Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts. 2025/07/07 22:14:38 ignoring optional flag "sandboxArg"="0" 2025/07/07 22:14:39 parsed 1 programs [ 72.671951][ T2160] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/07/07 22:14:47 executed programs: 0 2025/07/07 22:14:53 executed programs: 2 [ 86.680689][ T3078] loop3: detected capacity change from 0 to 32768 [ 86.687546][ T3078] ======================================================= [ 86.687546][ T3078] WARNING: The mand mount option has been deprecated and [ 86.687546][ T3078] and is ignored by this kernel. Remove the mand [ 86.687546][ T3078] option from the mount to silence this warning. [ 86.687546][ T3078] ======================================================= [ 86.730023][ T3078] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 86.740344][ T3078] (syz.3.16,3078,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 86.762670][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 86.886440][ T3083] loop3: detected capacity change from 0 to 32768 [ 86.901355][ T3083] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 86.911841][ T3083] (syz.3.17,3083,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=64591, inode=0, rec_len=0, name_len=0 [ 86.933021][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.065243][ T3087] loop3: detected capacity change from 0 to 32768 [ 87.082345][ T3087] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.092252][ T3087] (syz.3.18,3087,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=72057597259162624, rec_len=0, name_len=0 [ 87.114736][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.237306][ T3091] loop3: detected capacity change from 0 to 32768 [ 87.252216][ T3091] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.262100][ T3091] (syz.3.19,3091,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 87.283216][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.417761][ T3095] loop3: detected capacity change from 0 to 32768 [ 87.433485][ T3095] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.443555][ T3095] (syz.3.20,3095,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 87.464551][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.597459][ T3099] loop3: detected capacity change from 0 to 32768 [ 87.613096][ T3099] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.623189][ T3099] (syz.3.21,3099,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 87.644541][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.777818][ T3103] loop3: detected capacity change from 0 to 32768 [ 87.794718][ T3103] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.805294][ T3103] (syz.3.22,3103,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 87.827786][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 87.957412][ T3107] loop3: detected capacity change from 0 to 32768 [ 87.974435][ T3107] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.984541][ T3107] (syz.3.23,3107,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=26105, inode=0, rec_len=0, name_len=0 [ 88.005606][ T2659] ocfs2: Unmounting device (7,3) on (node local) [ 88.138531][ T3111] loop3: detected capacity change from 0 to 32768 [ 88.154947][ T3111] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 88.164909][ T3111] ================================================================== [ 88.172985][ T3111] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0xef9/0x1610 [ 88.180971][ T3111] Read of size 2 at addr ffff88806989c8c9 by task syz.3.24/3111 [ 88.188590][ T3111] [ 88.190919][ T3111] CPU: 0 PID: 3111 Comm: syz.3.24 Not tainted 6.1.143-syzkaller #0 [ 88.198802][ T3111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.208856][ T3111] Call Trace: [ 88.212129][ T3111] [ 88.215049][ T3111] dump_stack_lvl+0xdc/0x15b [ 88.219637][ T3111] ? show_regs_print_info+0x5/0x5 [ 88.224731][ T3111] ? load_image+0x550/0x550 [ 88.229221][ T3111] ? _raw_spin_lock_irqsave+0xa2/0xe0 [ 88.235177][ T3111] ? __virt_addr_valid+0x139/0x270 [ 88.240256][ T3111] ? __virt_addr_valid+0x21a/0x270 [ 88.245331][ T3111] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 88.250843][ T3111] print_report+0xa8/0x220 [ 88.255223][ T3111] kasan_report+0x10b/0x140 [ 88.259702][ T3111] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 88.265213][ T3111] ocfs2_dir_foreach_blk+0xef9/0x1610 [ 88.270553][ T3111] ? __lock_acquire+0xc40/0xc40 [ 88.275375][ T3111] ? _raw_spin_unlock+0x24/0x40 [ 88.280195][ T3111] ? ocfs2_dir_foreach+0x140/0x140 [ 88.285276][ T3111] ? ocfs2_inode_lock_atime+0xc7/0x420 [ 88.290706][ T3111] ? ocfs2_inode_lock_with_page+0x250/0x250 [ 88.296568][ T3111] ? read_lock_is_recursive+0x10/0x10 [ 88.301908][ T3111] ocfs2_readdir+0x194/0x2f0 [ 88.306467][ T3111] ? ocfs2_dir_foreach_blk+0x1610/0x1610 [ 88.312077][ T3111] ? down_write+0x1a0/0x1a0 [ 88.316637][ T3111] ? common_file_perm+0x123/0x1d0 [ 88.321655][ T3111] ? fsnotify_perm+0x121/0x440 [ 88.326388][ T3111] iterate_dir+0x1cc/0x490 [ 88.330776][ T3111] __se_sys_getdents+0xc9/0x190 [ 88.335595][ T3111] ? __x64_sys_getdents+0x80/0x80 [ 88.340589][ T3111] ? fillonedir+0x350/0x350 [ 88.345176][ T3111] ? rcu_is_watching+0x1b/0x90 [ 88.349999][ T3111] ? switch_fpu_return+0xc7/0x130 [ 88.354991][ T3111] do_syscall_64+0x4c/0xa0 [ 88.359376][ T3111] ? clear_bhb_loop+0x60/0xb0 [ 88.364031][ T3111] ? clear_bhb_loop+0x60/0xb0 [ 88.368762][ T3111] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.374630][ T3111] RIP: 0033:0x7fbe7ab8cda9 [ 88.379015][ T3111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.398694][ T3111] RSP: 002b:00007fbe7a9ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 88.407081][ T3111] RAX: ffffffffffffffda RBX: 00007fbe7ada5fa0 RCX: 00007fbe7ab8cda9 [ 88.415023][ T3111] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 88.423049][ T3111] RBP: 00007fbe7ac0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 88.430996][ T3111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.438936][ T3111] R13: 0000000000000000 R14: 00007fbe7ada5fa0 R15: 00007ffea2003e08 [ 88.446880][ T3111] [ 88.449878][ T3111] [ 88.452179][ T3111] The buggy address belongs to the physical page: [ 88.458566][ T3111] page:ffffea0001a62700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6989c [ 88.468713][ T3111] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 88.475803][ T3111] raw: 00fff00000000000 ffffea0001a62748 ffffea0001a626c8 0000000000000000 [ 88.484356][ T3111] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 88.492990][ T3111] page dumped because: kasan: bad access detected [ 88.499386][ T3111] page_owner tracks the page as freed [ 88.504726][ T3111] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3107, tgid 3106 (syz.3.23), ts 87928606021, free_ts 88067741319 [ 88.522139][ T3111] post_alloc_hook+0x257/0x280 [ 88.526879][ T3111] get_page_from_freelist+0x2ce1/0x2e20 [ 88.532388][ T3111] __alloc_pages+0x1df/0x420 [ 88.536943][ T3111] __folio_alloc+0xe/0x30 [ 88.541241][ T3111] vma_alloc_folio+0x482/0x9d0 [ 88.546062][ T3111] shmem_alloc_and_acct_folio+0x3b0/0x930 [ 88.551752][ T3111] shmem_get_folio_gfp+0x10a5/0x23f0 [ 88.557026][ T3111] shmem_write_begin+0xd2/0x2d0 [ 88.561849][ T3111] generic_perform_write+0x2c1/0x4b0 [ 88.567120][ T3111] __generic_file_write_iter+0x1ea/0x490 [ 88.572740][ T3111] generic_file_write_iter+0x9a/0x240 [ 88.578223][ T3111] vfs_write+0x4a6/0x9c0 [ 88.582439][ T3111] ksys_write+0xfc/0x1c0 [ 88.586659][ T3111] do_syscall_64+0x4c/0xa0 [ 88.591059][ T3111] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.596933][ T3111] page last free stack trace: [ 88.601593][ T3111] free_unref_page_prepare+0x821/0x8f0 [ 88.607029][ T3111] free_unref_page_list+0xb8/0x810 [ 88.612112][ T3111] release_pages+0x1447/0x15d0 [ 88.616848][ T3111] __pagevec_release+0x5c/0xd0 [ 88.621598][ T3111] shmem_undo_range+0x5d4/0x1950 [ 88.626524][ T3111] shmem_evict_inode+0x3be/0x8f0 [ 88.631464][ T3111] evict+0x3dd/0x810 [ 88.635330][ T3111] __dentry_kill+0x379/0x5d0 [ 88.639894][ T3111] dentry_kill+0xbb/0x1e0 [ 88.644194][ T3111] dput+0x143/0x290 [ 88.647971][ T3111] __fput+0x35a/0x6f0 [ 88.651925][ T3111] task_work_run+0x142/0x1d0 [ 88.656492][ T3111] exit_to_user_mode_loop+0xb9/0xd0 [ 88.661672][ T3111] exit_to_user_mode_prepare+0x64/0xb0 [ 88.667101][ T3111] syscall_exit_to_user_mode+0x16/0x30 [ 88.672540][ T3111] do_syscall_64+0x58/0xa0 [ 88.677104][ T3111] [ 88.679400][ T3111] Memory state around the buggy address: [ 88.685259][ T3111] ffff88806989c780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.693723][ T3111] ffff88806989c800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.701842][ T3111] >ffff88806989c880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.709908][ T3111] ^ [ 88.716288][ T3111] ffff88806989c900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.724326][ T3111] ffff88806989c980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 88.732354][ T3111] ================================================================== [ 88.741142][ T3111] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 88.748631][ T3111] Kernel Offset: disabled [ 88.752942][ T3111] Rebooting in 86400 seconds..