Warning: Permanently added '10.128.1.253' (ED25519) to the list of known hosts. 2025/08/08 14:05:29 ignoring optional flag "sandboxArg"="0" 2025/08/08 14:05:30 parsed 1 programs [ 77.715173][ T2157] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/08/08 14:05:40 executed programs: 0 2025/08/08 14:05:48 executed programs: 2 [ 95.491469][ T3076] loop3: detected capacity change from 0 to 32768 [ 95.498414][ T3076] ======================================================= [ 95.498414][ T3076] WARNING: The mand mount option has been deprecated and [ 95.498414][ T3076] and is ignored by this kernel. Remove the mand [ 95.498414][ T3076] option from the mount to silence this warning. [ 95.498414][ T3076] ======================================================= [ 95.541936][ T3076] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 95.552360][ T3076] ================================================================== [ 95.560458][ T3076] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.568555][ T3076] Read of size 2 at addr ffff888068a608c9 by task syz.3.16/3076 [ 95.576372][ T3076] [ 95.578722][ T3076] CPU: 1 PID: 3076 Comm: syz.3.16 Not tainted 6.1.147-syzkaller #0 [ 95.586714][ T3076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.596793][ T3076] Call Trace: [ 95.600086][ T3076] [ 95.603036][ T3076] dump_stack_lvl+0xdc/0x15b [ 95.607847][ T3076] ? show_regs_print_info+0x5/0x5 [ 95.612878][ T3076] ? load_image+0x550/0x550 [ 95.617387][ T3076] ? _raw_spin_lock_irqsave+0xa2/0xe0 [ 95.622759][ T3076] ? __virt_addr_valid+0x139/0x270 [ 95.627949][ T3076] ? __virt_addr_valid+0x21a/0x270 [ 95.633049][ T3076] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.638605][ T3076] print_report+0xa8/0x200 [ 95.643017][ T3076] kasan_report+0x10b/0x140 [ 95.647595][ T3076] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.653212][ T3076] ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.658661][ T3076] ? __lock_acquire+0xc40/0xc40 [ 95.663524][ T3076] ? _raw_spin_unlock+0x24/0x40 [ 95.668372][ T3076] ? ocfs2_dir_foreach+0x140/0x140 [ 95.673471][ T3076] ? ocfs2_inode_lock_atime+0xc7/0x420 [ 95.678915][ T3076] ? ocfs2_inode_lock_with_page+0x250/0x250 [ 95.684815][ T3076] ? read_lock_is_recursive+0x10/0x10 [ 95.690186][ T3076] ocfs2_readdir+0x194/0x2f0 [ 95.694864][ T3076] ? ocfs2_dir_foreach_blk+0x1610/0x1610 [ 95.700485][ T3076] ? down_write+0x1a0/0x1a0 [ 95.704979][ T3076] ? common_file_perm+0x123/0x1d0 [ 95.710022][ T3076] ? fsnotify_perm+0x121/0x440 [ 95.714795][ T3076] iterate_dir+0x1cc/0x490 [ 95.719233][ T3076] __se_sys_getdents+0xc9/0x190 [ 95.724073][ T3076] ? __x64_sys_getdents+0x80/0x80 [ 95.729113][ T3076] ? fillonedir+0x350/0x350 [ 95.733797][ T3076] ? rcu_is_watching+0x1b/0x90 [ 95.738556][ T3076] ? switch_fpu_return+0xc7/0x130 [ 95.743699][ T3076] do_syscall_64+0x4c/0xa0 [ 95.748115][ T3076] ? clear_bhb_loop+0x60/0xb0 [ 95.752874][ T3076] ? clear_bhb_loop+0x60/0xb0 [ 95.757548][ T3076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 95.763616][ T3076] RIP: 0033:0x7fb89218cda9 [ 95.768033][ T3076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.788027][ T3076] RSP: 002b:00007fb892f79038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 95.796438][ T3076] RAX: ffffffffffffffda RBX: 00007fb8923a5fa0 RCX: 00007fb89218cda9 [ 95.804412][ T3076] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 95.812376][ T3076] RBP: 00007fb89220e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 95.820340][ T3076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.828401][ T3076] R13: 0000000000000000 R14: 00007fb8923a5fa0 R15: 00007ffda61d2a08 [ 95.836453][ T3076] [ 95.839508][ T3076] [ 95.841823][ T3076] The buggy address belongs to the physical page: [ 95.848316][ T3076] page:ffffea0001a29800 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x68a60 [ 95.858455][ T3076] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 95.865618][ T3076] raw: 00fff00000000000 ffffea0001a297c8 ffffea0001917f08 0000000000000000 [ 95.874191][ T3076] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 95.882761][ T3076] page dumped because: kasan: bad access detected [ 95.889173][ T3076] page_owner tracks the page as freed [ 95.894534][ T3076] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3077, tgid 3077 (udevd), ts 95525849329, free_ts 95549874032 [ 95.912686][ T3076] post_alloc_hook+0x257/0x280 [ 95.917447][ T3076] get_page_from_freelist+0x2ce1/0x2e20 [ 95.923006][ T3076] __alloc_pages+0x1df/0x420 [ 95.927587][ T3076] __folio_alloc+0xe/0x30 [ 95.931900][ T3076] vma_alloc_folio+0x482/0x9d0 [ 95.936669][ T3076] handle_mm_fault+0x2016/0x3470 [ 95.941601][ T3076] do_user_addr_fault+0x2ff/0x6e0 [ 95.946617][ T3076] exc_page_fault+0x4e/0xb0 [ 95.951131][ T3076] asm_exc_page_fault+0x22/0x30 [ 95.956061][ T3076] page last free stack trace: [ 95.960730][ T3076] free_unref_page_prepare+0x821/0x8f0 [ 95.966179][ T3076] free_unref_page_list+0xb8/0x810 [ 95.971280][ T3076] release_pages+0x1447/0x15d0 [ 95.976027][ T3076] tlb_flush_mmu+0xe8/0x1d0 [ 95.980520][ T3076] tlb_finish_mmu+0xa4/0x180 [ 95.985104][ T3076] unmap_region+0x268/0x2c0 [ 95.989618][ T3076] do_mas_align_munmap+0x968/0xe80 [ 95.994720][ T3076] __vm_munmap+0x179/0x240 [ 95.999121][ T3076] __x64_sys_munmap+0x57/0x60 [ 96.003779][ T3076] do_syscall_64+0x4c/0xa0 [ 96.008178][ T3076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 96.014065][ T3076] [ 96.016390][ T3076] Memory state around the buggy address: [ 96.022015][ T3076] ffff888068a60780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.030242][ T3076] ffff888068a60800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.038332][ T3076] >ffff888068a60880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.046378][ T3076] ^ [ 96.052865][ T3076] ffff888068a60900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.060948][ T3076] ffff888068a60980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.069047][ T3076] ================================================================== [ 96.079455][ T3076] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.086985][ T3076] Kernel Offset: disabled [ 96.091434][ T3076] Rebooting in 86400 seconds..