Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts.
executing program
[   96.108973][ T5822] loop0: detected capacity change from 0 to 128
[   96.120090][ T5822] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   96.132743][ T5822] syz-executor312: attempt to access beyond end of device
[   96.132743][ T5822] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   96.148046][ T5822] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   96.164150][ T5822] syz-executor312: attempt to access beyond end of device
[   96.164150][ T5822] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   96.178113][ T5822] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   96.187253][ T5822] sysv_free_block: flc_count > flc_size
[   96.200184][ T5818] sysv_free_block: flc_count > flc_size
[   96.206265][ T5818] sysv_free_block: flc_count > flc_size
executing program
[   96.211797][ T5818] sysv_free_block: flc_count > flc_size
[   96.217411][ T5818] sysv_free_block: flc_count > flc_size
[   96.223000][ T5818] sysv_free_block: flc_count > flc_size
[   96.228622][ T5818] sysv_free_block: flc_count > flc_size
[   96.234177][ T5818] sysv_free_block: flc_count > flc_size
[   96.239787][ T5818] sysv_free_block: flc_count > flc_size
[   96.245370][ T5818] sysv_free_block: flc_count > flc_size
[   96.250902][ T5818] sysv_free_block: flc_count > flc_size
[   96.257390][ T5818] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   96.282002][ T5824] loop0: detected capacity change from 0 to 128
[   96.291596][ T5824] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   96.301219][ T5824] syz-executor312: attempt to access beyond end of device
[   96.301219][ T5824] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   96.315628][ T5824] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   96.326227][ T5824] sysv_new_block: new block 8 is not in data zone
[   96.337292][ T5818] sysv_free_block: flc_count > flc_size
[   96.342871][ T5818] sysv_free_block: flc_count > flc_size
[   96.348496][ T5818] sysv_free_block: flc_count > flc_size
[   96.354064][ T5818] sysv_free_block: flc_count > flc_size
[   96.359799][ T5818] sysv_free_block: flc_count > flc_size
[   96.365431][ T5818] sysv_free_block: flc_count > flc_size
[   96.370984][ T5818] sysv_free_block: flc_count > flc_size
[   96.376906][ T5818] sysv_free_block: flc_count > flc_size
executing program
[   96.382467][ T5818] sysv_free_block: flc_count > flc_size
[   96.388087][ T5818] sysv_free_block: flc_count > flc_size
[   96.393870][ T5818] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   96.414784][ T5826] loop0: detected capacity change from 0 to 128
[   96.423303][ T5826] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   96.431571][ T5826] syz-executor312: attempt to access beyond end of device
[   96.431571][ T5826] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   96.445845][ T5826] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   96.455825][ T5826] unable to read i-node block
[   96.460981][ T5826] sysv_new_block: new block 5 is not in data zone
[   96.467967][ T5826] sysv_free_inode: unable to read inode block on device loop0
[   96.486769][ T5818] sysv_free_block: flc_count > flc_size
[   96.492321][ T5818] sysv_free_block: flc_count > flc_size
[   96.497903][ T5818] sysv_free_block: flc_count > flc_size
[   96.503451][ T5818] sysv_free_block: flc_count > flc_size
[   96.509264][ T5818] sysv_free_block: flc_count > flc_size
[   96.514833][ T5818] sysv_free_block: flc_count > flc_size
[   96.520372][ T5818] sysv_free_block: flc_count > flc_size
[   96.525949][ T5818] sysv_free_block: flc_count > flc_size
[   96.531491][ T5818] sysv_free_block: flc_count > flc_size
executing program
[   96.537062][ T5818] sysv_free_block: flc_count > flc_size
[   96.542852][ T5818] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   96.566242][ T5828] loop0: detected capacity change from 0 to 128
[   96.585323][ T5828] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   96.593550][ T5828] syz-executor312: attempt to access beyond end of device
[   96.593550][ T5828] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[   96.607713][ T5828] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   96.616414][ T5828] ==================================================================
[   96.624473][ T5828] BUG: KASAN: use-after-free in sysv_new_inode+0xfc7/0x1160
[   96.631783][ T5828] Read of size 2 at addr ffff8880751621ce by task syz-executor312/5828
[   96.639998][ T5828] 
[   96.642362][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor312 Not tainted 6.13.0-rc1-syzkaller-00182-gb8f52214c61a #0
[   96.653454][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   96.663504][ T5828] Call Trace:
[   96.666769][ T5828]  <TASK>
[   96.669694][ T5828]  dump_stack_lvl+0x241/0x360
[   96.674384][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.679593][ T5828]  ? __pfx__printk+0x10/0x10
[   96.684182][ T5828]  ? _printk+0xd5/0x120
[   96.688351][ T5828]  ? __virt_addr_valid+0x183/0x530
[   96.693463][ T5828]  ? __virt_addr_valid+0x183/0x530
[   96.698580][ T5828]  print_report+0x169/0x550
[   96.703084][ T5828]  ? __virt_addr_valid+0x183/0x530
[   96.708200][ T5828]  ? __virt_addr_valid+0x183/0x530
[   96.713309][ T5828]  ? __virt_addr_valid+0x45f/0x530
[   96.718427][ T5828]  ? __phys_addr+0xba/0x170
[   96.723016][ T5828]  ? sysv_new_inode+0xfc7/0x1160
[   96.728056][ T5828]  kasan_report+0x143/0x180
[   96.732652][ T5828]  ? sysv_new_inode+0xfc7/0x1160
[   96.737609][ T5828]  sysv_new_inode+0xfc7/0x1160
[   96.742380][ T5828]  ? tomoyo_path_perm+0x5ea/0x740
[   96.747424][ T5828]  ? tomoyo_path_perm+0x287/0x740
[   96.752455][ T5828]  ? __pfx_sysv_new_inode+0x10/0x10
[   96.757661][ T5828]  ? generic_permission+0x356/0x680
[   96.762857][ T5828]  sysv_symlink+0x9f/0x180
[   96.767270][ T5828]  vfs_symlink+0x137/0x2e0
[   96.771681][ T5828]  do_symlinkat+0x222/0x3a0
[   96.776182][ T5828]  ? __virt_addr_valid+0x45f/0x530
[   96.781291][ T5828]  ? __pfx_do_symlinkat+0x10/0x10
[   96.786305][ T5828]  ? strncpy_from_user+0x152/0x270
[   96.791416][ T5828]  ? getname_flags+0x1e3/0x540
[   96.796170][ T5828]  __x64_sys_symlink+0x7a/0x90
[   96.800944][ T5828]  do_syscall_64+0xf3/0x230
[   96.805464][ T5828]  ? clear_bhb_loop+0x35/0x90
[   96.810143][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.816046][ T5828] RIP: 0033:0x7fb42d78dc39
[   96.820481][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   96.840096][ T5828] RSP: 002b:00007fb42d73c228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   96.848509][ T5828] RAX: ffffffffffffffda RBX: 00007fb42d8176a8 RCX: 00007fb42d78dc39
[   96.856484][ T5828] RDX: 00007fb42d78dc39 RSI: 0000000020000200 RDI: 00000000200049c0
[   96.864456][ T5828] RBP: 00007fb42d8176a0 R08: 00007fb42d73c6c0 R09: 00007fb42d73c6c0
[   96.872427][ T5828] R10: 00007fb42d73c6c0 R11: 0000000000000246 R12: 00007fb42d8176ac
[   96.880394][ T5828] R13: 0030656c69662f2e R14: 00007fb42d7da160 R15: 00007ffd005e6958
[   96.888370][ T5828]  </TASK>
[   96.891383][ T5828] 
[   96.893695][ T5828] The buggy address belongs to the physical page:
[   96.900100][ T5828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f21058e0 pfn:0x75162
[   96.909648][ T5828] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   96.916758][ T5828] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[   96.925340][ T5828] raw: 00000007f21058e0 0000000000000000 00000000ffffffff 0000000000000000
[   96.933928][ T5828] page dumped because: kasan: bad access detected
[   96.940348][ T5828] page_owner tracks the page as freed
[   96.945701][ T5828] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5811, tgid 5811 (sshd), ts 90341392900, free_ts 90439455776
[   96.963674][ T5828]  post_alloc_hook+0x1f3/0x230
[   96.968441][ T5828]  get_page_from_freelist+0x3651/0x37a0
[   96.973980][ T5828]  __alloc_pages_noprof+0x292/0x710
[   96.979173][ T5828]  alloc_pages_mpol_noprof+0x3e8/0x680
[   96.984622][ T5828]  vma_alloc_folio_noprof+0x12e/0x230
[   96.990013][ T5828]  folio_prealloc+0x2e/0x170
[   96.994599][ T5828]  handle_pte_fault+0x2518/0x68a0
[   96.999618][ T5828]  handle_mm_fault+0x1053/0x1ad0
[   97.004546][ T5828]  exc_page_fault+0x459/0x8b0
[   97.009215][ T5828]  asm_exc_page_fault+0x26/0x30
[   97.014058][ T5828] page last free pid 5811 tgid 5811 stack trace:
[   97.020368][ T5828]  free_unref_folios+0xf38/0x1a60
[   97.025390][ T5828]  folios_put_refs+0x76c/0x860
[   97.030137][ T5828]  free_pages_and_swap_cache+0x5c8/0x690
[   97.035764][ T5828]  tlb_flush_mmu+0x3a3/0x680
[   97.040346][ T5828]  tlb_finish_mmu+0xd4/0x200
[   97.044930][ T5828]  vms_clear_ptes+0x437/0x530
[   97.049595][ T5828]  vms_complete_munmap_vmas+0x210/0x8f0
[   97.055130][ T5828]  do_vmi_align_munmap+0x5ef/0x6f0
[   97.060226][ T5828]  do_vmi_munmap+0x24e/0x2d0
[   97.064800][ T5828]  __vm_munmap+0x24c/0x480
[   97.069203][ T5828]  __x64_sys_munmap+0x60/0x70
[   97.073868][ T5828]  do_syscall_64+0xf3/0x230
[   97.078363][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.084384][ T5828] 
[   97.086699][ T5828] Memory state around the buggy address:
[   97.092317][ T5828]  ffff888075162080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   97.100379][ T5828]  ffff888075162100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   97.108437][ T5828] >ffff888075162180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   97.116497][ T5828]                                               ^
[   97.122987][ T5828]  ffff888075162200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   97.131036][ T5828]  ffff888075162280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   97.139091][ T5828] ==================================================================
[   97.147484][ T5828] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   97.154690][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor312 Not tainted 6.13.0-rc1-syzkaller-00182-gb8f52214c61a #0
[   97.165788][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   97.175834][ T5828] Call Trace:
[   97.179103][ T5828]  <TASK>
[   97.182025][ T5828]  dump_stack_lvl+0x241/0x360
[   97.186699][ T5828]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.191886][ T5828]  ? __pfx__printk+0x10/0x10
[   97.196470][ T5828]  ? preempt_schedule+0xe1/0xf0
[   97.201323][ T5828]  ? vscnprintf+0x5d/0x90
[   97.205644][ T5828]  panic+0x349/0x880
[   97.209532][ T5828]  ? check_panic_on_warn+0x21/0xb0
[   97.214633][ T5828]  ? __pfx_panic+0x10/0x10
[   97.219043][ T5828]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   97.225012][ T5828]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   97.231338][ T5828]  ? print_report+0x502/0x550
[   97.236015][ T5828]  check_panic_on_warn+0x86/0xb0
[   97.240942][ T5828]  ? sysv_new_inode+0xfc7/0x1160
[   97.245879][ T5828]  end_report+0x77/0x160
[   97.250115][ T5828]  kasan_report+0x154/0x180
[   97.254607][ T5828]  ? sysv_new_inode+0xfc7/0x1160
[   97.259538][ T5828]  sysv_new_inode+0xfc7/0x1160
[   97.264297][ T5828]  ? tomoyo_path_perm+0x5ea/0x740
[   97.269313][ T5828]  ? tomoyo_path_perm+0x287/0x740
[   97.274332][ T5828]  ? __pfx_sysv_new_inode+0x10/0x10
[   97.279534][ T5828]  ? generic_permission+0x356/0x680
[   97.284742][ T5828]  sysv_symlink+0x9f/0x180
[   97.289152][ T5828]  vfs_symlink+0x137/0x2e0
[   97.293600][ T5828]  do_symlinkat+0x222/0x3a0
[   97.298092][ T5828]  ? __virt_addr_valid+0x45f/0x530
[   97.303204][ T5828]  ? __pfx_do_symlinkat+0x10/0x10
[   97.308304][ T5828]  ? strncpy_from_user+0x152/0x270
[   97.313410][ T5828]  ? getname_flags+0x1e3/0x540
[   97.318167][ T5828]  __x64_sys_symlink+0x7a/0x90
[   97.322917][ T5828]  do_syscall_64+0xf3/0x230
[   97.327416][ T5828]  ? clear_bhb_loop+0x35/0x90
[   97.332079][ T5828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.337972][ T5828] RIP: 0033:0x7fb42d78dc39
[   97.342377][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   97.361974][ T5828] RSP: 002b:00007fb42d73c228 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   97.370379][ T5828] RAX: ffffffffffffffda RBX: 00007fb42d8176a8 RCX: 00007fb42d78dc39
[   97.378342][ T5828] RDX: 00007fb42d78dc39 RSI: 0000000020000200 RDI: 00000000200049c0
[   97.386302][ T5828] RBP: 00007fb42d8176a0 R08: 00007fb42d73c6c0 R09: 00007fb42d73c6c0
[   97.394264][ T5828] R10: 00007fb42d73c6c0 R11: 0000000000000246 R12: 00007fb42d8176ac
[   97.402225][ T5828] R13: 0030656c69662f2e R14: 00007fb42d7da160 R15: 00007ffd005e6958
[   97.410193][ T5828]  </TASK>
[   97.413342][ T5828] Kernel Offset: disabled
[   97.417651][ T5828] Rebooting in 86400 seconds..