Warning: Permanently added '10.128.1.25' (ED25519) to the list of known hosts. 2025/07/28 22:10:44 ignoring optional flag "sandboxArg"="0" 2025/07/28 22:10:45 parsed 1 programs [ 63.080635][ T2156] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/07/28 22:10:50 executed programs: 0 [ 70.682755][ T3074] loop3: detected capacity change from 0 to 128 [ 70.690372][ T3074] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 70.699027][ T3074] attempt to access beyond end of device [ 70.699027][ T3074] loop3: rw=0, want=6491538, limit=128 [ 70.711416][ T3074] Buffer I/O error on dev loop3, logical block 3245768, async page read [ 70.725549][ T2655] sysv_free_block: flc_count > flc_size [ 70.731128][ T2655] sysv_free_block: flc_count > flc_size [ 70.736904][ T2655] sysv_free_block: flc_count > flc_size [ 70.742458][ T2655] sysv_free_block: flc_count > flc_size [ 70.748231][ T2655] sysv_free_block: flc_count > flc_size [ 70.753769][ T2655] sysv_free_block: flc_count > flc_size [ 70.759331][ T2655] sysv_free_block: flc_count > flc_size [ 70.764883][ T2655] sysv_free_block: flc_count > flc_size [ 70.770408][ T2655] sysv_free_block: flc_count > flc_size [ 70.776193][ T2655] sysv_free_block: flc_count > flc_size [ 70.781928][ T2655] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 70.834193][ T3077] loop3: detected capacity change from 0 to 128 [ 70.896989][ T3077] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 70.905066][ T3077] attempt to access beyond end of device [ 70.905066][ T3077] loop3: rw=0, want=6491538, limit=128 [ 70.916162][ T3077] Buffer I/O error on dev loop3, logical block 3245768, async page read [ 70.924741][ T3077] ================================================================== [ 70.932800][ T3077] BUG: KASAN: use-after-free in sysv_new_inode+0xd21/0x1250 [ 70.940075][ T3077] Read of size 2 at addr ffff88806843f1ce by task syz.3.17/3077 [ 70.947722][ T3077] [ 70.950057][ T3077] CPU: 1 PID: 3077 Comm: syz.3.17 Not tainted 5.15.189-syzkaller #0 [ 70.958014][ T3077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 70.968148][ T3077] Call Trace: [ 70.971419][ T3077] [ 70.974346][ T3077] dump_stack_lvl+0x41/0x5e [ 70.978836][ T3077] print_address_description.constprop.0.cold+0x6c/0x309 [ 70.985853][ T3077] ? sysv_new_inode+0xd21/0x1250 [ 70.990781][ T3077] ? sysv_new_inode+0xd21/0x1250 [ 70.995888][ T3077] kasan_report.cold+0x83/0xdf [ 71.000649][ T3077] ? sysv_new_inode+0xd21/0x1250 [ 71.005574][ T3077] sysv_new_inode+0xd21/0x1250 [ 71.010337][ T3077] ? userns_owner+0x30/0x30 [ 71.014829][ T3077] ? apparmor_capable+0x145/0x420 [ 71.019844][ T3077] ? sysv_free_inode+0x840/0x840 [ 71.024765][ T3077] ? security_capable+0x4c/0x90 [ 71.029618][ T3077] ? generic_permission+0x286/0x590 [ 71.034796][ T3077] sysv_symlink+0x7b/0x130 [ 71.039200][ T3077] vfs_symlink+0xd7/0x250 [ 71.043536][ T3077] do_symlinkat+0x1e9/0x250 [ 71.048024][ T3077] ? __ia32_sys_unlink+0xe0/0xe0 [ 71.052944][ T3077] ? getname_flags.part.0+0x89/0x440 [ 71.058217][ T3077] __x64_sys_symlink+0x70/0x90 [ 71.063011][ T3077] do_syscall_64+0x33/0x80 [ 71.067422][ T3077] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 71.073320][ T3077] RIP: 0033:0x7f781d5c1da9 [ 71.077822][ T3077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.097421][ T3077] RSP: 002b:00007f781d034038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 71.105828][ T3077] RAX: ffffffffffffffda RBX: 00007f781d7dafa0 RCX: 00007f781d5c1da9 [ 71.113799][ T3077] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80 [ 71.121857][ T3077] RBP: 00007f781d6432a0 R08: 0000000000000000 R09: 0000000000000000 [ 71.129996][ T3077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.137963][ T3077] R13: 0000000000000000 R14: 00007f781d7dafa0 R15: 00007fff763065f8 [ 71.145951][ T3077] [ 71.148974][ T3077] [ 71.151300][ T3077] The buggy address belongs to the page: [ 71.156932][ T3077] page:ffffea0001a10fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6843f [ 71.167194][ T3077] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.174491][ T3077] raw: 00fff00000000000 ffffea0001a107c8 ffffea0001a112c8 0000000000000000 [ 71.183071][ T3077] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 71.191645][ T3077] page dumped because: kasan: bad access detected [ 71.198053][ T3077] page_owner tracks the page as freed [ 71.203413][ T3077] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2688, ts 67748289425, free_ts 67748879769 [ 71.218944][ T3077] get_page_from_freelist+0x1369/0x31f0 [ 71.224587][ T3077] __alloc_pages+0x1b2/0x440 [ 71.229161][ T3077] alloc_pages_vma+0xe0/0x650 [ 71.233831][ T3077] __handle_mm_fault+0x1d97/0x33a0 [ 71.238919][ T3077] handle_mm_fault+0x1c5/0x5b0 [ 71.243834][ T3077] do_user_addr_fault+0x298/0xc80 [ 71.248933][ T3077] exc_page_fault+0x5a/0xb0 [ 71.253429][ T3077] asm_exc_page_fault+0x22/0x30 [ 71.258262][ T3077] page last free stack trace: [ 71.263003][ T3077] free_pcp_prepare+0x379/0x850 [ 71.267832][ T3077] free_unref_page_list+0x16f/0xbd0 [ 71.273032][ T3077] release_pages+0xb3a/0x1480 [ 71.277690][ T3077] tlb_finish_mmu+0x127/0x790 [ 71.282343][ T3077] exit_mmap+0x1b7/0x5d0 [ 71.286568][ T3077] mmput+0xd6/0x400 [ 71.290373][ T3077] do_exit+0x88c/0x2200 [ 71.294612][ T3077] do_group_exit+0xe7/0x290 [ 71.299121][ T3077] __x64_sys_exit_group+0x35/0x40 [ 71.304138][ T3077] do_syscall_64+0x33/0x80 [ 71.308542][ T3077] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 71.314423][ T3077] [ 71.316741][ T3077] Memory state around the buggy address: [ 71.322364][ T3077] ffff88806843f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.330409][ T3077] ffff88806843f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.338642][ T3077] >ffff88806843f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.346683][ T3077] ^ [ 71.353078][ T3077] ffff88806843f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.361162][ T3077] ffff88806843f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.369213][ T3077] ================================================================== [ 71.377271][ T3077] Disabling lock debugging due to kernel taint [ 71.383646][ T3077] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.391126][ T3077] Kernel Offset: disabled [ 71.395738][ T3077] Rebooting in 86400 seconds..