Warning: Permanently added '10.128.0.210' (ED25519) to the list of known hosts. 2025/03/05 20:35:17 ignoring optional flag "sandboxArg"="0" 2025/03/05 20:35:18 parsed 1 programs [ 73.106450][ T2423] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.492735][ T2466] chnl_net:caif_netlink_parms(): no params data found [ 76.276035][ T2466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.637258][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.644892][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.655517][ T2466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.986391][ T44] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.994310][ T44] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.001622][ T44] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.009476][ T44] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.017823][ T44] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.025750][ T44] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.248964][ T9] bond0 (unregistering): Released all slaves 2025/03/05 20:35:26 executed programs: 0 [ 80.767261][ T1623] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.774586][ T1623] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.781778][ T1623] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.789759][ T1623] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.797386][ T1623] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.805724][ T1623] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.991460][ T2870] chnl_net:caif_netlink_parms(): no params data found [ 82.744895][ T2870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.833109][ T44] Bluetooth: hci0: command 0x0409 tx timeout [ 84.100460][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.108525][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.119330][ T2870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.913136][ T44] Bluetooth: hci0: command 0x041b tx timeout 2025/03/05 20:35:32 executed programs: 2 [ 86.527683][ T3236] loop2: detected capacity change from 0 to 32768 [ 86.534792][ T3236] ======================================================= [ 86.534792][ T3236] WARNING: The mand mount option has been deprecated and [ 86.534792][ T3236] and is ignored by this kernel. Remove the mand [ 86.534792][ T3236] option from the mount to silence this warning. [ 86.534792][ T3236] ======================================================= [ 86.578533][ T3236] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 86.589544][ T3236] ================================================================== [ 86.597679][ T3236] BUG: KASAN: use-after-free in ocfs2_dir_foreach_blk+0x1133/0x1940 [ 86.605786][ T3236] Read of size 2 at addr ffff8880662238c9 by task syz.2.16/3236 [ 86.613503][ T3236] [ 86.615828][ T3236] CPU: 1 PID: 3236 Comm: syz.2.16 Not tainted 6.1.129-syzkaller #0 [ 86.623718][ T3236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 86.633760][ T3236] Call Trace: [ 86.637025][ T3236] [ 86.639938][ T3236] dump_stack_lvl+0xf4/0x251 [ 86.644526][ T3236] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 86.650079][ T3236] ? panic+0x3fe/0x3fe [ 86.654227][ T3236] ? lock_acquire+0xbe/0x390 [ 86.658809][ T3236] ? read_lock_is_recursive+0x10/0x10 [ 86.664242][ T3236] ? __virt_addr_valid+0x139/0x270 [ 86.669340][ T3236] ? __virt_addr_valid+0x221/0x270 [ 86.674430][ T3236] print_report+0x15f/0x4f0 [ 86.679001][ T3236] ? __virt_addr_valid+0x139/0x270 [ 86.684090][ T3236] ? __virt_addr_valid+0x221/0x270 [ 86.689176][ T3236] ? ocfs2_dir_foreach_blk+0x1133/0x1940 [ 86.694790][ T3236] kasan_report+0x136/0x160 [ 86.699288][ T3236] ? ocfs2_dir_foreach_blk+0x1133/0x1940 [ 86.704918][ T3236] ocfs2_dir_foreach_blk+0x1133/0x1940 [ 86.710412][ T3236] ? read_lock_is_recursive+0x10/0x10 [ 86.715769][ T3236] ? ocfs2_dir_foreach+0x1c0/0x1c0 [ 86.720863][ T3236] ? ocfs2_should_update_atime+0xdb/0x3d0 [ 86.726566][ T3236] ? ocfs2_inode_lock_atime+0xc8/0x4a0 [ 86.732219][ T3236] ? ocfs2_inode_lock_with_page+0x290/0x290 [ 86.738310][ T3236] ? read_lock_is_recursive+0x10/0x10 [ 86.743838][ T3236] ? __fget_files+0x2d/0x2c0 [ 86.748414][ T3236] ocfs2_readdir+0x1ca/0x410 [ 86.753161][ T3236] ? ocfs2_dir_foreach_blk+0x1940/0x1940 [ 86.758799][ T3236] ? down_write+0x1d0/0x1d0 [ 86.763479][ T3236] ? common_file_perm+0x130/0x1e0 [ 86.768497][ T3236] ? fsnotify_perm+0x120/0x440 [ 86.773243][ T3236] iterate_dir+0x1fa/0x500 [ 86.777742][ T3236] __se_sys_getdents+0x1b3/0x3d0 [ 86.782750][ T3236] ? __x64_sys_getdents+0x80/0x80 [ 86.787790][ T3236] ? fillonedir+0x300/0x300 [ 86.792286][ T3236] ? switch_fpu_return+0xc9/0x130 [ 86.797389][ T3236] do_syscall_64+0x3b/0xb0 [ 86.801789][ T3236] ? clear_bhb_loop+0x45/0xa0 [ 86.806453][ T3236] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 86.812340][ T3236] RIP: 0033:0x7fab4c78cda9 [ 86.816836][ T3236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.836805][ T3236] RSP: 002b:00007fab4d59d038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 86.845256][ T3236] RAX: ffffffffffffffda RBX: 00007fab4c9a5fa0 RCX: 00007fab4c78cda9 [ 86.853308][ T3236] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000004 [ 86.861363][ T3236] RBP: 00007fab4c80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.869323][ T3236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.877280][ T3236] R13: 0000000000000000 R14: 00007fab4c9a5fa0 R15: 00007ffdf4ba4218 [ 86.885326][ T3236] [ 86.888335][ T3236] [ 86.890673][ T3236] The buggy address belongs to the physical page: [ 86.897252][ T3236] page:ffffea00019888c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x66223 [ 86.907554][ T3236] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 86.914906][ T3236] raw: 00fff00000000000 ffffea0001988908 ffffea0001988888 0000000000000000 [ 86.923563][ T3236] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 86.932240][ T3236] page dumped because: kasan: bad access detected [ 86.938654][ T3236] page_owner tracks the page as freed [ 86.944186][ T3236] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1583, tgid 1580 (syz-execprog), ts 37754854770, free_ts 51181803319 [ 86.963030][ T3236] post_alloc_hook+0x286/0x2b0 [ 86.967784][ T3236] get_page_from_freelist+0x340b/0x35b0 [ 86.973403][ T3236] __alloc_pages+0x251/0x640 [ 86.978014][ T3236] __folio_alloc+0xf/0x30 [ 86.982323][ T3236] vma_alloc_folio+0x484/0x9e0 [ 86.987070][ T3236] handle_mm_fault+0x2608/0x4290 [ 86.992076][ T3236] exc_page_fault+0x22a/0x5a0 [ 86.996739][ T3236] asm_exc_page_fault+0x22/0x30 [ 87.001676][ T3236] page last free stack trace: [ 87.006330][ T3236] free_unref_page_prepare+0x10b7/0x13b0 [ 87.012036][ T3236] free_unref_page_list+0x54b/0x7e0 [ 87.017216][ T3236] release_pages+0x1c13/0x1dc0 [ 87.022004][ T3236] tlb_flush_mmu+0xe5/0x1d0 [ 87.026490][ T3236] unmap_page_range+0x1889/0x1bc0 [ 87.031519][ T3236] unmap_vmas+0x42a/0x5a0 [ 87.035840][ T3236] exit_mmap+0x225/0x6f0 [ 87.040064][ T3236] __mmput+0x9b/0x2e0 [ 87.044026][ T3236] exit_mm+0x122/0x1b0 [ 87.048075][ T3236] do_exit+0x819/0x23a0 [ 87.052231][ T3236] do_group_exit+0x1b5/0x280 [ 87.057085][ T3236] get_signal+0x1117/0x1260 [ 87.061586][ T3236] arch_do_signal_or_restart+0xb0/0x1990 [ 87.067198][ T3236] exit_to_user_mode_loop+0x61/0xc0 [ 87.072392][ T3236] exit_to_user_mode_prepare+0x64/0xb0 [ 87.077859][ T3236] syscall_exit_to_user_mode+0x27/0x1b0 [ 87.083484][ T3236] [ 87.085836][ T3236] Memory state around the buggy address: [ 87.091539][ T3236] ffff888066223780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 87.099600][ T3236] ffff888066223800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 87.107664][ T3236] >ffff888066223880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 87.115811][ T3236] ^ [ 87.122229][ T3236] ffff888066223900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 87.130283][ T3236] ffff888066223980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 87.138455][ T3236] ================================================================== [ 87.146715][ T44] Bluetooth: hci0: command 0x040f tx timeout [ 87.155849][ T3236] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 87.163586][ T3236] Kernel Offset: disabled [ 87.168028][ T3236] Rebooting in 86400 seconds..