Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts.
executing program
[   58.669341][ T4163] loop0: detected capacity change from 0 to 128
[   58.769075][ T4163] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   58.801797][ T4162] sysv_free_block: flc_count > flc_size
[   58.807919][ T4162] sysv_free_block: flc_count > flc_size
[   58.813475][ T4162] sysv_free_block: flc_count > flc_size
[   58.819560][ T4162] sysv_free_block: flc_count > flc_size
[   58.825106][ T4162] sysv_free_block: flc_count > flc_size
[   58.830780][ T4162] sysv_free_block: flc_count > flc_size
[   58.836858][ T4162] sysv_free_block: flc_count > flc_size
[   58.842393][ T4162] sysv_free_block: flc_count > flc_size
[   58.847974][ T4162] sysv_free_block: flc_count > flc_size
[   58.853517][ T4162] sysv_free_block: flc_count > flc_size
[   58.859694][ T4162] sysv_free_inode: inode 0,1,2 or nonexistent inode
executing program
[   58.925536][ T4165] loop0: detected capacity change from 0 to 128
[   58.997938][ T4165] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   59.007680][ T4165] ==================================================================
[   59.015890][ T4165] BUG: KASAN: use-after-free in sysv_new_inode+0x1062/0x11f0
[   59.023280][ T4165] Read of size 2 at addr ffff8880715fe1ce by task syz-executor226/4165
[   59.031508][ T4165] 
[   59.033829][ T4165] CPU: 1 PID: 4165 Comm: syz-executor226 Not tainted 5.15.177-syzkaller #0
[   59.042403][ T4165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   59.052484][ T4165] Call Trace:
[   59.055758][ T4165]  <TASK>
[   59.058681][ T4165]  dump_stack_lvl+0x1e3/0x2d0
[   59.063380][ T4165]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   59.069061][ T4165]  ? _printk+0xd1/0x120
[   59.073419][ T4165]  ? __wake_up_klogd+0xcc/0x100
[   59.078283][ T4165]  ? panic+0x860/0x860
[   59.082371][ T4165]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   59.087836][ T4165]  print_address_description+0x63/0x3b0
[   59.093579][ T4165]  ? sysv_new_inode+0x1062/0x11f0
[   59.098608][ T4165]  kasan_report+0x16b/0x1c0
[   59.103126][ T4165]  ? sysv_new_inode+0x1062/0x11f0
[   59.108152][ T4165]  sysv_new_inode+0x1062/0x11f0
[   59.113047][ T4165]  ? sysv_free_inode+0x840/0x840
[   59.117998][ T4165]  sysv_mknod+0x4a/0xe0
[   59.122153][ T4165]  ? sysv_lookup+0xe0/0xe0
[   59.126562][ T4165]  path_openat+0x130a/0x2f20
[   59.131168][ T4165]  ? do_filp_open+0x460/0x460
[   59.135849][ T4165]  do_filp_open+0x21c/0x460
[   59.140344][ T4165]  ? vfs_tmpfile+0x2e0/0x2e0
[   59.144935][ T4165]  ? _raw_spin_unlock+0x24/0x40
[   59.149777][ T4165]  ? alloc_fd+0x598/0x630
[   59.154130][ T4165]  do_sys_openat2+0x13b/0x4f0
[   59.158822][ T4165]  ? do_sys_open+0x220/0x220
[   59.163415][ T4165]  __x64_sys_openat+0x243/0x290
[   59.168265][ T4165]  ? __ia32_sys_open+0x270/0x270
[   59.173199][ T4165]  ? syscall_enter_from_user_mode+0x2e/0x240
[   59.179183][ T4165]  ? lockdep_hardirqs_on+0x94/0x130
[   59.184422][ T4165]  ? syscall_enter_from_user_mode+0x2e/0x240
[   59.190413][ T4165]  do_syscall_64+0x3b/0xb0
[   59.194826][ T4165]  ? clear_bhb_loop+0x15/0x70
[   59.199493][ T4165]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   59.205382][ T4165] RIP: 0033:0x7f82f7650129
[   59.209788][ T4165] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.229384][ T4165] RSP: 002b:00007ffcf1f83118 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   59.237793][ T4165] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f82f7650129
[   59.245753][ T4165] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[   59.253715][ T4165] RBP: 0000000000000004 R08: 0000000000009e7e R09: 0000000000000000
[   59.261675][ T4165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf1f83160
[   59.269654][ T4165] R13: 00007ffcf1f831a0 R14: 0000000000010000 R15: 0000000000000003
[   59.277626][ T4165]  </TASK>
[   59.280632][ T4165] 
[   59.282942][ T4165] The buggy address belongs to the page:
[   59.288562][ T4165] page:ffffea0001c57f80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x715fe
[   59.298724][ T4165] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   59.305855][ T4165] raw: 00fff00000000000 ffffea0001c567c8 ffffea0001c57848 0000000000000000
[   59.314448][ T4165] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   59.323019][ T4165] page dumped because: kasan: bad access detected
[   59.329419][ T4165] page_owner tracks the page as freed
[   59.334770][ T4165] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 4163, ts 58663712342, free_ts 58793553914
[   59.350291][ T4165]  get_page_from_freelist+0x3b78/0x3d40
[   59.355830][ T4165]  __alloc_pages+0x272/0x700
[   59.360408][ T4165]  alloc_pages_vma+0x39a/0x800
[   59.365159][ T4165]  handle_mm_fault+0x2f49/0x5960
[   59.370084][ T4165]  exc_page_fault+0x271/0x700
[   59.374752][ T4165]  asm_exc_page_fault+0x22/0x30
[   59.379591][ T4165] page last free stack trace:
[   59.384244][ T4165]  free_unref_page_prepare+0xc34/0xcf0
[   59.389695][ T4165]  free_unref_page_list+0x1f7/0x8e0
[   59.394879][ T4165]  release_pages+0x1bb9/0x1f40
[   59.399631][ T4165]  tlb_finish_mmu+0x177/0x320
[   59.404298][ T4165]  exit_mmap+0x3cd/0x620
[   59.408527][ T4165]  __mmput+0x112/0x3b0
[   59.412582][ T4165]  exit_mm+0x688/0x7f0
[   59.416637][ T4165]  do_exit+0x626/0x2480
[   59.420803][ T4165]  do_group_exit+0x144/0x310
[   59.425401][ T4165]  __x64_sys_exit_group+0x3b/0x40
[   59.430414][ T4165]  do_syscall_64+0x3b/0xb0
[   59.434817][ T4165]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   59.440703][ T4165] 
[   59.443014][ T4165] Memory state around the buggy address:
[   59.448625][ T4165]  ffff8880715fe080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.456673][ T4165]  ffff8880715fe100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.464720][ T4165] >ffff8880715fe180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.472764][ T4165]                                               ^
[   59.479170][ T4165]  ffff8880715fe200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.487225][ T4165]  ffff8880715fe280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   59.495293][ T4165] ==================================================================
[   59.503345][ T4165] Disabling lock debugging due to kernel taint
[   59.509977][ T4165] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.517184][ T4165] CPU: 1 PID: 4165 Comm: syz-executor226 Tainted: G    B             5.15.177-syzkaller #0
[   59.527162][ T4165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   59.537229][ T4165] Call Trace:
[   59.540502][ T4165]  <TASK>
[   59.543422][ T4165]  dump_stack_lvl+0x1e3/0x2d0
[   59.548093][ T4165]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   59.553719][ T4165]  ? panic+0x860/0x860
[   59.557787][ T4165]  ? rcu_is_watching+0x11/0xa0
[   59.562569][ T4165]  ? preempt_schedule_common+0xa6/0xd0
[   59.568029][ T4165]  panic+0x318/0x860
[   59.571919][ T4165]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[   59.578069][ T4165]  ? check_panic_on_warn+0x1d/0xa0
[   59.583183][ T4165]  ? fb_is_primary_device+0xd0/0xd0
[   59.588377][ T4165]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   59.594352][ T4165]  ? _raw_spin_unlock+0x40/0x40
[   59.599197][ T4165]  check_panic_on_warn+0x7e/0xa0
[   59.604147][ T4165]  ? sysv_new_inode+0x1062/0x11f0
[   59.609167][ T4165]  end_report+0x6d/0xf0
[   59.613314][ T4165]  kasan_report+0x18e/0x1c0
[   59.617807][ T4165]  ? sysv_new_inode+0x1062/0x11f0
[   59.622838][ T4165]  sysv_new_inode+0x1062/0x11f0
[   59.627842][ T4165]  ? sysv_free_inode+0x840/0x840
[   59.632785][ T4165]  sysv_mknod+0x4a/0xe0
[   59.637038][ T4165]  ? sysv_lookup+0xe0/0xe0
[   59.641543][ T4165]  path_openat+0x130a/0x2f20
[   59.646134][ T4165]  ? do_filp_open+0x460/0x460
[   59.650815][ T4165]  do_filp_open+0x21c/0x460
[   59.655328][ T4165]  ? vfs_tmpfile+0x2e0/0x2e0
[   59.659999][ T4165]  ? _raw_spin_unlock+0x24/0x40
[   59.664842][ T4165]  ? alloc_fd+0x598/0x630
[   59.669191][ T4165]  do_sys_openat2+0x13b/0x4f0
[   59.673862][ T4165]  ? do_sys_open+0x220/0x220
[   59.678443][ T4165]  __x64_sys_openat+0x243/0x290
[   59.683376][ T4165]  ? __ia32_sys_open+0x270/0x270
[   59.688299][ T4165]  ? syscall_enter_from_user_mode+0x2e/0x240
[   59.694273][ T4165]  ? lockdep_hardirqs_on+0x94/0x130
[   59.699468][ T4165]  ? syscall_enter_from_user_mode+0x2e/0x240
[   59.705446][ T4165]  do_syscall_64+0x3b/0xb0
[   59.709961][ T4165]  ? clear_bhb_loop+0x15/0x70
[   59.714638][ T4165]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   59.720525][ T4165] RIP: 0033:0x7f82f7650129
[   59.724939][ T4165] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.744536][ T4165] RSP: 002b:00007ffcf1f83118 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   59.752953][ T4165] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f82f7650129
[   59.760921][ T4165] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[   59.768910][ T4165] RBP: 0000000000000004 R08: 0000000000009e7e R09: 0000000000000000
[   59.776876][ T4165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf1f83160
[   59.784838][ T4165] R13: 00007ffcf1f831a0 R14: 0000000000010000 R15: 0000000000000003
[   59.792809][ T4165]  </TASK>
[   59.795938][ T4165] Kernel Offset: disabled
[   59.800263][ T4165] Rebooting in 86400 seconds..