Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   71.733583][ T4247] loop0: detected capacity change from 0 to 128
[   71.744649][ T4247] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   71.758565][ T4247] syz-executor269: attempt to access beyond end of device
[   71.758565][ T4247] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   71.779132][ T4247] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   71.788378][ T4247] ==================================================================
[   71.796747][ T4247] BUG: KASAN: use-after-free in sysv_new_inode+0x107e/0x1210
[   71.804178][ T4247] Read of size 2 at addr ffff8880753d31ce by task syz-executor269/4247
[   71.812417][ T4247] 
[   71.814762][ T4247] CPU: 0 PID: 4247 Comm: syz-executor269 Not tainted 6.1.114-syzkaller #0
[   71.823298][ T4247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.833357][ T4247] Call Trace:
[   71.836630][ T4247]  <TASK>
[   71.839551][ T4247]  dump_stack_lvl+0x1e3/0x2cb
[   71.844233][ T4247]  ? nf_tcp_handle_invalid+0x642/0x642
[   71.849688][ T4247]  ? panic+0x764/0x764
[   71.853752][ T4247]  ? _printk+0xd1/0x111
[   71.857903][ T4247]  ? __virt_addr_valid+0x17f/0x530
[   71.863013][ T4247]  ? __virt_addr_valid+0x17f/0x530
[   71.868141][ T4247]  print_report+0x15f/0x4f0
[   71.872641][ T4247]  ? __virt_addr_valid+0x17f/0x530
[   71.877772][ T4247]  ? __virt_addr_valid+0x17f/0x530
[   71.882884][ T4247]  ? __virt_addr_valid+0x45b/0x530
[   71.887993][ T4247]  ? __phys_addr+0xb6/0x170
[   71.892492][ T4247]  ? sysv_new_inode+0x107e/0x1210
[   71.897531][ T4247]  kasan_report+0x136/0x160
[   71.902053][ T4247]  ? sysv_new_inode+0x107e/0x1210
[   71.907078][ T4247]  sysv_new_inode+0x107e/0x1210
[   71.911932][ T4247]  ? from_kgid+0x1a3/0x730
[   71.916346][ T4247]  ? make_kgid+0x6f0/0x6f0
[   71.920778][ T4247]  ? sysv_free_inode+0x840/0x840
[   71.925800][ T4247]  ? generic_permission+0x27c/0x4f0
[   71.930998][ T4247]  sysv_symlink+0x9b/0x180
[   71.935430][ T4247]  vfs_symlink+0x247/0x3d0
[   71.939853][ T4247]  do_symlinkat+0x21e/0x390
[   71.944357][ T4247]  ? __check_object_size+0x4dd/0xa30
[   71.949639][ T4247]  ? vfs_symlink+0x3d0/0x3d0
[   71.954226][ T4247]  ? getname_flags+0x1f9/0x4f0
[   71.958983][ T4247]  ? lockdep_hardirqs_on+0x94/0x130
[   71.964177][ T4247]  __x64_sys_symlink+0x7a/0x90
[   71.968940][ T4247]  do_syscall_64+0x3b/0xb0
[   71.973348][ T4247]  ? clear_bhb_loop+0x45/0xa0
[   71.978022][ T4247]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   71.983942][ T4247] RIP: 0033:0x7f7e65eea499
[   71.988358][ T4247] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.007966][ T4247] RSP: 002b:00007ffc72d588b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   72.016374][ T4247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7e65eea499
[   72.024339][ T4247] RDX: 00007f7e65ee9630 RSI: 0000000020000000 RDI: 0000000020000080
[   72.032308][ T4247] RBP: 0000000000000000 R08: 0000000000009e89 R09: 0000000000000000
[   72.040277][ T4247] R10: 00007ffc72d58780 R11: 0000000000000246 R12: 0000000000000000
[   72.048243][ T4247] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc72d58920
[   72.056229][ T4247]  </TASK>
[   72.059242][ T4247] 
[   72.061555][ T4247] The buggy address belongs to the physical page:
[   72.067971][ T4247] page:ffffea0001d4f4c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x753d3
[   72.078115][ T4247] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   72.085227][ T4247] raw: 00fff00000000000 ffffea00003f6248 ffffea0001cc5288 0000000000000000
[   72.093806][ T4247] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   72.102378][ T4247] page dumped because: kasan: bad access detected
[   72.108783][ T4247] page_owner tracks the page as freed
[   72.114167][ T4247] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4242, tgid 4242 (sftp-server), ts 65992398194, free_ts 66136875206
[   72.132828][ T4247]  post_alloc_hook+0x18d/0x1b0
[   72.137586][ T4247]  get_page_from_freelist+0x322e/0x33b0
[   72.143120][ T4247]  __alloc_pages+0x28d/0x770
[   72.147702][ T4247]  __folio_alloc+0xf/0x30
[   72.152025][ T4247]  vma_alloc_folio+0x486/0x990
[   72.156806][ T4247]  handle_mm_fault+0x2e8e/0x5340
[   72.161741][ T4247]  exc_page_fault+0x26f/0x620
[   72.166414][ T4247]  asm_exc_page_fault+0x22/0x30
[   72.171279][ T4247] page last free stack trace:
[   72.175942][ T4247]  free_unref_page_prepare+0xf63/0x1120
[   72.181483][ T4247]  free_unref_page_list+0x663/0x900
[   72.186674][ T4247]  release_pages+0x2836/0x2b40
[   72.191443][ T4247]  tlb_flush_mmu+0xfc/0x210
[   72.195957][ T4247]  tlb_finish_mmu+0xce/0x1f0
[   72.200552][ T4247]  exit_mmap+0x3c3/0x9f0
[   72.204785][ T4247]  __mmput+0x115/0x3c0
[   72.208843][ T4247]  exit_mm+0x226/0x300
[   72.212904][ T4247]  do_exit+0x9f6/0x26a0
[   72.217053][ T4247]  do_group_exit+0x202/0x2b0
[   72.221635][ T4247]  __x64_sys_exit_group+0x3b/0x40
[   72.226650][ T4247]  do_syscall_64+0x3b/0xb0
[   72.231056][ T4247]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.236949][ T4247] 
[   72.239265][ T4247] Memory state around the buggy address:
[   72.244883][ T4247]  ffff8880753d3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.252938][ T4247]  ffff8880753d3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.260991][ T4247] >ffff8880753d3180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.269059][ T4247]                                               ^
[   72.275460][ T4247]  ffff8880753d3200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.283524][ T4247]  ffff8880753d3280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   72.291679][ T4247] ==================================================================
[   72.300433][ T4247] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.307651][ T4247] CPU: 0 PID: 4247 Comm: syz-executor269 Not tainted 6.1.114-syzkaller #0
[   72.316174][ T4247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.326231][ T4247] Call Trace:
[   72.329630][ T4247]  <TASK>
[   72.332563][ T4247]  dump_stack_lvl+0x1e3/0x2cb
[   72.337245][ T4247]  ? nf_tcp_handle_invalid+0x642/0x642
[   72.342719][ T4247]  ? panic+0x764/0x764
[   72.346788][ T4247]  ? preempt_schedule_common+0xa6/0xd0
[   72.352250][ T4247]  ? vscnprintf+0x59/0x80
[   72.356605][ T4247]  panic+0x318/0x764
[   72.360543][ T4247]  ? check_panic_on_warn+0x1d/0xa0
[   72.365833][ T4247]  ? memcpy_page_flushcache+0xfc/0xfc
[   72.371208][ T4247]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   72.377194][ T4247]  ? _raw_spin_unlock+0x40/0x40
[   72.382047][ T4247]  ? print_report+0x4a3/0x4f0
[   72.386733][ T4247]  check_panic_on_warn+0x7e/0xa0
[   72.391676][ T4247]  ? sysv_new_inode+0x107e/0x1210
[   72.396707][ T4247]  end_report+0x66/0x110
[   72.400951][ T4247]  kasan_report+0x143/0x160
[   72.405453][ T4247]  ? sysv_new_inode+0x107e/0x1210
[   72.410484][ T4247]  sysv_new_inode+0x107e/0x1210
[   72.415342][ T4247]  ? from_kgid+0x1a3/0x730
[   72.419761][ T4247]  ? make_kgid+0x6f0/0x6f0
[   72.424180][ T4247]  ? sysv_free_inode+0x840/0x840
[   72.429142][ T4247]  ? generic_permission+0x27c/0x4f0
[   72.434347][ T4247]  sysv_symlink+0x9b/0x180
[   72.438767][ T4247]  vfs_symlink+0x247/0x3d0
[   72.443190][ T4247]  do_symlinkat+0x21e/0x390
[   72.447694][ T4247]  ? __check_object_size+0x4dd/0xa30
[   72.452978][ T4247]  ? vfs_symlink+0x3d0/0x3d0
[   72.457567][ T4247]  ? getname_flags+0x1f9/0x4f0
[   72.462329][ T4247]  ? lockdep_hardirqs_on+0x94/0x130
[   72.467527][ T4247]  __x64_sys_symlink+0x7a/0x90
[   72.472297][ T4247]  do_syscall_64+0x3b/0xb0
[   72.476711][ T4247]  ? clear_bhb_loop+0x45/0xa0
[   72.481388][ T4247]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   72.487313][ T4247] RIP: 0033:0x7f7e65eea499
[   72.491739][ T4247] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.511353][ T4247] RSP: 002b:00007ffc72d588b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   72.519780][ T4247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7e65eea499
[   72.527752][ T4247] RDX: 00007f7e65ee9630 RSI: 0000000020000000 RDI: 0000000020000080
[   72.535732][ T4247] RBP: 0000000000000000 R08: 0000000000009e89 R09: 0000000000000000
[   72.543714][ T4247] R10: 00007ffc72d58780 R11: 0000000000000246 R12: 0000000000000000
[   72.551691][ T4247] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc72d58920
[   72.559689][ T4247]  </TASK>
[   72.563055][ T4247] Kernel Offset: disabled
[   72.567377][ T4247] Rebooting in 86400 seconds..