.558678][ T3587] ? create_page_buffers+0x24b/0x330
[ 47.563954][ T3587] __block_write_begin_int+0x60b/0x1650
[ 47.569481][ T3587] ? sysv_truncate+0x1050/0x1050
[ 47.574393][ T3587] ? page_zero_new_buffers+0x510/0x510
[ 47.579850][ T3587] ? __mark_inode_dirty+0x3dd/0xd60
[ 47.585026][ T3587] ? wait_for_stable_page+0xe2/0x110
[ 47.590285][ T3587] ? sysv_truncate+0x1050/0x1050
[ 47.595198][ T3587] block_write_begin+0x4f/0xc0
[ 47.599938][ T3587] sysv_write_begin+0x36/0x70
[ 47.604592][ T3587] __page_symlink+0x15b/0x2a0
[ 47.609244][ T3587] ? page_readlink+0x1d0/0x1d0
[ 47.613982][ T3587] ? generic_permission+0x27c/0x4f0
[ 47.619156][ T3587] ? page_symlink+0x22/0x90
[ 47.623633][ T3587] sysv_symlink+0xcb/0x180
[ 47.628046][ T3587] vfs_symlink+0x247/0x3d0
[ 47.632437][ T3587] do_symlinkat+0x1fd/0x600
[ 47.636919][ T3587] ? vfs_symlink+0x3d0/0x3d0
[ 47.641482][ T3587] ? getname_flags+0x1ec/0x4e0
[ 47.646221][ T3587] ? lockdep_hardirqs_on+0x94/0x130
[ 47.651392][ T3587] __x64_sys_symlink+0x7a/0x90
[ 47.656130][ T3587] do_syscall_64+0x3b/0xb0
[ 47.660605][ T3587] ? clear_bhb_loop+0x15/0x70
[ 47.665261][ T3587] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 47.671130][ T3587] RIP: 0033:0x7f2ab20089e9
[ 47.675525][ T3587] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 47.695105][ T3587] RSP: 002b:00007f2ab1fba228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 47.703494][ T3587] RAX: ffffffffffffffda RBX: 00007f2ab2099468 RCX: 00007f2ab20089e9
[ 47.711442][ T3587] RDX: 00007f2ab20089e9 RSI: 00000000200059c0 RDI: 00000000200049c0
[ 47.719388][ T3587] RBP: 00007f2ab2099460 R08: 00007f2ab1fba6c0 R09: 00007f2ab1fba6c0
[ 47.727329][ T3587] R10: 00007f2ab1fba6c0 R11: 0000000000000246 R12: 00007f2ab209946c
[ 47.735284][ T3587] R13: 0030656c69662f2e R14: 00007f2ab2055340 R15: 00007ffeec4f1de8
[ 47.743234][ T3587]
[ 47.746433][ T3587] Kernel Offset: disabled
[ 47.750744][ T3587] Rebooting in 86400 seconds..