DUID 00:04:8e:2a:3c:04:ae:1e:09:29:3f:0a:36:6a:00:10:eb:de
forked to background, child pid 3836
[   31.461357][ T3837] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.470449][ T3837] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts.
Setting up swapspace version 1, size = 127995904 bytes
syzkaller login: [   53.820288][ T4167] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   53.886321][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.894409][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.906645][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   53.919746][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.927820][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[   53.936430][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   53.961178][ T4171] loop0: detected capacity change from 0 to 128
[   54.055456][ T4171] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   54.065645][ T4171] attempt to access beyond end of device
[   54.065645][ T4171] loop0: rw=0, want=6491538, limit=128
[   54.076930][ T4171] Buffer I/O error on dev loop0, logical block 3245768, async page read
[   54.086327][ T4171] unable to read i-node block
[   54.091238][ T4171] ==================================================================
[   54.099358][ T4171] BUG: KASAN: use-after-free in sysv_new_block+0x788/0x960
[   54.106557][ T4171] Read of size 4 at addr ffff888067d410c8 by task syz-executor212/4171
[   54.114789][ T4171] 
[   54.117109][ T4171] CPU: 0 PID: 4171 Comm: syz-executor212 Not tainted 5.15.177-syzkaller #0
[   54.125702][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   54.135748][ T4171] Call Trace:
[   54.139016][ T4171]  <TASK>
[   54.141962][ T4171]  dump_stack_lvl+0x1e3/0x2d0
[   54.146635][ T4171]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   54.152245][ T4171]  ? _printk+0xd1/0x120
[   54.156381][ T4171]  ? __wake_up_klogd+0xcc/0x100
[   54.161228][ T4171]  ? panic+0x860/0x860
[   54.165274][ T4171]  ? _raw_spin_lock_irqsave+0xdd/0x120
[   54.170727][ T4171]  ? __block_write_begin_int+0x24c/0x1650
[   54.176427][ T4171]  print_address_description+0x63/0x3b0
[   54.181953][ T4171]  ? sysv_new_block+0x788/0x960
[   54.186801][ T4171]  kasan_report+0x16b/0x1c0
[   54.191322][ T4171]  ? sysv_new_block+0x788/0x960
[   54.196194][ T4171]  sysv_new_block+0x788/0x960
[   54.200881][ T4171]  get_block+0x2e7/0x1790
[   54.205218][ T4171]  ? create_page_buffers+0x1d4/0x330
[   54.210496][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.215429][ T4171]  ? alloc_buffer_head+0xd3/0xf0
[   54.220375][ T4171]  ? create_page_buffers+0x24b/0x330
[   54.225676][ T4171]  __block_write_begin_int+0x60b/0x1650
[   54.231217][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.236140][ T4171]  ? page_zero_new_buffers+0x510/0x510
[   54.241724][ T4171]  ? __mark_inode_dirty+0x3dd/0xd60
[   54.246938][ T4171]  ? wait_for_stable_page+0xe2/0x110
[   54.252215][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.257157][ T4171]  block_write_begin+0x4f/0xc0
[   54.262099][ T4171]  sysv_write_begin+0x36/0x70
[   54.266903][ T4171]  __page_symlink+0x15b/0x2a0
[   54.271660][ T4171]  ? page_readlink+0x1d0/0x1d0
[   54.276535][ T4171]  ? generic_permission+0x27c/0x4f0
[   54.282153][ T4171]  ? page_symlink+0x22/0x90
[   54.286793][ T4171]  sysv_symlink+0xcb/0x180
[   54.291214][ T4171]  vfs_symlink+0x247/0x3d0
[   54.296834][ T4171]  do_symlinkat+0x1fd/0x600
[   54.301568][ T4171]  ? vfs_symlink+0x3d0/0x3d0
[   54.306446][ T4171]  ? getname_flags+0x1ec/0x4e0
[   54.311203][ T4171]  ? lockdep_hardirqs_on+0x94/0x130
[   54.316413][ T4171]  __x64_sys_symlink+0x7a/0x90
[   54.321320][ T4171]  do_syscall_64+0x3b/0xb0
[   54.325741][ T4171]  ? clear_bhb_loop+0x15/0x70
[   54.330496][ T4171]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   54.336583][ T4171] RIP: 0033:0x7f6604317189
[   54.340984][ T4171] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   54.360595][ T4171] RSP: 002b:00007ffc40bcd578 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   54.369174][ T4171] RAX: ffffffffffffffda RBX: 00007f660435b640 RCX: 00007f6604317189
[   54.377162][ T4171] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80
[   54.385123][ T4171] RBP: 00007f660435b204 R08: 0000000000009e80 R09: 0000000000000000
[   54.393094][ T4171] R10: 00007ffc40bcd440 R11: 0000000000000246 R12: 00007f660435b185
[   54.401064][ T4171] R13: 00007f660435b07d R14: 0000000000000003 R15: 00007f66043976a0
[   54.409149][ T4171]  </TASK>
[   54.412151][ T4171] 
[   54.414475][ T4171] The buggy address belongs to the page:
[   54.420088][ T4171] page:ffffea00019f5040 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x67d41
[   54.430318][ T4171] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   54.437418][ T4171] raw: 00fff00000000000 ffffea00019f5088 ffffea00019f5008 0000000000000000
[   54.445993][ T4171] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   54.454584][ T4171] page dumped because: kasan: bad access detected
[   54.460995][ T4171] page_owner tracks the page as freed
[   54.466351][ T4171] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 13654342636, free_ts 14564151430
[   54.479551][ T4171]  split_map_pages+0x246/0x510
[   54.484313][ T4171]  isolate_freepages_range+0x47c/0x4e0
[   54.489757][ T4171]  alloc_contig_range+0xc2b/0xf90
[   54.494761][ T4171]  alloc_contig_pages+0x3ea/0x4e0
[   54.499775][ T4171]  debug_vm_pgtable_alloc_huge_page+0xb9/0x110
[   54.505909][ T4171]  init_args+0xc62/0xf50
[   54.510286][ T4171]  debug_vm_pgtable+0xaa/0x470
[   54.515045][ T4171]  do_one_initcall+0x22b/0x7a0
[   54.519900][ T4171]  do_initcall_level+0x157/0x210
[   54.525062][ T4171]  do_initcalls+0x49/0x90
[   54.529559][ T4171]  kernel_init_freeable+0x425/0x5c0
[   54.534738][ T4171]  kernel_init+0x19/0x290
[   54.539050][ T4171]  ret_from_fork+0x1f/0x30
[   54.543483][ T4171] page last free stack trace:
[   54.548145][ T4171]  free_unref_page_prepare+0xc34/0xcf0
[   54.553615][ T4171]  free_unref_page+0x95/0x2d0
[   54.558272][ T4171]  free_contig_range+0x95/0xf0
[   54.563015][ T4171]  destroy_args+0xfe/0x980
[   54.567434][ T4171]  debug_vm_pgtable+0x40d/0x470
[   54.572259][ T4171]  do_one_initcall+0x22b/0x7a0
[   54.577097][ T4171]  do_initcall_level+0x157/0x210
[   54.582023][ T4171]  do_initcalls+0x49/0x90
[   54.586328][ T4171]  kernel_init_freeable+0x425/0x5c0
[   54.591520][ T4171]  kernel_init+0x19/0x290
[   54.595826][ T4171]  ret_from_fork+0x1f/0x30
[   54.600324][ T4171] 
[   54.602626][ T4171] Memory state around the buggy address:
[   54.608259][ T4171]  ffff888067d40f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.616320][ T4171]  ffff888067d41000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.624456][ T4171] >ffff888067d41080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.632507][ T4171]                                               ^
[   54.638892][ T4171]  ffff888067d41100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.646952][ T4171]  ffff888067d41180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.655000][ T4171] ==================================================================
[   54.663245][ T4171] Disabling lock debugging due to kernel taint
[   54.669998][ T4171] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   54.677200][ T4171] CPU: 0 PID: 4171 Comm: syz-executor212 Tainted: G    B             5.15.177-syzkaller #0
[   54.688226][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   54.698977][ T4171] Call Trace:
[   54.702633][ T4171]  <TASK>
[   54.705761][ T4171]  dump_stack_lvl+0x1e3/0x2d0
[   54.710474][ T4171]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[   54.716745][ T4171]  ? panic+0x860/0x860
[   54.721230][ T4171]  ? preempt_schedule_common+0xa6/0xd0
[   54.726916][ T4171]  ? preempt_schedule+0xd9/0xe0
[   54.731966][ T4171]  panic+0x318/0x860
[   54.736032][ T4171]  ? check_panic_on_warn+0x1d/0xa0
[   54.741257][ T4171]  ? fb_is_primary_device+0xd0/0xd0
[   54.746557][ T4171]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   54.752586][ T4171]  ? _raw_spin_unlock+0x40/0x40
[   54.757623][ T4171]  ? print_memory_metadata+0xe2/0x140
[   54.763028][ T4171]  check_panic_on_warn+0x7e/0xa0
[   54.768163][ T4171]  ? sysv_new_block+0x788/0x960
[   54.773506][ T4171]  end_report+0x6d/0xf0
[   54.777774][ T4171]  kasan_report+0x18e/0x1c0
[   54.782359][ T4171]  ? sysv_new_block+0x788/0x960
[   54.787219][ T4171]  sysv_new_block+0x788/0x960
[   54.791898][ T4171]  get_block+0x2e7/0x1790
[   54.796552][ T4171]  ? create_page_buffers+0x1d4/0x330
[   54.802144][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.807329][ T4171]  ? alloc_buffer_head+0xd3/0xf0
[   54.812277][ T4171]  ? create_page_buffers+0x24b/0x330
[   54.817658][ T4171]  __block_write_begin_int+0x60b/0x1650
[   54.823578][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.828598][ T4171]  ? page_zero_new_buffers+0x510/0x510
[   54.834078][ T4171]  ? __mark_inode_dirty+0x3dd/0xd60
[   54.839346][ T4171]  ? wait_for_stable_page+0xe2/0x110
[   54.844643][ T4171]  ? sysv_truncate+0x1050/0x1050
[   54.849568][ T4171]  block_write_begin+0x4f/0xc0
[   54.854311][ T4171]  sysv_write_begin+0x36/0x70
[   54.858978][ T4171]  __page_symlink+0x15b/0x2a0
[   54.863669][ T4171]  ? page_readlink+0x1d0/0x1d0
[   54.868586][ T4171]  ? generic_permission+0x27c/0x4f0
[   54.873779][ T4171]  ? page_symlink+0x22/0x90
[   54.878269][ T4171]  sysv_symlink+0xcb/0x180
[   54.882672][ T4171]  vfs_symlink+0x247/0x3d0
[   54.887456][ T4171]  do_symlinkat+0x1fd/0x600
[   54.892039][ T4171]  ? vfs_symlink+0x3d0/0x3d0
[   54.896737][ T4171]  ? getname_flags+0x1ec/0x4e0
[   54.901497][ T4171]  ? lockdep_hardirqs_on+0x94/0x130
[   54.906676][ T4171]  __x64_sys_symlink+0x7a/0x90
[   54.911513][ T4171]  do_syscall_64+0x3b/0xb0
[   54.915965][ T4171]  ? clear_bhb_loop+0x15/0x70
[   54.920809][ T4171]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   54.926682][ T4171] RIP: 0033:0x7f6604317189
[   54.931080][ T4171] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   54.951053][ T4171] RSP: 002b:00007ffc40bcd578 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[   54.959458][ T4171] RAX: ffffffffffffffda RBX: 00007f660435b640 RCX: 00007f6604317189
[   54.967616][ T4171] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80
[   54.975666][ T4171] RBP: 00007f660435b204 R08: 0000000000009e80 R09: 0000000000000000
[   54.983628][ T4171] R10: 00007ffc40bcd440 R11: 0000000000000246 R12: 00007f660435b185
[   54.991614][ T4171] R13: 00007f660435b07d R14: 0000000000000003 R15: 00007f66043976a0
[   54.999581][ T4171]  </TASK>
[   55.002957][ T4171] Kernel Offset: disabled
[   55.007381][ T4171] Rebooting in 86400 seconds..