Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. 2025/09/15 08:49:07 parsed 1 programs [ 66.440333][ T2160] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/09/15 08:49:14 executed programs: 0 2025/09/15 08:49:20 executed programs: 2 [ 78.767242][ T3078] loop3: detected capacity change from 0 to 32768 [ 78.774263][ T3078] ======================================================= [ 78.774263][ T3078] WARNING: The mand mount option has been deprecated and [ 78.774263][ T3078] and is ignored by this kernel. Remove the mand [ 78.774263][ T3078] option from the mount to silence this warning. [ 78.774263][ T3078] ======================================================= [ 78.817324][ T3078] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 78.827703][ T3078] ================================================================== [ 78.835806][ T3078] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0xef9/0x1610 [ 78.843714][ T3078] Read of size 2 at addr ffff8880688da8c9 by task syz.3.16/3078 [ 78.851349][ T3078] [ 78.853686][ T3078] CPU: 1 PID: 3078 Comm: syz.3.16 Not tainted syzkaller #0 [ 78.860885][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 78.870972][ T3078] Call Trace: [ 78.874232][ T3078] [ 78.877138][ T3078] dump_stack_lvl+0xdc/0x15b [ 78.881703][ T3078] ? show_regs_print_info+0x5/0x5 [ 78.886789][ T3078] ? load_image+0x550/0x550 [ 78.891374][ T3078] ? _raw_spin_lock_irqsave+0xa2/0xe0 [ 78.896852][ T3078] ? __virt_addr_valid+0x139/0x270 [ 78.901941][ T3078] ? __virt_addr_valid+0x21a/0x270 [ 78.907042][ T3078] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 78.912731][ T3078] print_report+0xa8/0x210 [ 78.917131][ T3078] kasan_report+0x10b/0x140 [ 78.921618][ T3078] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 78.927142][ T3078] ocfs2_dir_foreach_blk+0xef9/0x1610 [ 78.932492][ T3078] ? __lock_acquire+0xc40/0xc40 [ 78.937387][ T3078] ? _raw_spin_unlock+0x24/0x40 [ 78.942847][ T3078] ? ocfs2_dir_foreach+0x140/0x140 [ 78.947976][ T3078] ? ocfs2_inode_lock_atime+0xc7/0x420 [ 78.953492][ T3078] ? ocfs2_inode_lock_with_page+0x250/0x250 [ 78.959367][ T3078] ? read_lock_is_recursive+0x10/0x10 [ 78.964892][ T3078] ocfs2_readdir+0x194/0x2f0 [ 78.969457][ T3078] ? ocfs2_dir_foreach_blk+0x1610/0x1610 [ 78.975059][ T3078] ? down_write+0x1a0/0x1a0 [ 78.979543][ T3078] ? common_file_perm+0x123/0x1d0 [ 78.984539][ T3078] ? fsnotify_perm+0x121/0x440 [ 78.989282][ T3078] iterate_dir+0x1cc/0x490 [ 78.993822][ T3078] __se_sys_getdents+0xc9/0x190 [ 78.998657][ T3078] ? __x64_sys_getdents+0x80/0x80 [ 79.003660][ T3078] ? fillonedir+0x350/0x350 [ 79.008139][ T3078] ? rcu_is_watching+0x1b/0x90 [ 79.013058][ T3078] ? switch_fpu_return+0xc7/0x130 [ 79.018056][ T3078] do_syscall_64+0x4c/0xa0 [ 79.022532][ T3078] ? clear_bhb_loop+0x60/0xb0 [ 79.027282][ T3078] ? clear_bhb_loop+0x60/0xb0 [ 79.031926][ T3078] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.037789][ T3078] RIP: 0033:0x7f2fe638cda9 [ 79.042170][ T3078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.062104][ T3078] RSP: 002b:00007f2fe712e038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 79.070587][ T3078] RAX: ffffffffffffffda RBX: 00007f2fe65a5fa0 RCX: 00007f2fe638cda9 [ 79.078811][ T3078] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 79.086864][ T3078] RBP: 00007f2fe640e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 79.094917][ T3078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 79.103126][ T3078] R13: 0000000000000000 R14: 00007f2fe65a5fa0 R15: 00007fff94d2af88 [ 79.111118][ T3078] [ 79.114323][ T3078] [ 79.116658][ T3078] The buggy address belongs to the physical page: [ 79.123138][ T3078] page:ffffea0001a23680 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x688da [ 79.133274][ T3078] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 79.140373][ T3078] raw: 00fff00000000000 ffffea0001a47048 ffffea0001a23d88 0000000000000000 [ 79.149025][ T3078] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 79.157585][ T3078] page dumped because: kasan: bad access detected [ 79.164154][ T3078] page_owner tracks the page as freed [ 79.169495][ T3078] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3079, tgid 3079 (udevd), ts 78798947356, free_ts 78815876850 [ 79.187631][ T3078] post_alloc_hook+0x257/0x280 [ 79.192379][ T3078] get_page_from_freelist+0x2ce1/0x2e20 [ 79.197993][ T3078] __alloc_pages+0x1df/0x420 [ 79.202573][ T3078] __folio_alloc+0xe/0x30 [ 79.207083][ T3078] vma_alloc_folio+0x482/0x9d0 [ 79.211835][ T3078] handle_mm_fault+0x2016/0x3470 [ 79.216771][ T3078] do_user_addr_fault+0x2ff/0x6e0 [ 79.221766][ T3078] exc_page_fault+0x4e/0xb0 [ 79.226344][ T3078] asm_exc_page_fault+0x22/0x30 [ 79.231163][ T3078] page last free stack trace: [ 79.235807][ T3078] free_unref_page_prepare+0x821/0x8f0 [ 79.241239][ T3078] free_unref_page_list+0xb8/0x810 [ 79.246342][ T3078] release_pages+0x1447/0x15d0 [ 79.251171][ T3078] tlb_flush_mmu+0xe8/0x1d0 [ 79.255658][ T3078] tlb_finish_mmu+0xa4/0x180 [ 79.260527][ T3078] unmap_region+0x268/0x2c0 [ 79.265114][ T3078] do_mas_align_munmap+0x968/0xe80 [ 79.270196][ T3078] __vm_munmap+0x179/0x240 [ 79.274579][ T3078] __x64_sys_munmap+0x57/0x60 [ 79.279231][ T3078] do_syscall_64+0x4c/0xa0 [ 79.283636][ T3078] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.289509][ T3078] [ 79.291823][ T3078] Memory state around the buggy address: [ 79.297511][ T3078] ffff8880688da780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.305553][ T3078] ffff8880688da800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.313601][ T3078] >ffff8880688da880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.321815][ T3078] ^ [ 79.328430][ T3078] ffff8880688da900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.336479][ T3078] ffff8880688da980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 79.344543][ T3078] ================================================================== [ 79.353629][ T3078] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 79.361275][ T3078] Kernel Offset: disabled [ 79.365589][ T3078] Rebooting in 86400 seconds..