Warning: Permanently added '10.128.0.111' (ED25519) to the list of known hosts. 2025/11/09 07:21:45 parsed 1 programs [ 57.531729][ T2141] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/11/09 07:21:48 executed programs: 0 [ 63.478393][ T3054] loop3: detected capacity change from 0 to 32768 [ 63.521946][ T3054] ======================================================= [ 63.521946][ T3054] WARNING: The mand mount option has been deprecated and [ 63.521946][ T3054] and is ignored by this kernel. Remove the mand [ 63.521946][ T3054] option from the mount to silence this warning. [ 63.521946][ T3054] ======================================================= [ 63.607057][ T3054] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode. [ 63.617947][ T3054] ================================================================== [ 63.626327][ T3054] BUG: KASAN: use-after-free in ocfs2_check_dir_entry.constprop.0+0x2b6/0x310 [ 63.635566][ T3054] Read of size 2 at addr ffff888067253cf0 by task syz.3.17/3054 [ 63.643909][ T3054] [ 63.646281][ T3054] CPU: 1 PID: 3054 Comm: syz.3.17 Not tainted syzkaller #0 [ 63.654165][ T3054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 63.664766][ T3054] Call Trace: [ 63.668082][ T3054] [ 63.671278][ T3054] dump_stack_lvl+0x41/0x5e [ 63.676282][ T3054] print_address_description.constprop.0.cold+0x6c/0x309 [ 63.683633][ T3054] ? ocfs2_check_dir_entry.constprop.0+0x2b6/0x310 [ 63.690441][ T3054] ? ocfs2_check_dir_entry.constprop.0+0x2b6/0x310 [ 63.696969][ T3054] kasan_report.cold+0x83/0xdf [ 63.701835][ T3054] ? ocfs2_check_dir_entry.constprop.0+0x2b6/0x310 [ 63.708852][ T3054] ocfs2_check_dir_entry.constprop.0+0x2b6/0x310 [ 63.715799][ T3054] ? ocfs2_empty_dir_filldir+0x1b0/0x1b0 [ 63.722910][ T3054] ? ocfs2_read_inode_block_full+0x160/0x160 [ 63.729576][ T3054] ? lock_acquire+0x11a/0x250 [ 63.734471][ T3054] ocfs2_dir_foreach_blk_id+0x1aa/0x960 [ 63.741097][ T3054] ? ocfs2_inode_lock_atime+0x9b/0x2c0 [ 63.747008][ T3054] ? ocfs2_find_max_rec_len.isra.0+0x170/0x170 [ 63.753427][ T3054] ? lock_acquire+0x11a/0x250 [ 63.758798][ T3054] ocfs2_readdir+0x36e/0x400 [ 63.763802][ T3054] ? ocfs2_dir_foreach+0x180/0x180 [ 63.769415][ T3054] ? fsnotify_perm.part.0+0x118/0x4c0 [ 63.774883][ T3054] iterate_dir+0x1a6/0x6d0 [ 63.779306][ T3054] __x64_sys_getdents+0x122/0x220 [ 63.784351][ T3054] ? __ia32_sys_old_readdir+0x160/0x160 [ 63.790252][ T3054] ? filldir64+0x610/0x610 [ 63.794826][ T3054] ? vtime_user_exit+0xde/0x180 [ 63.799837][ T3054] do_syscall_64+0x33/0x80 [ 63.804766][ T3054] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.811497][ T3054] RIP: 0033:0x7fc3ab9a8ba9 [ 63.815977][ T3054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.836444][ T3054] RSP: 002b:00007fc3ab819038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 63.845636][ T3054] RAX: ffffffffffffffda RBX: 00007fc3abbeffa0 RCX: 00007fc3ab9a8ba9 [ 63.854037][ T3054] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 63.862183][ T3054] RBP: 00007fc3aba2be19 R08: 0000000000000000 R09: 0000000000000000 [ 63.870745][ T3054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.879491][ T3054] R13: 00007fc3abbf0038 R14: 00007fc3abbeffa0 R15: 00007fff08fc6128 [ 63.887730][ T3054] [ 63.890815][ T3054] [ 63.893126][ T3054] The buggy address belongs to the page: [ 63.899015][ T3054] page:ffffea00019c94c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x67253 [ 63.909860][ T3054] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 63.917439][ T3054] raw: 00fff00000000000 ffffea0001a75f88 ffffea0001a44748 0000000000000000 [ 63.926266][ T3054] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 63.935181][ T3054] page dumped because: kasan: bad access detected [ 63.941858][ T3054] page_owner tracks the page as freed [ 63.947474][ T3054] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2159, ts 63531237091, free_ts 63541662763 [ 63.964035][ T3054] get_page_from_freelist+0x1369/0x31f0 [ 63.970311][ T3054] __alloc_pages+0x1b2/0x440 [ 63.975193][ T3054] alloc_pages_vma+0xe0/0x650 [ 63.979905][ T3054] __handle_mm_fault+0x1d97/0x33a0 [ 63.985261][ T3054] handle_mm_fault+0x1c5/0x5b0 [ 63.990093][ T3054] do_user_addr_fault+0x298/0xc80 [ 63.995355][ T3054] exc_page_fault+0x5a/0xb0 [ 64.000105][ T3054] asm_exc_page_fault+0x22/0x30 [ 64.005127][ T3054] copy_user_enhanced_fast_string+0xe/0x40 [ 64.011176][ T3054] copy_page_to_iter+0x3d8/0xb60 [ 64.016267][ T3054] filemap_read+0x4e1/0xab0 [ 64.021284][ T3054] blkdev_read_iter+0xfb/0x180 [ 64.026754][ T3054] new_sync_read+0x35a/0x5f0 [ 64.031371][ T3054] vfs_read+0x209/0x470 [ 64.035603][ T3054] ksys_read+0xf4/0x1d0 [ 64.039957][ T3054] do_syscall_64+0x33/0x80 [ 64.044628][ T3054] page last free stack trace: [ 64.049573][ T3054] free_pcp_prepare+0x379/0x850 [ 64.054583][ T3054] free_unref_page_list+0x16f/0xbd0 [ 64.060136][ T3054] release_pages+0xb3a/0x1480 [ 64.065240][ T3054] tlb_finish_mmu+0x127/0x790 [ 64.070320][ T3054] unmap_region+0x298/0x390 [ 64.075168][ T3054] __do_munmap+0x47e/0x10d0 [ 64.080071][ T3054] __vm_munmap+0xd2/0x1a0 [ 64.084873][ T3054] __x64_sys_munmap+0x5d/0x80 [ 64.089869][ T3054] do_syscall_64+0x33/0x80 [ 64.094743][ T3054] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.102026][ T3054] [ 64.104535][ T3054] Memory state around the buggy address: [ 64.110779][ T3054] ffff888067253b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.119094][ T3054] ffff888067253c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.128956][ T3054] >ffff888067253c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.138317][ T3054] ^ [ 64.147949][ T3054] ffff888067253d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.157734][ T3054] ffff888067253d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.166683][ T3054] ================================================================== [ 64.176008][ T3054] Disabling lock debugging due to kernel taint [ 64.183729][ T3054] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 64.191748][ T3054] Kernel Offset: disabled [ 64.196167][ T3054] Rebooting in 86400 seconds..