syzkaller login: [   37.125656][ T3638] cgroup: Unknown subsys name 'net'
[   37.249187][ T3638] cgroup: Unknown subsys name 'rlimit'
[   37.497189][ T3638] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   38.959462][ T3706] modprobe (3706) used greatest stack depth: 22992 bytes left
[   39.087644][ T3702] syz-executor (3702) used greatest stack depth: 22480 bytes left
[   40.612956][ T3712] veth0_vlan: entered promiscuous mode
[   41.093293][ T3712] syz-executor (3712) used greatest stack depth: 22016 bytes left
[   41.405440][   T76] veth0_vlan: left promiscuous mode
[   43.104043][ T3921] veth0_vlan: entered promiscuous mode
[   43.959072][   T76] veth0_vlan: left promiscuous mode
Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts.
2025/12/08 17:01:48 parsed 1 programs
[   64.297440][ T4137] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.782449][ T4165] veth0_vlan: entered promiscuous mode
[   67.512353][   T35] veth0_vlan: left promiscuous mode
2025/12/08 17:01:53 executed programs: 0
[   69.798197][ T4417] veth0_vlan: entered promiscuous mode
[   70.253430][ T4607] syz.2.17[4607]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   70.352910][ T4607] loop2: detected capacity change from 0 to 32768
[   70.359824][ T4607] =======================================================
[   70.359824][ T4607] WARNING: The mand mount option has been deprecated and
[   70.359824][ T4607]          and is ignored by this kernel. Remove the mand
[   70.359824][ T4607]          option from the mount to silence this warning.
[   70.359824][ T4607] =======================================================
[   70.402409][ T4607] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   70.413956][ T4607] ==================================================================
[   70.422036][ T4607] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0xf99/0x1e20
[   70.430279][ T4607] Read of size 4 at addr ffff88806cf26000 by task syz.2.17/4607
[   70.437891][ T4607] 
[   70.440201][ T4607] CPU: 0 PID: 4607 Comm: syz.2.17 Not tainted syzkaller #0
[   70.447362][ T4607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.457405][ T4607] Call Trace:
[   70.460669][ T4607]  <TASK>
[   70.463639][ T4607]  dump_stack_lvl+0xe0/0x160
[   70.468307][ T4607]  ? show_regs_print_info+0x10/0x10
[   70.473495][ T4607]  ? load_image+0x550/0x550
[   70.478103][ T4607]  ? __virt_addr_valid+0x21e/0x270
[   70.483186][ T4607]  print_report+0xac/0x220
[   70.487570][ T4607]  ? ocfs2_claim_suballoc_bits+0xf99/0x1e20
[   70.493433][ T4607]  kasan_report+0x117/0x150
[   70.498000][ T4607]  ? ocfs2_claim_suballoc_bits+0xf99/0x1e20
[   70.503866][ T4607]  ocfs2_claim_suballoc_bits+0xf99/0x1e20
[   70.509565][ T4607]  ? ocfs2_claim_metadata+0x420/0x420
[   70.515256][ T4607]  ? start_this_handle+0x19eb/0x1c20
[   70.520624][ T4607]  ocfs2_claim_new_inode+0x2a2/0x6a0
[   70.525995][ T4607]  ? trace_ocfs2_claim_new_inode_at_loc+0x100/0x100
[   70.532637][ T4607]  ? sigprocmask+0x135/0x160
[   70.537281][ T4607]  ? __lock_acquire+0xba0/0xba0
[   70.542199][ T4607]  ocfs2_mknod_locked+0x116/0x210
[   70.547348][ T4607]  ? do_raw_spin_unlock+0x121/0x230
[   70.552644][ T4607]  ? trace_ocfs2_symlink_create+0x130/0x130
[   70.558530][ T4607]  ? sigprocmask+0x135/0x160
[   70.563113][ T4607]  ? ocfs2_block_signals+0x72/0xb0
[   70.568223][ T4607]  ? ocfs2_free_mem_caches+0x50/0x50
[   70.573486][ T4607]  ? ocfs2_init_security_get+0xa4/0x150
[   70.579015][ T4607]  ocfs2_mknod+0xe4d/0x1940
[   70.583504][ T4607]  ? ocfs2_mkdir+0x2f0/0x2f0
[   70.588088][ T4607]  ? __lock_acquire+0xba0/0xba0
[   70.592943][ T4607]  ? __lock_acquire+0x5c5/0xba0
[   70.597946][ T4607]  ? ocfs2_inode_unlock+0x16c/0x200
[   70.603135][ T4607]  ? ocfs2_inode_unlock+0x16c/0x200
[   70.608317][ T4607]  ? __lock_acquire+0xba0/0xba0
[   70.613143][ T4607]  ? do_raw_spin_lock+0x121/0x2c0
[   70.618416][ T4607]  ? __rwlock_init+0x150/0x150
[   70.623237][ T4607]  ? do_raw_spin_unlock+0x121/0x230
[   70.628404][ T4607]  ? _raw_spin_unlock+0x28/0x40
[   70.633223][ T4607]  ? ocfs2_inode_unlock+0x16c/0x200
[   70.638392][ T4607]  ? _raw_spin_unlock+0x28/0x40
[   70.643319][ T4607]  ? __ocfs2_cluster_lock+0x1560/0x1560
[   70.648869][ T4607]  ? rcu_is_watching+0x1f/0x90
[   70.653611][ T4607]  ? ocfs2_lookup+0x40c/0x690
[   70.658364][ T4607]  ocfs2_create+0x140/0x2f0
[   70.662931][ T4607]  ? ocfs2_lookup+0x690/0x690
[   70.667740][ T4607]  ? HAS_UNMAPPED_ID+0xd0/0x130
[   70.672729][ T4607]  ? inode_permission+0x151/0x340
[   70.677811][ T4607]  path_openat+0xee0/0x2790
[   70.682317][ T4607]  ? _raw_spin_unlock+0x40/0x40
[   70.687144][ T4607]  ? do_filp_open+0x370/0x370
[   70.691788][ T4607]  ? __virt_addr_valid+0x13d/0x270
[   70.696895][ T4607]  do_filp_open+0x1b4/0x370
[   70.701369][ T4607]  ? vfs_tmpfile+0x3a0/0x3a0
[   70.705973][ T4607]  ? do_raw_spin_unlock+0x121/0x230
[   70.711158][ T4607]  ? _raw_spin_unlock+0x28/0x40
[   70.716065][ T4607]  ? alloc_fd+0x3f2/0x4a0
[   70.720723][ T4607]  do_sys_openat2+0xf9/0x180
[   70.725388][ T4607]  ? __se_sys_futex+0x22c/0x2a0
[   70.730233][ T4607]  ? do_sys_open+0x80/0x80
[   70.734648][ T4607]  __x64_sys_creat+0x8b/0xb0
[   70.739333][ T4607]  do_syscall_64+0x55/0xb0
[   70.743811][ T4607]  ? clear_bhb_loop+0x40/0x90
[   70.748473][ T4607]  ? clear_bhb_loop+0x40/0x90
[   70.753132][ T4607]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   70.759099][ T4607] RIP: 0033:0x7f7e4a58eb69
[   70.763502][ T4607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.783127][ T4607] RSP: 002b:00007f7e4b329038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   70.791626][ T4607] RAX: ffffffffffffffda RBX: 00007f7e4a7b5fa0 RCX: 00007f7e4a58eb69
[   70.799613][ T4607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000d80
[   70.807657][ T4607] RBP: 00007f7e4a611df1 R08: 0000000000000000 R09: 0000000000000000
[   70.815609][ T4607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.823556][ T4607] R13: 0000000000000000 R14: 00007f7e4a7b5fa0 R15: 00007ffc4260fef8
[   70.831508][ T4607]  </TASK>
[   70.834503][ T4607] 
[   70.836807][ T4607] The buggy address belongs to the physical page:
[   70.843193][ T4607] page:ffffea0001b3c980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6cf26
[   70.853332][ T4607] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   70.860423][ T4607] page_type: 0xffffffff()
[   70.864947][ T4607] raw: 00fff00000000000 ffffea0001b09408 ffffea0001b3ce48 0000000000000000
[   70.873513][ T4607] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   70.882074][ T4607] page dumped because: kasan: bad access detected
[   70.888480][ T4607] page_owner tracks the page as freed
[   70.893907][ T4607] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4143, tgid 4143 (udevd), ts 70374582041, free_ts 70381197520
[   70.911938][ T4607]  post_alloc_hook+0x26b/0x290
[   70.916689][ T4607]  get_page_from_freelist+0x2a35/0x2b70
[   70.922578][ T4607]  __alloc_pages+0x1e3/0x430
[   70.927144][ T4607]  __folio_alloc+0x10/0x20
[   70.931531][ T4607]  vma_alloc_folio+0x47d/0x9d0
[   70.936350][ T4607]  do_pte_missing+0xc22/0x2090
[   70.941080][ T4607]  handle_mm_fault+0xd97/0x1d90
[   70.945901][ T4607]  do_user_addr_fault+0x3fe/0xb70
[   70.951002][ T4607]  exc_page_fault+0x52/0xc0
[   70.955571][ T4607]  asm_exc_page_fault+0x26/0x30
[   70.960393][ T4607] page last free stack trace:
[   70.965037][ T4607]  free_unref_page_prepare+0x7d5/0x8e0
[   70.970467][ T4607]  free_unref_page_list+0xbe/0x7c0
[   70.975607][ T4607]  release_pages+0x14d0/0x1650
[   70.980374][ T4607]  tlb_flush_mmu+0x288/0x3f0
[   70.984944][ T4607]  tlb_finish_mmu+0xaa/0x190
[   70.989601][ T4607]  unmap_region+0x2d4/0x320
[   70.994080][ T4607]  do_vmi_align_munmap+0xb91/0x1160
[   70.999267][ T4607]  do_vmi_munmap+0x190/0x200
[   71.003926][ T4607]  __vm_munmap+0x16d/0x310
[   71.008318][ T4607]  __x64_sys_munmap+0x5b/0x70
[   71.012973][ T4607]  do_syscall_64+0x55/0xb0
[   71.017363][ T4607]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   71.023228][ T4607] 
[   71.026043][ T4607] Memory state around the buggy address:
[   71.031649][ T4607]  ffff88806cf25f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   71.039679][ T4607]  ffff88806cf25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   71.047795][ T4607] >ffff88806cf26000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.055823][ T4607]                    ^
[   71.059874][ T4607]  ffff88806cf26080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.067906][ T4607]  ffff88806cf26100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.076022][ T4607] ==================================================================
[   71.091952][ T4607] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.099521][ T4607] Kernel Offset: disabled
[   71.103831][ T4607] Rebooting in 86400 seconds..