Warning: Permanently added '10.128.1.251' (ED25519) to the list of known hosts. 2025/10/20 11:33:15 parsed 1 programs [ 65.734610][ T2160] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/10/20 11:33:23 executed programs: 0 2025/10/20 11:33:30 executed programs: 2 [ 79.940299][ T3079] loop3: detected capacity change from 0 to 32768 [ 79.949552][ T3079] ======================================================= [ 79.949552][ T3079] WARNING: The mand mount option has been deprecated and [ 79.949552][ T3079] and is ignored by this kernel. Remove the mand [ 79.949552][ T3079] option from the mount to silence this warning. [ 79.949552][ T3079] ======================================================= [ 79.992761][ T3079] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 80.002802][ T3079] ================================================================== [ 80.010890][ T3079] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0xef9/0x1610 [ 80.018884][ T3079] Read of size 2 at addr ffff8880655398c9 by task syz.3.16/3079 [ 80.026601][ T3079] [ 80.028935][ T3079] CPU: 0 PID: 3079 Comm: syz.3.16 Not tainted syzkaller #0 [ 80.036206][ T3079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 80.046255][ T3079] Call Trace: [ 80.049514][ T3079] [ 80.052441][ T3079] dump_stack_lvl+0xdc/0x15b [ 80.057018][ T3079] ? show_regs_print_info+0x5/0x5 [ 80.062018][ T3079] ? load_image+0x550/0x550 [ 80.066495][ T3079] ? _raw_spin_lock_irqsave+0xa2/0xe0 [ 80.072018][ T3079] ? __virt_addr_valid+0x139/0x270 [ 80.077118][ T3079] ? __virt_addr_valid+0x21a/0x270 [ 80.082302][ T3079] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 80.087823][ T3079] print_report+0xa8/0x210 [ 80.092317][ T3079] kasan_report+0x10b/0x140 [ 80.096793][ T3079] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 80.102398][ T3079] ocfs2_dir_foreach_blk+0xef9/0x1610 [ 80.107753][ T3079] ? __lock_acquire+0xc40/0xc40 [ 80.112600][ T3079] ? _raw_spin_unlock+0x24/0x40 [ 80.117436][ T3079] ? ocfs2_dir_foreach+0x140/0x140 [ 80.122530][ T3079] ? ocfs2_inode_lock_atime+0xc7/0x420 [ 80.128050][ T3079] ? ocfs2_inode_lock_with_page+0x250/0x250 [ 80.134001][ T3079] ? read_lock_is_recursive+0x10/0x10 [ 80.139488][ T3079] ocfs2_readdir+0x194/0x2f0 [ 80.144149][ T3079] ? ocfs2_dir_foreach_blk+0x1610/0x1610 [ 80.149751][ T3079] ? down_write+0x1a0/0x1a0 [ 80.154246][ T3079] ? common_file_perm+0x123/0x1d0 [ 80.159246][ T3079] ? fsnotify_perm+0x121/0x440 [ 80.163997][ T3079] iterate_dir+0x1cc/0x490 [ 80.168433][ T3079] __se_sys_getdents+0xc9/0x190 [ 80.173347][ T3079] ? __x64_sys_getdents+0x80/0x80 [ 80.178344][ T3079] ? fillonedir+0x350/0x350 [ 80.182820][ T3079] ? rcu_is_watching+0x1b/0x90 [ 80.187655][ T3079] ? switch_fpu_return+0xc7/0x130 [ 80.192669][ T3079] do_syscall_64+0x4c/0xa0 [ 80.197079][ T3079] ? clear_bhb_loop+0x60/0xb0 [ 80.201913][ T3079] ? clear_bhb_loop+0x60/0xb0 [ 80.206564][ T3079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.212431][ T3079] RIP: 0033:0x7fd3ab58cda9 [ 80.216836][ T3079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.236689][ T3079] RSP: 002b:00007fd3ac46c038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 80.245184][ T3079] RAX: ffffffffffffffda RBX: 00007fd3ab7a5fa0 RCX: 00007fd3ab58cda9 [ 80.253244][ T3079] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 80.261201][ T3079] RBP: 00007fd3ab60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 80.269175][ T3079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.277124][ T3079] R13: 0000000000000000 R14: 00007fd3ab7a5fa0 R15: 00007ffde92fb618 [ 80.285075][ T3079] [ 80.288072][ T3079] [ 80.290371][ T3079] The buggy address belongs to the physical page: [ 80.296754][ T3079] page:ffffea0001954e40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x65539 [ 80.307069][ T3079] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 80.314265][ T3079] raw: 00fff00000000000 ffffea0001954e88 ffffea0001954e08 0000000000000000 [ 80.322908][ T3079] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 80.331569][ T3079] page dumped because: kasan: bad access detected [ 80.337963][ T3079] page_owner tracks the page as freed [ 80.343649][ T3079] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3080, tgid 3080 (udevd), ts 79967085040, free_ts 79971791187 [ 80.361816][ T3079] post_alloc_hook+0x257/0x280 [ 80.366566][ T3079] get_page_from_freelist+0x2ce1/0x2e20 [ 80.372289][ T3079] __alloc_pages+0x1df/0x420 [ 80.376852][ T3079] __folio_alloc+0xe/0x30 [ 80.381153][ T3079] vma_alloc_folio+0x482/0x9d0 [ 80.385925][ T3079] handle_mm_fault+0x2001/0x3460 [ 80.390835][ T3079] do_user_addr_fault+0x2ff/0x6e0 [ 80.395932][ T3079] exc_page_fault+0x4e/0xb0 [ 80.400415][ T3079] asm_exc_page_fault+0x22/0x30 [ 80.405704][ T3079] page last free stack trace: [ 80.410555][ T3079] free_unref_page_prepare+0x821/0x8f0 [ 80.415991][ T3079] free_unref_page_list+0xb8/0x810 [ 80.421076][ T3079] release_pages+0x1447/0x15d0 [ 80.425992][ T3079] tlb_flush_mmu+0xe8/0x1d0 [ 80.430509][ T3079] tlb_finish_mmu+0xa4/0x180 [ 80.435071][ T3079] unmap_region+0x268/0x2c0 [ 80.439680][ T3079] do_mas_align_munmap+0x968/0xe80 [ 80.444866][ T3079] __vm_munmap+0x179/0x240 [ 80.449394][ T3079] __x64_sys_munmap+0x57/0x60 [ 80.454057][ T3079] do_syscall_64+0x4c/0xa0 [ 80.458467][ T3079] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.464543][ T3079] [ 80.466945][ T3079] Memory state around the buggy address: [ 80.472560][ T3079] ffff888065539780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.480856][ T3079] ffff888065539800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.489171][ T3079] >ffff888065539880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.497378][ T3079] ^ [ 80.503787][ T3079] ffff888065539900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.512084][ T3079] ffff888065539980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.520305][ T3079] ================================================================== [ 80.529753][ T3079] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.537268][ T3079] Kernel Offset: disabled [ 80.541590][ T3079] Rebooting in 86400 seconds..