Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts.
2026/01/10 17:31:55 parsed 1 programs
[   74.893042][ T2680] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2026/01/10 17:32:05 executed programs: 0
2026/01/10 17:32:10 executed programs: 2
[   88.190812][ T3578] loop3: detected capacity change from 0 to 128
[   88.202603][ T3578] =======================================================
[   88.202603][ T3578] WARNING: The mand mount option has been deprecated and
[   88.202603][ T3578]          and is ignored by this kernel. Remove the mand
[   88.202603][ T3578]          option from the mount to silence this warning.
[   88.202603][ T3578] =======================================================
[   88.239884][ T3578] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   88.252628][ T3578] hpfs: filesystem error: improperly stopped
[   88.258625][ T3578] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   88.266672][ T3578] hpfs: You really don't want any checks? You are crazy...
[   88.274476][ T3578] hpfs: hpfs_map_sector(): read error
[   88.279859][ T3578] hpfs: code page support is disabled
[   88.285619][ T3578] HPFS: de_next_de: de->length = 84ba
[   88.291376][ T3578] HPFS: dnode_end_de: dnode->first_free = 7b3184b6
[   88.297902][ T3578] HPFS: de_next_de: de->length = 7b31
[   88.303461][ T3578] HPFS: dnode_end_de: dnode->first_free = 7b3184b6
[   88.310144][ T3578] ==================================================================
[   88.318206][ T3578] BUG: KASAN: use-after-free in hpfs_count_dnodes+0x95c/0x9f0
[   88.325752][ T3578] Read of size 4 at addr ffff8881368b4576 by task syz.3.17/3578
[   88.333450][ T3578] 
[   88.335758][ T3578] CPU: 0 UID: 0 PID: 3578 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(none) 
[   88.335764][ T3578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.335767][ T3578] Call Trace:
[   88.335773][ T3578]  <TASK>
[   88.335776][ T3578]  dump_stack_lvl+0x52/0x80
[   88.335786][ T3578]  print_report+0xca/0x240
[   88.335792][ T3578]  ? hpfs_count_dnodes+0x95c/0x9f0
[   88.335797][ T3578]  kasan_report+0x118/0x150
[   88.335803][ T3578]  ? hpfs_count_dnodes+0x95c/0x9f0
[   88.335808][ T3578]  hpfs_count_dnodes+0x95c/0x9f0
[   88.335812][ T3578]  ? bdev_getblk+0x4f/0x540
[   88.335818][ T3578]  ? __pfx_hpfs_count_dnodes+0x10/0x10
[   88.335824][ T3578]  ? hpfs_map_fnode+0x9b/0x5e0
[   88.335829][ T3578]  hpfs_read_inode+0xa75/0xe40
[   88.335834][ T3578]  ? __pfx_hpfs_read_inode+0x10/0x10
[   88.335839][ T3578]  ? inode_set_ctime_to_ts+0xb7/0x1d0
[   88.335842][ T3578]  ? __pfx_inode_set_ctime_to_ts+0x10/0x10
[   88.335846][ T3578]  ? do_raw_spin_unlock+0x122/0x240
[   88.335851][ T3578]  ? hpfs_init_inode+0x211/0x350
[   88.335856][ T3578]  hpfs_fill_super+0xfdd/0x1f50
[   88.335864][ T3578]  ? __pfx_hpfs_fill_super+0x10/0x10
[   88.335869][ T3578]  ? __pfx_snprintf+0x10/0x10
[   88.335874][ T3578]  ? sb_set_blocksize+0x106/0x1b0
[   88.335879][ T3578]  ? setup_bdev_super+0x3e6/0x4d0
[   88.335883][ T3578]  get_tree_bdev_flags+0x3d4/0x470
[   88.335888][ T3578]  ? __pfx_hpfs_fill_super+0x10/0x10
[   88.335892][ T3578]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[   88.335896][ T3578]  ? rcu_is_watching+0x1f/0xa0
[   88.335902][ T3578]  ? cap_capable+0xa7/0x2d0
[   88.335909][ T3578]  vfs_get_tree+0x87/0x1a0
[   88.335913][ T3578]  do_new_mount+0x2b5/0x840
[   88.335919][ T3578]  ? __pfx_do_new_mount+0x10/0x10
[   88.335925][ T3578]  __se_sys_mount+0x218/0x2b0
[   88.335930][ T3578]  ? __pfx___se_sys_mount+0x10/0x10
[   88.335935][ T3578]  do_syscall_64+0x85/0x2e0
[   88.335942][ T3578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.335947][ T3578] RIP: 0033:0x7f70b6a1076a
[   88.335953][ T3578] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.335956][ T3578] RSP: 002b:00007f70b687ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   88.335963][ T3578] RAX: ffffffffffffffda RBX: 00007f70b687eef0 RCX: 00007f70b6a1076a
[   88.335966][ T3578] RDX: 000020000000a000 RSI: 0000200000009ec0 RDI: 00007f70b687eeb0
[   88.335969][ T3578] RBP: 000020000000a000 R08: 00007f70b687eef0 R09: 0000000003200041
[   88.335971][ T3578] R10: 0000000003200041 R11: 0000000000000246 R12: 0000200000009ec0
[   88.335974][ T3578] R13: 00007f70b687eeb0 R14: 0000000000009e21 R15: 0000200000000000
[   88.335978][ T3578]  </TASK>
[   88.335980][ T3578] 
[   88.601015][ T3578] The buggy address belongs to the physical page:
[   88.607676][ T3578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f00c4073 pfn:0x1368b4
[   88.617384][ T3578] flags: 0x100000000000000(node=0|zone=2)
[   88.623107][ T3578] raw: 0100000000000000 ffffea0004da2d48 ffffea0004da2cc8 0000000000000000
[   88.631674][ T3578] raw: 00000007f00c4073 0000000000000000 00000000ffffffff 0000000000000000
[   88.640249][ T3578] page dumped because: kasan: bad access detected
[   88.646648][ T3578] page_owner tracks the page as freed
[   88.652086][ T3578] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 1753, tgid 1753 (syz-executor), ts 38370295295, free_ts 38616349745
[   88.670815][ T3578]  post_alloc_hook+0x15a/0x190
[   88.675658][ T3578]  get_page_from_freelist+0x366b/0x3770
[   88.681190][ T3578]  __alloc_frozen_pages_noprof+0x26b/0x460
[   88.687151][ T3578]  alloc_pages_mpol+0xcb/0x270
[   88.692040][ T3578]  vma_alloc_folio_noprof+0x288/0x400
[   88.697420][ T3578]  folio_prealloc+0x24/0xf0
[   88.701921][ T3578]  handle_mm_fault+0x12d8/0x2320
[   88.706847][ T3578]  do_user_addr_fault+0x31a/0xc30
[   88.711853][ T3578]  exc_page_fault+0x62/0xa0
[   88.716337][ T3578]  asm_exc_page_fault+0x26/0x30
[   88.721178][ T3578] page last free pid 1753 tgid 1753 stack trace:
[   88.727488][ T3578]  free_unref_folios+0xd03/0x1350
[   88.732497][ T3578]  folios_put_refs+0x3c3/0x4a0
[   88.737253][ T3578]  free_pages_and_swap_cache+0x20d/0x3c0
[   88.742874][ T3578]  tlb_flush_mmu+0x2ba/0x500
[   88.747445][ T3578]  tlb_finish_mmu+0xaa/0x190
[   88.752018][ T3578]  vms_clear_ptes+0x465/0x5a0
[   88.756689][ T3578]  vms_complete_munmap_vmas+0x1ad/0x680
[   88.762431][ T3578]  do_vmi_align_munmap+0x30e/0x360
[   88.767546][ T3578]  do_vmi_munmap+0x192/0x210
[   88.772133][ T3578]  __vm_munmap+0x18e/0x300
[   88.776567][ T3578]  __x64_sys_munmap+0x5b/0x70
[   88.781233][ T3578]  do_syscall_64+0x85/0x2e0
[   88.785725][ T3578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.791689][ T3578] 
[   88.794010][ T3578] Memory state around the buggy address:
[   88.799711][ T3578]  ffff8881368b4400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   88.807940][ T3578]  ffff8881368b4480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   88.816032][ T3578] >ffff8881368b4500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   88.824177][ T3578]                                                              ^
[   88.831972][ T3578]  ffff8881368b4580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   88.840058][ T3578]  ffff8881368b4600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   88.848106][ T3578] ==================================================================
[   88.856340][ T3578] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   88.863972][ T3578] Kernel Offset: disabled
[   88.868281][ T3578] Rebooting in 86400 seconds..