Warning: Permanently added '10.128.15.193' (ED25519) to the list of known hosts. 2025/06/13 10:52:15 ignoring optional flag "sandboxArg"="0" 2025/06/13 10:52:16 parsed 1 programs [ 63.540656][ T2144] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/06/13 10:52:21 executed programs: 0 [ 71.550962][ T3071] loop3: detected capacity change from 0 to 128 [ 71.559447][ T3071] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 71.570070][ T3071] attempt to access beyond end of device [ 71.570070][ T3071] loop3: rw=0, want=6491538, limit=128 [ 71.586137][ T3071] Buffer I/O error on dev loop3, logical block 3245768, async page read [ 71.596001][ T3071] ================================================================== [ 71.605673][ T3071] BUG: KASAN: use-after-free in sysv_new_inode+0xd21/0x1250 [ 71.613863][ T3071] Read of size 2 at addr ffff888067e4a1ce by task syz.3.16/3071 [ 71.622273][ T3071] [ 71.624921][ T3071] CPU: 0 PID: 3071 Comm: syz.3.16 Not tainted 5.15.185-syzkaller #0 [ 71.633387][ T3071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 71.644265][ T3071] Call Trace: [ 71.647949][ T3071] [ 71.651003][ T3071] dump_stack_lvl+0x41/0x5e [ 71.655778][ T3071] print_address_description.constprop.0.cold+0x6c/0x309 [ 71.662888][ T3071] ? sysv_new_inode+0xd21/0x1250 [ 71.667925][ T3071] ? sysv_new_inode+0xd21/0x1250 [ 71.673122][ T3071] kasan_report.cold+0x83/0xdf [ 71.678152][ T3071] ? sysv_new_inode+0xd21/0x1250 [ 71.683518][ T3071] sysv_new_inode+0xd21/0x1250 [ 71.688617][ T3071] ? userns_owner+0x30/0x30 [ 71.693518][ T3071] ? apparmor_capable+0x145/0x420 [ 71.698868][ T3071] ? sysv_free_inode+0x840/0x840 [ 71.703980][ T3071] ? security_capable+0x4c/0x90 [ 71.709168][ T3071] ? generic_permission+0x286/0x590 [ 71.714822][ T3071] sysv_symlink+0x7b/0x130 [ 71.719644][ T3071] vfs_symlink+0xd7/0x250 [ 71.724616][ T3071] do_symlinkat+0x1e9/0x250 [ 71.729269][ T3071] ? __ia32_sys_unlink+0xe0/0xe0 [ 71.734703][ T3071] ? getname_flags.part.0+0x89/0x440 [ 71.740550][ T3071] __x64_sys_symlink+0x70/0x90 [ 71.745432][ T3071] do_syscall_64+0x33/0x80 [ 71.750397][ T3071] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 71.757170][ T3071] RIP: 0033:0x7fb5706c9da9 [ 71.762013][ T3071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.782826][ T3071] RSP: 002b:00007fb57013c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 71.792041][ T3071] RAX: ffffffffffffffda RBX: 00007fb5708e2fa0 RCX: 00007fb5706c9da9 [ 71.800226][ T3071] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80 [ 71.808791][ T3071] RBP: 00007fb57074b2a0 R08: 0000000000000000 R09: 0000000000000000 [ 71.817078][ T3071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.825762][ T3071] R13: 0000000000000000 R14: 00007fb5708e2fa0 R15: 00007ffde24b40a8 [ 71.834512][ T3071] [ 71.837626][ T3071] [ 71.840027][ T3071] The buggy address belongs to the page: [ 71.845904][ T3071] page:ffffea00019f9280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x67e4a [ 71.856282][ T3071] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.863647][ T3071] raw: 00fff00000000000 ffffea00019f9148 ffffea00019f90c8 0000000000000000 [ 71.872860][ T3071] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 71.882340][ T3071] page dumped because: kasan: bad access detected [ 71.889169][ T3071] page_owner tracks the page as freed [ 71.894552][ T3071] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 3072, ts 71596985869, free_ts 71599707674 [ 71.910954][ T3071] get_page_from_freelist+0x1369/0x31f0 [ 71.917395][ T3071] __alloc_pages+0x1b2/0x440 [ 71.922667][ T3071] alloc_pages_vma+0xe0/0x650 [ 71.927609][ T3071] __handle_mm_fault+0x1d97/0x33a0 [ 71.932993][ T3071] handle_mm_fault+0x1c5/0x5b0 [ 71.938035][ T3071] do_user_addr_fault+0x298/0xc80 [ 71.943400][ T3071] exc_page_fault+0x5a/0xb0 [ 71.948125][ T3071] asm_exc_page_fault+0x22/0x30 [ 71.953507][ T3071] copy_user_enhanced_fast_string+0xe/0x40 [ 71.959709][ T3071] copy_page_to_iter+0x3d8/0xb60 [ 71.965273][ T3071] filemap_read+0x4e1/0xab0 [ 71.969930][ T3071] blkdev_read_iter+0xfb/0x180 [ 71.974815][ T3071] new_sync_read+0x35a/0x5f0 [ 71.979784][ T3071] vfs_read+0x209/0x470 [ 71.984618][ T3071] ksys_read+0xf4/0x1d0 [ 71.989043][ T3071] do_syscall_64+0x33/0x80 [ 71.993930][ T3071] page last free stack trace: [ 71.998952][ T3071] free_pcp_prepare+0x379/0x850 [ 72.004233][ T3071] free_unref_page_list+0x16f/0xbd0 [ 72.009606][ T3071] release_pages+0xb3a/0x1480 [ 72.015004][ T3071] tlb_finish_mmu+0x127/0x790 [ 72.020129][ T3071] unmap_region+0x298/0x390 [ 72.025023][ T3071] __do_munmap+0x47e/0x10d0 [ 72.029752][ T3071] __vm_munmap+0xd2/0x1a0 [ 72.034171][ T3071] __x64_sys_munmap+0x5d/0x80 [ 72.039280][ T3071] do_syscall_64+0x33/0x80 [ 72.044254][ T3071] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 72.051106][ T3071] [ 72.053722][ T3071] Memory state around the buggy address: [ 72.059753][ T3071] ffff888067e4a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.068593][ T3071] ffff888067e4a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.078219][ T3071] >ffff888067e4a180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.087812][ T3071] ^ [ 72.095242][ T3071] ffff888067e4a200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.104262][ T3071] ffff888067e4a280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 72.113428][ T3071] ================================================================== [ 72.122370][ T3071] Disabling lock debugging due to kernel taint [ 72.129581][ T3071] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 72.139065][ T3071] Kernel Offset: disabled [ 72.143980][ T3071] Rebooting in 86400 seconds..