Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts. 2025/08/31 07:33:24 parsed 1 programs [ 67.994974][ T2670] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/08/31 07:33:33 executed programs: 0 2025/08/31 07:33:38 executed programs: 2 [ 79.526973][ T3573] syz.3.16[3573]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 79.541531][ T3573] loop3: detected capacity change from 0 to 128 [ 79.548497][ T3573] ======================================================= [ 79.548497][ T3573] WARNING: The mand mount option has been deprecated and [ 79.548497][ T3573] and is ignored by this kernel. Remove the mand [ 79.548497][ T3573] option from the mount to silence this warning. [ 79.548497][ T3573] ======================================================= [ 79.585187][ T3573] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 79.597776][ T3573] hpfs: filesystem error: improperly stopped [ 79.603936][ T3573] hpfs: You really don't want any checks? You are crazy... [ 79.611759][ T3573] hpfs: hpfs_map_sector(): read error [ 79.618118][ T3573] hpfs: code page support is disabled [ 79.635212][ T3573] ================================================================== [ 79.643573][ T3573] BUG: KASAN: use-after-free in strcmp+0x6f/0xb0 [ 79.650253][ T3573] Read of size 1 at addr ffff88816b6bf8a6 by task syz.3.16/3573 [ 79.658655][ T3573] [ 79.660992][ T3573] CPU: 1 PID: 3573 Comm: syz.3.16 Not tainted syzkaller #0 [ 79.668441][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 79.678853][ T3573] Call Trace: [ 79.682131][ T3573] [ 79.685070][ T3573] dump_stack_lvl+0xe0/0x160 [ 79.689685][ T3573] ? show_regs_print_info+0x10/0x10 [ 79.694869][ T3573] ? load_image+0x550/0x550 [ 79.699370][ T3573] ? _raw_spin_lock_irqsave+0xa6/0xe0 [ 79.704811][ T3573] ? __virt_addr_valid+0x13d/0x270 [ 79.710179][ T3573] ? __virt_addr_valid+0x21e/0x270 [ 79.715283][ T3573] print_report+0xac/0x220 [ 79.719779][ T3573] ? strcmp+0x6f/0xb0 [ 79.723839][ T3573] kasan_report+0x117/0x150 [ 79.728505][ T3573] ? strcmp+0x6f/0xb0 [ 79.732485][ T3573] strcmp+0x6f/0xb0 [ 79.736298][ T3573] hpfs_get_ea+0x110/0xba0 [ 79.740806][ T3573] ? hpfs_read_ea+0xbc0/0xbc0 [ 79.745492][ T3573] ? __getblk_gfp+0x22/0x460 [ 79.750084][ T3573] ? __cond_resched+0xf9/0x170 [ 79.754926][ T3573] ? preempt_schedule_irq+0x170/0x170 [ 79.760292][ T3573] ? __bread_gfp+0x27/0x1d0 [ 79.764783][ T3573] ? hpfs_map_sector+0xef/0x210 [ 79.769628][ T3573] ? hpfs_map_fnode+0x9b/0x5d0 [ 79.774389][ T3573] hpfs_read_inode+0x193/0xe40 [ 79.779158][ T3573] ? hpfs_init_inode+0x2c0/0x2c0 [ 79.784173][ T3573] ? do_raw_spin_unlock+0x121/0x230 [ 79.789641][ T3573] ? hpfs_init_inode+0x1cb/0x2c0 [ 79.794654][ T3573] hpfs_fill_super+0x106d/0x1d40 [ 79.799763][ T3573] ? __lock_acquire+0x5c5/0xba0 [ 79.804631][ T3573] ? hpfs_mount+0x10/0x10 [ 79.808948][ T3573] ? vscnprintf+0x30/0x30 [ 79.813267][ T3573] ? down_read_killable+0x1a0/0x1a0 [ 79.818710][ T3573] ? setup_bdev_super+0x4b9/0x570 [ 79.823986][ T3573] mount_bdev+0x1f5/0x280 [ 79.828311][ T3573] ? apparmor_task_kill+0x300/0x300 [ 79.833598][ T3573] ? hpfs_mount+0x10/0x10 [ 79.838007][ T3573] ? get_tree_bdev+0x450/0x450 [ 79.842760][ T3573] ? vfs_parse_fs_string+0xe6/0x140 [ 79.848036][ T3573] ? apparmor_capable+0xb2/0xf0 [ 79.852960][ T3573] legacy_get_tree+0xe5/0x170 [ 79.857626][ T3573] ? hpfs_ioctl+0x1e0/0x1e0 [ 79.862387][ T3573] vfs_get_tree+0x81/0x190 [ 79.866887][ T3573] do_new_mount+0x1c6/0x7e0 [ 79.871407][ T3573] __se_sys_mount+0x21a/0x2b0 [ 79.876318][ T3573] ? __x64_sys_mount+0xc0/0xc0 [ 79.881252][ T3573] do_syscall_64+0x55/0xb0 [ 79.885682][ T3573] ? clear_bhb_loop+0x40/0x90 [ 79.890449][ T3573] ? clear_bhb_loop+0x40/0x90 [ 79.895227][ T3573] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.901309][ T3573] RIP: 0033:0x7fd36639014a [ 79.906921][ T3573] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.927542][ T3573] RSP: 002b:00007fd3661fee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 79.936669][ T3573] RAX: ffffffffffffffda RBX: 00007fd3661feef0 RCX: 00007fd36639014a [ 79.945434][ T3573] RDX: 0000200000009e80 RSI: 0000200000009ec0 RDI: 00007fd3661feeb0 [ 79.954306][ T3573] RBP: 0000200000009e80 R08: 00007fd3661feef0 R09: 0000000000000041 [ 79.962949][ T3573] R10: 0000000000000041 R11: 0000000000000246 R12: 0000200000009ec0 [ 79.971375][ T3573] R13: 00007fd3661feeb0 R14: 0000000000009e05 R15: 0000200000009f00 [ 79.979700][ T3573] [ 79.982755][ T3573] [ 79.985480][ T3573] The buggy address belongs to the physical page: [ 79.992524][ T3573] page:ffffea0005adafc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x16b6bf [ 80.003185][ T3573] flags: 0x100000000000000(node=0|zone=2) [ 80.008982][ T3573] page_type: 0xffffffff() [ 80.013423][ T3573] raw: 0100000000000000 ffffea0005adfd48 ffffea0005adfb88 0000000000000000 [ 80.022698][ T3573] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 80.031363][ T3573] page dumped because: kasan: bad access detected [ 80.038406][ T3573] page_owner tracks the page as freed [ 80.043770][ T3573] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3161, tgid 3161 (modprobe), ts 74555073725, free_ts 74562507218 [ 80.061410][ T3573] post_alloc_hook+0x26b/0x290 [ 80.066370][ T3573] get_page_from_freelist+0x3447/0x35f0 [ 80.071993][ T3573] __alloc_pages+0x1e3/0x430 [ 80.076581][ T3573] __folio_alloc+0x10/0x20 [ 80.081077][ T3573] vma_alloc_folio+0x47d/0x9d0 [ 80.085942][ T3573] handle_mm_fault+0x12e4/0x25a0 [ 80.090962][ T3573] do_user_addr_fault+0x69c/0xb60 [ 80.096151][ T3573] exc_page_fault+0x52/0xc0 [ 80.100922][ T3573] asm_exc_page_fault+0x26/0x30 [ 80.105857][ T3573] page last free stack trace: [ 80.110739][ T3573] free_unref_page_prepare+0x7f9/0x910 [ 80.116368][ T3573] free_unref_page_list+0xbe/0x7c0 [ 80.121845][ T3573] release_pages+0x1530/0x16b0 [ 80.126953][ T3573] tlb_flush_mmu+0x288/0x3f0 [ 80.131541][ T3573] tlb_finish_mmu+0xaa/0x190 [ 80.136382][ T3573] exit_mmap+0x334/0x8a0 [ 80.140709][ T3573] __mmput+0x9d/0x2d0 [ 80.144769][ T3573] exit_mm+0x11a/0x1b0 [ 80.148831][ T3573] do_exit+0x62c/0x1f80 [ 80.153084][ T3573] do_group_exit+0x1b0/0x280 [ 80.157691][ T3573] __x64_sys_exit_group+0x3f/0x40 [ 80.162725][ T3573] do_syscall_64+0x55/0xb0 [ 80.167137][ T3573] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.173022][ T3573] [ 80.175340][ T3573] Memory state around the buggy address: [ 80.181044][ T3573] ffff88816b6bf780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.189219][ T3573] ffff88816b6bf800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.198059][ T3573] >ffff88816b6bf880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.206555][ T3573] ^ [ 80.211657][ T3573] ffff88816b6bf900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.219972][ T3573] ffff88816b6bf980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.228387][ T3573] ================================================================== [ 80.236913][ T3573] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.244551][ T3573] Kernel Offset: disabled [ 80.248898][ T3573] Rebooting in 86400 seconds..