Warning: Permanently added '10.128.1.222' (ED25519) to the list of known hosts. 2025/11/06 16:35:47 parsed 1 programs [ 62.415220][ T4158] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.234134][ T4245] veth0_vlan: entered promiscuous mode 2025/11/06 16:35:51 executed programs: 0 [ 65.913419][ T100] veth0_vlan: left promiscuous mode [ 67.186760][ T4441] veth0_vlan: entered promiscuous mode [ 67.580211][ T4631] syz.2.17[4631]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.672598][ T4631] loop2: detected capacity change from 0 to 32768 [ 67.679587][ T4631] ======================================================= [ 67.679587][ T4631] WARNING: The mand mount option has been deprecated and [ 67.679587][ T4631] and is ignored by this kernel. Remove the mand [ 67.679587][ T4631] option from the mount to silence this warning. [ 67.679587][ T4631] ======================================================= [ 67.721669][ T4631] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 67.735206][ T4631] ================================================================== [ 67.743310][ T4631] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0xf99/0x1e20 [ 67.751575][ T4631] Read of size 4 at addr ffff88806d957000 by task syz.2.17/4631 [ 67.759204][ T4631] [ 67.761509][ T4631] CPU: 0 PID: 4631 Comm: syz.2.17 Not tainted syzkaller #0 [ 67.768688][ T4631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 67.778726][ T4631] Call Trace: [ 67.782008][ T4631] [ 67.784932][ T4631] dump_stack_lvl+0xe0/0x160 [ 67.789686][ T4631] ? show_regs_print_info+0x10/0x10 [ 67.794909][ T4631] ? load_image+0x550/0x550 [ 67.799383][ T4631] ? __virt_addr_valid+0x21e/0x270 [ 67.804556][ T4631] print_report+0xac/0x220 [ 67.808939][ T4631] ? ocfs2_claim_suballoc_bits+0xf99/0x1e20 [ 67.814811][ T4631] kasan_report+0x117/0x150 [ 67.819284][ T4631] ? ocfs2_claim_suballoc_bits+0xf99/0x1e20 [ 67.825146][ T4631] ocfs2_claim_suballoc_bits+0xf99/0x1e20 [ 67.830840][ T4631] ? ocfs2_claim_metadata+0x420/0x420 [ 67.836189][ T4631] ? start_this_handle+0x19eb/0x1c20 [ 67.841454][ T4631] ocfs2_claim_new_inode+0x2a2/0x6a0 [ 67.846709][ T4631] ? trace_ocfs2_claim_new_inode_at_loc+0x100/0x100 [ 67.853333][ T4631] ? sigprocmask+0x135/0x160 [ 67.857904][ T4631] ? __lock_acquire+0xba0/0xba0 [ 67.862738][ T4631] ocfs2_mknod_locked+0x116/0x210 [ 67.867752][ T4631] ? do_raw_spin_unlock+0x121/0x230 [ 67.872931][ T4631] ? trace_ocfs2_symlink_create+0x130/0x130 [ 67.878792][ T4631] ? sigprocmask+0x135/0x160 [ 67.883352][ T4631] ? ocfs2_block_signals+0x72/0xb0 [ 67.888440][ T4631] ? ocfs2_free_mem_caches+0x50/0x50 [ 67.893723][ T4631] ? ocfs2_init_security_get+0xa4/0x150 [ 67.899266][ T4631] ocfs2_mknod+0xe4d/0x1940 [ 67.903948][ T4631] ? ocfs2_mkdir+0x2f0/0x2f0 [ 67.908515][ T4631] ? __lock_acquire+0xba0/0xba0 [ 67.913332][ T4631] ? __lock_acquire+0x5c5/0xba0 [ 67.918148][ T4631] ? ocfs2_inode_unlock+0x16c/0x200 [ 67.923311][ T4631] ? ocfs2_inode_unlock+0x16c/0x200 [ 67.928480][ T4631] ? __lock_acquire+0xba0/0xba0 [ 67.933303][ T4631] ? do_raw_spin_lock+0x121/0x2c0 [ 67.938466][ T4631] ? __rwlock_init+0x150/0x150 [ 67.943241][ T4631] ? do_raw_spin_unlock+0x121/0x230 [ 67.948848][ T4631] ? _raw_spin_unlock+0x28/0x40 [ 67.953771][ T4631] ? ocfs2_inode_unlock+0x16c/0x200 [ 67.958962][ T4631] ? _raw_spin_unlock+0x28/0x40 [ 67.963798][ T4631] ? __ocfs2_cluster_lock+0x1560/0x1560 [ 67.969317][ T4631] ? rcu_is_watching+0x1f/0x90 [ 67.974056][ T4631] ? ocfs2_lookup+0x40c/0x690 [ 67.978706][ T4631] ocfs2_create+0x140/0x2f0 [ 67.983200][ T4631] ? ocfs2_lookup+0x690/0x690 [ 67.987879][ T4631] ? HAS_UNMAPPED_ID+0xd0/0x130 [ 67.992708][ T4631] ? inode_permission+0x151/0x340 [ 67.997721][ T4631] path_openat+0xee0/0x2790 [ 68.002286][ T4631] ? _raw_spin_unlock+0x40/0x40 [ 68.007157][ T4631] ? do_filp_open+0x370/0x370 [ 68.011812][ T4631] ? __virt_addr_valid+0x13d/0x270 [ 68.016899][ T4631] do_filp_open+0x1b4/0x370 [ 68.021378][ T4631] ? vfs_tmpfile+0x3a0/0x3a0 [ 68.025939][ T4631] ? do_raw_spin_unlock+0x121/0x230 [ 68.031141][ T4631] ? _raw_spin_unlock+0x28/0x40 [ 68.035971][ T4631] ? alloc_fd+0x3f2/0x4a0 [ 68.040301][ T4631] do_sys_openat2+0xf9/0x180 [ 68.044894][ T4631] ? __se_sys_futex+0x22c/0x2a0 [ 68.049744][ T4631] ? do_sys_open+0x80/0x80 [ 68.054145][ T4631] __x64_sys_creat+0x8b/0xb0 [ 68.058713][ T4631] do_syscall_64+0x55/0xb0 [ 68.063130][ T4631] ? clear_bhb_loop+0x40/0x90 [ 68.067782][ T4631] ? clear_bhb_loop+0x40/0x90 [ 68.072444][ T4631] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.078331][ T4631] RIP: 0033:0x7f2f9bf8eb69 [ 68.082753][ T4631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.102356][ T4631] RSP: 002b:00007f2f9cdfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 68.110744][ T4631] RAX: ffffffffffffffda RBX: 00007f2f9c1b5fa0 RCX: 00007f2f9bf8eb69 [ 68.118691][ T4631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000d80 [ 68.126637][ T4631] RBP: 00007f2f9c011df1 R08: 0000000000000000 R09: 0000000000000000 [ 68.134595][ T4631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.142573][ T4631] R13: 0000000000000000 R14: 00007f2f9c1b5fa0 R15: 00007ffc66823638 [ 68.150515][ T4631] [ 68.153518][ T4631] [ 68.155812][ T4631] The buggy address belongs to the physical page: [ 68.162209][ T4631] page:ffffea0001b655c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6d957 [ 68.172412][ T4631] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 68.179496][ T4631] page_type: 0xffffffff() [ 68.183809][ T4631] raw: 00fff00000000000 ffffea0001b8bac8 ffffea0001b69708 0000000000000000 [ 68.192363][ T4631] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 68.201011][ T4631] page dumped because: kasan: bad access detected [ 68.207394][ T4631] page_owner tracks the page as freed [ 68.212734][ T4631] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4244, tgid 4244 (syz-executor), ts 63896696618, free_ts 65635798211 [ 68.230515][ T4631] post_alloc_hook+0x26b/0x290 [ 68.235274][ T4631] get_page_from_freelist+0x2a35/0x2b70 [ 68.240794][ T4631] __alloc_pages+0x1e3/0x430 [ 68.245351][ T4631] __folio_alloc+0x10/0x20 [ 68.249836][ T4631] vma_alloc_folio+0x47d/0x9d0 [ 68.254586][ T4631] do_pte_missing+0x6d3/0x2090 [ 68.259319][ T4631] handle_mm_fault+0xd97/0x1d90 [ 68.264152][ T4631] do_user_addr_fault+0x3fe/0xb70 [ 68.269149][ T4631] exc_page_fault+0x52/0xc0 [ 68.273652][ T4631] asm_exc_page_fault+0x26/0x30 [ 68.278470][ T4631] page last free stack trace: [ 68.283113][ T4631] free_unref_page_prepare+0x7d5/0x8e0 [ 68.288537][ T4631] free_unref_page_list+0xbe/0x7c0 [ 68.293623][ T4631] release_pages+0x14d0/0x1650 [ 68.298368][ T4631] tlb_flush_mmu+0x288/0x3f0 [ 68.302938][ T4631] tlb_finish_mmu+0xaa/0x190 [ 68.307516][ T4631] exit_mmap+0x334/0x8a0 [ 68.311815][ T4631] __mmput+0x9d/0x2d0 [ 68.315777][ T4631] exit_mm+0x11a/0x1b0 [ 68.319835][ T4631] do_exit+0x62c/0x1f20 [ 68.323972][ T4631] do_group_exit+0x1b0/0x280 [ 68.328627][ T4631] get_signal+0xec2/0x1040 [ 68.333283][ T4631] arch_do_signal_or_restart+0x91/0x560 [ 68.338802][ T4631] exit_to_user_mode_loop+0x6b/0xd0 [ 68.343972][ T4631] exit_to_user_mode_prepare+0xb4/0x110 [ 68.349513][ T4631] syscall_exit_to_user_mode+0x1a/0x40 [ 68.354940][ T4631] do_syscall_64+0x61/0xb0 [ 68.359341][ T4631] [ 68.361638][ T4631] Memory state around the buggy address: [ 68.367244][ T4631] ffff88806d956f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.375275][ T4631] ffff88806d956f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.383308][ T4631] >ffff88806d957000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.391353][ T4631] ^ [ 68.395390][ T4631] ffff88806d957080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.403428][ T4631] ffff88806d957100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.411454][ T4631] ================================================================== [ 68.419839][ T4631] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.427338][ T4631] Kernel Offset: disabled [ 68.431669][ T4631] Rebooting in 86400 seconds..