Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts.
executing program
[   75.275145][ T4245] loop0: detected capacity change from 0 to 128
[   75.287129][ T4245] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   75.305560][ T4245] syz-executor170: attempt to access beyond end of device
[   75.305560][ T4245] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   75.320191][ T4245] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   75.336586][ T4245] syz-executor170: attempt to access beyond end of device
[   75.336586][ T4245] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   75.350581][ T4245] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   75.359594][ T4245] sysv_free_block: flc_count > flc_size
[   75.378358][ T4244] sysv_free_block: flc_count > flc_size
[   75.384154][ T4244] sysv_free_block: flc_count > flc_size
[   75.389829][ T4244] sysv_free_block: flc_count > flc_size
[   75.395524][ T4244] sysv_free_block: flc_count > flc_size
[   75.401296][ T4244] sysv_free_block: flc_count > flc_size
[   75.406990][ T4244] sysv_free_block: flc_count > flc_size
[   75.412562][ T4244] sysv_free_block: flc_count > flc_size
[   75.418202][ T4244] sysv_free_block: flc_count > flc_size
[   75.423769][ T4244] sysv_free_block: flc_count > flc_size
[   75.429477][ T4244] sysv_free_block: flc_count > flc_size
[   75.435827][ T4244] sysv_free_inode: inode 0,1,2 or nonexistent inode
executing program
[   75.512197][ T4247] loop0: detected capacity change from 0 to 128
[   75.555337][ T4247] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   75.580179][ T4247] syz-executor170: attempt to access beyond end of device
[   75.580179][ T4247] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   75.595491][ T4247] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   75.605585][ T4247] unable to read i-node block
[   75.610366][ T4247] syz-executor170: attempt to access beyond end of device
[   75.610366][ T4247] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   75.624436][ T4247] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   75.632897][ T4247] sysv_free_block: flc_count > flc_size
[   75.638692][ T4247] sysv_free_inode: unable to read inode block on device loop0
[   75.650435][ T4244] sysv_free_block: flc_count > flc_size
[   75.656087][ T4244] sysv_free_block: flc_count > flc_size
[   75.661635][ T4244] sysv_free_block: flc_count > flc_size
[   75.667226][ T4244] sysv_free_block: flc_count > flc_size
[   75.672780][ T4244] sysv_free_block: flc_count > flc_size
[   75.678397][ T4244] sysv_free_block: flc_count > flc_size
[   75.683978][ T4244] sysv_free_block: flc_count > flc_size
[   75.689578][ T4244] sysv_free_block: flc_count > flc_size
[   75.695252][ T4244] sysv_free_block: flc_count > flc_size
[   75.700818][ T4244] sysv_free_block: flc_count > flc_size
executing program
[   75.706808][ T4244] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   75.736189][ T4248] loop0: detected capacity change from 0 to 128
[   75.745073][ T4248] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   75.755698][ T4248] syz-executor170: attempt to access beyond end of device
[   75.755698][ T4248] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   75.770835][ T4248] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   75.779691][ T4248] ==================================================================
[   75.787800][ T4248] BUG: KASAN: use-after-free in sysv_new_inode+0x107e/0x1210
[   75.795292][ T4248] Read of size 2 at addr ffff88806ea9e1ce by task syz-executor170/4248
[   75.803544][ T4248] 
[   75.805882][ T4248] CPU: 0 PID: 4248 Comm: syz-executor170 Not tainted 6.1.119-syzkaller #0
[   75.814383][ T4248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   75.824460][ T4248] Call Trace:
[   75.827775][ T4248]  <TASK>
[   75.830700][ T4248]  dump_stack_lvl+0x1e3/0x2cb
[   75.835397][ T4248]  ? nf_tcp_handle_invalid+0x642/0x642
[   75.840871][ T4248]  ? panic+0x764/0x764
[   75.844945][ T4248]  ? _printk+0xd1/0x111
[   75.849116][ T4248]  ? __virt_addr_valid+0x17f/0x530
[   75.854238][ T4248]  ? __virt_addr_valid+0x17f/0x530
[   75.859360][ T4248]  print_report+0x15f/0x4f0
[   75.863870][ T4248]  ? __virt_addr_valid+0x17f/0x530
[   75.868990][ T4248]  ? __virt_addr_valid+0x17f/0x530
[   75.874109][ T4248]  ? __virt_addr_valid+0x45b/0x530
[   75.879227][ T4248]  ? __phys_addr+0xb6/0x170
[   75.883737][ T4248]  ? sysv_new_inode+0x107e/0x1210
[   75.888764][ T4248]  kasan_report+0x136/0x160
[   75.893270][ T4248]  ? sysv_new_inode+0x107e/0x1210
[   75.898300][ T4248]  sysv_new_inode+0x107e/0x1210
[   75.903159][ T4248]  ? from_kgid+0x1a3/0x730
[   75.907585][ T4248]  ? make_kgid+0x6f0/0x6f0
[   75.912028][ T4248]  ? sysv_free_inode+0x840/0x840
[   75.916980][ T4248]  ? generic_permission+0x27c/0x4f0
[   75.922190][ T4248]  sysv_symlink+0x9b/0x180
[   75.926616][ T4248]  vfs_symlink+0x247/0x3d0
[   75.931045][ T4248]  do_symlinkat+0x21e/0x390
[   75.935555][ T4248]  ? __check_object_size+0x4dd/0xa30
[   75.940867][ T4248]  ? vfs_symlink+0x3d0/0x3d0
[   75.945463][ T4248]  ? getname_flags+0x1f9/0x4f0
[   75.950230][ T4248]  ? lockdep_hardirqs_on+0x94/0x130
[   75.955427][ T4248]  __x64_sys_symlink+0x7a/0x90
[   75.960196][ T4248]  do_syscall_64+0x3b/0xb0
[   75.964634][ T4248]  ? clear_bhb_loop+0x45/0xa0
[   75.969345][ T4248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   75.975348][ T4248] RIP: 0033:0x7f936e80f5a9
[   75.979790][ T4248] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   75.999418][ T4248] RSP: 002b:00007ffebd1da8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   76.007929][ T4248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f936e80f5a9
[   76.015900][ T4248] RDX: 00007f936e80e740 RSI: 00000000200059c0 RDI: 0000000020002840
[   76.023871][ T4248] RBP: 0000000000000000 R08: 0000000000009e7f R09: 00007ffebd1da8ec
[   76.031846][ T4248] R10: 00007ffebd1da780 R11: 0000000000000246 R12: 00007ffebd1da8ec
[   76.039818][ T4248] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffebd1da920
[   76.047811][ T4248]  </TASK>
[   76.050832][ T4248] 
[   76.053149][ T4248] The buggy address belongs to the physical page:
[   76.059563][ T4248] page:ffffea0001baa780 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ea9e
[   76.069712][ T4248] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   76.076833][ T4248] raw: 00fff00000000000 ffffea0001baa7c8 ffffea0001baa748 0000000000000000
[   76.085414][ T4248] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   76.093997][ T4248] page dumped because: kasan: bad access detected
[   76.100410][ T4248] page_owner tracks the page as freed
[   76.105771][ T4248] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4236, tgid 4236 (sshd), ts 68771750349, free_ts 68809447447
[   76.123829][ T4248]  post_alloc_hook+0x18d/0x1b0
[   76.128595][ T4248]  get_page_from_freelist+0x3731/0x38d0
[   76.134148][ T4248]  __alloc_pages+0x28d/0x770
[   76.138739][ T4248]  __folio_alloc+0xf/0x30
[   76.143073][ T4248]  vma_alloc_folio+0x486/0x990
[   76.147862][ T4248]  handle_mm_fault+0x2e8e/0x5340
[   76.152804][ T4248]  exc_page_fault+0x26f/0x620
[   76.157479][ T4248]  asm_exc_page_fault+0x22/0x30
[   76.162334][ T4248] page last free stack trace:
[   76.167042][ T4248]  free_unref_page_prepare+0xf63/0x1120
[   76.172590][ T4248]  free_unref_page_list+0x663/0x900
[   76.177808][ T4248]  release_pages+0x2836/0x2b40
[   76.182746][ T4248]  tlb_flush_mmu+0xfc/0x210
[   76.187336][ T4248]  tlb_finish_mmu+0xce/0x1f0
[   76.191929][ T4248]  unmap_region+0x29f/0x2f0
[   76.196433][ T4248]  do_mas_align_munmap+0xef5/0x15a0
[   76.201631][ T4248]  do_mas_munmap+0x246/0x2b0
[   76.206217][ T4248]  __vm_munmap+0x268/0x370
[   76.210629][ T4248]  __x64_sys_munmap+0x5c/0x70
[   76.215317][ T4248]  do_syscall_64+0x3b/0xb0
[   76.219753][ T4248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   76.225668][ T4248] 
[   76.227993][ T4248] Memory state around the buggy address:
[   76.233623][ T4248]  ffff88806ea9e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.241687][ T4248]  ffff88806ea9e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.249748][ T4248] >ffff88806ea9e180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.257802][ T4248]                                               ^
[   76.264205][ T4248]  ffff88806ea9e200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.272259][ T4248]  ffff88806ea9e280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   76.280311][ T4248] ==================================================================
[   76.289582][ T4248] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   76.296807][ T4248] CPU: 0 PID: 4248 Comm: syz-executor170 Not tainted 6.1.119-syzkaller #0
[   76.305343][ T4248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   76.315389][ T4248] Call Trace:
[   76.318658][ T4248]  <TASK>
[   76.321670][ T4248]  dump_stack_lvl+0x1e3/0x2cb
[   76.326464][ T4248]  ? nf_tcp_handle_invalid+0x642/0x642
[   76.331924][ T4248]  ? panic+0x764/0x764
[   76.335985][ T4248]  ? preempt_schedule_common+0xa6/0xd0
[   76.341437][ T4248]  ? vscnprintf+0x59/0x80
[   76.345769][ T4248]  panic+0x318/0x764
[   76.349658][ T4248]  ? check_panic_on_warn+0x1d/0xa0
[   76.354767][ T4248]  ? memcpy_page_flushcache+0xfc/0xfc
[   76.360132][ T4248]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   76.366128][ T4248]  ? _raw_spin_unlock+0x40/0x40
[   76.370981][ T4248]  ? print_report+0x4a3/0x4f0
[   76.375650][ T4248]  check_panic_on_warn+0x7e/0xa0
[   76.380583][ T4248]  ? sysv_new_inode+0x107e/0x1210
[   76.385603][ T4248]  end_report+0x66/0x110
[   76.389838][ T4248]  kasan_report+0x143/0x160
[   76.394334][ T4248]  ? sysv_new_inode+0x107e/0x1210
[   76.399360][ T4248]  sysv_new_inode+0x107e/0x1210
[   76.404296][ T4248]  ? from_kgid+0x1a3/0x730
[   76.408712][ T4248]  ? make_kgid+0x6f0/0x6f0
[   76.413123][ T4248]  ? sysv_free_inode+0x840/0x840
[   76.418060][ T4248]  ? generic_permission+0x27c/0x4f0
[   76.423262][ T4248]  sysv_symlink+0x9b/0x180
[   76.427799][ T4248]  vfs_symlink+0x247/0x3d0
[   76.432267][ T4248]  do_symlinkat+0x21e/0x390
[   76.436864][ T4248]  ? __check_object_size+0x4dd/0xa30
[   76.442252][ T4248]  ? vfs_symlink+0x3d0/0x3d0
[   76.446853][ T4248]  ? getname_flags+0x1f9/0x4f0
[   76.451616][ T4248]  ? lockdep_hardirqs_on+0x94/0x130
[   76.456815][ T4248]  __x64_sys_symlink+0x7a/0x90
[   76.461591][ T4248]  do_syscall_64+0x3b/0xb0
[   76.466033][ T4248]  ? clear_bhb_loop+0x45/0xa0
[   76.470726][ T4248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   76.476636][ T4248] RIP: 0033:0x7f936e80f5a9
[   76.481048][ T4248] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.500654][ T4248] RSP: 002b:00007ffebd1da8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   76.509093][ T4248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f936e80f5a9
[   76.517074][ T4248] RDX: 00007f936e80e740 RSI: 00000000200059c0 RDI: 0000000020002840
[   76.525043][ T4248] RBP: 0000000000000000 R08: 0000000000009e7f R09: 00007ffebd1da8ec
[   76.533010][ T4248] R10: 00007ffebd1da780 R11: 0000000000000246 R12: 00007ffebd1da8ec
[   76.540992][ T4248] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffebd1da920
[   76.548986][ T4248]  </TASK>
[   76.552322][ T4248] Kernel Offset: disabled
[   76.556649][ T4248] Rebooting in 86400 seconds..