Warning: Permanently added '10.128.10.50' (ED25519) to the list of known hosts. 2025/06/07 09:02:06 ignoring optional flag "sandboxArg"="0" 2025/06/07 09:02:07 parsed 1 programs [ 77.531334][ T2158] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/06/07 09:02:17 executed programs: 0 2025/06/07 09:02:25 executed programs: 2 [ 95.639177][ T3075] loop3: detected capacity change from 0 to 32768 [ 95.648783][ T3075] ======================================================= [ 95.648783][ T3075] WARNING: The mand mount option has been deprecated and [ 95.648783][ T3075] and is ignored by this kernel. Remove the mand [ 95.648783][ T3075] option from the mount to silence this warning. [ 95.648783][ T3075] ======================================================= [ 95.693020][ T3075] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 95.703249][ T3075] ================================================================== [ 95.711444][ T3075] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.719455][ T3075] Read of size 2 at addr ffff888066e6d8c9 by task syz.3.16/3075 [ 95.727105][ T3075] [ 95.729460][ T3075] CPU: 0 PID: 3075 Comm: syz.3.16 Not tainted 6.1.141-syzkaller #0 [ 95.737365][ T3075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 95.747802][ T3075] Call Trace: [ 95.751112][ T3075] [ 95.754052][ T3075] dump_stack_lvl+0xdc/0x15b [ 95.758755][ T3075] ? show_regs_print_info+0x5/0x5 [ 95.763878][ T3075] ? load_image+0x550/0x550 [ 95.768481][ T3075] ? _raw_spin_lock_irqsave+0xa2/0xe0 [ 95.773844][ T3075] ? __virt_addr_valid+0x139/0x270 [ 95.778959][ T3075] ? __virt_addr_valid+0x21a/0x270 [ 95.784123][ T3075] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.789671][ T3075] print_report+0xa8/0x220 [ 95.794157][ T3075] kasan_report+0x10b/0x140 [ 95.798650][ T3075] ? ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.804199][ T3075] ocfs2_dir_foreach_blk+0xef9/0x1610 [ 95.809649][ T3075] ? __lock_acquire+0xc40/0xc40 [ 95.814493][ T3075] ? _raw_spin_unlock+0x24/0x40 [ 95.819531][ T3075] ? ocfs2_dir_foreach+0x140/0x140 [ 95.824808][ T3075] ? ocfs2_inode_lock_atime+0xc7/0x420 [ 95.830343][ T3075] ? ocfs2_inode_lock_with_page+0x250/0x250 [ 95.836263][ T3075] ? read_lock_is_recursive+0x10/0x10 [ 95.841623][ T3075] ocfs2_readdir+0x194/0x2f0 [ 95.846203][ T3075] ? ocfs2_dir_foreach_blk+0x1610/0x1610 [ 95.851833][ T3075] ? down_write+0x1a0/0x1a0 [ 95.856682][ T3075] ? common_file_perm+0x123/0x1d0 [ 95.862332][ T3075] ? fsnotify_perm+0x121/0x440 [ 95.867261][ T3075] iterate_dir+0x1cc/0x490 [ 95.871755][ T3075] __se_sys_getdents+0xc9/0x190 [ 95.876791][ T3075] ? __x64_sys_getdents+0x80/0x80 [ 95.881907][ T3075] ? fillonedir+0x350/0x350 [ 95.886500][ T3075] ? rcu_is_watching+0x1b/0x90 [ 95.891519][ T3075] ? switch_fpu_return+0xc7/0x130 [ 95.896539][ T3075] do_syscall_64+0x4c/0xa0 [ 95.901205][ T3075] ? clear_bhb_loop+0x60/0xb0 [ 95.905888][ T3075] ? clear_bhb_loop+0x60/0xb0 [ 95.910649][ T3075] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 95.916737][ T3075] RIP: 0033:0x7f09e2f8cda9 [ 95.921177][ T3075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.941244][ T3075] RSP: 002b:00007f09e3e0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 95.949756][ T3075] RAX: ffffffffffffffda RBX: 00007f09e31a5fa0 RCX: 00007f09e2f8cda9 [ 95.957857][ T3075] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 95.965831][ T3075] RBP: 00007f09e300e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 95.974268][ T3075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.982591][ T3075] R13: 0000000000000000 R14: 00007f09e31a5fa0 R15: 00007ffeb78c7228 [ 95.990918][ T3075] [ 95.993931][ T3075] [ 95.996243][ T3075] The buggy address belongs to the physical page: [ 96.002931][ T3075] page:ffffea00019b9b40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x66e6d [ 96.013160][ T3075] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 96.020263][ T3075] raw: 00fff00000000000 ffffea00019b9b08 ffffea00019b9b88 0000000000000000 [ 96.028936][ T3075] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 96.037510][ T3075] page dumped because: kasan: bad access detected [ 96.044466][ T3075] page_owner tracks the page as freed [ 96.049911][ T3075] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3076, tgid 3076 (udevd), ts 95728916337, free_ts 95748358440 [ 96.068228][ T3075] post_alloc_hook+0x257/0x280 [ 96.073022][ T3075] get_page_from_freelist+0x2ce1/0x2e20 [ 96.078578][ T3075] __alloc_pages+0x1df/0x420 [ 96.083433][ T3075] __folio_alloc+0xe/0x30 [ 96.087761][ T3075] vma_alloc_folio+0x482/0x9d0 [ 96.092532][ T3075] handle_mm_fault+0x2016/0x3470 [ 96.097738][ T3075] do_user_addr_fault+0x2ff/0x6e0 [ 96.102761][ T3075] exc_page_fault+0x4e/0xb0 [ 96.107516][ T3075] asm_exc_page_fault+0x22/0x30 [ 96.112445][ T3075] page last free stack trace: [ 96.117109][ T3075] free_unref_page_prepare+0x821/0x8f0 [ 96.122651][ T3075] free_unref_page_list+0xb8/0x810 [ 96.128205][ T3075] release_pages+0x1447/0x15d0 [ 96.133336][ T3075] tlb_flush_mmu+0xe8/0x1d0 [ 96.137929][ T3075] tlb_finish_mmu+0xa4/0x180 [ 96.142590][ T3075] unmap_region+0x268/0x2c0 [ 96.147299][ T3075] do_mas_align_munmap+0x968/0xe80 [ 96.152501][ T3075] __vm_munmap+0x179/0x240 [ 96.156918][ T3075] __x64_sys_munmap+0x57/0x60 [ 96.161681][ T3075] do_syscall_64+0x4c/0xa0 [ 96.166268][ T3075] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 96.172260][ T3075] [ 96.177363][ T3075] Memory state around the buggy address: [ 96.183339][ T3075] ffff888066e6d780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.191653][ T3075] ffff888066e6d800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.200152][ T3075] >ffff888066e6d880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.208472][ T3075] ^ [ 96.214960][ T3075] ffff888066e6d900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.223099][ T3075] ffff888066e6d980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.231176][ T3075] ================================================================== [ 96.240478][ T3075] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.248267][ T3075] Kernel Offset: disabled [ 96.252698][ T3075] Rebooting in 86400 seconds..