Warning: Permanently added '10.128.0.206' (ED25519) to the list of known hosts.
2025/04/10 03:00:06 ignoring optional flag "sandboxArg"="0"
2025/04/10 03:00:07 parsed 1 programs
[   68.512980][ T2141] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/04/10 03:00:15 executed programs: 0
2025/04/10 03:00:22 executed programs: 2
[   83.079065][ T3060] loop3: detected capacity change from 0 to 32768
[   83.086294][ T3060] =======================================================
[   83.086294][ T3060] WARNING: The mand mount option has been deprecated and
[   83.086294][ T3060]          and is ignored by this kernel. Remove the mand
[   83.086294][ T3060]          option from the mount to silence this warning.
[   83.086294][ T3060] =======================================================
[   83.128968][ T3060] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   83.139249][ T3060] (syz.3.16,3060,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=59515, inode=0, rec_len=0, name_len=0
[   83.161454][ T2641] ocfs2: Unmounting device (7,3) on (node local)
[   83.322610][ T3065] loop3: detected capacity change from 0 to 32768
[   83.336595][ T3065] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   83.347298][ T3065] (syz.3.17,3065,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0
[   83.367786][ T2641] ocfs2: Unmounting device (7,3) on (node local)
[   83.531804][ T3069] loop3: detected capacity change from 0 to 32768
[   83.544495][ T3069] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   83.554754][ T3069] (syz.3.18,3069,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0
[   83.576159][ T2641] ocfs2: Unmounting device (7,3) on (node local)
[   83.739664][ T3073] loop3: detected capacity change from 0 to 32768
[   83.752294][ T3073] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   83.763000][ T3073] (syz.3.19,3073,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0
[   83.784337][ T2641] ocfs2: Unmounting device (7,3) on (node local)
[   83.952893][ T3077] loop3: detected capacity change from 0 to 32768
[   83.967045][ T3077] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   83.977325][ T3077] ==================================================================
[   83.985512][ T3077] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0x1133/0x1940
[   83.993512][ T3077] Read of size 2 at addr ffff88806383d8c9 by task syz.3.20/3077
[   84.001125][ T3077] 
[   84.003441][ T3077] CPU: 0 PID: 3077 Comm: syz.3.20 Not tainted 6.1.133-syzkaller #0
[   84.011419][ T3077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   84.021505][ T3077] Call Trace:
[   84.024803][ T3077]  <TASK>
[   84.027724][ T3077]  dump_stack_lvl+0xf4/0x251
[   84.032409][ T3077]  ? nf_tcp_handle_invalid+0x2f3/0x2f3
[   84.037858][ T3077]  ? panic+0x3fe/0x3fe
[   84.041912][ T3077]  ? lock_acquire+0xbe/0x390
[   84.046526][ T3077]  ? read_lock_is_recursive+0x10/0x10
[   84.051880][ T3077]  ? __virt_addr_valid+0x139/0x270
[   84.057109][ T3077]  ? __virt_addr_valid+0x221/0x270
[   84.062202][ T3077]  print_report+0x15f/0x4f0
[   84.066691][ T3077]  ? __virt_addr_valid+0x139/0x270
[   84.071788][ T3077]  ? __virt_addr_valid+0x221/0x270
[   84.076875][ T3077]  ? ocfs2_dir_foreach_blk+0x1133/0x1940
[   84.082493][ T3077]  kasan_report+0x136/0x160
[   84.086984][ T3077]  ? ocfs2_dir_foreach_blk+0x1133/0x1940
[   84.092603][ T3077]  ocfs2_dir_foreach_blk+0x1133/0x1940
[   84.098051][ T3077]  ? read_lock_is_recursive+0x10/0x10
[   84.103409][ T3077]  ? ocfs2_dir_foreach+0x1c0/0x1c0
[   84.108563][ T3077]  ? ocfs2_should_update_atime+0xdb/0x3d0
[   84.114274][ T3077]  ? ocfs2_inode_lock_atime+0xc8/0x4a0
[   84.119715][ T3077]  ? ocfs2_inode_lock_with_page+0x290/0x290
[   84.125621][ T3077]  ? read_lock_is_recursive+0x10/0x10
[   84.130976][ T3077]  ? __fget_files+0x2d/0x2c0
[   84.135571][ T3077]  ocfs2_readdir+0x1ca/0x410
[   84.140165][ T3077]  ? ocfs2_dir_foreach_blk+0x1940/0x1940
[   84.145781][ T3077]  ? down_write+0x1d0/0x1d0
[   84.150270][ T3077]  ? common_file_perm+0x130/0x1e0
[   84.155286][ T3077]  ? fsnotify_perm+0x120/0x440
[   84.160045][ T3077]  iterate_dir+0x1fa/0x500
[   84.164547][ T3077]  __se_sys_getdents+0x1b3/0x3d0
[   84.169473][ T3077]  ? __x64_sys_getdents+0x80/0x80
[   84.174541][ T3077]  ? fillonedir+0x300/0x300
[   84.179040][ T3077]  ? switch_fpu_return+0xc9/0x130
[   84.184161][ T3077]  do_syscall_64+0x3b/0x80
[   84.188612][ T3077]  ? clear_bhb_loop+0x45/0xa0
[   84.193488][ T3077]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   84.199402][ T3077] RIP: 0033:0x7f20ce58cda9
[   84.203909][ T3077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.223515][ T3077] RSP: 002b:00007f20cf47a038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[   84.231985][ T3077] RAX: ffffffffffffffda RBX: 00007f20ce7a5fa0 RCX: 00007f20ce58cda9
[   84.239948][ T3077] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004
[   84.248011][ T3077] RBP: 00007f20ce60e2a0 R08: 0000000000000000 R09: 0000000000000000
[   84.255982][ T3077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.263936][ T3077] R13: 0000000000000000 R14: 00007f20ce7a5fa0 R15: 00007ffc68beb728
[   84.271896][ T3077]  </TASK>
[   84.274899][ T3077] 
[   84.277217][ T3077] The buggy address belongs to the physical page:
[   84.283625][ T3077] page:ffffea00018e0f40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6383d
[   84.294015][ T3077] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.301124][ T3077] raw: 00fff00000000000 ffffea00018e0f88 ffffea00018e0f08 0000000000000000
[   84.309868][ T3077] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   84.318445][ T3077] page dumped because: kasan: bad access detected
[   84.324935][ T3077] page_owner tracks the page as freed
[   84.330301][ T3077] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3073, tgid 3072 (syz.3.19), ts 83733588408, free_ts 83833693959
[   84.347674][ T3077]  post_alloc_hook+0x286/0x2b0
[   84.352574][ T3077]  get_page_from_freelist+0x340b/0x35b0
[   84.358134][ T3077]  __alloc_pages+0x251/0x640
[   84.362732][ T3077]  __folio_alloc+0xf/0x30
[   84.367055][ T3077]  vma_alloc_folio+0x484/0x9e0
[   84.371802][ T3077]  shmem_alloc_and_acct_folio+0x44a/0xaf0
[   84.377499][ T3077]  shmem_get_folio_gfp+0x1197/0x25e0
[   84.382766][ T3077]  shmem_write_begin+0x159/0x400
[   84.387683][ T3077]  generic_perform_write+0x2f1/0x530
[   84.393035][ T3077]  __generic_file_write_iter+0x13e/0x2f0
[   84.398652][ T3077]  generic_file_write_iter+0x99/0x230
[   84.404012][ T3077]  vfs_write+0x99b/0xcf0
[   84.408239][ T3077]  ksys_write+0x15f/0x240
[   84.412554][ T3077]  do_syscall_64+0x3b/0x80
[   84.416959][ T3077]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   84.422937][ T3077] page last free stack trace:
[   84.427620][ T3077]  free_unref_page_prepare+0x10b7/0x13b0
[   84.433352][ T3077]  free_unref_page_list+0x54b/0x7e0
[   84.438560][ T3077]  release_pages+0x1c13/0x1dc0
[   84.443581][ T3077]  __pagevec_release+0x62/0xd0
[   84.448327][ T3077]  shmem_undo_range+0x66b/0x1b00
[   84.453245][ T3077]  shmem_evict_inode+0x354/0x860
[   84.458179][ T3077]  evict+0x486/0x8c0
[   84.462102][ T3077]  __dentry_kill+0x380/0x5d0
[   84.466689][ T3077]  dentry_kill+0xbb/0x1e0
[   84.471013][ T3077]  dput+0x154/0x2d0
[   84.474817][ T3077]  __fput+0x369/0x720
[   84.478783][ T3077]  task_work_run+0x206/0x280
[   84.483358][ T3077]  exit_to_user_mode_loop+0xa9/0xc0
[   84.488544][ T3077]  exit_to_user_mode_prepare+0x64/0xb0
[   84.493993][ T3077]  syscall_exit_to_user_mode+0x27/0x1b0
[   84.499558][ T3077]  do_syscall_64+0x47/0x80
[   84.503993][ T3077] 
[   84.506324][ T3077] Memory state around the buggy address:
[   84.511964][ T3077]  ffff88806383d780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.520107][ T3077]  ffff88806383d800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.528272][ T3077] >ffff88806383d880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.536356][ T3077]                                               ^
[   84.542768][ T3077]  ffff88806383d900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.550826][ T3077]  ffff88806383d980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   84.558884][ T3077] ==================================================================
[   84.567604][ T3077] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.575109][ T3077] Kernel Offset: disabled
[   84.579426][ T3077] Rebooting in 86400 seconds..