Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. 2025/11/15 05:17:53 parsed 1 programs [ 64.744266][ T2147] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/11/15 05:17:57 executed programs: 0 [ 71.058644][ T3076] loop3: detected capacity change from 0 to 128 [ 71.066895][ T3076] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 71.075950][ T3076] attempt to access beyond end of device [ 71.075950][ T3076] loop3: rw=0, want=6491538, limit=128 [ 71.087458][ T3076] Buffer I/O error on dev loop3, logical block 3245768, async page read [ 71.095993][ T3076] ================================================================== [ 71.104026][ T3076] BUG: KASAN: use-after-free in sysv_new_inode+0xd21/0x1250 [ 71.111447][ T3076] Read of size 2 at addr ffff8880640701ce by task syz.3.16/3076 [ 71.119222][ T3076] [ 71.121536][ T3076] CPU: 1 PID: 3076 Comm: syz.3.16 Not tainted syzkaller #0 [ 71.128703][ T3076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 71.138741][ T3076] Call Trace: [ 71.142003][ T3076] [ 71.144907][ T3076] dump_stack_lvl+0x41/0x5e [ 71.149378][ T3076] print_address_description.constprop.0.cold+0x6c/0x309 [ 71.156370][ T3076] ? sysv_new_inode+0xd21/0x1250 [ 71.161282][ T3076] ? sysv_new_inode+0xd21/0x1250 [ 71.166186][ T3076] kasan_report.cold+0x83/0xdf [ 71.170922][ T3076] ? sysv_new_inode+0xd21/0x1250 [ 71.175969][ T3076] sysv_new_inode+0xd21/0x1250 [ 71.180711][ T3076] ? userns_owner+0x30/0x30 [ 71.185185][ T3076] ? apparmor_capable+0x145/0x420 [ 71.190184][ T3076] ? sysv_free_inode+0x840/0x840 [ 71.195093][ T3076] ? security_capable+0x4c/0x90 [ 71.199917][ T3076] ? generic_permission+0x286/0x590 [ 71.205125][ T3076] sysv_symlink+0x7b/0x130 [ 71.209514][ T3076] vfs_symlink+0xd7/0x250 [ 71.213839][ T3076] do_symlinkat+0x1e9/0x250 [ 71.218313][ T3076] ? __ia32_sys_unlink+0xe0/0xe0 [ 71.223333][ T3076] ? getname_flags.part.0+0x89/0x440 [ 71.228597][ T3076] __x64_sys_symlink+0x70/0x90 [ 71.233341][ T3076] do_syscall_64+0x33/0x80 [ 71.237723][ T3076] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 71.243601][ T3076] RIP: 0033:0x7f9a4b343da9 [ 71.247984][ T3076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.267560][ T3076] RSP: 002b:00007f9a4adb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 71.275939][ T3076] RAX: ffffffffffffffda RBX: 00007f9a4b55cfa0 RCX: 00007f9a4b343da9 [ 71.283880][ T3076] RDX: 0000000000000000 RSI: 000000002000acc0 RDI: 000000002000ad80 [ 71.291842][ T3076] RBP: 00007f9a4b3c52a0 R08: 0000000000000000 R09: 0000000000000000 [ 71.299802][ T3076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 71.307764][ T3076] R13: 0000000000000000 R14: 00007f9a4b55cfa0 R15: 00007fff6e7a6c78 [ 71.315709][ T3076] [ 71.318702][ T3076] [ 71.321085][ T3076] The buggy address belongs to the page: [ 71.326790][ T3076] page:ffffea0001901c00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x64070 [ 71.336928][ T3076] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 71.344163][ T3076] raw: 00fff00000000000 ffffea0001901c48 ffffea0001901bc8 0000000000000000 [ 71.352737][ T3076] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 71.361296][ T3076] page dumped because: kasan: bad access detected [ 71.367695][ T3076] page_owner tracks the page as freed [ 71.373041][ T3076] page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, ts 4102496441, free_ts 4642567896 [ 71.386039][ T3076] split_map_pages+0x1b2/0x470 [ 71.390775][ T3076] isolate_freepages_range+0x251/0x2d0 [ 71.396327][ T3076] alloc_contig_range+0x505/0x690 [ 71.401322][ T3076] alloc_contig_pages+0x338/0x470 [ 71.406314][ T3076] debug_vm_pgtable+0x6f2/0x17f5 [ 71.411217][ T3076] do_one_initcall+0xb4/0x320 [ 71.415887][ T3076] kernel_init_freeable+0x51e/0x580 [ 71.421078][ T3076] kernel_init+0x14/0x120 [ 71.425461][ T3076] ret_from_fork+0x1f/0x30 [ 71.429843][ T3076] page last free stack trace: [ 71.434482][ T3076] free_pcp_prepare+0x379/0x850 [ 71.439303][ T3076] free_unref_page+0x19/0x4b0 [ 71.443951][ T3076] free_contig_range+0x8b/0xb0 [ 71.448749][ T3076] destroy_args+0x7e/0x5d1 [ 71.453155][ T3076] debug_vm_pgtable+0x1773/0x17f5 [ 71.458145][ T3076] do_one_initcall+0xb4/0x320 [ 71.462787][ T3076] kernel_init_freeable+0x51e/0x580 [ 71.467949][ T3076] kernel_init+0x14/0x120 [ 71.472243][ T3076] ret_from_fork+0x1f/0x30 [ 71.476625][ T3076] [ 71.478917][ T3076] Memory state around the buggy address: [ 71.484512][ T3076] ffff888064070080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.492565][ T3076] ffff888064070100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.500600][ T3076] >ffff888064070180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.508627][ T3076] ^ [ 71.515011][ T3076] ffff888064070200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.523045][ T3076] ffff888064070280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 71.531075][ T3076] ================================================================== [ 71.539201][ T3076] Disabling lock debugging due to kernel taint [ 71.545903][ T3076] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.553305][ T3076] Kernel Offset: disabled [ 71.557615][ T3076] Rebooting in 86400 seconds..